libressl: Update to 2.7.2

2018-04-12 20:52:41 -06:00 · 2018-04-12 20:52:41 -06:00 · 3e42c54fd3
commit 3e42c54fd3
parent cbb1dcab9a
170 changed files with 4565 additions and 4055 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -31,7 +31,6 @@ option(LIBRESSL_SKIP_INSTALL "Skip installation" ${LIBRESSL_SKIP_INSTALL})
 option(ENABLE_ASM "Enable assembly" ON)
 option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
 option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
-option(ENABLE_VSTEST "Enable test on Visual Studio" OFF)
 set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)

 if(NOT LIBRESSL_SKIP_INSTALL)
@ -79,7 +78,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
+	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic")
 endif()

 add_definitions(-DLIBRESSL_INTERNAL)
@ -98,7 +97,7 @@ if(WIN32)
 	add_definitions(-D_CRT_SECURE_NO_WARNINGS)
 	add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
 	add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
-	add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
+	add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600)
 	add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)
 endif()

@ -107,26 +106,23 @@ if(MSVC)
 	message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler")
 	if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
 		set(MSVC_DISABLED_WARNINGS_LIST
-			"C4057" # C4057: 'initializing' : 'unsigned char *' differs in
-		        	# indirection to slightly different base types from 'char [2]'
-			"C4018" # '>=': signed/unsigned mismatch
-			"C4100" # 'exarg' : unreferenced formal parameter
+			"C4018" # 'expression' : signed/unsigned mismatch
+			"C4057" # 'operator' : 'identifier1' indirection to
+		        	# slightly different base types from 'identifier2'
+			"C4100" # 'identifier' : unreferenced formal parameter
 			"C4127" # conditional expression is constant
-			"C4146" # unary minus operator applied to unsigned
-			        # type, result still unsigned
-			"C4242" # 'function' : conversion from 'int' to 'uint8_t',
+			"C4146" # unary minus operator applied to unsigned type,
+				# result still unsigned
+			"C4244" # 'argument' : conversion from 'type1' to 'type2',
 				# possible loss of data
-			"C4244" # 'function' : conversion from 'int' to 'uint8_t',
+			"C4245" # 'conversion' : conversion from 'type1' to 'type2',
+				# signed/unsigned mismatch
+			"C4267" # 'var' : conversion from 'size_t' to 'type',
 				# possible loss of data
-			"C4245" # 'initializing': conversion from 'long' to
-			        # 'unsigned long', signed/unsigned mismatch
-			"C4267" # conversion from 'size_t' to 'some type that is almost
-				# certainly safe to convert a size_t to'.
-			"C4389" # '!=': signed/unsigned mismatch
+			"C4389" # 'operator' : signed/unsigned mismatch
 			"C4706" # assignment within conditional expression
-			"C4820" # 'bytes' bytes padding added after construct 'member_name'
-			"C4996" # 'read': The POSIX name for this item is deprecated. Instead,
-			        # use the ISO C++ conformant name: _read.
+			"C4996" # The POSIX name for this item is deprecated.
+				# Instead, use the ISO C and C++ conformant name
 		)
 	elseif(CMAKE_C_COMPILER_ID MATCHES "Intel")
 		add_definitions(-D_CRT_SUPPRESS_RESTRICT)
@ -157,11 +153,6 @@ if(HAVE_ASPRINTF)
 	add_definitions(-DHAVE_ASPRINTF)
 endif()

-check_function_exists(inet_pton HAVE_INET_PTON)
-if(HAVE_INET_PTON)
-	add_definitions(-DHAVE_INET_PTON)
-endif()
-
 check_function_exists(reallocarray HAVE_REALLOCARRAY)
 if(HAVE_REALLOCARRAY)
 	add_definitions(-DHAVE_REALLOCARRAY)
@ -269,32 +260,23 @@ if(ENABLE_ASM)
 	endif()
 endif()

-if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|CYGWIN)"))
-	set(BUILD_SHARED true)
-endif()
+set(OPENSSL_LIBS tls ssl crypto)

-# USE_SHARED builds applications (e.g. openssl) using shared LibreSSL.
-# By default, applications use LibreSSL static library to avoid dependencies.
-# USE_SHARED isn't set by default; use -DUSE_SHARED=ON with CMake to enable.
-# Can be helpful for debugging; don't use for public releases.
-if(NOT BUILD_SHARED)
-	set(USE_SHARED off)
-endif()
-
-if(USE_SHARED)
-	set(OPENSSL_LIBS tls-shared ssl-shared crypto-shared)
-else()
-	set(OPENSSL_LIBS tls ssl crypto)
-endif()
-
-if(CMAKE_HOST_WIN32)
+if(WIN32)
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
 endif()
+
+check_function_exists(clock_gettime HAVE_CLOCK_GETTIME)
+if(HAVE_CLOCK_GETTIME)
+	add_definitions(-DHAVE_CLOCK_GETTIME)
+endif()
+
 if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 	check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
 	if (HAVE_CLOCK_GETTIME)
 		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
 	endif()
+	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
--- a/59
+++ b/59
@ -28,6 +28,65 @@ history is also available from Git.

 LibreSSL Portable Release Notes:

+2.7.2 - Stable release
+
+	* Updated and added extensive new HISTORY sections to API manuals.
+
+	* Added support for shared library builds with CMake on all supported
+	  platforms. Note that some of the CMake options have changed, consult
+	  the README for details.
+
+2.7.1 - Bug fixes
+
+	* Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
+	  length provided is 0 to match the OpenSSL behaviour. Issue noticed
+	  by Christian Heimes <christian@python.org>.
+
+	* Fixed builds macOS 10.11 and older.
+
+2.7.0 - Bug fixes and improvements
+
+	* Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
+	  observations of real-world usage in applications. These are
+	  implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
+	  changes have not been made to existing structs, allowing code written
+	  for older OpenSSL APIs to continue working.
+
+	* Extensive corrections, improvements, and additions to the
+	  API documentation, including new public APIs from OpenSSL that had
+	  no pre-existing documentation.
+
+	* Added support for automatic library initialization in libcrypto,
+	  libssl, and libtls. Support for pthread_once or a compatible
+	  equivalent is now required of the target operating system. As a
+	  side-effect, minimum Windows support is Vista or higher.
+
+	* Converted more packet handling methods to CBB, which improves
+	  resiliency when generating TLS messages.
+
+	* Completed TLS extension handling rewrite, improving consistency of
+	  checks for malformed and duplicate extensions.
+
+	* Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
+	  This removes the last remaining use of the old M_ASN1_* macros
+	  (asn1_mac.h) from API that needs to continue to exist.
+
+	* Added support for client-side session resumption in libtls.
+	  A libtls client can specify a session file descriptor (a regular
+	  file with appropriate ownership and permissions) and libtls will
+	  manage reading and writing of session data across TLS handshakes.
+
+	* Improved support for strict alignment on ARMv7 architectures,
+	  conditionally enabling assembly in those cases.
+
+	* Fixed a memory leak in libtls when reusing a tls_config.
+
+	* Merged more DTLS support into the regular TLS code path, removing
+	  duplicated code.
+
+	* Many improvements to Windows Cmake-based builds and tests,
+	  especially when targeting Visual Studio.
+
 2.6.4 - Bug fixes

 	* Make tls_config_parse_protocols() work correctly when passed a NULL
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 Official repository is development, not release versions of LibreSSL, and needs external applications to prepare for
 build.

-Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.4.tar.gz
+Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.2.tar.gz

 Modifications:
 - Removed tests/mandocs/pkgconfig/scripts/apps/cmake_uninstall from both filesystem and CMakeLists.txt
--- a/README.windows
+++ b/README.windows
@ -0,0 +1,65 @@
+# Building
+
+For Windows systems, LibreSSL supports the mingw-w64 toolchain, which can use
+GCC or Clang as the compiler. Contrary to its name, mingw-w64 supports both
+32-bit and 64-bit build environments. If your project already uses mingw-w64,
+then LibreSSL should integrate very nicely. Old versions of the mingw-w64
+toolchain, such as the one packaged with Ubuntu 12.04, may have trouble
+building LibreSSL. Please try it with a recent toolchain if you encounter
+troubles. Cygwin provides an easy method of installing the latest mingw-w64
+cross compilers on Windows.
+
+To configure and build LibreSSL for a 32-bit system, use the following
+build steps:
+
+ CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \
+ ./configure --host=i686-w64-mingw32
+ make
+ make check
+
+For 64-bit builds, use these instead:
+
+ CC=x86_64-w64-mingw32-gcc ./configure --host=x86_64-w64-mingw32
+ make
+ make check
+
+# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?
+
+An ABI change introduced with Microsoft Visual C++ 2005 (also known as
+Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
+build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
+is unable to represent times past 2038 (this is commonly known as the
+Y2K38 problem).
+
+If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
+expiry date is set past 19 January 2038, it will be unable to tell if the
+certificate has expired or not, and thus take the safe stance and reject it.
+
+In order to avoid this, you need to build LibreSSL (and everything that links
+with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
+use the new ABI.
+
+64-bit systems always have a 64-bit time_t and are not affected by this
+problem.
+
+# Using Libressl with Visual Studio
+
+A script for generating ready-to-use .DLL and static .LIB files is included in
+the source repository at
+https://github.com/libressl-portable/portable/blob/master/dist-win.sh
+
+This script uses mingw-w64 to build LibreSSL and then uses Visual Studio tools
+to generate compatible library import files ready-to-use with Visual
+Studio projects. Static and dynamic libraries are included. The script uses
+cv2pdb to generate Visual Studio and windbg compatible debug files. cv2pdb is a
+tool developed for the D language and can be found here:
+https://github.com/rainers/cv2pdb
+
+Pre-built Windows binaries are available with LibreSSL releases if you do not
+have a mingw-w64 build environment. Mingw-w64 code is largely, but not 100%,
+compatible with code built from Visual Studio. Notably, FILE * pointers cannot
+be shared between code built for Mingw-w64 and Visual Studio.
+
+As of LibreSSL 2.2.2, Visual Studio Native builds can be produced using CMake.
+This produces ABI-compatible libraries for linking with native code generated
+by Visual Studio.
--- a/2
+++ b/2
@ -1,2 +1,2 @@
-2.6.4
+2.7.2

--- a/cmake_export_symbol.cmake
+++ b/cmake_export_symbol.cmake
@ -1,49 +1,55 @@
-macro(export_symbol TARGET FILENAME)
+macro(export_symbol TARGET SYMBOLS_PATH)

 	set(FLAG "")
+	get_filename_component(FILENAME ${SYMBOLS_PATH} NAME)

 	if(WIN32)
 		string(REPLACE ".sym" ".def" DEF_FILENAME ${FILENAME})
-		file(WRITE ${DEF_FILENAME} "EXPORTS\n")
-		file(READ ${FILENAME} SYMBOLS)
-		file(APPEND ${DEF_FILENAME} "${SYMBOLS}")
-		target_sources(${TARGET} PRIVATE ${DEF_FILENAME})
+		file(TO_CMAKE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${DEF_FILENAME}" DEF_PATH)
+		file(WRITE ${DEF_PATH} "EXPORTS\n")
+		file(READ ${SYMBOLS_PATH} SYMBOLS)
+		file(APPEND ${DEF_PATH} "${SYMBOLS}")
+		target_sources(${TARGET} PRIVATE ${DEF_PATH})

 	elseif(APPLE)
-		file(READ ${FILENAME} SYMBOLS)
+		file(READ ${SYMBOLS_PATH} SYMBOLS)
 		string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
 		string(REPLACE "\n" "\n_" SYMBOLS ${SYMBOLS})
 		string(REGEX REPLACE "(.)$" "\\1\\n" SYMBOLS ${SYMBOLS})
 		string(REPLACE ".sym" ".exp" EXP_FILENAME ${FILENAME})
-		file(WRITE ${EXP_FILENAME} "_${SYMBOLS}")
-		set(FLAG "-exported_symbols_list ${EXP_FILENAME}")
+		file(TO_CMAKE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${EXP_FILENAME}" EXP_PATH)
+		file(WRITE ${EXP_PATH} "_${SYMBOLS}")
+		set(FLAG "-exported_symbols_list ${EXP_PATH}")
 		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})

 	elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
-		file(READ ${FILENAME} SYMBOLS)
+		file(READ ${SYMBOLS_PATH} SYMBOLS)
 		string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
 		string(REPLACE "\n" "\n+e " SYMBOLS ${SYMBOLS})
 		string(REPLACE ".sym" ".opt" OPT_FILENAME ${FILENAME})
-		file(WRITE ${OPT_FILENAME} "+e ${SYMBOLS}")
-		set(FLAG "-Wl,-c,${OPT_FILENAME}")
+		file(TO_CMAKE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${OPT_FILENAME}" OPT_PATH)
+		file(WRITE ${OPT_PATH} "+e ${SYMBOLS}")
+		set(FLAG "-Wl,-c,${OPT_PATH}")
 		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})

 	elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
-		file(READ ${FILENAME} SYMBOLS)
+		file(READ ${SYMBOLS_PATH} SYMBOLS)
 		string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
 		string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
-		file(WRITE ${VER_FILENAME}
+		file(TO_CMAKE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${VER_FILENAME}" VER_PATH)
+		file(WRITE ${VER_PATH}
 			"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
-		set(FLAG "-Wl,-M${VER_FILENAME}")
+		set(FLAG "-Wl,-M${VER_PATH}")
 		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})

 	elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
-		file(READ ${FILENAME} SYMBOLS)
+		file(READ ${SYMBOLS_PATH} SYMBOLS)
 		string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
 		string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
-		file(WRITE ${VER_FILENAME}
+		file(TO_CMAKE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${VER_FILENAME}" VER_PATH)
+		file(WRITE ${VER_PATH}
 			"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
-		set(FLAG "-Wl,--version-script,\"${VER_FILENAME}\"")
+		set(FLAG "-Wl,--version-script,\"${VER_PATH}\"")
 		set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
 	endif()

--- a/cmake_uninstall.cmake.in
+++ b/cmake_uninstall.cmake.in
@ -0,0 +1,21 @@
+if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
+	message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
+endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
+
+file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
+string(REGEX REPLACE "\n" ";" files "${files}")
+foreach(file ${files})
+	message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
+	if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
+		exec_program(
+			"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
+			OUTPUT_VARIABLE rm_out
+			RETURN_VALUE rm_retval
+			)
+		if(NOT "${rm_retval}" STREQUAL 0)
+			message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
+		endif(NOT "${rm_retval}" STREQUAL 0)
+	else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
+		message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
+	endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
+endforeach(file)
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@ -112,6 +112,7 @@ set(
 	${CRYPTO_SRC}
 	cpt_err.c
 	cryptlib.c
+	crypto_init.c
 	cversion.c
 	ex_data.c
 	malloc-wrapper.c
@ -217,6 +218,7 @@ set(
 	bio/bio_cb.c
 	bio/bio_err.c
 	bio/bio_lib.c
+	bio/bio_meth.c
 	bio/bss_acpt.c
 	bio/bss_bio.c
 	bio/bss_conn.c
@ -323,6 +325,7 @@ set(
 	dsa/dsa_gen.c
 	dsa/dsa_key.c
 	dsa/dsa_lib.c
+	dsa/dsa_meth.c
 	dsa/dsa_ossl.c
 	dsa/dsa_pmeth.c
 	dsa/dsa_prn.c
@ -551,6 +554,7 @@ set(
 	rsa/rsa_err.c
 	rsa/rsa_gen.c
 	rsa/rsa_lib.c
+	rsa/rsa_meth.c
 	rsa/rsa_none.c
 	rsa/rsa_oaep.c
 	rsa/rsa_pk1.c
@ -642,19 +646,19 @@ set(
 	x509v3/v3err.c
 )

-if(CMAKE_HOST_UNIX)
+if(UNIX)
 	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_posix.c)
 	set(CRYPTO_SRC ${CRYPTO_SRC} bio/bss_log.c)
 	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl.c)
 endif()

-if(CMAKE_HOST_WIN32)
+if(WIN32)
 	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)
 	set(CRYPTO_UNEXPORT ${CRYPTO_UNEXPORT} BIO_s_log)
 	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
 endif()

-if(CMAKE_HOST_WIN32)
+if(WIN32)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} gettimeofday)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_perror)
@ -686,11 +690,6 @@ if(NOT HAVE_GETPAGESIZE)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
 endif()

-if(NOT HAVE_INET_PTON)
-	set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
-	set(EXTRA_EXPORT ${EXTRA_EXPORT} inet_pton)
-endif()
-
 if(NOT HAVE_REALLOCARRAY)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} reallocarray)
@ -736,7 +735,7 @@ if(NOT HAVE_TIMEGM)
 endif()

 if(NOT HAVE_EXPLICIT_BZERO)
-	if(CMAKE_HOST_WIN32)
+	if(WIN32)
 		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
 	else()
 		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
@ -753,7 +752,7 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform)

 	if(NOT HAVE_GETENTROPY)
-		if(CMAKE_HOST_WIN32)
+		if(WIN32)
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_win.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "AIX")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
@ -787,7 +786,7 @@ endif()
 if(NOT ENABLE_ASM)
 	add_definitions(-DOPENSSL_NO_ASM)
 else()
-	if(CMAKE_HOST_WIN32)
+	if(WIN32)
 		add_definitions(-DOPENSSL_NO_ASM)
 	endif()
 endif()
@ -802,35 +801,33 @@ file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto.sym SYMS)
 foreach(SYM IN LISTS CRYPTO_UNEXPORT)
 	string(REPLACE "${SYM}\n" "" SYMS ${SYMS})
 endforeach()
-file(WRITE ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym ${SYMS})
+file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym ${SYMS})
 if(EXTRA_EXPORT)
 	list(SORT EXTRA_EXPORT)
 	foreach(SYM IN LISTS EXTRA_EXPORT)
-		file(APPEND ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym "${SYM}\n")
+		file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym "${SYM}\n")
 	endforeach()
 endif()

-add_library(crypto-objects OBJECT ${CRYPTO_SRC})
-if (BUILD_SHARED)
-	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
-	add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
-	export_symbol(crypto-shared ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym)
+add_library(crypto ${CRYPTO_SRC})
+if (BUILD_SHARED_LIBS)
+	export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym)
 	if (WIN32)
-		target_link_libraries(crypto-shared Ws2_32.lib)
+		target_link_libraries(crypto Ws2_32.lib)
 		set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION})
 	endif()
-	set_target_properties(crypto-shared PROPERTIES
+	set_target_properties(crypto PROPERTIES
 		OUTPUT_NAME crypto${CRYPTO_POSTFIX}
 		ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
-	set_target_properties(crypto-shared PROPERTIES VERSION
+	set_target_properties(crypto PROPERTIES VERSION
 		${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
-	if(ENABLE_LIBRESSL_INSTALL)
-		install(TARGETS crypto crypto-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
-	endif(ENABLE_LIBRESSL_INSTALL)
-else()
-	add_library(crypto STATIC ${CRYPTO_SRC})
-	if(ENABLE_LIBRESSL_INSTALL)
-		install(TARGETS crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
-	endif(ENABLE_LIBRESSL_INSTALL)
 endif()

+if(ENABLE_LIBRESSL_INSTALL)
+	install(
+		TARGETS crypto
+		ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+		LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+		RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+	)
+endif(ENABLE_LIBRESSL_INSTALL)
--- a/crypto/VERSION
+++ b/crypto/VERSION
@ -1 +1 @@
-42:0:0
+43:1:0
--- a/crypto/aes/aes-elf-x86_64.S
+++ b/crypto/aes/aes-elf-x86_64.S
@ -152,7 +152,7 @@ _x86_64_AES_encrypt:
 	xorl	%r11d,%ebx
 	xorl	%r12d,%ecx
 	xorl	%r8d,%edx
-.byte	0xf3,0xc3			
+	retq
 .size	_x86_64_AES_encrypt,.-_x86_64_AES_encrypt
 .type	_x86_64_AES_encrypt_compact,@function
 .align	16
@ -327,7 +327,7 @@ _x86_64_AES_encrypt_compact:
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
 	xorl	12(%r15),%edx
-.byte	0xf3,0xc3			
+	retq
 .size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
 .globl	AES_encrypt
 .type	AES_encrypt,@function
@ -394,7 +394,7 @@ AES_encrypt:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lenc_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	AES_encrypt,.-AES_encrypt
 .type	_x86_64_AES_decrypt,@function
 .align	16
@ -549,7 +549,7 @@ _x86_64_AES_decrypt:
 	xorl	%r11d,%ebx
 	xorl	%r12d,%ecx
 	xorl	%r8d,%edx
-.byte	0xf3,0xc3			
+	retq
 .size	_x86_64_AES_decrypt,.-_x86_64_AES_decrypt
 .type	_x86_64_AES_decrypt_compact,@function
 .align	16
@ -775,7 +775,7 @@ _x86_64_AES_decrypt_compact:
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
 	xorl	12(%r15),%edx
-.byte	0xf3,0xc3			
+	retq
 .size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
 .globl	AES_decrypt
 .type	AES_decrypt,@function
@ -844,7 +844,7 @@ AES_decrypt:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Ldec_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	AES_decrypt,.-AES_decrypt
 .globl	AES_set_encrypt_key
 .type	AES_set_encrypt_key,@function
@ -869,7 +869,7 @@ AES_set_encrypt_key:
 	movq	48(%rsp),%rbx
 	addq	$56,%rsp
 .Lenc_key_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	AES_set_encrypt_key,.-AES_set_encrypt_key

 .type	_x86_64_AES_set_encrypt_key,@function
@ -1109,7 +1109,7 @@ _x86_64_AES_set_encrypt_key:
 .Lbadpointer:
 	movq	$-1,%rax
 .Lexit:
-.byte	0xf3,0xc3			
+	retq
 .size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
 .globl	AES_set_decrypt_key
 .type	AES_set_decrypt_key,@function
@ -1296,7 +1296,7 @@ AES_set_decrypt_key:
 	movq	48(%rsp),%rbx
 	addq	$56,%rsp
 .Ldec_key_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	AES_set_decrypt_key,.-AES_set_decrypt_key
 .globl	AES_cbc_encrypt
 .type	AES_cbc_encrypt,@function
@ -1754,7 +1754,7 @@ AES_cbc_encrypt:
 .Lcbc_popfq:
 	popfq
 .Lcbc_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	AES_cbc_encrypt,.-AES_cbc_encrypt
 .align	64
 .LAES_Te:
--- a/crypto/aes/aes-macosx-x86_64.S
+++ b/crypto/aes/aes-macosx-x86_64.S
@ -152,7 +152,7 @@ L$enc_loop:
 	xorl	%r11d,%ebx
 	xorl	%r12d,%ecx
 	xorl	%r8d,%edx
-.byte	0xf3,0xc3			
+	retq


 .p2align	4
@ -327,7 +327,7 @@ L$enc_compact_done:
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
 	xorl	12(%r15),%edx
-.byte	0xf3,0xc3			
+	retq

 .globl	_AES_encrypt

@ -394,7 +394,7 @@ L$enc_prologue:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$enc_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -549,7 +549,7 @@ L$dec_loop:
 	xorl	%r11d,%ebx
 	xorl	%r12d,%ecx
 	xorl	%r8d,%edx
-.byte	0xf3,0xc3			
+	retq


 .p2align	4
@ -775,7 +775,7 @@ L$dec_compact_done:
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
 	xorl	12(%r15),%edx
-.byte	0xf3,0xc3			
+	retq

 .globl	_AES_decrypt

@ -844,7 +844,7 @@ L$dec_prologue:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$dec_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_AES_set_encrypt_key

@ -869,7 +869,7 @@ L$enc_key_prologue:
 	movq	48(%rsp),%rbx
 	addq	$56,%rsp
 L$enc_key_epilogue:
-	.byte	0xf3,0xc3
+	retq



@ -1109,7 +1109,7 @@ L$14break:
 L$badpointer:
 	movq	$-1,%rax
 L$exit:
-.byte	0xf3,0xc3			
+	retq

 .globl	_AES_set_decrypt_key

@ -1296,7 +1296,7 @@ L$abort:
 	movq	48(%rsp),%rbx
 	addq	$56,%rsp
 L$dec_key_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_AES_cbc_encrypt

@ -1754,7 +1754,7 @@ L$cbc_exit:
 L$cbc_popfq:
 	popfq
 L$cbc_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .p2align	6
 L$AES_Te:
--- a/crypto/aes/aesni-elf-x86_64.S
+++ b/crypto/aes/aesni-elf-x86_64.S
@ -18,7 +18,7 @@ aesni_encrypt:
 	jnz	.Loop_enc1_1	
 	aesenclast	%xmm1,%xmm2
 	movups	%xmm2,(%rsi)
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_encrypt,.-aesni_encrypt

 .globl	aesni_decrypt
@ -39,7 +39,7 @@ aesni_decrypt:
 	jnz	.Loop_dec1_2	
 	aesdeclast	%xmm1,%xmm2
 	movups	%xmm2,(%rsi)
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_decrypt, .-aesni_decrypt
 .type	_aesni_encrypt3,@function
 .align	16
@ -72,7 +72,7 @@ _aesni_encrypt3:
 	aesenclast	%xmm0,%xmm2
 	aesenclast	%xmm0,%xmm3
 	aesenclast	%xmm0,%xmm4
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_encrypt3,.-_aesni_encrypt3
 .type	_aesni_decrypt3,@function
 .align	16
@ -105,7 +105,7 @@ _aesni_decrypt3:
 	aesdeclast	%xmm0,%xmm2
 	aesdeclast	%xmm0,%xmm3
 	aesdeclast	%xmm0,%xmm4
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_decrypt3,.-_aesni_decrypt3
 .type	_aesni_encrypt4,@function
 .align	16
@ -143,7 +143,7 @@ _aesni_encrypt4:
 	aesenclast	%xmm0,%xmm3
 	aesenclast	%xmm0,%xmm4
 	aesenclast	%xmm0,%xmm5
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_encrypt4,.-_aesni_encrypt4
 .type	_aesni_decrypt4,@function
 .align	16
@ -181,7 +181,7 @@ _aesni_decrypt4:
 	aesdeclast	%xmm0,%xmm3
 	aesdeclast	%xmm0,%xmm4
 	aesdeclast	%xmm0,%xmm5
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_decrypt4,.-_aesni_decrypt4
 .type	_aesni_encrypt6,@function
 .align	16
@ -238,7 +238,7 @@ _aesni_encrypt6:
 	aesenclast	%xmm0,%xmm5
 	aesenclast	%xmm0,%xmm6
 	aesenclast	%xmm0,%xmm7
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_encrypt6,.-_aesni_encrypt6
 .type	_aesni_decrypt6,@function
 .align	16
@ -295,7 +295,7 @@ _aesni_decrypt6:
 	aesdeclast	%xmm0,%xmm5
 	aesdeclast	%xmm0,%xmm6
 	aesdeclast	%xmm0,%xmm7
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_decrypt6,.-_aesni_decrypt6
 .type	_aesni_encrypt8,@function
 .align	16
@ -365,7 +365,7 @@ _aesni_encrypt8:
 	aesenclast	%xmm0,%xmm7
 	aesenclast	%xmm0,%xmm8
 	aesenclast	%xmm0,%xmm9
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_encrypt8,.-_aesni_encrypt8
 .type	_aesni_decrypt8,@function
 .align	16
@ -435,7 +435,7 @@ _aesni_decrypt8:
 	aesdeclast	%xmm0,%xmm7
 	aesdeclast	%xmm0,%xmm8
 	aesdeclast	%xmm0,%xmm9
-	.byte	0xf3,0xc3
+	retq
 .size	_aesni_decrypt8,.-_aesni_decrypt8
 .globl	aesni_ecb_encrypt
 .type	aesni_ecb_encrypt,@function
@ -737,7 +737,7 @@ aesni_ecb_encrypt:
 	movups	%xmm7,80(%rsi)

 .Lecb_ret:
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
 .globl	aesni_ccm64_encrypt_blocks
 .type	aesni_ccm64_encrypt_blocks,@function
@ -794,7 +794,7 @@ aesni_ccm64_encrypt_blocks:
 	jnz	.Lccm64_enc_outer

 	movups	%xmm3,(%r9)
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
 .globl	aesni_ccm64_decrypt_blocks
 .type	aesni_ccm64_decrypt_blocks,@function
@ -881,7 +881,7 @@ aesni_ccm64_decrypt_blocks:
 	jnz	.Loop_enc1_6	
 	aesenclast	%xmm1,%xmm3
 	movups	%xmm3,(%r9)
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
 .globl	aesni_ctr32_encrypt_blocks
 .type	aesni_ctr32_encrypt_blocks,@function
@ -1129,7 +1129,7 @@ aesni_ctr32_encrypt_blocks:
 	movups	%xmm11,48(%rsi)

 .Lctr32_done:
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
 .globl	aesni_xts_encrypt
 .type	aesni_xts_encrypt,@function
@ -1525,7 +1525,7 @@ aesni_xts_encrypt:
 .Lxts_enc_ret:
 	leaq	104(%rsp),%rsp
 .Lxts_enc_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_xts_encrypt,.-aesni_xts_encrypt
 .globl	aesni_xts_decrypt
 .type	aesni_xts_decrypt,@function
@ -1965,7 +1965,7 @@ aesni_xts_decrypt:
 .Lxts_dec_ret:
 	leaq	104(%rsp),%rsp
 .Lxts_dec_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_xts_decrypt,.-aesni_xts_decrypt
 .globl	aesni_cbc_encrypt
 .type	aesni_cbc_encrypt,@function
@ -2290,7 +2290,7 @@ aesni_cbc_encrypt:

 .Lcbc_dec_ret:
 .Lcbc_ret:
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_cbc_encrypt,.-aesni_cbc_encrypt
 .globl	aesni_set_decrypt_key
 .type	aesni_set_decrypt_key,@function
@ -2327,7 +2327,7 @@ aesni_set_decrypt_key:
 	movups	%xmm0,(%rdi)
 .Ldec_key_ret:
 	addq	$8,%rsp
-	.byte	0xf3,0xc3
+	retq
 .LSEH_end_set_decrypt_key:
 .size	aesni_set_decrypt_key,.-aesni_set_decrypt_key
 .globl	aesni_set_encrypt_key
@ -2449,7 +2449,7 @@ __aesni_set_encrypt_key:
 	movq	$-2,%rax
 .Lenc_key_ret:
 	addq	$8,%rsp
-	.byte	0xf3,0xc3
+	retq
 .LSEH_end_set_encrypt_key:

 .align	16
@ -2463,7 +2463,7 @@ __aesni_set_encrypt_key:
 	xorps	%xmm4,%xmm0
 	shufps	$255,%xmm1,%xmm1
 	xorps	%xmm1,%xmm0
-	.byte	0xf3,0xc3
+	retq

 .align	16
 .Lkey_expansion_192a:
@ -2483,7 +2483,7 @@ __aesni_set_encrypt_key:
 	pxor	%xmm1,%xmm0
 	pshufd	$255,%xmm0,%xmm3
 	pxor	%xmm3,%xmm2
-	.byte	0xf3,0xc3
+	retq

 .align	16
 .Lkey_expansion_192b:
@ -2506,7 +2506,7 @@ __aesni_set_encrypt_key:
 	xorps	%xmm4,%xmm0
 	shufps	$255,%xmm1,%xmm1
 	xorps	%xmm1,%xmm0
-	.byte	0xf3,0xc3
+	retq

 .align	16
 .Lkey_expansion_256b:
@ -2519,7 +2519,7 @@ __aesni_set_encrypt_key:
 	xorps	%xmm4,%xmm2
 	shufps	$170,%xmm1,%xmm1
 	xorps	%xmm1,%xmm2
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_set_encrypt_key,.-aesni_set_encrypt_key
 .size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
 .align	64
--- a/crypto/aes/aesni-macosx-x86_64.S
+++ b/crypto/aes/aesni-macosx-x86_64.S
@ -18,7 +18,7 @@ L$oop_enc1_1:
 	jnz	L$oop_enc1_1	
 	aesenclast	%xmm1,%xmm2
 	movups	%xmm2,(%rsi)
-	.byte	0xf3,0xc3
+	retq


 .globl	_aesni_decrypt
@ -39,7 +39,7 @@ L$oop_dec1_2:
 	jnz	L$oop_dec1_2	
 	aesdeclast	%xmm1,%xmm2
 	movups	%xmm2,(%rsi)
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -72,7 +72,7 @@ L$enc_loop3:
 	aesenclast	%xmm0,%xmm2
 	aesenclast	%xmm0,%xmm3
 	aesenclast	%xmm0,%xmm4
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -105,7 +105,7 @@ L$dec_loop3:
 	aesdeclast	%xmm0,%xmm2
 	aesdeclast	%xmm0,%xmm3
 	aesdeclast	%xmm0,%xmm4
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -143,7 +143,7 @@ L$enc_loop4:
 	aesenclast	%xmm0,%xmm3
 	aesenclast	%xmm0,%xmm4
 	aesenclast	%xmm0,%xmm5
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -181,7 +181,7 @@ L$dec_loop4:
 	aesdeclast	%xmm0,%xmm3
 	aesdeclast	%xmm0,%xmm4
 	aesdeclast	%xmm0,%xmm5
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -238,7 +238,7 @@ L$enc_loop6_enter:
 	aesenclast	%xmm0,%xmm5
 	aesenclast	%xmm0,%xmm6
 	aesenclast	%xmm0,%xmm7
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -295,7 +295,7 @@ L$dec_loop6_enter:
 	aesdeclast	%xmm0,%xmm5
 	aesdeclast	%xmm0,%xmm6
 	aesdeclast	%xmm0,%xmm7
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -365,7 +365,7 @@ L$enc_loop8_enter:
 	aesenclast	%xmm0,%xmm7
 	aesenclast	%xmm0,%xmm8
 	aesenclast	%xmm0,%xmm9
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -435,7 +435,7 @@ L$dec_loop8_enter:
 	aesdeclast	%xmm0,%xmm7
 	aesdeclast	%xmm0,%xmm8
 	aesdeclast	%xmm0,%xmm9
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_ecb_encrypt

@ -737,7 +737,7 @@ L$ecb_dec_six:
 	movups	%xmm7,80(%rsi)

 L$ecb_ret:
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_ccm64_encrypt_blocks

@ -794,7 +794,7 @@ L$ccm64_enc2_loop:
 	jnz	L$ccm64_enc_outer

 	movups	%xmm3,(%r9)
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_ccm64_decrypt_blocks

@ -881,7 +881,7 @@ L$oop_enc1_6:
 	jnz	L$oop_enc1_6	
 	aesenclast	%xmm1,%xmm3
 	movups	%xmm3,(%r9)
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_ctr32_encrypt_blocks

@ -1129,7 +1129,7 @@ L$ctr32_four:
 	movups	%xmm11,48(%rsi)

 L$ctr32_done:
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_xts_encrypt

@ -1525,7 +1525,7 @@ L$oop_enc1_10:
 L$xts_enc_ret:
 	leaq	104(%rsp),%rsp
 L$xts_enc_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_xts_decrypt

@ -1965,7 +1965,7 @@ L$oop_dec1_14:
 L$xts_dec_ret:
 	leaq	104(%rsp),%rsp
 L$xts_dec_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_cbc_encrypt

@ -2290,7 +2290,7 @@ L$cbc_dec_tail_partial:

 L$cbc_dec_ret:
 L$cbc_ret:
-	.byte	0xf3,0xc3
+	retq

 .globl	_aesni_set_decrypt_key

@ -2327,7 +2327,7 @@ L$dec_key_inverse:
 	movups	%xmm0,(%rdi)
 L$dec_key_ret:
 	addq	$8,%rsp
-	.byte	0xf3,0xc3
+	retq
 L$SEH_end_set_decrypt_key:

 .globl	_aesni_set_encrypt_key
@ -2449,7 +2449,7 @@ L$bad_keybits:
 	movq	$-2,%rax
 L$enc_key_ret:
 	addq	$8,%rsp
-	.byte	0xf3,0xc3
+	retq
 L$SEH_end_set_encrypt_key:

 .p2align	4
@ -2463,7 +2463,7 @@ L$key_expansion_128_cold:
 	xorps	%xmm4,%xmm0
 	shufps	$255,%xmm1,%xmm1
 	xorps	%xmm1,%xmm0
-	.byte	0xf3,0xc3
+	retq

 .p2align	4
 L$key_expansion_192a:
@ -2483,7 +2483,7 @@ L$key_expansion_192b_warm:
 	pxor	%xmm1,%xmm0
 	pshufd	$255,%xmm0,%xmm3
 	pxor	%xmm3,%xmm2
-	.byte	0xf3,0xc3
+	retq

 .p2align	4
 L$key_expansion_192b:
@ -2506,7 +2506,7 @@ L$key_expansion_256a_cold:
 	xorps	%xmm4,%xmm0
 	shufps	$255,%xmm1,%xmm1
 	xorps	%xmm1,%xmm0
-	.byte	0xf3,0xc3
+	retq

 .p2align	4
 L$key_expansion_256b:
@ -2519,7 +2519,7 @@ L$key_expansion_256b:
 	xorps	%xmm4,%xmm2
 	shufps	$170,%xmm1,%xmm1
 	xorps	%xmm1,%xmm2
-	.byte	0xf3,0xc3
+	retq


 .p2align	6
--- a/crypto/aes/aesni-sha1-elf-x86_64.S
+++ b/crypto/aes/aesni-sha1-elf-x86_64.S
@ -11,7 +11,7 @@ aesni_cbc_sha1_enc:
 	movl	OPENSSL_ia32cap_P+0(%rip),%r10d
 	movl	OPENSSL_ia32cap_P+4(%rip),%r11d
 	jmp	aesni_cbc_sha1_enc_ssse3
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
 .type	aesni_cbc_sha1_enc_ssse3,@function
 .align	16
@ -1384,7 +1384,7 @@ aesni_cbc_sha1_enc_ssse3:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lepilogue_ssse3:
-	.byte	0xf3,0xc3
+	retq
 .size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
 .align	64
 K_XX_XX:
--- a/crypto/aes/aesni-sha1-macosx-x86_64.S
+++ b/crypto/aes/aesni-sha1-macosx-x86_64.S
@ -11,7 +11,7 @@ _aesni_cbc_sha1_enc:
 	movl	_OPENSSL_ia32cap_P+0(%rip),%r10d
 	movl	_OPENSSL_ia32cap_P+4(%rip),%r11d
 	jmp	aesni_cbc_sha1_enc_ssse3
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -1384,7 +1384,7 @@ L$aesenclast5:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$epilogue_ssse3:
-	.byte	0xf3,0xc3
+	retq

 .p2align	6
 K_XX_XX:
--- a/crypto/aes/bsaes-elf-x86_64.S
+++ b/crypto/aes/bsaes-elf-x86_64.S
@ -473,7 +473,7 @@ _bsaes_encrypt8_bitslice:
 	pxor	%xmm7,%xmm4
 	pxor	%xmm7,%xmm15
 	pxor	%xmm7,%xmm0
-	.byte	0xf3,0xc3
+	retq
 .size	_bsaes_encrypt8,.-_bsaes_encrypt8

 .type	_bsaes_decrypt8,@function
@ -979,7 +979,7 @@ _bsaes_decrypt8:
 	pxor	%xmm7,%xmm4
 	pxor	%xmm7,%xmm15
 	pxor	%xmm7,%xmm0
-	.byte	0xf3,0xc3
+	retq
 .size	_bsaes_decrypt8,.-_bsaes_decrypt8
 .type	_bsaes_key_convert,@function
 .align	16
@ -1061,7 +1061,7 @@ _bsaes_key_convert:

 	movdqa	80(%r11),%xmm7

-	.byte	0xf3,0xc3
+	retq
 .size	_bsaes_key_convert,.-_bsaes_key_convert

 .globl	bsaes_cbc_encrypt
@ -1311,7 +1311,7 @@ bsaes_cbc_encrypt:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 .Lcbc_dec_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt

 .globl	bsaes_ctr32_encrypt_blocks
@ -1511,7 +1511,7 @@ bsaes_ctr32_encrypt_blocks:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 .Lctr_enc_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
 .globl	bsaes_xts_encrypt
 .type	bsaes_xts_encrypt,@function
@ -1962,7 +1962,7 @@ bsaes_xts_encrypt:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 .Lxts_enc_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bsaes_xts_encrypt,.-bsaes_xts_encrypt

 .globl	bsaes_xts_decrypt
@ -2440,7 +2440,7 @@ bsaes_xts_decrypt:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 .Lxts_dec_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
 .type	_bsaes_const,@object
 .align	64
--- a/crypto/aes/bsaes-macosx-x86_64.S
+++ b/crypto/aes/bsaes-macosx-x86_64.S
@ -473,7 +473,7 @@ L$enc_done:
 	pxor	%xmm7,%xmm4
 	pxor	%xmm7,%xmm15
 	pxor	%xmm7,%xmm0
-	.byte	0xf3,0xc3
+	retq



@ -979,7 +979,7 @@ L$dec_done:
 	pxor	%xmm7,%xmm4
 	pxor	%xmm7,%xmm15
 	pxor	%xmm7,%xmm0
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -1061,7 +1061,7 @@ L$key_loop:

 	movdqa	80(%r11),%xmm7

-	.byte	0xf3,0xc3
+	retq


 .globl	_bsaes_cbc_encrypt
@ -1311,7 +1311,7 @@ L$cbc_dec_bzero:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 L$cbc_dec_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .globl	_bsaes_ctr32_encrypt_blocks
@ -1511,7 +1511,7 @@ L$ctr_enc_bzero:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 L$ctr_enc_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_bsaes_xts_encrypt

@ -1962,7 +1962,7 @@ L$xts_enc_bzero:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 L$xts_enc_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .globl	_bsaes_xts_decrypt
@ -2440,7 +2440,7 @@ L$xts_dec_bzero:
 	leaq	120(%rsp),%rsp
 	movq	%rax,%rbp
 L$xts_dec_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .p2align	6
--- a/crypto/aes/vpaes-elf-x86_64.S
+++ b/crypto/aes/vpaes-elf-x86_64.S
@ -98,7 +98,7 @@ _vpaes_encrypt_core:
 	movdqa	64(%r11,%r10,1),%xmm1
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,193
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core


@ -205,7 +205,7 @@ _vpaes_decrypt_core:
 .byte	102,15,56,0,195
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,194
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_decrypt_core,.-_vpaes_decrypt_core


@ -381,7 +381,7 @@ _vpaes_schedule_core:
 	pxor	%xmm5,%xmm5
 	pxor	%xmm6,%xmm6
 	pxor	%xmm7,%xmm7
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_schedule_core,.-_vpaes_schedule_core


@ -408,7 +408,7 @@ _vpaes_schedule_192_smear:
 	movdqa	%xmm6,%xmm0
 	pxor	%xmm1,%xmm1
 	movhlps	%xmm1,%xmm6
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear


@ -484,7 +484,7 @@ _vpaes_schedule_low_round:

 	pxor	%xmm7,%xmm0
 	movdqa	%xmm0,%xmm7
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_schedule_round,.-_vpaes_schedule_round


@ -508,7 +508,7 @@ _vpaes_schedule_transform:
 	movdqa	16(%r11),%xmm0
 .byte	102,15,56,0,193
 	pxor	%xmm2,%xmm0
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_schedule_transform,.-_vpaes_schedule_transform


@ -600,7 +600,7 @@ _vpaes_schedule_mangle:
 	addq	$-16,%r8
 	andq	$48,%r8
 	movdqu	%xmm3,(%rdx)
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle


@ -619,7 +619,7 @@ vpaes_set_encrypt_key:
 	movl	$48,%r8d
 	call	_vpaes_schedule_core
 	xorl	%eax,%eax
-	.byte	0xf3,0xc3
+	retq
 .size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key

 .globl	vpaes_set_decrypt_key
@ -640,7 +640,7 @@ vpaes_set_decrypt_key:
 	xorl	$32,%r8d
 	call	_vpaes_schedule_core
 	xorl	%eax,%eax
-	.byte	0xf3,0xc3
+	retq
 .size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key

 .globl	vpaes_encrypt
@ -651,7 +651,7 @@ vpaes_encrypt:
 	call	_vpaes_preheat
 	call	_vpaes_encrypt_core
 	movdqu	%xmm0,(%rsi)
-	.byte	0xf3,0xc3
+	retq
 .size	vpaes_encrypt,.-vpaes_encrypt

 .globl	vpaes_decrypt
@ -662,7 +662,7 @@ vpaes_decrypt:
 	call	_vpaes_preheat
 	call	_vpaes_decrypt_core
 	movdqu	%xmm0,(%rsi)
-	.byte	0xf3,0xc3
+	retq
 .size	vpaes_decrypt,.-vpaes_decrypt
 .globl	vpaes_cbc_encrypt
 .type	vpaes_cbc_encrypt,@function
@ -702,7 +702,7 @@ vpaes_cbc_encrypt:
 .Lcbc_done:
 	movdqu	%xmm6,(%r8)
 .Lcbc_abort:
-	.byte	0xf3,0xc3
+	retq
 .size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt


@ -721,7 +721,7 @@ _vpaes_preheat:
 	movdqa	64(%r10),%xmm12
 	movdqa	80(%r10),%xmm15
 	movdqa	96(%r10),%xmm14
-	.byte	0xf3,0xc3
+	retq
 .size	_vpaes_preheat,.-_vpaes_preheat


--- a/crypto/aes/vpaes-macosx-x86_64.S
+++ b/crypto/aes/vpaes-macosx-x86_64.S
@ -98,7 +98,7 @@ L$enc_entry:
 	movdqa	64(%r11,%r10,1),%xmm1
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,193
-	.byte	0xf3,0xc3
+	retq



@ -205,7 +205,7 @@ L$dec_entry:
 .byte	102,15,56,0,195
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,194
-	.byte	0xf3,0xc3
+	retq



@ -381,7 +381,7 @@ L$schedule_mangle_last_dec:
 	pxor	%xmm5,%xmm5
 	pxor	%xmm6,%xmm6
 	pxor	%xmm7,%xmm7
-	.byte	0xf3,0xc3
+	retq



@ -408,7 +408,7 @@ _vpaes_schedule_192_smear:
 	movdqa	%xmm6,%xmm0
 	pxor	%xmm1,%xmm1
 	movhlps	%xmm1,%xmm6
-	.byte	0xf3,0xc3
+	retq



@ -484,7 +484,7 @@ _vpaes_schedule_low_round:

 	pxor	%xmm7,%xmm0
 	movdqa	%xmm0,%xmm7
-	.byte	0xf3,0xc3
+	retq



@ -508,7 +508,7 @@ _vpaes_schedule_transform:
 	movdqa	16(%r11),%xmm0
 .byte	102,15,56,0,193
 	pxor	%xmm2,%xmm0
-	.byte	0xf3,0xc3
+	retq



@ -600,7 +600,7 @@ L$schedule_mangle_both:
 	addq	$-16,%r8
 	andq	$48,%r8
 	movdqu	%xmm3,(%rdx)
-	.byte	0xf3,0xc3
+	retq



@ -619,7 +619,7 @@ _vpaes_set_encrypt_key:
 	movl	$48,%r8d
 	call	_vpaes_schedule_core
 	xorl	%eax,%eax
-	.byte	0xf3,0xc3
+	retq


 .globl	_vpaes_set_decrypt_key
@ -640,7 +640,7 @@ _vpaes_set_decrypt_key:
 	xorl	$32,%r8d
 	call	_vpaes_schedule_core
 	xorl	%eax,%eax
-	.byte	0xf3,0xc3
+	retq


 .globl	_vpaes_encrypt
@ -651,7 +651,7 @@ _vpaes_encrypt:
 	call	_vpaes_preheat
 	call	_vpaes_encrypt_core
 	movdqu	%xmm0,(%rsi)
-	.byte	0xf3,0xc3
+	retq


 .globl	_vpaes_decrypt
@ -662,7 +662,7 @@ _vpaes_decrypt:
 	call	_vpaes_preheat
 	call	_vpaes_decrypt_core
 	movdqu	%xmm0,(%rsi)
-	.byte	0xf3,0xc3
+	retq

 .globl	_vpaes_cbc_encrypt

@ -702,7 +702,7 @@ L$cbc_dec_loop:
 L$cbc_done:
 	movdqu	%xmm6,(%r8)
 L$cbc_abort:
-	.byte	0xf3,0xc3
+	retq



@ -721,7 +721,7 @@ _vpaes_preheat:
 	movdqa	64(%r10),%xmm12
 	movdqa	80(%r10),%xmm15
 	movdqa	96(%r10),%xmm14
-	.byte	0xf3,0xc3
+	retq



--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.39 2017/05/02 03:59:44 deraadt Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.40 2018/02/14 16:46:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -484,3 +484,9 @@ ASN1_STRING_data(ASN1_STRING *x)
 {
 	return (x->data);
 }
+
+const unsigned char *
+ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+	return (x->data);
+}
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@ -1,4 +1,4 @@
-/* $OpenBSD: evp_asn1.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: evp_asn1.c,v 1.20 2017/11/28 16:51:21 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -60,7 +60,7 @@
 #include <string.h>

 #include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
+#include <openssl/asn1t.h>
 #include <openssl/err.h>

 int
@ -78,7 +78,6 @@ ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 	return (1);
 }

-/* int max_len:  for returned value    */
 int
 ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
 {
@ -100,101 +99,99 @@ ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
 	return (ret);
 }

+typedef struct {
+	ASN1_INTEGER *num;
+	ASN1_OCTET_STRING *value;
+} ASN1_int_octetstring;
+
+static const ASN1_TEMPLATE ASN1_INT_OCTETSTRING_seq_tt[] = {
+	{
+		.offset = offsetof(ASN1_int_octetstring, num),
+		.field_name = "num",
+		.item = &ASN1_INTEGER_it,
+	},
+	{
+		.offset = offsetof(ASN1_int_octetstring, value),
+		.field_name = "value",
+		.item = &ASN1_OCTET_STRING_it,
+	},
+};
+
+const ASN1_ITEM ASN1_INT_OCTETSTRING_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = ASN1_INT_OCTETSTRING_seq_tt,
+	.tcount = sizeof(ASN1_INT_OCTETSTRING_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.size = sizeof(ASN1_int_octetstring),
+	.sname = "ASN1_INT_OCTETSTRING",
+};
+
 int
-ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+ASN1_TYPE_set_int_octetstring(ASN1_TYPE *at, long num, unsigned char *data,
    int len)
 {
-	int n, size;
-	ASN1_OCTET_STRING os, *osp;
-	ASN1_INTEGER in;
-	unsigned char *p;
-	unsigned char buf[32]; /* when they have 256bit longs,
-				* I'll be in trouble */
-	in.data = buf;
-	in.length = 32;
-	os.data = data;
-	os.type = V_ASN1_OCTET_STRING;
-	os.length = len;
-	ASN1_INTEGER_set(&in, num);
-	n = i2d_ASN1_INTEGER(&in, NULL);
-	n += i2d_ASN1_bytes((ASN1_STRING *)&os, NULL, V_ASN1_OCTET_STRING,
-	    V_ASN1_UNIVERSAL);
+	ASN1_int_octetstring *ios;
+	ASN1_STRING *sp = NULL;
+	int ret = 0;

-	size = ASN1_object_size(1, n, V_ASN1_SEQUENCE);
+	if ((ios = (ASN1_int_octetstring *)ASN1_item_new(
+	    &ASN1_INT_OCTETSTRING_it)) == NULL)
+		goto err;
+	if ((ios->num = ASN1_INTEGER_new()) == NULL)
+		goto err;
+	if (!ASN1_INTEGER_set(ios->num, num))
+		goto err;
+	if ((ios->value = ASN1_OCTET_STRING_new()) == NULL)
+		goto err;
+	if (!ASN1_OCTET_STRING_set(ios->value, data, len))
+		goto err;

-	if ((osp = ASN1_STRING_new()) == NULL)
-		return (0);
-	/* Grow the 'string' */
-	if (!ASN1_STRING_set(osp, NULL, size)) {
-		ASN1_STRING_free(osp);
-		return (0);
-	}
+	if ((sp = ASN1_item_pack(ios, &ASN1_INT_OCTETSTRING_it, NULL)) == NULL)
+		goto err;

-	ASN1_STRING_length_set(osp, size);
-	p = ASN1_STRING_data(osp);
+	ASN1_TYPE_set(at, V_ASN1_SEQUENCE, sp);
+	sp = NULL;

-	ASN1_put_object(&p, 1,n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-	i2d_ASN1_INTEGER(&in, &p);
-	i2d_ASN1_bytes((ASN1_STRING *)&os, &p, V_ASN1_OCTET_STRING,
-	    V_ASN1_UNIVERSAL);
+	ret = 1;

-	ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp);
-	return (1);
+ err:
+	ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it);
+	ASN1_STRING_free(sp);
+
+	return ret;
 }

-/* we return the actual length..., num may be missing, in which
- * case, set it to zero */
-/* int max_len:  for returned value    */
 int
-ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+ASN1_TYPE_get_int_octetstring(ASN1_TYPE *at, long *num, unsigned char *data,
    int max_len)
 {
-	int ret = -1, n;
-	ASN1_INTEGER *ai = NULL;
-	ASN1_OCTET_STRING *os = NULL;
-	const unsigned char *p;
-	long length;
-	ASN1_const_CTX c;
+	ASN1_STRING *sp = at->value.sequence;
+	ASN1_int_octetstring *ios = NULL;
+	int ret = -1;
+	int len;

-	if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
+	if (at->type != V_ASN1_SEQUENCE || sp == NULL)
 		goto err;
-	}
-	p = ASN1_STRING_data(a->value.sequence);
-	length = ASN1_STRING_length(a->value.sequence);

-	c.pp = &p;
-	c.p = p;
-	c.max = p + length;
-	c.error = ASN1_R_DATA_IS_WRONG;
-
-	M_ASN1_D2I_start_sequence();
-	c.q = c.p;
-	if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL)
-		goto err;
-	c.slen -= (c.p - c.q);
-	c.q = c.p;
-	if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
-		goto err;
-	c.slen -= (c.p - c.q);
-	if (!M_ASN1_D2I_end_sequence())
+	if ((ios = ASN1_item_unpack(sp, &ASN1_INT_OCTETSTRING_it)) == NULL)
 		goto err;

 	if (num != NULL)
-		*num = ASN1_INTEGER_get(ai);
-
-	ret = ASN1_STRING_length(os);
-	if (max_len > ret)
-		n = ret;
-	else
-		n = max_len;
-
-	if (data != NULL)
-		memcpy(data, ASN1_STRING_data(os), n);
-	if (0) {
-err:
-		ASN1error(ASN1_R_DATA_IS_WRONG);
+		*num = ASN1_INTEGER_get(ios->num);
+	if (data != NULL) {
+		len = ASN1_STRING_length(ios->value);
+		if (len > max_len)
+			len = max_len;
+		memcpy(data, ASN1_STRING_data(ios->value), len);
 	}
-	ASN1_OCTET_STRING_free(os);
-	ASN1_INTEGER_free(ai);
-	return (ret);
+
+	ret = ASN1_STRING_length(ios->value);
+
+ err:
+	ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it);
+
+	if (ret == -1)
+		ASN1error(ASN1_R_DATA_IS_WRONG);
+
+	return ret;
 }
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: x_crl.c,v 1.30 2018/03/17 14:33:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -462,6 +462,12 @@ X509_REVOKED_free(X509_REVOKED *a)
 	ASN1_item_free((ASN1_VALUE *)a, &X509_REVOKED_it);
 }

+X509_REVOKED *
+X509_REVOKED_dup(X509_REVOKED *a)
+{
+	return ASN1_item_dup(&X509_REVOKED_it, a);
+}
+
 X509_CRL_INFO *
 d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len)
 {
@ -685,3 +691,37 @@ X509_CRL_get_meth_data(X509_CRL *crl)
 {
 	return crl->meth_data;
 }
+
+int
+X509_CRL_get_signature_nid(const X509_CRL *crl)
+{
+	return OBJ_obj2nid(crl->sig_alg->algorithm);
+}
+
+const STACK_OF(X509_EXTENSION) *
+X509_CRL_get0_extensions(const X509_CRL *crl)
+{
+	return crl->crl->extensions;
+}
+
+const ASN1_TIME *
+X509_CRL_get0_lastUpdate(const X509_CRL *crl)
+{
+	return crl->crl->lastUpdate;
+}
+
+const ASN1_TIME *
+X509_CRL_get0_nextUpdate(const X509_CRL *crl)
+{
+	return crl->crl->nextUpdate;
+}
+
+void
+X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+    const X509_ALGOR **palg)
+{
+	if (psig != NULL)
+		*psig = crl->signature;
+	if (palg != NULL)
+		*palg = crl->sig_alg;
+}
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_name.c,v 1.33 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: x_name.c,v 1.34 2018/02/20 17:09:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -640,3 +640,16 @@ X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 	}
 	return (*xn != NULL);
 }
+
+int
+X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen)
+{
+	/* Make sure encoding is valid. */
+	if (i2d_X509_NAME(nm, NULL) <= 0)
+		return 0;
+	if (pder != NULL)
+		*pder = (unsigned char *)nm->bytes->data;
+	if (pderlen != NULL)
+		*pderlen = nm->bytes->length;
+	return 1;
+}
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_pubkey.c,v 1.26 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: x_pubkey.c,v 1.27 2018/03/17 14:55:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -175,17 +175,15 @@ error:
 }

 EVP_PKEY *
-X509_PUBKEY_get(X509_PUBKEY *key)
+X509_PUBKEY_get0(X509_PUBKEY *key)
 {
 	EVP_PKEY *ret = NULL;

 	if (key == NULL)
 		goto error;

-	if (key->pkey != NULL) {
-		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+	if (key->pkey != NULL)
 		return key->pkey;
-	}

 	if (key->public_key == NULL)
 		goto error;
@ -220,7 +218,6 @@ X509_PUBKEY_get(X509_PUBKEY *key)
 		key->pkey = ret;
 		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
 	}
-	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);

 	return ret;

@ -229,6 +226,19 @@ error:
 	return (NULL);
 }

+EVP_PKEY *
+X509_PUBKEY_get(X509_PUBKEY *key)
+{
+	EVP_PKEY *pkey;
+
+	if ((pkey = X509_PUBKEY_get0(key)) == NULL)
+		return (NULL);
+
+	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+
+	return pkey;
+}
+
 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure
 * and encode or decode as X509_PUBKEY
 */
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_req.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */
+/* $OpenBSD: x_req.c,v 1.17 2018/02/22 16:50:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -225,3 +225,19 @@ X509_REQ_dup(X509_REQ *x)
 {
 	return ASN1_item_dup(&X509_REQ_it, x);
 }
+
+int
+X509_REQ_get_signature_nid(const X509_REQ *req)
+{
+	return OBJ_obj2nid(req->sig_alg->algorithm);
+}
+
+void
+X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+    const X509_ALGOR **palg)
+{
+	if (psig != NULL)
+		*psig = req->signature;
+	if (palg != NULL)
+		*palg = req->sig_alg;
+}
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509.c,v 1.24 2015/03/19 14:00:22 tedu Exp $ */
+/* $OpenBSD: x_x509.c,v 1.26 2018/02/17 15:50:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -344,3 +344,19 @@ i2d_X509_AUX(X509 *a, unsigned char **pp)
 		length += i2d_X509_CERT_AUX(a->aux, pp);
 	return length;
 }
+
+void
+X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
+    const X509 *x)
+{
+	if (psig != NULL)
+		*psig = x->signature;
+	if (palg != NULL)
+		*palg = x->sig_alg;
+}
+
+int
+X509_get_signature_nid(const X509 *x)
+{
+	return OBJ_obj2nid(x->sig_alg->algorithm);
+}
--- a/crypto/bio/b_posix.c
+++ b/crypto/bio/b_posix.c
@ -1,4 +1,4 @@
-/* $OpenBSD: b_posix.c,v 1.1 2014/12/03 22:14:38 bcook Exp $ */
+/* $OpenBSD: b_posix.c,v 1.2 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -68,6 +68,8 @@
 int
 BIO_sock_init(void)
 {
+	if (!OPENSSL_init_crypto(0, NULL)) /* XXX do we need this? */
+		return (0);
 	return (1);
 }

--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@ -1,4 +1,4 @@
-/* $OpenBSD: b_sock.c,v 1.67 2017/04/30 17:54:11 beck Exp $ */
+/* $OpenBSD: b_sock.c,v 1.69 2018/02/07 00:52:05 bluhm Exp $ */
 /*
 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
 *
@ -134,9 +134,10 @@ BIO_get_accept_socket(char *host, int bind_mode)
 	p = NULL;
 	h = str;
 	if ((p = strrchr(str, ':')) == NULL) {
-		BIOerror(BIO_R_NO_PORT_SPECIFIED);
-		goto err;
-	}
+		/* A string without a colon is treated as a port. */
+		p = str;
+		h = NULL;
+	} else {
 		*p++ = '\0';
 		if (*p == '\0') {
 			BIOerror(BIO_R_NO_PORT_SPECIFIED);
@ -144,6 +145,7 @@ BIO_get_accept_socket(char *host, int bind_mode)
 		}
 		if (*h == '\0' || strcmp(h, "*") == 0)
 			h = NULL;
+	}

 	if ((error = getaddrinfo(h, p, &hints, &res)) != 0) {
 		ERR_asprintf_error_data("getaddrinfo: '%s:%s': %s'", h, p,
@ -184,6 +186,7 @@ BIO_get_accept_socket(char *host, int bind_mode)

 err:
 	free(str);
+	if (res != NULL)
 		freeaddrinfo(res);
 	if ((ret == 0) && (s != -1)) {
 		close(s);
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.27 2018/02/22 16:38:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -64,6 +64,20 @@
 #include <openssl/err.h>
 #include <openssl/stack.h>

+int
+BIO_get_new_index(void)
+{
+	static int bio_type_index = BIO_TYPE_START;
+	int index;
+
+	/* The index will collide with the BIO flag bits if it exceeds 255. */
+	index = CRYPTO_add(&bio_type_index, 1, CRYPTO_LOCK_BIO);
+	if (index > 255)
+		return -1;
+
+	return index;
+}
+
 BIO *
 BIO_new(BIO_METHOD *method)
 {
@ -137,6 +151,43 @@ BIO_vfree(BIO *a)
 	BIO_free(a);
 }

+int
+BIO_up_ref(BIO *bio)
+{
+	int refs = CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
+	return (refs > 1) ? 1 : 0;
+}
+
+void *
+BIO_get_data(BIO *a)
+{
+	return (a->ptr);
+}
+
+void
+BIO_set_data(BIO *a, void *ptr)
+{
+	a->ptr = ptr;
+}
+
+void
+BIO_set_init(BIO *a, int init)
+{
+	a->init = init;
+}
+
+int
+BIO_get_shutdown(BIO *a)
+{
+	return (a->shutdown);
+}
+
+void
+BIO_set_shutdown(BIO *a, int shut)
+{
+	a->shutdown = shut;
+}
+
 void
 BIO_clear_flags(BIO *b, int flags)
 {
--- a/crypto/bio/bio_meth.c
+++ b/crypto/bio/bio_meth.c
@ -0,0 +1,147 @@
+/*	$OpenBSD: bio_meth.c,v 1.5 2018/02/20 18:51:35 tb Exp $	*/
+/*
+ * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+
+#include <openssl/bio.h>
+
+BIO_METHOD *
+BIO_meth_new(int type, const char *name)
+{
+	BIO_METHOD *biom;
+
+	if ((biom = calloc(1, sizeof(*biom))) == NULL)
+		return NULL;
+
+	biom->type = type;
+	biom->name = name;
+
+	return biom;
+}
+
+void
+BIO_meth_free(BIO_METHOD *biom)
+{
+	free(biom);
+}
+
+int
+(*BIO_meth_get_write(BIO_METHOD *biom))(BIO *, const char *, int)
+{
+	return biom->bwrite;
+}
+
+int
+BIO_meth_set_write(BIO_METHOD *biom, int (*write)(BIO *, const char *, int))
+{
+	biom->bwrite = write;
+	return 1;
+}
+
+int
+(*BIO_meth_get_read(BIO_METHOD *biom))(BIO *, char *, int)
+{
+	return biom->bread;
+}
+
+int
+BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int))
+{
+	biom->bread = read;
+	return 1;
+}
+
+int
+(*BIO_meth_get_puts(BIO_METHOD *biom))(BIO *, const char *)
+{
+	return biom->bputs;
+}
+
+int
+BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *))
+{
+	biom->bputs = puts;
+	return 1;
+}
+
+int
+(*BIO_meth_get_gets(BIO_METHOD *biom))(BIO *, char *, int)
+{
+	return biom->bgets;
+}
+
+int
+BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int))
+{
+	biom->bgets = gets;
+	return 1;
+}
+
+long
+(*BIO_meth_get_ctrl(BIO_METHOD *biom))(BIO *, int, long, void *)
+{
+	return biom->ctrl;
+}
+
+int
+BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *))
+{
+	biom->ctrl = ctrl;
+	return 1;
+}
+
+int
+(*BIO_meth_get_create(BIO_METHOD *biom))(BIO *)
+{
+	return biom->create;
+}
+
+int
+BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *))
+{
+	biom->create = create;
+	return 1;
+}
+
+int
+(*BIO_meth_get_destroy(BIO_METHOD *biom))(BIO *)
+{
+	return biom->destroy;
+}
+
+int
+BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *))
+{
+	biom->destroy = destroy;
+	return 1;
+}
+
+long
+(*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))(BIO *, int, BIO_info_cb *)
+{
+	return
+	    (long (*)(BIO *, int, BIO_info_cb *))biom->callback_ctrl; /* XXX */
+}
+
+int
+BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+    long (*callback_ctrl)(BIO *, int, BIO_info_cb *))
+{
+	biom->callback_ctrl =
+	    (long (*)(BIO *, int, bio_info_cb *))callback_ctrl;	/* XXX */
+	return 1;
+}
--- a/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bn_const.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: bn_const.c,v 1.5 2018/02/20 17:02:30 jsing Exp $ */
 /* Insert boilerplate */

 #include <openssl/bn.h>
@ -27,6 +27,12 @@ get_rfc2409_prime_768(BIGNUM *bn)
 	return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
 }

+BIGNUM *
+BN_get_rfc2409_prime_768(BIGNUM *bn)
+{
+	return get_rfc2409_prime_768(bn);
+}
+
 /* "Second Oakley Default Group" from RFC2409, section 6.2.
 *
 * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
@ -54,6 +60,12 @@ get_rfc2409_prime_1024(BIGNUM *bn)
 	return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
 }

+BIGNUM *
+BN_get_rfc2409_prime_1024(BIGNUM *bn)
+{
+	return get_rfc2409_prime_1024(bn);
+}
+
 /* "1536-bit MODP Group" from RFC3526, Section 2.
 *
 * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
@ -86,6 +98,12 @@ get_rfc3526_prime_1536(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
 }

+BIGNUM *
+BN_get_rfc3526_prime_1536(BIGNUM *bn)
+{
+	return get_rfc3526_prime_1536(bn);
+}
+
 /* "2048-bit MODP Group" from RFC3526, Section 3.
 *
 * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
@ -123,6 +141,12 @@ get_rfc3526_prime_2048(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
 }

+BIGNUM *
+BN_get_rfc3526_prime_2048(BIGNUM *bn)
+{
+	return get_rfc3526_prime_2048(bn);
+}
+
 /* "3072-bit MODP Group" from RFC3526, Section 4.
 *
 * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
@ -170,6 +194,12 @@ get_rfc3526_prime_3072(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
 }

+BIGNUM *
+BN_get_rfc3526_prime_3072(BIGNUM *bn)
+{
+	return get_rfc3526_prime_3072(bn);
+}
+
 /* "4096-bit MODP Group" from RFC3526, Section 5.
 *
 * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
@ -228,6 +258,12 @@ get_rfc3526_prime_4096(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
 }

+BIGNUM *
+BN_get_rfc3526_prime_4096(BIGNUM *bn)
+{
+	return get_rfc3526_prime_4096(bn);
+}
+
 /* "6144-bit MODP Group" from RFC3526, Section 6.
 *
 * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
@ -307,6 +343,12 @@ get_rfc3526_prime_6144(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
 }

+BIGNUM *
+BN_get_rfc3526_prime_6144(BIGNUM *bn)
+{
+	return get_rfc3526_prime_6144(bn);
+}
+
 /* "8192-bit MODP Group" from RFC3526, Section 7.
 *
 * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
@ -407,3 +449,9 @@ get_rfc3526_prime_8192(BIGNUM *bn)
 	};
 	return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
 }
+
+BIGNUM *
+BN_get_rfc3526_prime_8192(BIGNUM *bn)
+{
+	return get_rfc3526_prime_8192(bn);
+}
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.38 2017/05/02 03:59:44 deraadt Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.39 2018/02/20 17:13:14 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -888,3 +888,28 @@ BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
 	}
 #undef BN_CONSTTIME_SWAP
 }
+
+BN_GENCB *
+BN_GENCB_new(void)
+{
+	BN_GENCB *cb;
+
+	if ((cb = calloc(1, sizeof(*cb))) == NULL)
+		return NULL;
+
+	return cb;
+}
+
+void
+BN_GENCB_free(BN_GENCB *cb)
+{
+	if (cb == NULL)
+		return;
+	free(cb);
+}
+
+void *
+BN_GENCB_get_arg(BN_GENCB *cb)
+{
+	return cb->arg;
+}
--- a/crypto/bn/gf2m-elf-x86_64.S
+++ b/crypto/bn/gf2m-elf-x86_64.S
@ -194,7 +194,7 @@ _mul_1x1:
 	xorq	%rdi,%rdx

 	addq	$128+8,%rsp
-	.byte	0xf3,0xc3
+	retq
 .Lend_mul_1x1:
 .size	_mul_1x1,.-_mul_1x1

@ -227,7 +227,7 @@ bn_GF2m_mul_2x2:
 	pxor	%xmm5,%xmm0
 	movdqu	%xmm2,0(%rdi)
 	movdqu	%xmm0,16(%rdi)
-	.byte	0xf3,0xc3
+	retq

 .align	16
 .Lvanilla_mul_2x2:
@ -286,7 +286,7 @@ bn_GF2m_mul_2x2:
 	movq	104(%rsp),%rbp
 	movq	112(%rsp),%rbx
 	leaq	136(%rsp),%rsp
-	.byte	0xf3,0xc3
+	retq
 .Lend_mul_2x2:
 .size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
 .byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
--- a/crypto/bn/gf2m-macosx-x86_64.S
+++ b/crypto/bn/gf2m-macosx-x86_64.S
@ -194,7 +194,7 @@ _mul_1x1:
 	xorq	%rdi,%rdx

 	addq	$128+8,%rsp
-	.byte	0xf3,0xc3
+	retq
 L$end_mul_1x1:


@ -227,7 +227,7 @@ _bn_GF2m_mul_2x2:
 	pxor	%xmm5,%xmm0
 	movdqu	%xmm2,0(%rdi)
 	movdqu	%xmm0,16(%rdi)
-	.byte	0xf3,0xc3
+	retq

 .p2align	4
 L$vanilla_mul_2x2:
@ -286,7 +286,7 @@ L$body_mul_2x2:
 	movq	104(%rsp),%rbp
 	movq	112(%rsp),%rbx
 	leaq	136(%rsp),%rsp
-	.byte	0xf3,0xc3
+	retq
 L$end_mul_2x2:

 .byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
--- a/crypto/bn/modexp512-elf-x86_64.S
+++ b/crypto/bn/modexp512-elf-x86_64.S
@ -129,7 +129,7 @@ MULADD_128x512:
 	addq	%rbx,%r8
 	adcq	$0,%rdx
 	movq	%rdx,%r9
-	.byte	0xf3,0xc3
+	retq
 .size	MULADD_128x512,.-MULADD_128x512
 .type	mont_reduce,@function
 .align	16
@ -572,7 +572,7 @@ mont_reduce:
 	movq	%r8,48(%rsi)
 	movq	%r9,56(%rsi)

-	.byte	0xf3,0xc3
+	retq
 .size	mont_reduce,.-mont_reduce
 .type	mont_mul_a3b,@function
 .align	16
@ -1770,7 +1770,7 @@ end_main_loop_a3b:
 	movq	40(%rsi),%rbp
 	leaq	48(%rsi),%rsp
 .Lepilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	mod_exp_512, . - mod_exp_512
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
--- a/crypto/bn/modexp512-macosx-x86_64.S
+++ b/crypto/bn/modexp512-macosx-x86_64.S
@ -129,7 +129,7 @@ MULADD_128x512:
 	addq	%rbx,%r8
 	adcq	$0,%rdx
 	movq	%rdx,%r9
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -572,7 +572,7 @@ mont_reduce:
 	movq	%r8,48(%rsi)
 	movq	%r9,56(%rsi)

-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -1770,5 +1770,5 @@ end_main_loop_a3b:
 	movq	40(%rsi),%rbp
 	leaq	48(%rsi),%rsp
 L$epilogue:
-	.byte	0xf3,0xc3
+	retq

--- a/crypto/bn/mont-elf-x86_64.S
+++ b/crypto/bn/mont-elf-x86_64.S
@ -206,7 +206,7 @@ bn_mul_mont:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lmul_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bn_mul_mont,.-bn_mul_mont
 .type	bn_mul4x_mont,@function
 .align	16
@ -604,7 +604,7 @@ bn_mul4x_mont:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lmul4x_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bn_mul4x_mont,.-bn_mul4x_mont
 .type	bn_sqr4x_mont,@function
 .align	16
@ -1369,7 +1369,7 @@ bn_sqr4x_mont:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lsqr4x_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bn_sqr4x_mont,.-bn_sqr4x_mont
 .byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	16
--- a/crypto/bn/mont-macosx-x86_64.S
+++ b/crypto/bn/mont-macosx-x86_64.S
@ -206,7 +206,7 @@ L$copy:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$mul_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -604,7 +604,7 @@ L$copy4x:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$mul4x_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -1369,7 +1369,7 @@ L$sqr4x_copy:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$sqr4x_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align	4
--- a/crypto/bn/mont5-elf-x86_64.S
+++ b/crypto/bn/mont5-elf-x86_64.S
@ -395,7 +395,7 @@ bn_mul_mont_gather5:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lmul_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
 .type	bn_mul4x_mont_gather5,@function
 .align	16
@ -984,7 +984,7 @@ bn_mul4x_mont_gather5:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lmul4x_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
 .globl	bn_scatter5
 .type	bn_scatter5,@function
@ -1001,7 +1001,7 @@ bn_scatter5:
 	subq	$1,%rsi
 	jnz	.Lscatter
 .Lscatter_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	bn_scatter5,.-bn_scatter5

 .globl	bn_gather5
@ -1164,7 +1164,7 @@ bn_gather5:
 	jnz	.Lgather

 	leaq	(%r10),%rsp
-	.byte	0xf3,0xc3
+	retq
 .LSEH_end_bn_gather5:
 .size	bn_gather5,.-bn_gather5
 .align	64
--- a/crypto/bn/mont5-macosx-x86_64.S
+++ b/crypto/bn/mont5-macosx-x86_64.S
@ -395,7 +395,7 @@ L$copy:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$mul_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -984,7 +984,7 @@ L$copy4x:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$mul4x_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_bn_scatter5

@ -1001,7 +1001,7 @@ L$scatter:
 	subq	$1,%rsi
 	jnz	L$scatter
 L$scatter_epilogue:
-	.byte	0xf3,0xc3
+	retq


 .globl	_bn_gather5
@ -1164,7 +1164,7 @@ L$gather:
 	jnz	L$gather

 	leaq	(%r10),%rsp
-	.byte	0xf3,0xc3
+	retq
 L$SEH_end_bn_gather5:

 .p2align	6
--- a/crypto/camellia/cmll-elf-x86_64.S
+++ b/crypto/camellia/cmll-elf-x86_64.S
@ -60,7 +60,7 @@ Camellia_EncryptBlock_Rounds:
 	movq	32(%rsp),%rbx
 	leaq	40(%rsp),%rsp
 .Lenc_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds

 .type	_x86_64_Camellia_encrypt,@function
@ -267,7 +267,7 @@ _x86_64_Camellia_encrypt:
 	movl	%ecx,%r10d
 	movl	%edx,%r11d

-.byte	0xf3,0xc3		
+	retq
 .size	_x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt


@ -329,7 +329,7 @@ Camellia_DecryptBlock_Rounds:
 	movq	32(%rsp),%rbx
 	leaq	40(%rsp),%rsp
 .Ldec_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds

 .type	_x86_64_Camellia_decrypt,@function
@ -537,7 +537,7 @@ _x86_64_Camellia_decrypt:
 	movl	%eax,%r10d
 	movl	%ebx,%r11d

-.byte	0xf3,0xc3		
+	retq
 .size	_x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
 .globl	Camellia_Ekeygen
 .type	Camellia_Ekeygen,@function
@ -1081,7 +1081,7 @@ Camellia_Ekeygen:
 	movq	32(%rsp),%rbx
 	leaq	40(%rsp),%rsp
 .Lkey_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	Camellia_Ekeygen,.-Camellia_Ekeygen
 .align	64
 .LCamellia_SIGMA:
@ -1833,7 +1833,7 @@ Camellia_cbc_encrypt:
 	movq	40(%rcx),%rbx
 	leaq	48(%rcx),%rsp
 .Lcbc_abort:
-	.byte	0xf3,0xc3
+	retq
 .size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt

 .byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
--- a/crypto/camellia/cmll-macosx-x86_64.S
+++ b/crypto/camellia/cmll-macosx-x86_64.S
@ -60,7 +60,7 @@ L$enc_prologue:
 	movq	32(%rsp),%rbx
 	leaq	40(%rsp),%rsp
 L$enc_epilogue:
-	.byte	0xf3,0xc3
+	retq



@ -267,7 +267,7 @@ L$edone:
 	movl	%ecx,%r10d
 	movl	%edx,%r11d

-.byte	0xf3,0xc3		
+	retq



@ -329,7 +329,7 @@ L$dec_prologue:
 	movq	32(%rsp),%rbx
 	leaq	40(%rsp),%rsp
 L$dec_epilogue:
-	.byte	0xf3,0xc3
+	retq



@ -537,7 +537,7 @@ L$ddone:
 	movl	%eax,%r10d
 	movl	%ebx,%r11d

-.byte	0xf3,0xc3		
+	retq

 .globl	_Camellia_Ekeygen

@ -1081,7 +1081,7 @@ L$done:
 	movq	32(%rsp),%rbx
 	leaq	40(%rsp),%rsp
 L$key_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .p2align	6
 L$Camellia_SIGMA:
@ -1833,7 +1833,7 @@ L$cbc_done:
 	movq	40(%rcx),%rbx
 	leaq	48(%rcx),%rsp
 L$cbc_abort:
-	.byte	0xf3,0xc3
+	retq


 .byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: c_zlib.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: c_zlib.c,v 1.20 2018/03/17 16:20:01 beck Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -191,6 +191,8 @@ COMP_zlib(void)
 			if (zlib_stateful_ex_idx == -1)
 				goto err;
 		}
+		if (!OPENSSL_init_crypto(0, NULL))
+			goto err;

 		meth = &zlib_stateful_method;
 	}
--- a/crypto/compat/getentropy_linux.c
+++ b/crypto/compat/getentropy_linux.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_linux.c,v 1.44 2017/04/29 18:43:31 beck Exp $	*/
+/*	$OpenBSD: getentropy_linux.c,v 1.45 2018/03/13 22:53:28 bcook Exp $	*/

 /*
 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -74,7 +74,7 @@
 int	getentropy(void *buf, size_t len);

 static int gotdata(char *buf, size_t len);
-#ifdef SYS_getrandom
+#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
 static int getentropy_getrandom(void *buf, size_t len);
 #endif
 static int getentropy_urandom(void *buf, size_t len);
@ -94,7 +94,7 @@ getentropy(void *buf, size_t len)
 		return (-1);
 	}

-#ifdef SYS_getrandom
+#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
 	/*
 	 * Try descriptor-less getrandom(), in non-blocking mode.
 	 *
@ -193,7 +193,7 @@ gotdata(char *buf, size_t len)
 	return (0);
 }

-#ifdef SYS_getrandom
+#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
 static int
 getentropy_getrandom(void *buf, size_t len)
 {
--- a/crypto/compat/inet_pton.c
+++ b/crypto/compat/inet_pton.c
@ -1,212 +0,0 @@
-/*	$OpenBSD: inet_pton.c,v 1.10 2015/09/13 21:36:08 guenther Exp $	*/
-
-/* Copyright (c) 1996 by Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <arpa/nameser.h>
-#include <string.h>
-#include <errno.h>
-
-/*
- * WARNING: Don't even consider trying to compile this on a system where
- * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
- */
-
-static int	inet_pton4(const char *src, u_char *dst);
-static int	inet_pton6(const char *src, u_char *dst);
-
-/* int
- * inet_pton(af, src, dst)
- *	convert from presentation format (which usually means ASCII printable)
- *	to network format (which is usually some kind of binary format).
- * return:
- *	1 if the address was valid for the specified address family
- *	0 if the address wasn't valid (`dst' is untouched in this case)
- *	-1 if some other error occurred (`dst' is untouched in this case, too)
- * author:
- *	Paul Vixie, 1996.
- */
-int
-inet_pton(int af, const char *src, void *dst)
-{
-	switch (af) {
-	case AF_INET:
-		return (inet_pton4(src, dst));
-	case AF_INET6:
-		return (inet_pton6(src, dst));
-	default:
-		errno = EAFNOSUPPORT;
-		return (-1);
-	}
-	/* NOTREACHED */
-}
-
-/* int
- * inet_pton4(src, dst)
- *	like inet_aton() but without all the hexadecimal and shorthand.
- * return:
- *	1 if `src' is a valid dotted quad, else 0.
- * notice:
- *	does not touch `dst' unless it's returning 1.
- * author:
- *	Paul Vixie, 1996.
- */
-static int
-inet_pton4(const char *src, u_char *dst)
-{
-	static const char digits[] = "0123456789";
-	int saw_digit, octets, ch;
-	u_char tmp[INADDRSZ], *tp;
-
-	saw_digit = 0;
-	octets = 0;
-	*(tp = tmp) = 0;
-	while ((ch = *src++) != '\0') {
-		const char *pch;
-
-		if ((pch = strchr(digits, ch)) != NULL) {
-			u_int new = *tp * 10 + (pch - digits);
-
-			if (new > 255)
-				return (0);
-			if (! saw_digit) {
-				if (++octets > 4)
-					return (0);
-				saw_digit = 1;
-			}
-			*tp = new;
-		} else if (ch == '.' && saw_digit) {
-			if (octets == 4)
-				return (0);
-			*++tp = 0;
-			saw_digit = 0;
-		} else
-			return (0);
-	}
-	if (octets < 4)
-		return (0);
-
-	memcpy(dst, tmp, INADDRSZ);
-	return (1);
-}
-
-/* int
- * inet_pton6(src, dst)
- *	convert presentation level address to network order binary form.
- * return:
- *	1 if `src' is a valid [RFC1884 2.2] address, else 0.
- * notice:
- *	does not touch `dst' unless it's returning 1.
- * credit:
- *	inspired by Mark Andrews.
- * author:
- *	Paul Vixie, 1996.
- */
-static int
-inet_pton6(const char *src, u_char *dst)
-{
-	static const char xdigits_l[] = "0123456789abcdef",
-			  xdigits_u[] = "0123456789ABCDEF";
-	u_char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
-	const char *xdigits, *curtok;
-	int ch, saw_xdigit, count_xdigit;
-	u_int val;
-
-	memset((tp = tmp), '\0', IN6ADDRSZ);
-	endp = tp + IN6ADDRSZ;
-	colonp = NULL;
-	/* Leading :: requires some special handling. */
-	if (*src == ':')
-		if (*++src != ':')
-			return (0);
-	curtok = src;
-	saw_xdigit = count_xdigit = 0;
-	val = 0;
-	while ((ch = *src++) != '\0') {
-		const char *pch;
-
-		if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
-			pch = strchr((xdigits = xdigits_u), ch);
-		if (pch != NULL) {
-			if (count_xdigit >= 4)
-				return (0);
-			val <<= 4;
-			val |= (pch - xdigits);
-			if (val > 0xffff)
-				return (0);
-			saw_xdigit = 1;
-			count_xdigit++;
-			continue;
-		}
-		if (ch == ':') {
-			curtok = src;
-			if (!saw_xdigit) {
-				if (colonp)
-					return (0);
-				colonp = tp;
-				continue;
-			} else if (*src == '\0') {
-				return (0);
-			}
-			if (tp + INT16SZ > endp)
-				return (0);
-			*tp++ = (u_char) (val >> 8) & 0xff;
-			*tp++ = (u_char) val & 0xff;
-			saw_xdigit = 0;
-			count_xdigit = 0;
-			val = 0;
-			continue;
-		}
-		if (ch == '.' && ((tp + INADDRSZ) <= endp) &&
-		    inet_pton4(curtok, tp) > 0) {
-			tp += INADDRSZ;
-			saw_xdigit = 0;
-			count_xdigit = 0;
-			break;	/* '\0' was seen by inet_pton4(). */
-		}
-		return (0);
-	}
-	if (saw_xdigit) {
-		if (tp + INT16SZ > endp)
-			return (0);
-		*tp++ = (u_char) (val >> 8) & 0xff;
-		*tp++ = (u_char) val & 0xff;
-	}
-	if (colonp != NULL) {
-		/*
-		 * Since some memmove()'s erroneously fail to handle
-		 * overlapping regions, we'll do the shift by hand.
-		 */
-		const int n = tp - colonp;
-		int i;
-
-		if (tp == endp)
-			return (0);
-		for (i = 1; i <= n; i++) {
-			endp[- i] = colonp[n - i];
-			colonp[n - i] = 0;
-		}
-		tp = endp;
-	}
-	if (tp != endp)
-		return (0);
-	memcpy(dst, tmp, IN6ADDRSZ);
-	return (1);
-}
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@ -1,4 +1,4 @@
-/* $OpenBSD: conf_sap.c,v 1.11 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: conf_sap.c,v 1.14 2018/03/19 03:56:08 beck Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@ -56,6 +56,7 @@
 *
 */

+#include <pthread.h>
 #include <stdio.h>

 #include <openssl/opensslconf.h>
@ -75,14 +76,13 @@
 * unless this is overridden by calling OPENSSL_no_config()
 */

-static int openssl_configured = 0;
+static pthread_once_t openssl_configured = PTHREAD_ONCE_INIT;

-void
-OPENSSL_config(const char *config_name)
+static const char *openssl_config_name;
+
+static void
+OPENSSL_config_internal(void)
 {
-	if (openssl_configured)
-		return;
-
 	OPENSSL_load_builtin_modules();
 #ifndef OPENSSL_NO_ENGINE
 	/* Need to load ENGINEs */
@ -91,7 +91,7 @@ OPENSSL_config(const char *config_name)
 	/* Add others here? */

 	ERR_clear_error();
-	if (CONF_modules_load_file(NULL, config_name,
+	if (CONF_modules_load_file(NULL, openssl_config_name,
 	    CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
 		BIO *bio_err;
 		ERR_load_crypto_strings();
@ -106,8 +106,49 @@ OPENSSL_config(const char *config_name)
 	return;
 }

+int
+OpenSSL_config(const char *config_name)
+{
+	/* Don't override if NULL */
+	/*
+	 * Note - multiple threads calling this with *different* config names
+	 * is probably not advisable.  One thread will win, but you don't know
+	 * if it will be the same thread as wins the pthread_once.
+	 */
+	if (config_name != NULL)
+		openssl_config_name = config_name;
+
+	if (OPENSSL_init_crypto(0, NULL) == 0)
+		return 0;
+
+	if (pthread_once(&openssl_configured, OPENSSL_config_internal) != 0)
+		return 0;
+
+	return 1;
+}
+
+void
+OPENSSL_config(const char *config_name)
+{
+	(void) OpenSSL_config(config_name);
+}
+
+static void
+OPENSSL_no_config_internal(void)
+{
+}
+
+int
+OpenSSL_no_config(void)
+{
+	if (pthread_once(&openssl_configured, OPENSSL_no_config_internal) != 0)
+		return 0;
+
+	return 1;
+}
+
 void
 OPENSSL_no_config(void)
 {
-	openssl_configured = 1;
+	(void) OpenSSL_no_config();
 }
--- a/crypto/cpuid-elf-x86_64.S
+++ b/crypto/cpuid-elf-x86_64.S
@ -20,7 +20,7 @@ OPENSSL_atomic_add:
 	jne	.Lspin
 	movl	%r8d,%eax
 .byte	0x48,0x98	
-	.byte	0xf3,0xc3
+	retq
 .size	OPENSSL_atomic_add,.-OPENSSL_atomic_add

 .globl	OPENSSL_ia32_cpuid
@ -145,7 +145,7 @@ OPENSSL_ia32_cpuid:
 	movl	%r10d,%eax
 	movq	%r8,%rbx
 	orq	%r9,%rax
-	.byte	0xf3,0xc3
+	retq
 .size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
 .globl	OPENSSL_wipe_cpu
 .type	OPENSSL_wipe_cpu,@function
@ -176,7 +176,7 @@ OPENSSL_wipe_cpu:
 	xorq	%r10,%r10
 	xorq	%r11,%r11
 	leaq	8(%rsp),%rax
-	.byte	0xf3,0xc3
+	retq
 .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
--- a/crypto/cpuid-macosx-x86_64.S
+++ b/crypto/cpuid-macosx-x86_64.S
@ -21,7 +21,7 @@ L$spin:	leaq	(%rsi,%rax,1),%r8
 	jne	L$spin
 	movl	%r8d,%eax
 .byte	0x48,0x98	
-	.byte	0xf3,0xc3
+	retq


 .globl	_OPENSSL_ia32_cpuid
@ -146,7 +146,7 @@ L$done:
 	movl	%r10d,%eax
 	movq	%r8,%rbx
 	orq	%r9,%rax
-	.byte	0xf3,0xc3
+	retq

 .globl	_OPENSSL_wipe_cpu

@ -177,5 +177,5 @@ _OPENSSL_wipe_cpu:
 	xorq	%r10,%r10
 	xorq	%r11,%r11
 	leaq	8(%rsp),%rax
-	.byte	0xf3,0xc3
+	retq

--- a/crypto/crypto.sym
+++ b/crypto/crypto.sym
@ -104,6 +104,7 @@ ASN1_STRING_copy
 ASN1_STRING_data
 ASN1_STRING_dup
 ASN1_STRING_free
+ASN1_STRING_get0_data
 ASN1_STRING_get_default_mask
 ASN1_STRING_length
 ASN1_STRING_length_set
@ -275,16 +276,37 @@ BIO_free_all
 BIO_get_accept_socket
 BIO_get_callback
 BIO_get_callback_arg
+BIO_get_data
 BIO_get_ex_data
 BIO_get_ex_new_index
 BIO_get_host_ip
+BIO_get_new_index
 BIO_get_port
 BIO_get_retry_BIO
 BIO_get_retry_reason
+BIO_get_shutdown
 BIO_gethostbyname
 BIO_gets
 BIO_indent
 BIO_int_ctrl
+BIO_meth_free
+BIO_meth_get_callback_ctrl
+BIO_meth_get_create
+BIO_meth_get_ctrl
+BIO_meth_get_destroy
+BIO_meth_get_gets
+BIO_meth_get_puts
+BIO_meth_get_read
+BIO_meth_get_write
+BIO_meth_new
+BIO_meth_set_callback_ctrl
+BIO_meth_set_create
+BIO_meth_set_ctrl
+BIO_meth_set_destroy
+BIO_meth_set_gets
+BIO_meth_set_puts
+BIO_meth_set_read
+BIO_meth_set_write
 BIO_method_name
 BIO_method_type
 BIO_new
@ -326,8 +348,11 @@ BIO_set
 BIO_set_callback
 BIO_set_callback_arg
 BIO_set_cipher
+BIO_set_data
 BIO_set_ex_data
 BIO_set_flags
+BIO_set_init
+BIO_set_shutdown
 BIO_set_tcp_ndelay
 BIO_snprintf
 BIO_sock_cleanup
@ -338,6 +363,7 @@ BIO_sock_should_retry
 BIO_socket_ioctl
 BIO_socket_nbio
 BIO_test_flags
+BIO_up_ref
 BIO_vfree
 BIO_vprintf
 BIO_vsnprintf
@ -362,6 +388,9 @@ BN_CTX_init
 BN_CTX_new
 BN_CTX_start
 BN_GENCB_call
+BN_GENCB_free
+BN_GENCB_get_arg
+BN_GENCB_new
 BN_GF2m_add
 BN_GF2m_arr2poly
 BN_GF2m_mod
@ -425,6 +454,14 @@ BN_get0_nist_prime_256
 BN_get0_nist_prime_384
 BN_get0_nist_prime_521
 BN_get_params
+BN_get_rfc2409_prime_1024
+BN_get_rfc2409_prime_768
+BN_get_rfc3526_prime_1536
+BN_get_rfc3526_prime_2048
+BN_get_rfc3526_prime_3072
+BN_get_rfc3526_prime_4096
+BN_get_rfc3526_prime_6144
+BN_get_rfc3526_prime_8192
 BN_get_word
 BN_hex2bn
 BN_init
@ -728,22 +765,32 @@ DES_string_to_2keys
 DES_string_to_key
 DES_xcbc_encrypt
 DH_OpenSSL
+DH_bits
 DH_check
 DH_check_pub_key
+DH_clear_flags
 DH_compute_key
 DH_free
 DH_generate_key
 DH_generate_parameters
 DH_generate_parameters_ex
+DH_get0_engine
+DH_get0_key
+DH_get0_pqg
 DH_get_default_method
 DH_get_ex_data
 DH_get_ex_new_index
 DH_new
 DH_new_method
+DH_set0_key
+DH_set0_pqg
 DH_set_default_method
 DH_set_ex_data
+DH_set_flags
+DH_set_length
 DH_set_method
 DH_size
+DH_test_flags
 DH_up_ref
 DHparams_dup
 DHparams_it
@ -766,8 +813,11 @@ DSAPrivateKey_it
 DSAPublicKey_it
 DSA_OpenSSL
 DSA_SIG_free
+DSA_SIG_get0
 DSA_SIG_it
 DSA_SIG_new
+DSA_SIG_set0
+DSA_clear_flags
 DSA_do_sign
 DSA_do_verify
 DSA_dup_DH
@ -775,19 +825,31 @@ DSA_free
 DSA_generate_key
 DSA_generate_parameters
 DSA_generate_parameters_ex
+DSA_get0_engine
+DSA_get0_key
+DSA_get0_pqg
 DSA_get_default_method
 DSA_get_ex_data
 DSA_get_ex_new_index
+DSA_meth_dup
+DSA_meth_free
+DSA_meth_new
+DSA_meth_set_finish
+DSA_meth_set_sign
 DSA_new
 DSA_new_method
 DSA_print
 DSA_print_fp
+DSA_set0_key
+DSA_set0_pqg
 DSA_set_default_method
 DSA_set_ex_data
+DSA_set_flags
 DSA_set_method
 DSA_sign
 DSA_sign_setup
 DSA_size
+DSA_test_flags
 DSA_up_ref
 DSA_verify
 DSAparams_dup
@ -829,8 +891,10 @@ ECDH_set_method
 ECDH_size
 ECDSA_OpenSSL
 ECDSA_SIG_free
+ECDSA_SIG_get0
 ECDSA_SIG_it
 ECDSA_SIG_new
+ECDSA_SIG_set0
 ECDSA_do_sign
 ECDSA_do_sign_ex
 ECDSA_do_verify
@ -1203,6 +1267,7 @@ EVP_CIPHER_CTX_key_length
 EVP_CIPHER_CTX_new
 EVP_CIPHER_CTX_nid
 EVP_CIPHER_CTX_rand_key
+EVP_CIPHER_CTX_reset
 EVP_CIPHER_CTX_set_app_data
 EVP_CIPHER_CTX_set_flags
 EVP_CIPHER_CTX_set_key_length
@ -1261,8 +1326,11 @@ EVP_MD_CTX_copy_ex
 EVP_MD_CTX_create
 EVP_MD_CTX_ctrl
 EVP_MD_CTX_destroy
+EVP_MD_CTX_free
 EVP_MD_CTX_init
 EVP_MD_CTX_md
+EVP_MD_CTX_new
+EVP_MD_CTX_reset
 EVP_MD_CTX_set_flags
 EVP_MD_CTX_test_flags
 EVP_MD_block_size
@ -1336,6 +1404,10 @@ EVP_PKEY_encrypt_init
 EVP_PKEY_encrypt_old
 EVP_PKEY_free
 EVP_PKEY_get0
+EVP_PKEY_get0_DH
+EVP_PKEY_get0_DSA
+EVP_PKEY_get0_EC_KEY
+EVP_PKEY_get0_RSA
 EVP_PKEY_get0_asn1
 EVP_PKEY_get1_DH
 EVP_PKEY_get1_DSA
@ -1388,6 +1460,7 @@ EVP_PKEY_sign
 EVP_PKEY_sign_init
 EVP_PKEY_size
 EVP_PKEY_type
+EVP_PKEY_up_ref
 EVP_PKEY_verify
 EVP_PKEY_verify_init
 EVP_PKEY_verify_recover
@ -1587,7 +1660,11 @@ HKDF_extract
 HMAC
 HMAC_CTX_cleanup
 HMAC_CTX_copy
+HMAC_CTX_free
+HMAC_CTX_get_md
 HMAC_CTX_init
+HMAC_CTX_new
+HMAC_CTX_reset
 HMAC_CTX_set_flags
 HMAC_Final
 HMAC_Init
@ -1761,6 +1838,7 @@ OCSP_SINGLERESP_add1_ext_i2d
 OCSP_SINGLERESP_add_ext
 OCSP_SINGLERESP_delete_ext
 OCSP_SINGLERESP_free
+OCSP_SINGLERESP_get0_id
 OCSP_SINGLERESP_get1_ext_d2i
 OCSP_SINGLERESP_get_ext
 OCSP_SINGLERESP_get_ext_by_NID
@ -1819,6 +1897,7 @@ OPENSSL_config
 OPENSSL_cpu_caps
 OPENSSL_cpuid_setup
 OPENSSL_init
+OPENSSL_init_crypto
 OPENSSL_load_builtin_modules
 OPENSSL_no_config
 OPENSSL_strcasecmp
@ -1831,6 +1910,8 @@ OTHERNAME_new
 OpenSSLDie
 OpenSSL_add_all_ciphers
 OpenSSL_add_all_digests
+OpenSSL_version
+OpenSSL_version_num
 PBE2PARAM_free
 PBE2PARAM_it
 PBE2PARAM_new
@ -2173,17 +2254,28 @@ RSA_PSS_PARAMS_free
 RSA_PSS_PARAMS_it
 RSA_PSS_PARAMS_new
 RSA_X931_hash_id
+RSA_bits
 RSA_blinding_off
 RSA_blinding_on
 RSA_check_key
+RSA_clear_flags
 RSA_flags
 RSA_free
 RSA_generate_key
 RSA_generate_key_ex
+RSA_get0_crt_params
+RSA_get0_factors
+RSA_get0_key
 RSA_get_default_method
 RSA_get_ex_data
 RSA_get_ex_new_index
 RSA_get_method
+RSA_meth_dup
+RSA_meth_free
+RSA_meth_new
+RSA_meth_set_finish
+RSA_meth_set_priv_dec
+RSA_meth_set_priv_enc
 RSA_new
 RSA_new_method
 RSA_padding_add_PKCS1_OAEP
@ -2204,13 +2296,18 @@ RSA_private_decrypt
 RSA_private_encrypt
 RSA_public_decrypt
 RSA_public_encrypt
+RSA_set0_crt_params
+RSA_set0_factors
+RSA_set0_key
 RSA_set_default_method
 RSA_set_ex_data
+RSA_set_flags
 RSA_set_method
 RSA_setup_blinding
 RSA_sign
 RSA_sign_ASN1_OCTET_STRING
 RSA_size
+RSA_test_flags
 RSA_up_ref
 RSA_verify
 RSA_verify_ASN1_OCTET_STRING
@ -2569,6 +2666,10 @@ X509_CRL_dup
 X509_CRL_free
 X509_CRL_get0_by_cert
 X509_CRL_get0_by_serial
+X509_CRL_get0_extensions
+X509_CRL_get0_lastUpdate
+X509_CRL_get0_nextUpdate
+X509_CRL_get0_signature
 X509_CRL_get_ext
 X509_CRL_get_ext_by_NID
 X509_CRL_get_ext_by_OBJ
@ -2576,11 +2677,14 @@ X509_CRL_get_ext_by_critical
 X509_CRL_get_ext_count
 X509_CRL_get_ext_d2i
 X509_CRL_get_meth_data
+X509_CRL_get_signature_nid
 X509_CRL_it
 X509_CRL_match
 X509_CRL_new
 X509_CRL_print
 X509_CRL_print_fp
+X509_CRL_set1_lastUpdate
+X509_CRL_set1_nextUpdate
 X509_CRL_set_default_method
 X509_CRL_set_issuer_name
 X509_CRL_set_lastUpdate
@ -2590,6 +2694,7 @@ X509_CRL_set_version
 X509_CRL_sign
 X509_CRL_sign_ctx
 X509_CRL_sort
+X509_CRL_up_ref
 X509_CRL_verify
 X509_EXTENSIONS_it
 X509_EXTENSION_create_by_NID
@ -2628,6 +2733,7 @@ X509_NAME_ENTRY_get_data
 X509_NAME_ENTRY_get_object
 X509_NAME_ENTRY_it
 X509_NAME_ENTRY_new
+X509_NAME_ENTRY_set
 X509_NAME_ENTRY_set_data
 X509_NAME_ENTRY_set_object
 X509_NAME_INTERNAL_it
@ -2641,6 +2747,7 @@ X509_NAME_digest
 X509_NAME_dup
 X509_NAME_entry_count
 X509_NAME_free
+X509_NAME_get0_der
 X509_NAME_get_entry
 X509_NAME_get_index_by_NID
 X509_NAME_get_index_by_OBJ
@ -2656,6 +2763,9 @@ X509_NAME_print_ex
 X509_NAME_print_ex_fp
 X509_NAME_set
 X509_OBJECT_free_contents
+X509_OBJECT_get0_X509
+X509_OBJECT_get0_X509_CRL
+X509_OBJECT_get_type
 X509_OBJECT_idx_by_subject
 X509_OBJECT_retrieve_by_subject
 X509_OBJECT_retrieve_match
@ -2665,6 +2775,7 @@ X509_PKEY_new
 X509_POLICY_NODE_print
 X509_PUBKEY_free
 X509_PUBKEY_get
+X509_PUBKEY_get0
 X509_PUBKEY_get0_param
 X509_PUBKEY_it
 X509_PUBKEY_new
@ -2696,6 +2807,7 @@ X509_REQ_digest
 X509_REQ_dup
 X509_REQ_extension_nid
 X509_REQ_free
+X509_REQ_get0_signature
 X509_REQ_get1_email
 X509_REQ_get_attr
 X509_REQ_get_attr_by_NID
@ -2704,6 +2816,7 @@ X509_REQ_get_attr_count
 X509_REQ_get_extension_nids
 X509_REQ_get_extensions
 X509_REQ_get_pubkey
+X509_REQ_get_signature_nid
 X509_REQ_it
 X509_REQ_new
 X509_REQ_print
@ -2720,7 +2833,11 @@ X509_REQ_verify
 X509_REVOKED_add1_ext_i2d
 X509_REVOKED_add_ext
 X509_REVOKED_delete_ext
+X509_REVOKED_dup
 X509_REVOKED_free
+X509_REVOKED_get0_extensions
+X509_REVOKED_get0_revocationDate
+X509_REVOKED_get0_serialNumber
 X509_REVOKED_get_ext
 X509_REVOKED_get_ext_by_NID
 X509_REVOKED_get_ext_by_OBJ
@ -2736,11 +2853,15 @@ X509_SIG_it
 X509_SIG_new
 X509_STORE_CTX_cleanup
 X509_STORE_CTX_free
+X509_STORE_CTX_get0_cert
+X509_STORE_CTX_get0_chain
 X509_STORE_CTX_get0_current_crl
 X509_STORE_CTX_get0_current_issuer
 X509_STORE_CTX_get0_param
 X509_STORE_CTX_get0_parent_ctx
 X509_STORE_CTX_get0_policy_tree
+X509_STORE_CTX_get0_store
+X509_STORE_CTX_get0_untrusted
 X509_STORE_CTX_get1_chain
 X509_STORE_CTX_get1_issuer
 X509_STORE_CTX_get_chain
@ -2755,6 +2876,8 @@ X509_STORE_CTX_new
 X509_STORE_CTX_purpose_inherit
 X509_STORE_CTX_set0_crls
 X509_STORE_CTX_set0_param
+X509_STORE_CTX_set0_trusted_stack
+X509_STORE_CTX_set0_untrusted
 X509_STORE_CTX_set_cert
 X509_STORE_CTX_set_chain
 X509_STORE_CTX_set_default
@ -2771,19 +2894,24 @@ X509_STORE_add_cert
 X509_STORE_add_crl
 X509_STORE_add_lookup
 X509_STORE_free
+X509_STORE_get0_objects
+X509_STORE_get0_param
 X509_STORE_get1_certs
 X509_STORE_get1_crls
 X509_STORE_get_by_subject
+X509_STORE_get_ex_data
 X509_STORE_load_locations
 X509_STORE_load_mem
 X509_STORE_new
 X509_STORE_set1_param
 X509_STORE_set_default_paths
 X509_STORE_set_depth
+X509_STORE_set_ex_data
 X509_STORE_set_flags
 X509_STORE_set_purpose
 X509_STORE_set_trust
 X509_STORE_set_verify_cb
+X509_STORE_up_ref
 X509_TRUST_add
 X509_TRUST_cleanup
 X509_TRUST_get0
@ -2799,18 +2927,28 @@ X509_VAL_it
 X509_VAL_new
 X509_VERIFY_PARAM_add0_policy
 X509_VERIFY_PARAM_add0_table
+X509_VERIFY_PARAM_add1_host
 X509_VERIFY_PARAM_clear_flags
 X509_VERIFY_PARAM_free
+X509_VERIFY_PARAM_get0
+X509_VERIFY_PARAM_get0_name
+X509_VERIFY_PARAM_get0_peername
+X509_VERIFY_PARAM_get_count
 X509_VERIFY_PARAM_get_depth
 X509_VERIFY_PARAM_get_flags
 X509_VERIFY_PARAM_inherit
 X509_VERIFY_PARAM_lookup
 X509_VERIFY_PARAM_new
 X509_VERIFY_PARAM_set1
+X509_VERIFY_PARAM_set1_email
+X509_VERIFY_PARAM_set1_host
+X509_VERIFY_PARAM_set1_ip
+X509_VERIFY_PARAM_set1_ip_asc
 X509_VERIFY_PARAM_set1_name
 X509_VERIFY_PARAM_set1_policies
 X509_VERIFY_PARAM_set_depth
 X509_VERIFY_PARAM_set_flags
+X509_VERIFY_PARAM_set_hostflags
 X509_VERIFY_PARAM_set_purpose
 X509_VERIFY_PARAM_set_time
 X509_VERIFY_PARAM_set_trust
@ -2822,6 +2960,7 @@ X509_add_ext
 X509_alias_get0
 X509_alias_set1
 X509_certificate_type
+X509_chain_up_ref
 X509_check_akid
 X509_check_ca
 X509_check_email
@ -2842,7 +2981,13 @@ X509_email_free
 X509_find_by_issuer_and_serial
 X509_find_by_subject
 X509_free
+X509_get0_extensions
+X509_get0_notAfter
+X509_get0_notBefore
+X509_get0_pubkey
 X509_get0_pubkey_bitstr
+X509_get0_signature
+X509_get0_tbs_sigalg
 X509_get1_email
 X509_get1_ocsp
 X509_get_default_cert_area
@ -2863,7 +3008,10 @@ X509_get_issuer_name
 X509_get_pubkey
 X509_get_pubkey_parameters
 X509_get_serialNumber
+X509_get_signature_nid
 X509_get_subject_name
+X509_getm_notAfter
+X509_getm_notBefore
 X509_gmtime_adj
 X509_issuer_and_serial_cmp
 X509_issuer_and_serial_hash
@ -2895,6 +3043,8 @@ X509_print_ex_fp
 X509_print_fp
 X509_pubkey_digest
 X509_reject_clear
+X509_set1_notAfter
+X509_set1_notBefore
 X509_set_ex_data
 X509_set_issuer_name
 X509_set_notAfter
--- a/crypto/crypto_init.c
+++ b/crypto/crypto_init.c
@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* OpenSSL style init */
+
+#include <pthread.h>
+#include <stdio.h>
+
+#include <openssl/objects.h>
+#include <openssl/conf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "cryptlib.h"
+
+int OpenSSL_config(const char *);
+int OpenSSL_no_config(void);
+
+static pthread_t crypto_init_thread;
+
+static void
+OPENSSL_init_crypto_internal(void)
+{
+	crypto_init_thread = pthread_self();
+	OPENSSL_cpuid_setup();
+	ERR_load_crypto_strings();
+	OpenSSL_add_all_ciphers();
+	OpenSSL_add_all_digests();
+}
+
+int
+OPENSSL_init_crypto(uint64_t opts, const void *settings)
+{
+	static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+	if (pthread_equal(pthread_self(), crypto_init_thread))
+		return 1; /* don't recurse */
+
+	if (pthread_once(&once, OPENSSL_init_crypto_internal) != 0)
+		return 0;
+
+	if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) &&
+	    (OpenSSL_no_config() == 0))
+		return 0;
+
+	if ((opts & OPENSSL_INIT_LOAD_CONFIG) &&
+	    (OpenSSL_config(NULL) == 0))
+		return 0;
+
+	return 1;
+}
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@ -1,4 +1,4 @@
-/* $OpenBSD: cversion.c,v 1.15 2014/07/11 11:42:28 jsing Exp $ */
+/* $OpenBSD: cversion.c,v 1.17 2018/02/17 06:56:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -84,3 +84,29 @@ SSLeay(void)
 {
 	return (SSLEAY_VERSION_NUMBER);
 }
+
+const char *
+OpenSSL_version(int t)
+{
+	switch (t) {
+	case OPENSSL_VERSION:
+		return OPENSSL_VERSION_TEXT;
+	case OPENSSL_BUILT_ON:
+		return("built on: date not available");
+	case OPENSSL_CFLAGS:
+		return("compiler: information not available");
+	case OPENSSL_PLATFORM:
+		return("platform: information not available");
+	case OPENSSL_DIR:
+		return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+	case OPENSSL_ENGINES_DIR:
+		return "ENGINESDIR: N/A";
+	}
+	return("not available");
+}
+
+unsigned long
+OpenSSL_version_num(void)
+{
+	return SSLeay();
+}
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: dh_lib.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: dh_lib.c,v 1.30 2018/02/22 16:41:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -56,6 +56,7 @@
 * [including the GNU Public Licence.]
 */

+#include <limits.h>
 #include <stdio.h>

 #include <openssl/opensslconf.h>
@ -239,3 +240,104 @@ DH_size(const DH *dh)
 {
 	return BN_num_bytes(dh->p);
 }
+
+int
+DH_bits(const DH *dh)
+{
+	return BN_num_bits(dh->p);
+}
+
+ENGINE *
+DH_get0_engine(DH *dh)
+{
+	return dh->engine;
+}
+
+void
+DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+	if (p != NULL)
+		*p = dh->p;
+	if (q != NULL)
+		*q = dh->q;
+	if (g != NULL)
+		*g = dh->g;
+}
+
+int
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(dh->p);
+		dh->p = p;
+	}
+	if (q != NULL) {
+		BN_free(dh->q);
+		dh->q = q;
+	}
+	if (g != NULL) {
+		BN_free(dh->g);
+		dh->g = g;
+	}
+
+	return 1;
+}
+
+void
+DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+	if (pub_key != NULL)
+		*pub_key = dh->pub_key;
+	if (priv_key != NULL)
+		*priv_key = dh->priv_key;
+}
+
+int
+DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+	if ((dh->pub_key == NULL && pub_key == NULL) ||
+	    (dh->priv_key == NULL && priv_key == NULL))
+		return 0;
+
+	if (pub_key != NULL) {
+		BN_free(dh->pub_key);
+		dh->pub_key = pub_key;
+	}
+	if (priv_key != NULL) {
+		BN_free(dh->priv_key);
+		dh->priv_key = priv_key;
+	}
+
+	return 1;
+}
+
+void
+DH_clear_flags(DH *dh, int flags)
+{
+	dh->flags &= ~flags;
+}
+
+int
+DH_test_flags(const DH *dh, int flags)
+{
+	return dh->flags & flags;
+}
+
+void
+DH_set_flags(DH *dh, int flags)
+{
+	dh->flags |= flags;
+}
+
+int
+DH_set_length(DH *dh, long length)
+{
+	if (length < 0 || length > INT_MAX)
+		return 0;
+
+	dh->length = length;
+	return 1;
+}
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_asn1.c,v 1.20 2017/05/02 03:59:44 deraadt Exp $ */
+/* $OpenBSD: dsa_asn1.c,v 1.21 2018/02/20 17:48:35 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -133,6 +133,29 @@ i2d_DSA_SIG(const DSA_SIG *a, unsigned char **out)
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSA_SIG_it);
 }

+void
+DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+	if (pr != NULL)
+		*pr = sig->r;
+	if (ps != NULL)
+		*ps = sig->s;
+}
+
+int
+DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+	if (r == NULL || s == NULL)
+		return 0;
+
+	BN_clear_free(sig->r);
+	sig->r = r;
+	BN_clear_free(sig->s);
+	sig->s = s;
+
+	return 1;
+}
+
 /* Override the default free and new methods */
 static int
 dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_lib.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: dsa_lib.c,v 1.28 2018/02/20 17:52:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -303,3 +303,88 @@ err:
 	return NULL;
 }
 #endif
+
+void
+DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+	if (p != NULL)
+		*p = d->p;
+	if (q != NULL)
+		*q = d->q;
+	if (g != NULL)
+		*g = d->g;
+}
+
+int
+DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
+	    (d->g == NULL && g == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(d->p);
+		d->p = p;
+	}
+	if (q != NULL) {
+		BN_free(d->q);
+		d->q = q;
+	}
+	if (g != NULL) {
+		BN_free(d->g);
+		d->g = g;
+	}
+
+	return 1;
+}
+
+void
+DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+	if (pub_key != NULL)
+		*pub_key = d->pub_key;
+	if (priv_key != NULL)
+		*priv_key = d->priv_key;
+}
+
+int
+DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+	if (d->pub_key == NULL && pub_key == NULL)
+		return 0;
+
+	if (pub_key != NULL) {
+		BN_free(d->pub_key);
+		d->pub_key = pub_key;
+	}
+	if (priv_key != NULL) {
+		BN_free(d->priv_key);
+		d->priv_key = priv_key;
+	}
+
+	return 1;
+}
+
+void
+DSA_clear_flags(DSA *d, int flags)
+{
+	d->flags &= ~flags;
+}
+
+int
+DSA_test_flags(const DSA *d, int flags)
+{
+	return d->flags & flags;
+}
+
+void
+DSA_set_flags(DSA *d, int flags)
+{
+	d->flags |= flags;
+}
+
+ENGINE *
+DSA_get0_engine(DSA *d)
+{
+	return d->engine;
+}
--- a/crypto/dsa/dsa_meth.c
+++ b/crypto/dsa/dsa_meth.c
@ -0,0 +1,78 @@
+/*	$OpenBSD: dsa_meth.c,v 1.1 2018/03/17 15:19:12 tb Exp $	*/
+/*
+ * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+
+DSA_METHOD *
+DSA_meth_new(const char *name, int flags)
+{
+	DSA_METHOD *meth;
+
+	if ((meth = calloc(1, sizeof(*meth))) == NULL)
+		return NULL;
+	if ((meth->name = strdup(name)) == NULL) {
+		free(meth);
+		return NULL;
+	}
+	meth->flags = flags;
+
+	return meth;
+}
+
+void
+DSA_meth_free(DSA_METHOD *meth)
+{
+	if (meth != NULL) {
+		free((char *)meth->name);
+		free(meth);
+	}
+}
+
+DSA_METHOD *
+DSA_meth_dup(const DSA_METHOD *meth)
+{
+	DSA_METHOD *copy;
+
+	if ((copy = calloc(1, sizeof(*copy))) == NULL)
+		return NULL;
+	memcpy(copy, meth, sizeof(*copy));
+	if ((copy->name = strdup(meth->name)) == NULL) {
+		free(copy);
+		return NULL;
+	}
+	
+	return copy;
+}
+
+int
+DSA_meth_set_sign(DSA_METHOD *meth,
+    DSA_SIG *(*sign)(const unsigned char *, int, DSA *))
+{
+	meth->dsa_do_sign = sign;
+	return 1;
+}
+
+int
+DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *))
+{
+	meth->finish = finish;
+	return 1;
+}
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.19 2018/03/12 13:14:21 inoguchi Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@ -433,6 +433,7 @@ do_EC_KEY_print(BIO * bp, const EC_KEY * x, int off, int ktype)
 	}
 	if (ktype > 0) {
 		public_key = EC_KEY_get0_public_key(x);
+		if (public_key != NULL) {
 			if ((pub_key = EC_POINT_point2bn(group, public_key,
 			    EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) {
 				reason = ERR_R_EC_LIB;
@ -441,6 +442,7 @@ do_EC_KEY_print(BIO * bp, const EC_KEY * x, int off, int ktype)
 			if (pub_key)
 				buf_len = (size_t) BN_num_bytes(pub_key);
 		}
+	}
 	if (ktype == 2) {
 		priv_key = EC_KEY_get0_private_key(x);
 		if (priv_key && (i = (size_t) BN_num_bytes(priv_key)) > buf_len)
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.24 2017/05/26 16:32:14 jsing Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.25 2018/03/12 13:14:21 inoguchi Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@ -1380,10 +1380,7 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
 		goto err;
 	}

-	if (priv_key->publicKey) {
-		const unsigned char *pub_oct;
-		size_t pub_oct_len;
-
+	if (ret->pub_key)
 		EC_POINT_clear_free(ret->pub_key);
 	ret->pub_key = EC_POINT_new(ret->group);
 	if (ret->pub_key == NULL) {
@ -1391,6 +1388,10 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
 		goto err;
 	}

+	if (priv_key->publicKey) {
+		const unsigned char *pub_oct;
+		size_t pub_oct_len;
+
 		pub_oct = ASN1_STRING_data(priv_key->publicKey);
 		pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
 		if (pub_oct == NULL || pub_oct_len <= 0) {
@ -1405,6 +1406,14 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
 			ECerror(ERR_R_EC_LIB);
 			goto err;
 		}
+	} else {
+		if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key,
+			NULL, NULL, NULL)) {
+			ECerror(ERR_R_EC_LIB);
+			goto err;
+		}
+		/* Remember the original private-key-only encoding. */
+		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
 	}

 	EC_PRIVATEKEY_free(priv_key);
@ -1429,7 +1438,8 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
 	size_t buf_len = 0, tmp_len;
 	EC_PRIVATEKEY *priv_key = NULL;

-	if (a == NULL || a->group == NULL || a->priv_key == NULL) {
+	if (a == NULL || a->group == NULL || a->priv_key == NULL ||
+	    (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) {
 		ECerror(ERR_R_PASSED_NULL_PARAMETER);
 		goto err;
 	}
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.16 2018/03/16 12:31:09 mpi Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@ -2135,7 +2135,7 @@ static const struct {
 	}
 };

-/* IPSec curves */
+/* IPsec curves */
 /* NOTE: The of curves over a extension field of non prime degree
 * is not recommended (Weil-descent).
 * As the group order is not a prime this curve is not suitable
--- a/crypto/ecdsa/ecs_asn1.c
+++ b/crypto/ecdsa/ecs_asn1.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_asn1.c,v 1.8 2015/10/16 15:15:39 jsing Exp $ */
+/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
 *
@ -113,3 +113,25 @@ ECDSA_SIG_free(ECDSA_SIG *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ECDSA_SIG_it);
 }
+
+void
+ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+	if (pr != NULL)
+		*pr = sig->r;
+	if (ps != NULL)
+		*ps = sig->s;
+}
+
+int
+ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+	if (r == NULL || s == NULL)
+		return 0;
+
+	BN_clear_free(sig->r);
+	BN_clear_free(sig->s);
+	sig->r = r;
+	sig->s = s;
+	return 1;
+}
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@ -1,4 +1,4 @@
-/* $OpenBSD: eng_all.c,v 1.29 2015/07/19 22:34:27 doug Exp $ */
+/* $OpenBSD: eng_all.c,v 1.30 2018/03/17 16:20:01 beck Exp $ */
 /* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
 * project 2000.
 */
@ -56,17 +56,16 @@
 *
 */

+#include <pthread.h>
+
 #include <openssl/opensslconf.h>

 #include "cryptlib.h"
 #include "eng_int.h"

 void
-ENGINE_load_builtin_engines(void)
+ENGINE_load_builtin_engines_internal(void)
 {
-	/* Some ENGINEs need this */
-	OPENSSL_cpuid_setup();
-
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_PADLOCK
@ -76,3 +75,14 @@ ENGINE_load_builtin_engines(void)
 #endif
 	ENGINE_register_all_complete();
 }
+
+void
+ENGINE_load_builtin_engines(void)
+{
+	static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
+	(void) pthread_once(&once, ENGINE_load_builtin_engines_internal);
+}
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: eng_lib.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: eng_lib.c,v 1.13 2018/03/17 16:20:01 beck Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
@ -70,6 +70,9 @@ ENGINE_new(void)
 {
 	ENGINE *ret;

+	if (!OPENSSL_init_crypto(0, NULL))
+		return NULL;
+
 	ret = malloc(sizeof(ENGINE));
 	if (ret == NULL) {
 		ENGINEerror(ERR_R_MALLOC_FAILURE);
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@ -1,4 +1,4 @@
-/* $OpenBSD: err.c,v 1.45 2017/02/20 23:21:19 beck Exp $ */
+/* $OpenBSD: err.c,v 1.46 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -109,6 +109,7 @@
 *
 */

+#include <pthread.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
@ -282,6 +283,8 @@ static LHASH_OF(ERR_STATE) *int_thread_hash = NULL;
 static int int_thread_hash_references = 0;
 static int int_err_library_number = ERR_LIB_USER;

+static pthread_t err_init_thread;
+
 /* Internal function that checks whether "err_fns" is set and if not, sets it to
 * the defaults. */
 static void
@ -650,8 +653,9 @@ ERR_STATE_free(ERR_STATE *s)
 }

 void
-ERR_load_ERR_strings(void)
+ERR_load_ERR_strings_internal(void)
 {
+	err_init_thread = pthread_self();
 	err_fns_check();
 #ifndef OPENSSL_NO_ERR
 	err_load_strings(0, ERR_str_libraries);
@ -662,6 +666,21 @@ ERR_load_ERR_strings(void)
 #endif
 }

+
+void
+ERR_load_ERR_strings(void)
+{
+	static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+	if (pthread_equal(pthread_self(), err_init_thread))
+		return; /* don't recurse */
+
+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
+	(void) pthread_once(&once, ERR_load_ERR_strings_internal);
+}
+
 static void
 err_load_strings(int lib, ERR_STRING_DATA *str)
 {
@ -683,6 +702,9 @@ ERR_load_strings(int lib, ERR_STRING_DATA *str)
 void
 ERR_unload_strings(int lib, ERR_STRING_DATA *str)
 {
+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
 	while (str->error) {
 		if (lib)
 			str->error |= ERR_PACK(lib, 0, 0);
@ -694,6 +716,9 @@ ERR_unload_strings(int lib, ERR_STRING_DATA *str)
 void
 ERR_free_strings(void)
 {
+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
 	err_fns_check();
 	ERRFN(err_del)();
 }
@ -953,6 +978,9 @@ ERR_lib_error_string(unsigned long e)
 	ERR_STRING_DATA d, *p;
 	unsigned long l;

+	if (!OPENSSL_init_crypto(0, NULL))
+		return NULL;
+
 	err_fns_check();
 	l = ERR_GET_LIB(e);
 	d.error = ERR_PACK(l, 0, 0);
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.23 2016/10/19 16:49:11 jsing Exp $ */
+/* $OpenBSD: err_all.c,v 1.24 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -56,6 +56,7 @@
 * [including the GNU Public Licence.]
 */

+#include <pthread.h>
 #include <stdio.h>

 #include <openssl/opensslconf.h>
@ -103,11 +104,13 @@
 #include <openssl/gost.h>
 #endif

-void
-ERR_load_crypto_strings(void)
+void ERR_load_ERR_strings_internal(void);
+
+static void
+ERR_load_crypto_strings_internal(void)
 {
 #ifndef OPENSSL_NO_ERR
-	ERR_load_ERR_strings(); /* include error strings for SYSerr */
+	ERR_load_ERR_strings_internal(); /* include error strings for SYSerr */
 	ERR_load_BN_strings();
 #ifndef OPENSSL_NO_RSA
 	ERR_load_RSA_strings();
@ -153,3 +156,10 @@ ERR_load_crypto_strings(void)
 #endif
 #endif
 }
+
+void
+ERR_load_crypto_strings(void)
+{
+	static pthread_once_t loaded = PTHREAD_ONCE_INIT;
+	(void) pthread_once(&loaded, ERR_load_crypto_strings_internal);
+}
--- a/crypto/evp/c_all.c
+++ b/crypto/evp/c_all.c
@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.21 2017/03/01 13:53:58 jsing Exp $ */
+/* $OpenBSD: c_all.c,v 1.22 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -57,6 +57,7 @@
 */

 #include <stdio.h>
+#include <pthread.h>

 #include <openssl/opensslconf.h>

@ -66,8 +67,8 @@

 #include "cryptlib.h"

-void
-OpenSSL_add_all_ciphers(void)
+static void
+OpenSSL_add_all_ciphers_internal(void)
 {
 #ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cfb());
@ -226,7 +227,14 @@ OpenSSL_add_all_ciphers(void)
 }

 void
-OpenSSL_add_all_digests(void)
+OpenSSL_add_all_ciphers(void)
+{
+	static pthread_once_t add_all_ciphers_once = PTHREAD_ONCE_INIT;
+	(void) pthread_once(&add_all_ciphers_once, OpenSSL_add_all_ciphers_internal);
+}
+
+static void
+OpenSSL_add_all_digests_internal(void)
 {
 #ifndef OPENSSL_NO_MD4
 	EVP_add_digest(EVP_md4());
@ -283,6 +291,13 @@ OpenSSL_add_all_digests(void)
 #endif
 }

+void
+OpenSSL_add_all_digests(void)
+{
+	static pthread_once_t add_all_digests_once = PTHREAD_ONCE_INIT;
+	(void) pthread_once(&add_all_digests_once, OpenSSL_add_all_digests_internal);
+}
+
 void
 OPENSSL_add_all_algorithms_noconf(void)
 {
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.28 2017/05/02 03:59:44 deraadt Exp $ */
+/* $OpenBSD: digest.c,v 1.29 2018/02/17 14:55:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -122,18 +122,6 @@
 #include <openssl/engine.h>
 #endif

-void
-EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-{
-	memset(ctx, 0, sizeof *ctx);
-}
-
-EVP_MD_CTX *
-EVP_MD_CTX_create(void)
-{
-	return calloc(1, sizeof(EVP_MD_CTX));
-}
-
 int
 EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 {
@ -339,20 +327,53 @@ EVP_Digest(const void *data, size_t count,
 	return ret;
 }

+EVP_MD_CTX *
+EVP_MD_CTX_new(void)
+{
+	return calloc(1, sizeof(EVP_MD_CTX));
+}
+
+void
+EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+	if (ctx == NULL)
+		return;
+
+	EVP_MD_CTX_cleanup(ctx);
+
+	free(ctx);
+}
+
+void
+EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+{
+	memset(ctx, 0, sizeof(*ctx));
+}
+
+int
+EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+	return EVP_MD_CTX_cleanup(ctx);
+}
+
+EVP_MD_CTX *
+EVP_MD_CTX_create(void)
+{
+	return EVP_MD_CTX_new();
+}
+
 void
 EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 {
-	if (ctx) {
-		EVP_MD_CTX_cleanup(ctx);
-		free(ctx);
-	}
+	EVP_MD_CTX_free(ctx);
 }

 /* This call frees resources associated with the context */
 int
 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 {
-	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
+	/*
+	 * Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
 	 * because sometimes only copies of the context are ever finalised.
 	 */
 	if (ctx->digest && ctx->digest->cleanup &&
@ -368,7 +389,7 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 		 * functional reference we held for this reason. */
 		ENGINE_finish(ctx->engine);
 #endif
-	memset(ctx, 0, sizeof *ctx);
+	memset(ctx, 0, sizeof(*ctx));

 	return 1;
 }
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.36 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.38 2018/02/17 16:54:08 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -75,18 +75,6 @@

 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)

-void
-EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
-{
-	memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
-}
-
-EVP_CIPHER_CTX *
-EVP_CIPHER_CTX_new(void)
-{
-	return calloc(1, sizeof(EVP_CIPHER_CTX));
-}
-
 int
 EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
    const unsigned char *key, const unsigned char *iv, int enc)
@ -258,7 +246,7 @@ EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 }

 __warn_references(EVP_CipherFinal,
-    "warning: EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup");
+    "EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup");

 int
 EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
@ -368,7 +356,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 }

 __warn_references(EVP_EncryptFinal,
-    "warning: EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup");
+    "EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup");

 int
 EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
@ -483,7 +471,7 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 }

 __warn_references(EVP_DecryptFinal,
-    "warning: EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup");
+    "EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup");

 int
 EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
@ -548,13 +536,33 @@ EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	return (1);
 }

+EVP_CIPHER_CTX *
+EVP_CIPHER_CTX_new(void)
+{
+	return calloc(1, sizeof(EVP_CIPHER_CTX));
+}
+
 void
 EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 {
-	if (ctx) {
+	if (ctx == NULL)
+		return;
+
 	EVP_CIPHER_CTX_cleanup(ctx);
+
 	free(ctx);
-	}
+}
+
+void
+EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+{
+	memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+}
+
+int
+EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a)
+{
+	return EVP_CIPHER_CTX_cleanup(a);
 }

 int
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@ -1,4 +1,4 @@
-/* $OpenBSD: names.c,v 1.13 2017/04/29 21:48:44 jsing Exp $ */
+/* $OpenBSD: names.c,v 1.14 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -113,6 +113,9 @@ EVP_get_cipherbyname(const char *name)
 {
 	const EVP_CIPHER *cp;

+	if (!OPENSSL_init_crypto(0, NULL))
+		return NULL;
+
 	cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
 	return (cp);
 }
@ -122,6 +125,9 @@ EVP_get_digestbyname(const char *name)
 {
 	const EVP_MD *cp;

+	if (!OPENSSL_init_crypto(0, NULL))
+		return NULL;
+
 	cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
 	return (cp);
 }
@ -167,6 +173,9 @@ EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from,
 {
 	struct doall_cipher dc;

+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
 	dc.fn = fn;
 	dc.arg = arg;
 	OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
@ -178,6 +187,9 @@ EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, const char *from,
 {
 	struct doall_cipher dc;

+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
 	dc.fn = fn;
 	dc.arg = arg;
 	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
@ -207,6 +219,9 @@ EVP_MD_do_all(void (*fn)(const EVP_MD *md, const char *from, const char *to,
 {
 	struct doall_md dc;

+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
 	dc.fn = fn;
 	dc.arg = arg;
 	OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
@ -218,6 +233,9 @@ EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md,
 {
 	struct doall_md dc;

+	/* Prayer and clean living lets you ignore errors, OpenSSL style */
+	(void) OPENSSL_init_crypto(0, NULL);
+
 	dc.fn = fn;
 	dc.arg = arg;
 	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p_lib.c,v 1.20 2018/02/20 18:05:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -204,6 +204,13 @@ EVP_PKEY_new(void)
 	return (ret);
 }

+int
+EVP_PKEY_up_ref(EVP_PKEY *pkey)
+{
+	int refs = CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+	return ((refs > 1) ? 1 : 0);
+}
+
 /* Setup a public key ASN1 method and ENGINE from a NID or a string.
 * If pkey is NULL just return 1 or 0 if the algorithm exists.
 */
@ -279,13 +286,14 @@ EVP_PKEY_get0(EVP_PKEY *pkey)
 }

 #ifndef OPENSSL_NO_RSA
-int
-EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+RSA *
+EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
 {
-	int ret = EVP_PKEY_assign_RSA(pkey, key);
-	if (ret)
-		RSA_up_ref(key);
-	return ret;
+	if (pkey->type != EVP_PKEY_RSA) {
+		EVPerror(EVP_R_EXPECTING_AN_RSA_KEY);
+		return NULL;
+	}
+	return pkey->pkey.rsa;
 }

 RSA *
@ -298,16 +306,26 @@ EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
 	RSA_up_ref(pkey->pkey.rsa);
 	return pkey->pkey.rsa;
 }
+
+int
+EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+	int ret = EVP_PKEY_assign_RSA(pkey, key);
+	if (ret != 0)
+		RSA_up_ref(key);
+	return ret;
+}
 #endif

 #ifndef OPENSSL_NO_DSA
-int
-EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+DSA *
+EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
 {
-	int ret = EVP_PKEY_assign_DSA(pkey, key);
-	if (ret)
-		DSA_up_ref(key);
-	return ret;
+	if (pkey->type != EVP_PKEY_DSA) {
+		EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
+		return NULL;
+	}
+	return pkey->pkey.dsa;
 }

 DSA *
@ -320,17 +338,26 @@ EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 	DSA_up_ref(pkey->pkey.dsa);
 	return pkey->pkey.dsa;
 }
+
+int
+EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+{
+	int ret = EVP_PKEY_assign_DSA(pkey, key);
+	if (ret != 0)
+		DSA_up_ref(key);
+	return ret;
+}
 #endif

 #ifndef OPENSSL_NO_EC
-
-int
-EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+EC_KEY *
+EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
 {
-	int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
-	if (ret)
-		EC_KEY_up_ref(key);
-	return ret;
+	if (pkey->type != EVP_PKEY_EC) {
+		EVPerror(EVP_R_EXPECTING_A_EC_KEY);
+		return NULL;
+	}
+	return pkey->pkey.ec;
 }

 EC_KEY *
@ -343,18 +370,27 @@ EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
 	EC_KEY_up_ref(pkey->pkey.ec);
 	return pkey->pkey.ec;
 }
+
+int
+EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+	int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+	if (ret != 0)
+		EC_KEY_up_ref(key);
+	return ret;
+}
 #endif


 #ifndef OPENSSL_NO_DH
-
-int
-EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+DH *
+EVP_PKEY_get0_DH(EVP_PKEY *pkey)
 {
-	int ret = EVP_PKEY_assign_DH(pkey, key);
-	if (ret)
-		DH_up_ref(key);
-	return ret;
+	if (pkey->type != EVP_PKEY_DH) {
+		EVPerror(EVP_R_EXPECTING_A_DH_KEY);
+		return NULL;
+	}
+	return pkey->pkey.dh;
 }

 DH *
@ -367,6 +403,15 @@ EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 	DH_up_ref(pkey->pkey.dh);
 	return pkey->pkey.dh;
 }
+
+int
+EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+{
+	int ret = EVP_PKEY_assign_DH(pkey, key);
+	if (ret != 0)
+		DH_up_ref(key);
+	return ret;
+}
 #endif

 int
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ex_data.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: ex_data.c,v 1.20 2018/03/17 16:20:01 beck Exp $ */

 /*
 * Overhaul notes;
@ -312,6 +312,8 @@ def_get_class(int class_index)
 	EX_CLASS_ITEM d, *p, *gen;
 	EX_DATA_CHECK(return NULL;)
 	d.class_index = class_index;
+	if (!OPENSSL_init_crypto(0, NULL))
+		return NULL;
 	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
 	p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d);
 	if (!p) {
@ -500,6 +502,7 @@ int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
 	EX_CLASS_ITEM *item;
 	void *ptr;
 	CRYPTO_EX_DATA_FUNCS **storage = NULL;
+
 	if ((item = def_get_class(class_index)) == NULL)
 		return;
 	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.c,v 1.24 2017/03/03 10:39:07 inoguchi Exp $ */
+/* $OpenBSD: hmac.c,v 1.25 2018/02/17 14:53:58 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -171,6 +171,38 @@ err:
 	return 0;
 }

+HMAC_CTX *
+HMAC_CTX_new(void)
+{
+	HMAC_CTX *ctx;
+
+	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
+		return NULL;
+
+	HMAC_CTX_init(ctx);
+
+	return ctx;
+}
+
+void
+HMAC_CTX_free(HMAC_CTX *ctx)
+{
+	if (ctx == NULL)
+		return;
+
+	HMAC_CTX_cleanup(ctx);
+
+	free(ctx);
+}
+
+int
+HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+	HMAC_CTX_cleanup(ctx);
+	HMAC_CTX_init(ctx);
+	return 1;
+}
+
 void
 HMAC_CTX_init(HMAC_CTX *ctx)
 {
@ -206,6 +238,20 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx)
 	explicit_bzero(ctx, sizeof(*ctx));
 }

+void
+HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+{
+	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+}
+
+const EVP_MD *
+HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+	return ctx->md;
+}
+
 unsigned char *
 HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d,
    size_t n, unsigned char *md, unsigned int *md_len)
@ -228,11 +274,3 @@ err:
 	HMAC_CTX_cleanup(&c);
 	return NULL;
 }
-
-void
-HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-{
-	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-}
--- a/crypto/md5/md5-elf-x86_64.S
+++ b/crypto/md5/md5-elf-x86_64.S
@ -665,7 +665,7 @@ md5_block_asm_data_order:
 	movq	32(%rsp),%rbp
 	addq	$40,%rsp
 .Lepilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	md5_block_asm_data_order,.-md5_block_asm_data_order
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
--- a/crypto/md5/md5-macosx-x86_64.S
+++ b/crypto/md5/md5-macosx-x86_64.S
@ -665,5 +665,5 @@ L$end:
 	movq	32(%rsp),%rbp
 	addq	$40,%rsp
 L$epilogue:
-	.byte	0xf3,0xc3
+	retq

--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.20 2017/09/03 13:07:34 inoguchi Exp $ */
+/* $OpenBSD: gcm128.c,v 1.22 2018/01/24 23:03:37 kettenis Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@ -661,7 +661,7 @@ void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len
 #  endif
 # elif defined(__arm__) || defined(__arm)
 #  include "arm_arch.h"
-#  if __ARM_ARCH__>=7
+#  if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT)
 #   define GHASH_ASM_ARM
 #   define GCM_FUNCREF_4BIT
 void gcm_gmult_neon(u64 Xi[2],const u128 Htable[16]);
@ -1515,6 +1515,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
 	alen = BSWAP8(alen);
 	clen = BSWAP8(clen);
 #else
+	{
 		u8 *p = ctx->len.c;

 		ctx->len.u[0] = alen;
@ -1522,6 +1523,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,

 		alen = (u64)GETU32(p)  <<32|GETU32(p+4);
 		clen = (u64)GETU32(p+8)<<32|GETU32(p+12);
+	}
 #endif
 #endif

--- a/crypto/modes/ghash-elf-x86_64.S
+++ b/crypto/modes/ghash-elf-x86_64.S
@ -87,7 +87,7 @@ gcm_gmult_4bit:
 	movq	16(%rsp),%rbx
 	leaq	24(%rsp),%rsp
 .Lgmult_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	gcm_gmult_4bit,.-gcm_gmult_4bit
 .globl	gcm_ghash_4bit
 .type	gcm_ghash_4bit,@function
@ -653,7 +653,7 @@ gcm_ghash_4bit:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lghash_epilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	gcm_ghash_4bit,.-gcm_ghash_4bit
 .globl	gcm_init_clmul
 .type	gcm_init_clmul,@function
@ -718,7 +718,7 @@ gcm_init_clmul:
 	pxor	%xmm4,%xmm0
 	movdqu	%xmm2,(%rdi)
 	movdqu	%xmm0,16(%rdi)
-	.byte	0xf3,0xc3
+	retq
 .size	gcm_init_clmul,.-gcm_init_clmul
 .globl	gcm_gmult_clmul
 .type	gcm_gmult_clmul,@function
@ -768,7 +768,7 @@ gcm_gmult_clmul:
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,197
 	movdqu	%xmm0,(%rdi)
-	.byte	0xf3,0xc3
+	retq
 .size	gcm_gmult_clmul,.-gcm_gmult_clmul
 .globl	gcm_ghash_clmul
 .type	gcm_ghash_clmul,@function
@ -973,7 +973,7 @@ gcm_ghash_clmul:
 .Ldone:
 .byte	102,15,56,0,197
 	movdqu	%xmm0,(%rdi)
-	.byte	0xf3,0xc3
+	retq
 .LSEH_end_gcm_ghash_clmul:
 .size	gcm_ghash_clmul,.-gcm_ghash_clmul
 .align	64
--- a/crypto/modes/ghash-macosx-x86_64.S
+++ b/crypto/modes/ghash-macosx-x86_64.S
@ -87,7 +87,7 @@ L$break1:
 	movq	16(%rsp),%rbx
 	leaq	24(%rsp),%rsp
 L$gmult_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_gcm_ghash_4bit

@ -653,7 +653,7 @@ L$outer_loop:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$ghash_epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_gcm_init_clmul

@ -718,7 +718,7 @@ _gcm_init_clmul:
 	pxor	%xmm4,%xmm0
 	movdqu	%xmm2,(%rdi)
 	movdqu	%xmm0,16(%rdi)
-	.byte	0xf3,0xc3
+	retq

 .globl	_gcm_gmult_clmul

@ -768,7 +768,7 @@ _gcm_gmult_clmul:
 	pxor	%xmm4,%xmm0
 .byte	102,15,56,0,197
 	movdqu	%xmm0,(%rdi)
-	.byte	0xf3,0xc3
+	retq

 .globl	_gcm_ghash_clmul

@ -973,7 +973,7 @@ L$odd_tail:
 L$done:
 .byte	102,15,56,0,197
 	movdqu	%xmm0,(%rdi)
-	.byte	0xf3,0xc3
+	retq
 L$SEH_end_gcm_ghash_clmul:

 .p2align	6
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -62,9 +62,9 @@
 * [including the GNU Public Licence.]
 */

-#define NUM_NID 959
-#define NUM_SN 952
-#define NUM_LN 952
+#define NUM_NID 968
+#define NUM_SN 961
+#define NUM_LN 961
 #define NUM_OBJ 893

 static const unsigned char lvalues[6250]={
@ -2504,6 +2504,15 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 	NID_jurisdictionStateOrProvinceName,11,&(lvalues[6227]),0},
 {"jurisdictionCountryName","jurisdictionCountryName",
 	NID_jurisdictionCountryName,11,&(lvalues[6238]),0},
+{"KxRSA","kx-rsa",NID_kx_rsa,0,NULL,0},
+{"KxECDHE","kx-ecdhe",NID_kx_ecdhe,0,NULL,0},
+{"KxDHE","kx-dhe",NID_kx_dhe,0,NULL,0},
+{"KxGOST","kx-gost",NID_kx_gost,0,NULL,0},
+{"AuthRSA","auth-rsa",NID_auth_rsa,0,NULL,0},
+{"AuthECDSA","auth-ecdsa",NID_auth_ecdsa,0,NULL,0},
+{"AuthGOST01","auth-gost01",NID_auth_gost01,0,NULL,0},
+{"AuthNULL","auth-null",NID_auth_null,0,NULL,0},
+{"ChaCha20-Poly1305","chacha20-poly1305",NID_chacha20_poly1305,0,NULL,0},
 };

 static const unsigned int sn_objs[NUM_SN]={
@ -2534,6 +2543,10 @@ static const unsigned int sn_objs[NUM_SN]={
 426,	/* "AES-256-ECB" */
 428,	/* "AES-256-OFB" */
 914,	/* "AES-256-XTS" */
+964,	/* "AuthECDSA" */
+965,	/* "AuthGOST01" */
+966,	/* "AuthNULL" */
+963,	/* "AuthRSA" */
 91,	/* "BF-CBC" */
 93,	/* "BF-CFB" */
 92,	/* "BF-ECB" */
@ -2566,6 +2579,7 @@ static const unsigned int sn_objs[NUM_SN]={
 141,	/* "CRLReason" */
 417,	/* "CSPName" */
 937,	/* "ChaCha" */
+967,	/* "ChaCha20-Poly1305" */
 367,	/* "CrlID" */
 391,	/* "DC" */
 31,	/* "DES-CBC" */
@ -2612,6 +2626,10 @@ static const unsigned int sn_objs[NUM_SN]={
 645,	/* "ITU-T" */
 646,	/* "JOINT-ISO-ITU-T" */
 773,	/* "KISA" */
+961,	/* "KxDHE" */
+960,	/* "KxECDHE" */
+962,	/* "KxGOST" */
+959,	/* "KxRSA" */
 15,	/* "L" */
 856,	/* "LocalKeySet" */
 3,	/* "MD2" */
@ -3654,6 +3672,10 @@ static const unsigned int ln_objs[NUM_LN]={
 484,	/* "associatedDomain" */
 485,	/* "associatedName" */
 501,	/* "audio" */
+964,	/* "auth-ecdsa" */
+965,	/* "auth-gost01" */
+966,	/* "auth-null" */
+963,	/* "auth-rsa" */
 882,	/* "authorityRevocationList" */
 91,	/* "bf-cbc" */
 93,	/* "bf-cfb" */
@ -3726,6 +3748,7 @@ static const unsigned int ln_objs[NUM_LN]={
 517,	/* "certificate extensions" */
 883,	/* "certificateRevocationList" */
 937,	/* "chacha" */
+967,	/* "chacha20-poly1305" */
 54,	/* "challengePassword" */
 407,	/* "characteristic-two-field" */
 395,	/* "clearance" */
@ -4064,6 +4087,10 @@ static const unsigned int ln_objs[NUM_LN]={
 957,	/* "jurisdictionStateOrProvinceName" */
 150,	/* "keyBag" */
 773,	/* "kisa" */
+961,	/* "kx-dhe" */
+960,	/* "kx-ecdhe" */
+962,	/* "kx-gost" */
+959,	/* "kx-rsa" */
 477,	/* "lastModifiedBy" */
 476,	/* "lastModifiedTime" */
 157,	/* "localKeyID" */
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_cl.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ocsp_cl.c,v 1.15 2018/03/17 14:44:34 jsing Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */

@ -390,3 +390,9 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

 	return 1;
 }
+
+const OCSP_CERTID *
+OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
+{
+	return single->certId;
+}
--- a/crypto/rc4/rc4-elf-x86_64.S
+++ b/crypto/rc4/rc4-elf-x86_64.S
@ -8,7 +8,7 @@
 .align	16
 RC4:	orq	%rsi,%rsi
 	jne	.Lentry
-	.byte	0xf3,0xc3
+	retq
 .Lentry:
 	pushq	%rbx
 	pushq	%r12
@ -517,7 +517,7 @@ RC4:	orq	%rsi,%rsi
 	movq	16(%rsp),%rbx
 	addq	$24,%rsp
 .Lepilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	RC4,.-RC4
 .globl	RC4_set_key
 .type	RC4_set_key,@function
@ -588,7 +588,7 @@ RC4_set_key:
 	xorl	%eax,%eax
 	movl	%eax,-8(%rdi)
 	movl	%eax,-4(%rdi)
-	.byte	0xf3,0xc3
+	retq
 .size	RC4_set_key,.-RC4_set_key

 .globl	RC4_options
@ -602,11 +602,11 @@ RC4_options:
 	btl	$IA32CAP_BIT0_INTEL,%edx
 	jnc	.Ldone
 	addq	$25,%rax
-	.byte	0xf3,0xc3
+	retq
 .L8xchar:
 	addq	$12,%rax
 .Ldone:
-	.byte	0xf3,0xc3
+	retq
 .align	64
 .Lopts:
 .byte	114,99,52,40,56,120,44,105,110,116,41,0
--- a/crypto/rc4/rc4-macosx-x86_64.S
+++ b/crypto/rc4/rc4-macosx-x86_64.S
@ -8,7 +8,7 @@
 .p2align	4
 _RC4:	orq	%rsi,%rsi
 	jne	L$entry
-	.byte	0xf3,0xc3
+	retq
 L$entry:
 	pushq	%rbx
 	pushq	%r12
@ -517,7 +517,7 @@ L$exit:
 	movq	16(%rsp),%rbx
 	addq	$24,%rsp
 L$epilogue:
-	.byte	0xf3,0xc3
+	retq

 .globl	_RC4_set_key

@ -588,7 +588,7 @@ L$exit_key:
 	xorl	%eax,%eax
 	movl	%eax,-8(%rdi)
 	movl	%eax,-4(%rdi)
-	.byte	0xf3,0xc3
+	retq


 .globl	_RC4_options
@ -602,11 +602,11 @@ _RC4_options:
 	btl	$IA32CAP_BIT0_INTEL,%edx
 	jnc	L$done
 	addq	$25,%rax
-	.byte	0xf3,0xc3
+	retq
 L$8xchar:
 	addq	$12,%rax
 L$done:
-	.byte	0xf3,0xc3
+	retq
 .p2align	6
 L$opts:
 .byte	114,99,52,40,56,120,44,105,110,116,41,0
--- a/crypto/rc4/rc4-md5-elf-x86_64.S
+++ b/crypto/rc4/rc4-md5-elf-x86_64.S
@ -1256,7 +1256,7 @@ rc4_md5_enc:
 	leaq	88(%rsp),%rsp
 .Lepilogue:
 .Labort:
-	.byte	0xf3,0xc3
+	retq
 .size	rc4_md5_enc,.-rc4_md5_enc
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
--- a/crypto/rc4/rc4-md5-macosx-x86_64.S
+++ b/crypto/rc4/rc4-md5-macosx-x86_64.S
@ -1256,5 +1256,5 @@ L$oop:
 	leaq	88(%rsp),%rsp
 L$epilogue:
 L$abort:
-	.byte	0xf3,0xc3
+	retq

--- a/crypto/rsa/rsa_crpt.c
+++ b/crypto/rsa/rsa_crpt.c
@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_crpt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.19 2018/02/18 12:52:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -72,6 +72,12 @@
 #include <openssl/engine.h>
 #endif

+int
+RSA_bits(const RSA *r)
+{
+	return BN_num_bits(r->n);
+}
+
 int
 RSA_size(const RSA *r)
 {
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_lib.c,v 1.31 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: rsa_lib.c,v 1.36 2018/02/20 17:42:32 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -256,3 +256,117 @@ RSA_get_ex_data(const RSA *r, int idx)
 {
 	return CRYPTO_get_ex_data(&r->ex_data, idx);
 }
+
+void
+RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+	if (n != NULL)
+		*n = r->n;
+	if (e != NULL)
+		*e = r->e;
+	if (d != NULL)
+		*d = r->d;
+}
+
+int
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+	if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
+		return 0;
+
+	if (n != NULL) {
+		BN_free(r->n);
+		r->n = n;
+	}
+	if (e != NULL) {
+		BN_free(r->e);
+		r->e = e;
+	}
+	if (d != NULL) {
+		BN_free(r->d);
+		r->d = d;
+	}
+
+	return 1;
+}
+
+void
+RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
+    const BIGNUM **iqmp)
+{
+	if (dmp1 != NULL)
+		*dmp1 = r->dmp1;
+	if (dmq1 != NULL)
+		*dmq1 = r->dmq1;
+	if (iqmp != NULL)
+		*iqmp = r->iqmp;
+}
+
+int
+RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+	if ((r->dmp1 == NULL && dmp1 == NULL) ||
+	    (r->dmq1 == NULL && dmq1 == NULL) ||
+	    (r->iqmp == NULL && iqmp == NULL))
+	       	return 0;
+
+	if (dmp1 != NULL) {
+		BN_free(r->dmp1);
+		r->dmp1 = dmp1;
+	}
+	if (dmq1 != NULL) {
+		BN_free(r->dmq1);
+		r->dmq1 = dmq1;
+	}
+	if (iqmp != NULL) {
+		BN_free(r->iqmp);
+		r->iqmp = iqmp;
+	}
+
+	return 1;
+}
+
+void
+RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+	if (p != NULL)
+		*p = r->p;
+	if (q != NULL)
+		*q = r->q;
+}
+
+int
+RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+	if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(r->p);
+		r->p = p;
+	}
+	if (q != NULL) {
+		BN_free(r->q);
+		r->q = q;
+	}
+
+	return 1;
+}
+
+void
+RSA_clear_flags(RSA *r, int flags)
+{
+	r->flags &= ~flags;
+}
+
+int
+RSA_test_flags(const RSA *r, int flags)
+{
+	return r->flags & flags;
+}
+
+void
+RSA_set_flags(RSA *r, int flags)
+{
+	r->flags |= flags;
+}
--- a/crypto/rsa/rsa_meth.c
+++ b/crypto/rsa/rsa_meth.c
@ -0,0 +1,86 @@
+/*	$OpenBSD: rsa_meth.c,v 1.1 2018/03/17 15:12:56 tb Exp $	*/
+/*
+ * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+RSA_METHOD *
+RSA_meth_new(const char *name, int flags)
+{
+	RSA_METHOD *meth;
+
+	if ((meth = calloc(1, sizeof(*meth))) == NULL)
+		return NULL;
+	if ((meth->name = strdup(name)) == NULL) {
+		free(meth);
+		return NULL;
+	}
+	meth->flags = flags;
+
+	return meth;
+}
+
+void
+RSA_meth_free(RSA_METHOD *meth)
+{
+	if (meth != NULL) {
+		free((char *)meth->name);
+		free(meth);
+	}
+}
+
+RSA_METHOD *
+RSA_meth_dup(const RSA_METHOD *meth)
+{
+	RSA_METHOD *copy;
+
+	if ((copy = calloc(1, sizeof(*copy))) == NULL)
+		return NULL;
+	memcpy(copy, meth, sizeof(*copy));
+	if ((copy->name = strdup(meth->name)) == NULL) {
+		free(copy);
+		return NULL;
+	}
+
+	return copy;
+}
+
+int
+RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
+{
+	meth->rsa_priv_enc = priv_enc;
+	return 1;
+}
+
+int
+RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
+{
+	meth->rsa_priv_dec = priv_dec;
+	return 1;
+}
+
+int
+RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
+{
+	meth->finish = finish;
+	return 1;
+}
--- a/crypto/sha/sha1-elf-x86_64.S
+++ b/crypto/sha/sha1-elf-x86_64.S
@ -1288,7 +1288,7 @@ sha1_block_data_order:
 	movq	24(%rsi),%rbx
 	leaq	32(%rsi),%rsp
 .Lepilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	sha1_block_data_order,.-sha1_block_data_order
 .type	sha1_block_data_order_ssse3,@function
 .align	16
@ -2475,7 +2475,7 @@ _ssse3_shortcut:
 	movq	16(%rsi),%rbx
 	leaq	24(%rsi),%rsp
 .Lepilogue_ssse3:
-	.byte	0xf3,0xc3
+	retq
 .size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
 .align	64
 K_XX_XX:
--- a/crypto/sha/sha1-macosx-x86_64.S
+++ b/crypto/sha/sha1-macosx-x86_64.S
@ -1288,7 +1288,7 @@ L$loop:
 	movq	24(%rsi),%rbx
 	leaq	32(%rsi),%rsp
 L$epilogue:
-	.byte	0xf3,0xc3
+	retq


 .p2align	4
@ -2475,7 +2475,7 @@ L$done_ssse3:
 	movq	16(%rsi),%rbx
 	leaq	24(%rsi),%rsp
 L$epilogue_ssse3:
-	.byte	0xf3,0xc3
+	retq

 .p2align	6
 K_XX_XX:
--- a/crypto/sha/sha256-elf-x86_64.S
+++ b/crypto/sha/sha256-elf-x86_64.S
@ -1756,7 +1756,7 @@ sha256_block_data_order:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lepilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	sha256_block_data_order,.-sha256_block_data_order
 .align	64
 .type	K256,@object
--- a/crypto/sha/sha256-macosx-x86_64.S
+++ b/crypto/sha/sha256-macosx-x86_64.S
@ -1756,7 +1756,7 @@ L$rounds_16_xx:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$epilogue:
-	.byte	0xf3,0xc3
+	retq

 .p2align	6

--- a/crypto/sha/sha512-elf-x86_64.S
+++ b/crypto/sha/sha512-elf-x86_64.S
@ -1756,7 +1756,7 @@ sha512_block_data_order:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lepilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	sha512_block_data_order,.-sha512_block_data_order
 .align	64
 .type	K512,@object
--- a/crypto/sha/sha512-macosx-x86_64.S
+++ b/crypto/sha/sha512-macosx-x86_64.S
@ -1756,7 +1756,7 @@ L$rounds_16_xx:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$epilogue:
-	.byte	0xf3,0xc3
+	retq

 .p2align	6

--- a/crypto/whrlpool/wp-elf-x86_64.S
+++ b/crypto/whrlpool/wp-elf-x86_64.S
@ -585,7 +585,7 @@ whirlpool_block:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 .Lepilogue:
-	.byte	0xf3,0xc3
+	retq
 .size	whirlpool_block,.-whirlpool_block

 .align	64
--- a/crypto/whrlpool/wp-macosx-x86_64.S
+++ b/crypto/whrlpool/wp-macosx-x86_64.S
@ -585,7 +585,7 @@ L$alldone:
 	movq	40(%rsi),%rbx
 	leaq	48(%rsi),%rsp
 L$epilogue:
-	.byte	0xf3,0xc3
+	retq


 .p2align	6
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cmp.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: x509_cmp.c,v 1.30 2018/03/17 14:57:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -321,11 +321,19 @@ X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
 EVP_PKEY *
 X509_get_pubkey(X509 *x)
 {
-	if ((x == NULL) || (x->cert_info == NULL))
+	if (x == NULL || x->cert_info == NULL)
 		return (NULL);
 	return (X509_PUBKEY_get(x->cert_info->key));
 }

+EVP_PKEY *
+X509_get0_pubkey(X509 *x)
+{
+	if (x == NULL || x->cert_info == NULL)
+		return (NULL);
+	return (X509_PUBKEY_get0(x->cert_info->key));
+}
+
 ASN1_BIT_STRING *
 X509_get0_pubkey_bitstr(const X509 *x)
 {
@ -364,3 +372,21 @@ X509_check_private_key(X509 *x, EVP_PKEY *k)
 		return 1;
 	return 0;
 }
+
+/*
+ * Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref of
+ * each X509 structure.
+ */
+STACK_OF(X509) *
+X509_chain_up_ref(STACK_OF(X509) *chain)
+{
+	STACK_OF(X509) *ret;
+	size_t i;
+
+	ret = sk_X509_dup(chain);
+	for (i = 0; i < sk_X509_num(ret); i++)
+		X509_up_ref(sk_X509_value(ret, i));
+
+	return ret;
+}
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.28 2018/03/17 15:43:32 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -268,6 +268,13 @@ X509_STORE_free(X509_STORE *vfy)
 	free(vfy);
 }

+int
+X509_STORE_up_ref(X509_STORE *x)
+{
+	int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_STORE);
+	return (refs > 1) ? 1 : 0;
+}
+
 X509_LOOKUP *
 X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
 {
@ -451,6 +458,12 @@ X509_OBJECT_up_ref_count(X509_OBJECT *a)
 	}
 }

+int
+X509_OBJECT_get_type(const X509_OBJECT *a)
+{
+	return a->type;
+}
+
 void
 X509_OBJECT_free_contents(X509_OBJECT *a)
 {
@ -526,6 +539,22 @@ X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
 	return sk_X509_OBJECT_value(h, idx);
 }

+X509 *
+X509_OBJECT_get0_X509(const X509_OBJECT *xo)
+{
+	if (xo != NULL && xo->type == X509_LU_X509)
+		return xo->data.x509;
+	return NULL;
+}
+
+X509_CRL *
+X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo)
+{
+	if (xo != NULL && xo->type == X509_LU_CRL)
+		return xo->data.crl;
+	return NULL;
+}
+
 STACK_OF(X509) *
 X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
 {
@ -649,7 +678,6 @@ X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
 	return NULL;
 }

-
 /* Try to get issuer certificate from store. Due to limitations
 * of the API this can only retrieve a single certificate matching
 * a given subject name. However it will fill the cache with all
@ -726,6 +754,24 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 	return ret;
 }

+STACK_OF(X509_OBJECT) *
+X509_STORE_get0_objects(X509_STORE *xs)
+{
+	return xs->objs;
+}
+
+void *
+X509_STORE_get_ex_data(X509_STORE *xs, int idx)
+{
+	return CRYPTO_get_ex_data(&xs->ex_data, idx);
+}
+
+int
+X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data)
+{
+	return CRYPTO_set_ex_data(&xs->ex_data, idx, data);
+}
+
 int
 X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
 {
@ -757,6 +803,12 @@ X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
 	return X509_VERIFY_PARAM_set1(ctx->param, param);
 }

+X509_VERIFY_PARAM *
+X509_STORE_get0_param(X509_STORE *ctx)
+{
+	return ctx->param;
+}
+
 void
 X509_STORE_set_verify_cb(X509_STORE *ctx,
    int (*verify_cb)(int, X509_STORE_CTX *))
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x509_set.c,v 1.12 2015/09/30 17:49:59 jsing Exp $ */
+/* $OpenBSD: x509_set.c,v 1.16 2018/02/22 17:09:28 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -63,6 +63,18 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

+const STACK_OF(X509_EXTENSION) *
+X509_get0_extensions(const X509 *x)
+{
+	return x->cert_info->extensions;
+}
+
+const X509_ALGOR *
+X509_get0_tbs_sigalg(const X509 *x)
+{
+	return x->cert_info->signature;
+}
+
 int
 X509_set_version(X509 *x, long version)
 {
@ -104,17 +116,31 @@ X509_set_issuer_name(X509 *x, X509_NAME *name)
 int
 X509_set_subject_name(X509 *x, X509_NAME *name)
 {
-	if ((x == NULL) || (x->cert_info == NULL))
+	if (x == NULL || x->cert_info == NULL)
 		return (0);
 	return (X509_NAME_set(&x->cert_info->subject, name));
 }

+const ASN1_TIME *
+X509_get0_notBefore(const X509 *x)
+{
+	return X509_getm_notBefore(x);
+}
+
+ASN1_TIME *
+X509_getm_notBefore(const X509 *x)
+{
+	if (x == NULL || x->cert_info == NULL || x->cert_info->validity == NULL)
+		return (NULL);
+	return x->cert_info->validity->notBefore;
+}
+
 int
 X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
 {
 	ASN1_TIME *in;

-	if ((x == NULL) || (x->cert_info->validity == NULL))
+	if (x == NULL || x->cert_info->validity == NULL)
 		return (0);
 	in = x->cert_info->validity->notBefore;
 	if (in != tm) {
@ -127,12 +153,32 @@ X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
 	return (in != NULL);
 }

+int
+X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
+{
+	return X509_set_notBefore(x, tm);
+}
+
+const ASN1_TIME *
+X509_get0_notAfter(const X509 *x)
+{
+	return X509_getm_notAfter(x);
+}
+
+ASN1_TIME *
+X509_getm_notAfter(const X509 *x)
+{
+	if (x == NULL || x->cert_info == NULL || x->cert_info->validity == NULL)
+		return (NULL);
+	return x->cert_info->validity->notAfter;
+}
+
 int
 X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
 {
 	ASN1_TIME *in;

-	if ((x == NULL) || (x->cert_info->validity == NULL))
+	if (x == NULL || x->cert_info->validity == NULL)
 		return (0);
 	in = x->cert_info->validity->notAfter;
 	if (in != tm) {
@ -145,6 +191,12 @@ X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
 	return (in != NULL);
 }

+int
+X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
+{
+	return X509_set_notAfter(x, tm);
+}
+
 int
 X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
 {
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.66 2017/08/27 01:39:26 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.68 2018/02/22 17:11:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -2023,12 +2023,20 @@ X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
 	return ctx->current_cert;
 }

-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
+STACK_OF(X509) *
+X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
 {
 	return ctx->chain;
 }

-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+STACK_OF(X509) *
+X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs)
+{
+	return xs->chain;
+}
+
+STACK_OF(X509) *
+X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
 {
 	int i;
 	X509 *x;
@ -2061,6 +2069,12 @@ X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
 	return ctx->parent;
 }

+X509_STORE *
+X509_STORE_CTX_get0_store(X509_STORE_CTX *xs)
+{
+	return xs->ctx;
+}
+
 void
 X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
 {
@ -2301,6 +2315,12 @@ X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 	ctx->get_issuer = get_issuer_sk;
 }

+void
+X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+	X509_STORE_CTX_trusted_stack(ctx, sk);
+}
+
 void
 X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 {
@ -2349,6 +2369,24 @@ X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
 	ctx->verify_cb = verify_cb;
 }

+X509 *
+X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+	return ctx->cert;
+}
+
+STACK_OF(X509) *
+X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
+{
+	return ctx->untrusted;
+}
+
+void
+X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+	ctx->untrusted = sk;
+}
+
 X509_POLICY_TREE *
 X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
 {
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vpm.c,v 1.15 2016/12/21 15:15:45 jsing Exp $ */
+/* $OpenBSD: x509_vpm.c,v 1.17 2018/03/22 15:54:46 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@ -101,11 +101,11 @@ sk_deep_copy(void *sk_void, void *copy_func_void, void *free_func_void)
 	void *(*copy_func)(void *) = copy_func_void;
 	void (*free_func)(void *) = free_func_void;
 	_STACK *ret = sk_dup(sk);
+	size_t i;

 	if (ret == NULL)
 		return NULL;

-	size_t i;
 	for (i = 0; i < ret->num; i++) {
 		if (ret->data[i] == NULL)
 			continue;
@ -130,6 +130,8 @@ int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
 {
 	char *copy;

+	if (name != NULL && namelen == 0)
+		namelen = strlen(name);
 	/*
 	 * Refuse names with embedded NUL bytes.
 	 * XXX: Do we need to push an error onto the error stack?
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x509cset.c,v 1.11 2015/09/30 17:49:59 jsing Exp $ */
+/* $OpenBSD: x509cset.c,v 1.14 2018/02/22 17:01:44 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@ -63,6 +63,13 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

+int
+X509_CRL_up_ref(X509_CRL *x)   
+{
+	int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
+	return (refs > 1) ? 1 : 0;
+}
+
 int
 X509_CRL_set_version(X509_CRL *x, long version)
 {
@ -101,6 +108,12 @@ X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
 	return (in != NULL);
 }

+int
+X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+	return X509_CRL_set_lastUpdate(x, tm);
+}
+
 int
 X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
 {
@ -119,6 +132,12 @@ X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
 	return (in != NULL);
 }

+int
+X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+	return X509_CRL_set_nextUpdate(x, tm);
+}
+
 int
 X509_CRL_sort(X509_CRL *c)
 {
@ -136,6 +155,24 @@ X509_CRL_sort(X509_CRL *c)
 	return 1;
 }

+const STACK_OF(X509_EXTENSION) *
+X509_REVOKED_get0_extensions(const X509_REVOKED *x)
+{
+	return x->extensions;
+}
+
+const ASN1_TIME *
+X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
+{
+	return x->revocationDate;
+}
+
+const ASN1_INTEGER *
+X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
+{
+	return x->serialNumber;
+}
+
 int
 X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
 {
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x509name.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: x509name.c,v 1.15 2018/03/17 15:28:27 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -405,3 +405,9 @@ X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
 		return (NULL);
 	return (ne->value);
 }
+
+int
+X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+{
+	return (ne->set);
+}
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@ -1,4 +1,4 @@
-/* $OpenBSD: v3_utl.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: v3_utl.c,v 1.27 2018/03/20 16:16:59 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@ -1015,7 +1015,9 @@ int X509_check_host(X509 *x, const char *chk, size_t chklen,
 {
 	if (chk == NULL)
 		return -2;
-	if (memchr(chk, '\0', chklen))
+	if (chklen == 0)
+		chklen = strlen(chk);
+	else if (memchr(chk, '\0', chklen))
 		return -2;
 	return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
 }
@ -1025,7 +1027,9 @@ int X509_check_email(X509 *x, const char *chk, size_t chklen,
 {
 	if (chk == NULL)
 		return -2;
-	if (memchr(chk, '\0', chklen))
+	if (chklen == 0)
+		chklen = strlen(chk);
+	else if (memchr(chk, '\0', chklen))
 		return -2;
 	return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
 }
--- a/Show More
+++ b/Show More
 @ -1 +1 @@
 :0:0
 :1:0