libressl: Update to 3.8.0

2023-06-04 16:48:43 -07:00 · 2023-06-04 16:48:43 -07:00 · 41de3f161a
commit 41de3f161a
parent 8929f818fd
780 changed files with 52982 additions and 48518 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -34,11 +34,7 @@ string(STRIP ${TLS_VERSION} TLS_VERSION)
 string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
 string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
 option(LIBRESSL_SKIP_INSTALL "Skip installation" ${LIBRESSL_SKIP_INSTALL})
 option(LIBRESSL_APPS "Build apps" ON)
 option(LIBRESSL_TESTS "Build tests" ON)
 option(ENABLE_ASM "Enable assembly" ON)
 option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
 option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
 set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
@ -47,11 +43,6 @@ if(USE_STATIC_MSVC_RUNTIMES)
    set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
 endif()
 if(NOT LIBRESSL_SKIP_INSTALL)
 	set( ENABLE_LIBRESSL_INSTALL ON )
 endif(NOT LIBRESSL_SKIP_INSTALL)
 set(BUILD_NC true)
 if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
@ -291,6 +282,11 @@ if(HAVE_ENDIAN_H)
 	add_definitions(-DHAVE_ENDIAN_H)
 endif()
 check_include_files(machine/endian.h HAVE_MACHINE_ENDIAN_H)
 if(HAVE_MACHINE_ENDIAN_H)
 	add_definitions(-DHAVE_MACHINE_ENDIAN_H)
 endif()
 check_include_files(err.h HAVE_ERR_H)
 if(HAVE_ERR_H)
 	add_definitions(-DHAVE_ERR_H)
@ -301,6 +297,33 @@ if(HAVE_NETINET_IP_H)
 	add_definitions(-DHAVE_NETINET_IP_H)
 endif()
 if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(aarch64|arm64)")
 	set(HOST_AARCH64 true)
 elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm")
 	set(HOST_ARM true)
 elseif("${CMAKE_SYSTEM_NAME}" STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
 	set(HOST_X86_64 true)
 elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
 	set(HOST_X86_64 true)
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "[i?86|x86]")
 	set(ENABLE_ASM false)
 	set(HOST_I386 true)
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "mips64")
 	set(HOST_MIPS64 true)
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "mips")
 	set(HOST_MIPS true)
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "powerpc")
 	set(HOST_POWERPC true)
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "ppc64")
 	set(HOST_PPC64 true)
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "riscv64")
 	set(HOST_RISCV64 true)
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "sparc64")
 	set(HOST_SPARC64 true)
 else()
 	set(ENABLE_ASM false)
 endif()
 if(ENABLE_ASM)
 	if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF")
 		if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
@ -356,10 +379,10 @@ else()
 	set(LIBTLS_TEST_LIBS tls ${PLATFORM_LIBS})
 endif()
 add_subdirectory(include)
 add_subdirectory(crypto)
 add_subdirectory(ssl)
 add_subdirectory(tls)
 add_subdirectory(include)
 if (BUILD_APPLE_XCFRAMEWORK)
 	# Create the super library from object libraries
@ -367,42 +390,5 @@ if (BUILD_APPLE_XCFRAMEWORK)
 			$<TARGET_OBJECTS:crypto_obj> $<TARGET_OBJECTS:tls_obj> $<TARGET_OBJECTS:ssl_obj>)
 	set_target_properties(LibreSSL_xcframework PROPERTIES
 			OUTPUT_NAME ressl)
 	if(ENABLE_LIBRESSL_INSTALL)
 		install(TARGETS LibreSSL_xcframework
 				LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
 	endif(ENABLE_LIBRESSL_INSTALL)
 endif(BUILD_APPLE_XCFRAMEWORK)
 if(ENABLE_LIBRESSL_INSTALL)
 	if(NOT MSVC)
 		# Create pkgconfig files.
 		set(prefix      ${CMAKE_INSTALL_PREFIX})
 		set(exec_prefix \${prefix})
 		set(libdir      \${exec_prefix}/${CMAKE_INSTALL_LIBDIR})
 		set(includedir  \${prefix}/include)
 		if(PLATFORM_LIBS)
 			string(REGEX REPLACE ";" " -l" PLATFORM_LDADD ";${PLATFORM_LIBS}")
 		endif()
 		file(STRINGS    "VERSION" VERSION LIMIT_COUNT 1)
 		file(GLOB       OPENSSL_PKGCONFIGS "*.pc.in")
 		foreach(file ${OPENSSL_PKGCONFIGS})
 			get_filename_component(filename ${file} NAME)
 			string(REPLACE ".in" "" new_file "${filename}")
 			configure_file(${filename} pkgconfig/${new_file} @ONLY)
 		endforeach()
 		install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig
 			DESTINATION ${CMAKE_INSTALL_LIBDIR})
 	endif()
 endif(ENABLE_LIBRESSL_INSTALL)
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	set(CONF_DIR "${OPENSSLDIR}")
 else()
 	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
 endif()
 if(ENABLE_LIBRESSL_INSTALL)
 	install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
 	install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
 endif(ENABLE_LIBRESSL_INSTALL)
--- a/346
+++ b/346
@ -3,31 +3,365 @@ Git, it can be confusing following all of the changes.
 Most of the libssl and libcrypto source code is is here in OpenBSD CVS:
-	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/
+	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/
 Some of the libcrypto and OS-compatibility files for entropy and random number
 generation are here:
-	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/
+	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/
 A simplified TLS wrapper library is here:
-	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libtls/
+	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libtls/
 The LibreSSL Portable project copies these portions of the OpenBSD tree, along
 with relevant portions of the C library, to a Git repository. This makes it
 easier to follow all of the relevant changes to the upstream project in a
 single place:
-	https://github.com/libressl-portable/openbsd
+	https://github.com/libressl/openbsd
 The portable bits of the project are largely maintained out-of-tree, and their
 history is also available from Git.
-	https://github.com/libressl-portable/portable
+	https://github.com/libressl/portable
 LibreSSL Portable Release Notes:
 3.8.0 - Development release
 	* Portable changes
 	  - Extended the endian.h compat header with hto* and *toh macros.
 	  - Adapted more tests to the portable framework.
 	* Internal improvements
 	  - Improved sieve of Eratosthenes script used for generating a table
 	    of small primes.
 	  - Started cleaning up and rewriting SHA internals.
 	  - Replace internal use of BN_copy() with bn_copy() for consistency.
 	  - Rewrote and improved BN_exp() and BN_copy().
 	  - Add branch target information (BTI) support to arm64 assembly.
 	  - Replaced BN_mod_sqrt() with a new implementation.
 	  - Removed incomplete and dangerous BN_RECURSION code.
 	  - Added endbr64 instructions to amd64 assembly.
 	  - Imported RFC 5280 policy checking code from BoringSSL and used it
 	    to replace the old exponential time code.
 	  - Converted more of libcrypto to use CBB/CBS.
 	  - Cleaned up and simplified the code dealing with builtin curves.
 	* New features
 	  - Added support for truncated SHA-2 and for SHA-3.
 	  - The BPSW primality test performs additional Miller-Rabin rounds
 	    with random bases to reduce the likelihood of composites passing.
 	  - Allow testing of ciphers and digests using badly aligned buffers
 	    in openssl speed.
 	  - Added a workaround for a poorly thought-out change in OpenSSL 3 that
 	    broke privilege separation support in libtls.
 	* Compatibility changes
 	  - Support for GF2m was removed: BIGNUM no longer supports binary extension
 	    field arithmetic and all binary elliptic builtin curves were removed.
 	  - Removed dangerous, "fast" NIST prime and elliptic curve implementations.
 	    In particular, EC_GFp_nist_method() is no longer available.
 	  - Removed most public symbols that were deprecated in OpenSSL 0.9.8.
 	  - Removed the public X9.31 API (RSA_X931_PADDING is still available).
 	  - Removed Cipher Text Stealing mode.
 	  - Removed SXNET and NETSCAPE_CERT_SEQUENCE support including the
 	    openssl(1) nseq command.
 	  - Dropped proxy certificate (RFC 3820) support.
 	  - The POLICY_TREE and its related structures and API were removed.
 	  - The explicitText user notice uses UTF8String instead of VisibleString
 	    to reduce the risk of emitting certificates with invalid DER-encoding.
 	  - Initial fixes for RSA-PSS support to make the TLSv1.3 stack more
 	    compliant with RFC 8446.
 	* Bug fixes
 	  - Correctly handle negative input to various BIGNUM functions.
 	  - Ensure ERR_load_ERR_strings() does not set errno unexpectedly.
 	  - Fix error checking of i2d_ECDSA_SIG() in ossl_ecdsa_sign().
 	  - Fixed detection of extended operations (XOP) on AMD hardware.
 	  - Ensure Montgomery exponentiation is used for the initial RSA blinding.
 	  - Policy is always checked in X509 validation. Critical policy extensions
 	    are no longer silently ignored.
 	  - Fixed error handling in tls_check_common_name().
 	  - Add missing pointer invalidation in SSL_free().
 	  - Fixed X509err() and X509V3err() and their internal versions.
 	  - Ensure that OBJ_obj2txt() always returns a C string again.
 	  - In X509_VERIFY_PARAM_inherit() copy hostflags independently of the
 	    host list.
 	* Documentation improvements
 	  - Improved documentation of BIO_ctrl(3), BIO_set_info_callback(3),
 	    BIO_get_info_callback(3), BIO_method_type(3), and BIO_method_name(3).
 	  - Marked BIO_CB_return(), BIO_cb_pre(), and BIO_cb_post() as intentionally
 	    undocumented.
 	* Testing and Proactive Security
 	  - Significantly improved test coverage of BN_mod_sqrt() and GCD.
 	  - As always, new test coverage is added as bugs are fixed and subsystems
 	    are cleaned up.
 3.7.2 - Stable release
 	* Portable changes
 	  - Moved official Github project to https://github.com/libressl/.
 	  - Build support for Apple Silicon.
 	  - Installed opensslconf.h is now architecture-specific.
 	  - Removed internal defines from opensslconf.h.
 	  - Support reproducible builds on tagged commits in main branch.
 3.7.1 - Development release
 	* Internal improvements
 	  - Initial overhaul of the BIGNUM code:
 	    - Added a new framework that allows architecture-dependent
 	      replacement implementations for bignum primitives.
 	    - Imported various s2n-bignum's constant time assembly primitives
 	      and switched amd64 to them.
 	    - Lots of cleanup, simplification and bug fixes.
 	  - Changed Perl assembly generators to move constants into .rodata,
 	    allowing code to run with execute-only permissions.
 	  - Capped the number of iterations in DSA and ECDSA signing (avoiding
 	    infinite loops), added additional sanity checks to DSA.
 	  - ASN.1 parsing improvements.
 	  - Made UI_destroy_method() NULL safe.
 	  - Various improvements to nc(1).
 	  - Always clear EC groups and points on free.
 	  - Cleanup and improvements in EC code.
 	  - Various openssl(1) improvements.
 	* Bug fixes
 	  - Fixed a memory leak, a double free and various other issues in
 	    BIO_new_NDEF().
 	  - Fixed various crashes in the openssl(1) testing utility.
 	  - Do not check policies by default in the new X.509 verifier.
 	  - Added missing error checking in PKCS7.
 	  - Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup().
 	* New features
 	  - Added UI_null()
 	  - Added X509_STORE_*check_issued()
 	  - Added X509_CRL_get0_tbs_sigalg() and X509_get0_uids() accessors.
 	  - Added EVP_CIPHER_meth_*() setter API.
 	* Documentation improvements
 	  - Marked BIO_s_log(3) BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), BIO_nwrite(3),
 	    BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented.
 	  - Document BIO_number_read(3), BIO_number_written(3),
 		BIO_set_retry_read(3), BIO_set_retry_write(3),
 		BIO_set_retry_special(3), BIO_clear_retry_flags(3),
 		BIO_get_retry_flags(3), BIO_dup_chain(3), BIO_set_flags(3),
 		BIO_clear_flags(3), BIO_test_flags(3), BIO_get_flags(3).
 		BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3),
 		BIO_callback_fn(3), and the BIO_FLAGS_* constants
 	  - Correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3).
 	  - Document ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
 	  - Document EVP_PKEY_new_raw_private_key(3),
 		EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and
 		EVP_PKEY_get_raw_public_key(3).
 	  - Document ASN1_buf_print(3).
 	  - Document DH_get0_*, DSA_get0_*, ECDSA_SIG_get0_{r,s}() and RSA_get0_*.
 	  - Merged documentation of UI_null() from OpenSSL 1.1
 	  - Various spelling and other documentation improvements.
 	* Testing and Proactive Security
 	  - As always, new test coverage is added as bugs are fixed and subsystems
 	    are cleaned up.
 	  - New Wycheproof tests added.
 	  - OpenSSL 3.0 Interop tests added.
 	  - Many old tests rewritten, cleaned up and extended.
 	* Security fixes
 	  - A malicious certificate revocation list or timestamp response token
 	    would allow an attacker to read arbitrary memory.
 3.7.0 - Development release
 	* Internal improvements
 	  - Remove dependency on system timegm() and gmtime() by replacing
 	    traditional Julian date conversion with POSIX epoch-seconds date
 	    conversion from BoringSSL.
 	  - Clean old and unused BN code dealing with primes.
 	  - Start rewriting name constraints code using CBS.
 	  - Remove support for the HMAC PRIVATE KEY.
 	  - Rework DSA signing and verifying internals.
 	  - First few passes on cleaning up the BN code.
 	  - Internal headers coming from OpenSSL are all called *_local.h now.
 	  - Rewrite TLSv1.2 key exporter.
 	  - Cleaned up and refactored various aspects of the legacy TLS stack.
 	* Compatibility changes
 	  - BIO_read() and BIO_write() now behave more closely to OpenSSL 3 in
 	    various corner cases. More work is needed here.
 	* Bug fixes
 	  - Add EVP_chacha20_poly1305() to the list of all ciphers.
 	  - Fix potential leaks of EVP_PKEY in various printing functions
 	  - Fix potential leak in OBJ_NAME_add().
 	  - Avoid signed overflow in i2c_ASN1_BIT_STRING().
 	  - Clean up EVP_PKEY_ASN1_METHOD related tables and code.
 	  - Fix long standing bugs BN_GF2m_poly2arr() and BN_GF2m_mod().
 	  - Fix segfaults in BN_{dec,hex}2bn().
 	  - Fix NULL dereference in x509_constraints_uri_host() reachable only
 	    in the process of generating certificates.
 	  - Fixed a variety of memory corruption issues in BIO chains coming
 	    from poor old and new API: BIO_push(), BIO_pop(), BIO_set_next().
 	  - Avoid potential divide by zero in BIO_dump_indent_cb()
 	* Documentation improvements
 	  - Numerous improvements and additions for ASN.1, BIO, BN, and X.509.
 	  - The BN documentation is now considered to be complete.
 	* Testing and Proactive Security
 	  - As always, new test coverage is added as bugs are fixed and
 	    subsystems are cleaned up.
 	  - Many old tests rewritten, cleaned up and extended.
 	* New features
 	  - Added Ed25519 support both as a primitive and via OpenSSL's EVP
 	    interfaces.
 	  - X25519 is now also supported via EVP.
 	  - The OpenSSL 1.1 raw public and private key API is available with
 	    support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519.
 	    Poly1305 is not currently supported via this interface.
 3.6.1 - Stable release
 	* Bug fixes
 	  - Custom verification callbacks could cause the X.509 verifier to
 	    fail to store errors resulting from leaf certificate verification.
 	    Reported by Ilya Shipitsin.
 	  - Unbreak ASN.1 indefinite length encoding.
 	    Reported by Niklas Hallqvist.
 3.6.0 - Development release
 	* Internal improvements
 	  - Avoid expensive RFC 3779 checks during cert verification.
 	  - The templated ASN.1 decoder has been cleaned up, refactored,
 	    modernized with parts rewritten using CBB and CBS.
 	  - The ASN.1 time parser has been rewritten.
 	  - Rewrite and fix ASN1_STRING_to_UTF8().
 	  - Use asn1_abs_set_unused_bits() rather than inlining it.
 	  - Simplify ec_asn1_group2curve().
 	  - First pass at a clean up of ASN1_item_sign_ctx()
 	  - ssl_txt.c was cleaned up.
 	  - Internal function arguments and struct member have been changed
 	    to size_t.
 	  - Lots of missing error checks of EVP API were added.
 	  - Clean up and clarify BN_kronecker().
 	  - Simplify ASN1_INTEGER_cmp()
 	  - Rewrite ASN1_INTEGER_{get,set}() using CBS and CBB and reuse
 	    the ASN1_INTEGER functions for ASN1_ENUMERATED.
 	  - Use ASN1_INTEGER to parse and build {Z,}LONG_it
 	  - Refactored and cleaned up group (elliptic curve) handling in
 	    t1_lib.c.
 	  - Simplify certificate list handling code in the legacy server.
 	  - Make CBB_finish() fail if *out_data is not NULL.
 	  - Remove tls_buffer_set_data() and remove/revise callers.
 	  - Rewrite SSL{_CTX,}_set_alpn_protos() using CBS.
 	  - Simplify tlsext_supported_groups_server_parse().
 	  - Remove redundant length checks in tlsext parse functions.
 	  - Simplify tls13_server_encrypted_extensions_recv().
 	  - Add read and write support to tls_buffer.
 	  - Convert TLS transcript from BUF_MEM to tls_buffer.
 	  - Clear key on exit in PKCS12_gen_mac().
 	  - Minor fixes in PKCS12_parse().
 	  - Provide and use a primitive clear function for BIGNUM_it.
 	  - Use ASN1_INTEGER to encode/decode BIGNUM_it.
 	  - Add stack frames to AES-NI x86_64 assembly.
 	  - Use named initialisers for BIGNUMs.
 	  - Tidy up some of BN_nist_mod_*.
 	  - Expand BLOCK_CIPHER_* and related macros.
 	  - Avoid shadowing the cbs function parameter in
 	    tlsext_alpn_server_parse()
 	  - Deduplicate peer certificate chain processing code.
 	  - Make it possible to signal an error from an i2c_* function.
 	  - Rewrite i2c_ASN1_INTEGER() using CBB/CBS.
 	  - Remove UINT32_MAX limitation on ChaCha() and CRYPTO_chacha_20().
 	  - Remove bogus length checks from EVP_aead_chacha20_poly1305().
 	  - Reworked DSA_size() and ECDSA_size().
 	  - Stop using CBIGNUM_it internal to libcrypto.
 	  - Provide c2i_ASN1_ENUMERATED_cbs() and call it from
 	    asn1_c2i_primitive().
 	  - Ensure ASN.1 types are appropriately encoded.
 	  - Avoid recycling ASN1_STRINGs when decoding ASN.1.
 	  - Tidy up asn1_c2i_primitive() slightly.
 	  - Mechanically expand IMPLEMENT_BLOCK_CIPHER, IMPLEMENT_CFBR,
 	    BLOCK_CIPHER and the looney M_do_cipher macros.
 	  - Use correct length for EVP CFB mode ciphers.
 	  - Provide a version of ssl_msg_callback() that takes a CBS.
 	  - Use CBS to parse TLS alerts in the legacy stack.
 	  - Increment the input and output position for EVP AES CFB1.
 	  - Ensure there is no trailing data for a CCS received by the
 	    TLSv1.3 stack.
 	  - Use CBS when procesing a CCS message in the legacy stack.
 	  - Be stricter with middlebox compatibility mode in the TLSv1.3
 	    server.
 	* Compatibility changes
 	  - The ASN.1 time parser has been refactored and rewritten using CBS.
 	    It has been made stricter in that it now enforces the rules from
 	    RFC 5280.
 	  - ASN1_AFLG_BROKEN was removed.
 	  - Error check tls_session_secret_cb() like OpenSSL.
 	  - Added ASN1_INTEGER_{get,set}_{u,}int64()
 	  - Move leaf certificate checks to the last thing after chain
 	    validation.
 	  - Added -s option to openssl(1) ciphers that only shows the ciphers
 	    supported by the specified protocol.
 	  - Use TLS_client_method() instead of TLSv1_client_method() in
 	    the openssl(1) ciphers command.
 	  - Validate the protocols in SSL{_CTX,}_set_alpn_protos().
 	  - Made TS and PKCS12 opaque.
 	  - Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OF.
 	  - Align PKCS12_key_gen_uni() with OpenSSL
 	  - Various PKCS12 and TS accessors were added. In particular, the
 	    TS_RESP_CTX_set_time_cb() function was added back.
 	  - Allow a NULL header in PEM_write{,_bio}()
 	  - Allow empty attribute sets in CSRs.
 	  - Adjust signatures of BIO_ctrl functions.
 	  - Provide additional defines for EVP AEAD.
 	  - Provide OPENSSL_cleanup().
 	  - Make BIO_info_cb() identical to bio_info_cb().
 	* Bug fixes
 	  - Avoid use of uninitialized in BN_mod_exp_recp().
 	  - Fix X509_get_extension_flags() by ensuring that EXFLAG_INVALID is
 	    set on X509_get_purpose() failure.
 	  - Fix HMAC() with NULL key.
 	  - Add ERR_load_{COMP,CT,KDF}_strings() to ERR_load_crypto_strings().
 	  - Avoid strict aliasing violations in BN_nist_mod_*().
 	  - Do not return X509_V_ERR_UNSPECIFIED from X509_check_ca().
 	    No return value of X509_check_ca() indicates failure. Application
 	    code should therefore issue a checked call to X509_check_purpose()
 	    before calling X509_check_ca().
 	  - Rewrite and fix X509v3_asid_subset() to avoid segfaults on some
 	    valid input.
 	  - Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().
 	  - Fix d2i_ASN1_OBJECT to advance the *der_in pointer correctly.
 	  - Avoid use of uninitialized in ASN1_STRING_to_UTF8().
 	  - Do not pass uninitialized pointer to ASN1_STRING_to_UTF8().
 	  - Do not refuse valid IPv6 addresses in nc(1)'s HTTP CONNECT proxy.
 	  - Do not reject primes in trial divisions.
 	  - Error out on negative shifts in BN_{r,l}shift() instead of
 	    accessing arrays out of bounds.
 	  - Fix URI name constraints, allow for URI's with no host part.
 	  - Fix the legacy verifier callback behaviour for untrusted certs.
 	  - Correct serfver-side handling of TLSv1.3 key updates.
 	  - Plug leak in PKCS12_setup_mac().
 	  - Plug leak in X509V3_add1_i2d().
 	  - Only print X.509 versions we know about.
 	  - Avoid signed integer overflow due to unary negation
 	  - Initialize readbytes in BIO_gets().
 	  - Plug memory leak in CMS_add_simple_smimecap().
 	  - Plug memory leak in X509_REQ_print_ex().
 	  - Check HMAC() return value to avoid a later use of uninitialized.
 	  - Avoid potential NULL dereference in ssl_set_pkey().
 	  - Check return values in ssl_print_tmp_key().
 	  - Switch loop bounds from size_t to int in check_hosts().
 	  - Avoid division by zero if no connection was made in s_time.c.
 	  - Check sk_SSL_CIPHER_push() return value
 	  - Avoid out-of-bounds read in ssl_cipher_process_rulestr().
 	  - Use LONG_MAX as the limit for ciphers with long based APIs.
 	* New features
 	  - EVP API for HKDF ported from OpenSSL and subsequently cleaned up.
 	  - The security level API (SSL_{,CTX}_{get,set}_security_level()) is
 	    now available. Callbacks and ex_data are not supported. Sane
 	    software will not be using this.
 	  - Experimental support for the BoringSSL QUIC API.
 	  - Add initial support for TS ESSCertIDv2 verification.
 	  - LibreSSL now uses the Baillie-PSW primality test instead of
 	    Miller-Rabin .
 3.5.3 - Reliability fix
 	* Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing
 	  the passed *der_in pointer incorrectly. Thanks to Aram Sargsyan for
 	  reporting the issue and testing the fix.
 3.5.2 - Stable release
 	* Bug fixes
@ -2404,7 +2738,7 @@ LibreSSL Portable Release Notes:
 	* Address POODLE attack by disabling SSLv3 by default
 	* Fix Eliptical Curve cipher selection bug
-	  (https://github.com/libressl-portable/portable/issues/35)
+	  (https://github.com/libressl/portable/issues/35)
 2.1.0 - First release from the OpenBSD 5.7 tree
 	* Added support for automatic ephemeral EC keys
--- a/370
+++ b/370
@ -1,370 +0,0 @@
 Installation Instructions
 *************************
 Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
 Inc.
   Copying and distribution of this file, with or without modification,
 are permitted in any medium without royalty provided the copyright
 notice and this notice are preserved.  This file is offered as-is,
 without warranty of any kind.
 Basic Installation
 ==================
   Briefly, the shell command `./configure && make && make install'
 should configure, build, and install this package.  The following
 more-detailed instructions are generic; see the `README' file for
 instructions specific to this package.  Some packages provide this
 `INSTALL' file but do not implement all of the features documented
 below.  The lack of an optional feature in a given package is not
 necessarily a bug.  More recommendations for GNU packages can be found
 in *note Makefile Conventions: (standards)Makefile Conventions.
   The `configure' shell script attempts to guess correct values for
 various system-dependent variables used during compilation.  It uses
 those values to create a `Makefile' in each directory of the package.
 It may also create one or more `.h' files containing system-dependent
 definitions.  Finally, it creates a shell script `config.status' that
 you can run in the future to recreate the current configuration, and a
 file `config.log' containing compiler output (useful mainly for
 debugging `configure').
   It can also use an optional file (typically called `config.cache'
 and enabled with `--cache-file=config.cache' or simply `-C') that saves
 the results of its tests to speed up reconfiguring.  Caching is
 disabled by default to prevent problems with accidental use of stale
 cache files.
   If you need to do unusual things to compile the package, please try
 to figure out how `configure' could check whether to do them, and mail
 diffs or instructions to the address given in the `README' so they can
 be considered for the next release.  If you are using the cache, and at
 some point `config.cache' contains results you don't want to keep, you
 may remove or edit it.
   The file `configure.ac' (or `configure.in') is used to create
 `configure' by a program called `autoconf'.  You need `configure.ac' if
 you want to change it or regenerate `configure' using a newer version
 of `autoconf'.
   The simplest way to compile this package is:
  1. `cd' to the directory containing the package's source code and type
     `./configure' to configure the package for your system.
     Running `configure' might take a while.  While running, it prints
     some messages telling which features it is checking for.
  2. Type `make' to compile the package.
  3. Optionally, type `make check' to run any self-tests that come with
     the package, generally using the just-built uninstalled binaries.
  4. Type `make install' to install the programs and any data files and
     documentation.  When installing into a prefix owned by root, it is
     recommended that the package be configured and built as a regular
     user, and only the `make install' phase executed with root
     privileges.
  5. Optionally, type `make installcheck' to repeat any self-tests, but
     this time using the binaries in their final installed location.
     This target does not install anything.  Running this target as a
     regular user, particularly if the prior `make install' required
     root privileges, verifies that the installation completed
     correctly.
  6. You can remove the program binaries and object files from the
     source code directory by typing `make clean'.  To also remove the
     files that `configure' created (so you can compile the package for
     a different kind of computer), type `make distclean'.  There is
     also a `make maintainer-clean' target, but that is intended mainly
     for the package's developers.  If you use it, you may have to get
     all sorts of other programs in order to regenerate files that came
     with the distribution.
  7. Often, you can also type `make uninstall' to remove the installed
     files again.  In practice, not all packages have tested that
     uninstallation works correctly, even though it is required by the
     GNU Coding Standards.
  8. Some packages, particularly those that use Automake, provide `make
     distcheck', which can by used by developers to test that all other
     targets like `make install' and `make uninstall' work correctly.
     This target is generally not run by end users.
 Compilers and Options
 =====================
   Some systems require unusual options for compilation or linking that
 the `configure' script does not know about.  Run `./configure --help'
 for details on some of the pertinent environment variables.
   You can give `configure' initial values for configuration parameters
 by setting variables in the command line or in the environment.  Here
 is an example:
     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
   *Note Defining Variables::, for more details.
 Compiling For Multiple Architectures
 ====================================
   You can compile the package for more than one kind of computer at the
 same time, by placing the object files for each architecture in their
 own directory.  To do this, you can use GNU `make'.  `cd' to the
 directory where you want the object files and executables to go and run
 the `configure' script.  `configure' automatically checks for the
 source code in the directory that `configure' is in and in `..'.  This
 is known as a "VPATH" build.
   With a non-GNU `make', it is safer to compile the package for one
 architecture at a time in the source code directory.  After you have
 installed the package for one architecture, use `make distclean' before
 reconfiguring for another architecture.
   On MacOS X 10.5 and later systems, you can create libraries and
 executables that work on multiple system types--known as "fat" or
 "universal" binaries--by specifying multiple `-arch' options to the
 compiler but only a single `-arch' option to the preprocessor.  Like
 this:
     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
                 CPP="gcc -E" CXXCPP="g++ -E"
   This is not guaranteed to produce working output in all cases, you
 may have to build one architecture at a time and combine the results
 using the `lipo' tool if you have problems.
 Installation Names
 ==================
   By default, `make install' installs the package's commands under
 `/usr/local/bin', include files under `/usr/local/include', etc.  You
 can specify an installation prefix other than `/usr/local' by giving
 `configure' the option `--prefix=PREFIX', where PREFIX must be an
 absolute file name.
   You can specify separate installation prefixes for
 architecture-specific files and architecture-independent files.  If you
 pass the option `--exec-prefix=PREFIX' to `configure', the package uses
 PREFIX as the prefix for installing programs and libraries.
 Documentation and other data files still use the regular prefix.
   In addition, if you use an unusual directory layout you can give
 options like `--bindir=DIR' to specify different values for particular
 kinds of files.  Run `configure --help' for a list of the directories
 you can set and what kinds of files go in them.  In general, the
 default for these options is expressed in terms of `${prefix}', so that
 specifying just `--prefix' will affect all of the other directory
 specifications that were not explicitly provided.
   The most portable way to affect installation locations is to pass the
 correct locations to `configure'; however, many packages provide one or
 both of the following shortcuts of passing variable assignments to the
 `make install' command line to change installation locations without
 having to reconfigure or recompile.
   The first method involves providing an override variable for each
 affected directory.  For example, `make install
 prefix=/alternate/directory' will choose an alternate location for all
 directory configuration variables that were expressed in terms of
 `${prefix}'.  Any directories that were specified during `configure',
 but not in terms of `${prefix}', must each be overridden at install
 time for the entire installation to be relocated.  The approach of
 makefile variable overrides for each directory variable is required by
 the GNU Coding Standards, and ideally causes no recompilation.
 However, some platforms have known limitations with the semantics of
 shared libraries that end up requiring recompilation when using this
 method, particularly noticeable in packages that use GNU Libtool.
   The second method involves providing the `DESTDIR' variable.  For
 example, `make install DESTDIR=/alternate/directory' will prepend
 `/alternate/directory' before all installation names.  The approach of
 `DESTDIR' overrides is not required by the GNU Coding Standards, and
 does not work on platforms that have drive letters.  On the other hand,
 it does better at avoiding recompilation issues, and works well even
 when some directory options were not specified in terms of `${prefix}'
 at `configure' time.
 Optional Features
 =================
   If the package supports it, you can cause programs to be installed
 with an extra prefix or suffix on their names by giving `configure' the
 option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
   Some packages pay attention to `--enable-FEATURE' options to
 `configure', where FEATURE indicates an optional part of the package.
 They may also pay attention to `--with-PACKAGE' options, where PACKAGE
 is something like `gnu-as' or `x' (for the X Window System).  The
 `README' should mention any `--enable-' and `--with-' options that the
 package recognizes.
   For packages that use the X Window System, `configure' can usually
 find the X include and library files automatically, but if it doesn't,
 you can use the `configure' options `--x-includes=DIR' and
 `--x-libraries=DIR' to specify their locations.
   Some packages offer the ability to configure how verbose the
 execution of `make' will be.  For these packages, running `./configure
 --enable-silent-rules' sets the default to minimal output, which can be
 overridden with `make V=1'; while running `./configure
 --disable-silent-rules' sets the default to verbose, which can be
 overridden with `make V=0'.
 Particular systems
 ==================
   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
 CC is not installed, it is recommended to use the following options in
 order to use an ANSI C compiler:
     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
 and if that doesn't work, install pre-built binaries of GCC for HP-UX.
   HP-UX `make' updates targets which have the same time stamps as
 their prerequisites, which makes it generally unusable when shipped
 generated files such as `configure' are involved.  Use GNU `make'
 instead.
   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
 parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
 a workaround.  If GNU CC is not installed, it is therefore recommended
 to try
     ./configure CC="cc"
 and if that doesn't work, try
     ./configure CC="cc -nodtk"
   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
 directory contains several dysfunctional programs; working variants of
 these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
 in your `PATH', put it _after_ `/usr/bin'.
   On Haiku, software installed for all users goes in `/boot/common',
 not `/usr/local'.  It is recommended to use the following options:
     ./configure --prefix=/boot/common
 Specifying the System Type
 ==========================
   There may be some features `configure' cannot figure out
 automatically, but needs to determine by the type of machine the package
 will run on.  Usually, assuming the package is built to be run on the
 _same_ architectures, `configure' can figure that out, but if it prints
 a message saying it cannot guess the machine type, give it the
 `--build=TYPE' option.  TYPE can either be a short name for the system
 type, such as `sun4', or a canonical name which has the form:
     CPU-COMPANY-SYSTEM
 where SYSTEM can have one of these forms:
     OS
     KERNEL-OS
   See the file `config.sub' for the possible values of each field.  If
 `config.sub' isn't included in this package, then this package doesn't
 need to know the machine type.
   If you are _building_ compiler tools for cross-compiling, you should
 use the option `--target=TYPE' to select the type of system they will
 produce code for.
   If you want to _use_ a cross compiler, that generates code for a
 platform different from the build platform, you should specify the
 "host" platform (i.e., that on which the generated programs will
 eventually be run) with `--host=TYPE'.
 Sharing Defaults
 ================
   If you want to set default values for `configure' scripts to share,
 you can create a site shell script called `config.site' that gives
 default values for variables like `CC', `cache_file', and `prefix'.
 `configure' looks for `PREFIX/share/config.site' if it exists, then
 `PREFIX/etc/config.site' if it exists.  Or, you can set the
 `CONFIG_SITE' environment variable to the location of the site script.
 A warning: not all `configure' scripts look for a site script.
 Defining Variables
 ==================
   Variables not defined in a site shell script can be set in the
 environment passed to `configure'.  However, some packages may run
 configure again during the build, and the customized values of these
 variables may be lost.  In order to avoid this problem, you should set
 them in the `configure' command line, using `VAR=value'.  For example:
     ./configure CC=/usr/local2/bin/gcc
 causes the specified `gcc' to be used as the C compiler (unless it is
 overridden in the site shell script).
 Unfortunately, this technique does not work for `CONFIG_SHELL' due to
 an Autoconf limitation.  Until the limitation is lifted, you can use
 this workaround:
     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
 `configure' Invocation
 ======================
   `configure' recognizes the following options to control how it
 operates.
 `--help'
 `-h'
     Print a summary of all of the options to `configure', and exit.
 `--help=short'
 `--help=recursive'
     Print a summary of the options unique to this package's
     `configure', and exit.  The `short' variant lists options used
     only in the top level, while the `recursive' variant lists options
     also present in any nested packages.
 `--version'
 `-V'
     Print the version of Autoconf used to generate the `configure'
     script, and exit.
 `--cache-file=FILE'
     Enable the cache: use and save the results of the tests in FILE,
     traditionally `config.cache'.  FILE defaults to `/dev/null' to
     disable caching.
 `--config-cache'
 `-C'
     Alias for `--cache-file=config.cache'.
 `--quiet'
 `--silent'
 `-q'
     Do not print messages saying which checks are being made.  To
     suppress all normal output, redirect it to `/dev/null' (any error
     messages will still be shown).
 `--srcdir=DIR'
     Look for the package's source code in directory DIR.  Usually
     `configure' can determine that directory automatically.
 `--prefix=DIR'
     Use DIR as the installation prefix.  *note Installation Names::
     for more details, including other options available for fine-tuning
     the installation locations.
 `--no-create'
 `-n'
     Run the configure checks, but stop before creating any output
     files.
 `configure' also accepts some other, not widely useful, options.  Run
 `configure --help' for more details.
--- a/README.md
+++ b/README.md
@ -1,20 +1,20 @@
-Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2.tar.gz
+Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.8.0.tar.gz
 Modifications:
- Removed tests/mandocs/pkgconfig/scripts/apps/cmake_uninstall from both filesystem and CMakeLists.txt
+* Removed targets for apps, tests, install, uninstall.
- Removed m4 configuration files + make build scripts
+* Removed extra files like unneeded target sources, Makefiles, autoconf files.
 ===
 ![LibreSSL image](https://www.libressl.org/images/libressl.jpg)
 ## Official portable version of [LibreSSL](https://www.libressl.org) ##
-[![Linux Build Status](https://github.com/libressl-portable/portable/actions/workflows/linux_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/linux_test.yml)
+[![Linux Build Status](https://github.com/libressl/portable/actions/workflows/linux_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test.yml)
-[![macOS Build Status](https://github.com/libressl-portable/portable/actions/workflows/macos_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/macos_test.yml)
+[![macOS Build Status](https://github.com/libressl/portable/actions/workflows/macos_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/macos_test.yml)
-[![Android_Build Status](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml)
+[![Android_Build Status](https://github.com/libressl/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/android_test.yml)
-[![Cross_Build Status](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml)
+[![Cross_Build Status](https://github.com/libressl/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/cross_test.yml)
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl)
-[![ASan Status](https://github.com/libressl-portable/portable/actions/workflows/linux_test_asan.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/linux_test_asan.yml)
+[![ASan Status](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml)
 LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
 [OpenBSD](https://www.openbsd.org) project.  Our goal is to modernize the codebase,
@ -22,9 +22,12 @@ improve security, and apply best practice development processes from OpenBSD.
 ## Compatibility with OpenSSL: ##
-LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all
+LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not currently
-new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet
+supported. Incompatibilities between the projects exist and are unavoidable since
-present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
+both evolve with different goals and priorities. Important incompatibilities will
 be addressed if possible and as long as they are not too detrimental to LibreSSL's
 goals of simplicity, security and sanity. We do not add new features, ciphers and
 API without a solid reason and require that new code be clean and of high quality.
 LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily
 earlier releases of LibreSSL. You will need to relink your programs to
@ -60,11 +63,11 @@ OpenBSD mirror in directory
 although we suggest that you use a [mirror](https://www.openbsd.org/ftp.html).
 The LibreSSL portable build framework is also
-[mirrored](https://github.com/libressl-portable/portable) in Github.
+[mirrored](https://github.com/libressl/portable) on GitHub.
 Please report bugs either to the public libressl@openbsd.org mailing list,
-or to the github
+or to the GitHub
-[issue tracker](https://github.com/libressl-portable/portable/issues)
+[issue tracker](https://github.com/libressl/portable/issues)
 Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
 sent to the core team at libressl-security@openbsd.org.
@ -155,12 +158,8 @@ into other projects or build by itself.
 | Option Name | Default | Description
 | ------------ | -----: | ------
 |  LIBRESSL_SKIP_INSTALL | OFF | allows skipping install() rules.  Can be specified from command line using <br>```-DLIBRESSL_SKIP_INSTALL=ON``` |
 |  LIBRESSL_APPS | ON | allows skipping application builds. Apps are required to run tests |
 |  LIBRESSL_TESTS | ON | allows skipping of tests. Tests are only available in static builds |
 |  BUILD_SHARED_LIBS | OFF | CMake option for building shared libraries. |
 |  ENABLE_ASM | ON | builds assembly optimized rules. |
 |  ENABLE_EXTRATESTS | OFF | Enable extra tests that may be unreliable on some platforms |
 |  ENABLE_NC | OFF | Enable installing TLS-enabled nc(1) |
 |  OPENSSLDIR | Blank | Set the default openssl directory.  Can be specified from command line using <br>```-DOPENSSLDIR=<dirname>``` |
--- a/README.windows
+++ b/README.windows
@ -46,7 +46,7 @@ problem.
 A script for generating ready-to-use .DLL and static .LIB files is included in
 the source repository at
-https://github.com/libressl-portable/portable/blob/master/dist-win.sh
+https://github.com/libressl/portable/blob/master/dist-win.sh
 This script uses mingw-w64 to build LibreSSL and then uses Visual Studio tools
 to generate compatible library import files ready-to-use with Visual
--- a/2
+++ b/2
@ -1,2 +1,2 @@
-3.5.2
+3.8.0
--- a/cert.pem
+++ b/cert.pem
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@ -4,7 +4,6 @@ if(HOST_ASM_ELF_ARMV4)
 	set(
 		ASM_ARMV4_ELF_SRC
 		aes/aes-elf-armv4.S
 		bn/gf2m-elf-armv4.S
 		bn/mont-elf-armv4.S
 		sha/sha1-elf-armv4.S
 		sha/sha512-elf-armv4.S
@ -15,7 +14,6 @@ if(HOST_ASM_ELF_ARMV4)
 	)
 	add_definitions(-DAES_ASM)
 	add_definitions(-DOPENSSL_BN_ASM_MONT)
 	add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DSHA1_ASM)
 	add_definitions(-DSHA256_ASM)
@ -36,7 +34,6 @@ if(HOST_ASM_ELF_X86_64)
 		bn/modexp512-elf-x86_64.S
 		bn/mont-elf-x86_64.S
 		bn/mont5-elf-x86_64.S
 		bn/gf2m-elf-x86_64.S
 		camellia/cmll-elf-x86_64.S
 		md5/md5-elf-x86_64.S
 		modes/ghash-elf-x86_64.S
@ -47,6 +44,19 @@ if(HOST_ASM_ELF_X86_64)
 		sha/sha512-elf-x86_64.S
 		whrlpool/wp-elf-x86_64.S
 		cpuid-elf-x86_64.S
 		bn/arch/amd64/bignum_add.S
 		bn/arch/amd64/bignum_cmadd.S
 		bn/arch/amd64/bignum_cmul.S
 		bn/arch/amd64/bignum_mul.S
 		bn/arch/amd64/bignum_mul_4_8_alt.S
 		bn/arch/amd64/bignum_mul_8_16_alt.S
 		bn/arch/amd64/bignum_sqr.S
 		bn/arch/amd64/bignum_sqr_4_8_alt.S
 		bn/arch/amd64/bignum_sqr_8_16_alt.S
 		bn/arch/amd64/bignum_sub.S
 		bn/arch/amd64/word_clz.S
 		bn/arch/amd64/bn_arch.c
 	)
 	add_definitions(-DAES_ASM)
 	add_definitions(-DBSAES_ASM)
@ -54,7 +64,6 @@ if(HOST_ASM_ELF_X86_64)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	add_definitions(-DOPENSSL_BN_ASM_MONT)
 	add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
@ -78,7 +87,6 @@ if(HOST_ASM_MACOSX_X86_64)
 		bn/modexp512-macosx-x86_64.S
 		bn/mont-macosx-x86_64.S
 		bn/mont5-macosx-x86_64.S
 		bn/gf2m-macosx-x86_64.S
 		camellia/cmll-macosx-x86_64.S
 		md5/md5-macosx-x86_64.S
 		modes/ghash-macosx-x86_64.S
@ -89,6 +97,19 @@ if(HOST_ASM_MACOSX_X86_64)
 		sha/sha512-macosx-x86_64.S
 		whrlpool/wp-macosx-x86_64.S
 		cpuid-macosx-x86_64.S
 		bn/arch/amd64/bignum_add.S
 		bn/arch/amd64/bignum_cmadd.S
 		bn/arch/amd64/bignum_cmul.S
 		bn/arch/amd64/bignum_mul.S
 		bn/arch/amd64/bignum_mul_4_8_alt.S
 		bn/arch/amd64/bignum_mul_8_16_alt.S
 		bn/arch/amd64/bignum_sqr.S
 		bn/arch/amd64/bignum_sqr_4_8_alt.S
 		bn/arch/amd64/bignum_sqr_8_16_alt.S
 		bn/arch/amd64/bignum_sub.S
 		bn/arch/amd64/word_clz.S
 		bn/arch/amd64/bn_arch.c
 	)
 	add_definitions(-DAES_ASM)
 	add_definitions(-DBSAES_ASM)
@ -96,7 +117,6 @@ if(HOST_ASM_MACOSX_X86_64)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	add_definitions(-DOPENSSL_BN_ASM_MONT)
 	add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
@ -121,7 +141,6 @@ if(HOST_ASM_MASM_X86_64)
 		#bn/modexp512-masm-x86_64.S
 		#bn/mont-masm-x86_64.S
 		#bn/mont5-masm-x86_64.S
 		#bn/gf2m-masm-x86_64.S
 		camellia/cmll-masm-x86_64.S
 		md5/md5-masm-x86_64.S
 		modes/ghash-masm-x86_64.S
@ -139,7 +158,6 @@ if(HOST_ASM_MASM_X86_64)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	#add_definitions(-DOPENSSL_BN_ASM_MONT)
 	#add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	#add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
@ -163,7 +181,6 @@ if(HOST_ASM_MINGW64_X86_64)
 		#bn/modexp512-mingw64-x86_64.S
 		#bn/mont-mingw64-x86_64.S
 		#bn/mont5-mingw64-x86_64.S
 		#bn/gf2m-mingw64-x86_64.S
 		camellia/cmll-mingw64-x86_64.S
 		md5/md5-mingw64-x86_64.S
 		modes/ghash-mingw64-x86_64.S
@ -181,7 +198,6 @@ if(HOST_ASM_MINGW64_X86_64)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	#add_definitions(-DOPENSSL_BN_ASM_MONT)
 	#add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	#add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
@ -236,7 +252,6 @@ set(
 	o_fips.c
 	o_init.c
 	o_str.c
 	o_time.c
 	aes/aes_cfb.c
 	aes/aes_ctr.c
 	aes/aes_ecb.c
@ -257,6 +272,7 @@ set(
 	asn1/a_string.c
 	asn1/a_strnid.c
 	asn1/a_time.c
 	asn1/a_time_posix.c
 	asn1/a_time_tm.c
 	asn1/a_type.c
 	asn1/a_utf8.c
@ -273,7 +289,6 @@ set(
 	asn1/asn_moid.c
 	asn1/bio_asn1.c
 	asn1/bio_ndef.c
 	asn1/nsseq.c
 	asn1/p5_pbe.c
 	asn1/p5_pbev2.c
 	asn1/p8_pkey.c
@ -331,33 +346,29 @@ set(
 	bio/bss_null.c
 	bio/bss_sock.c
 	bn/bn_add.c
 	bn/bn_asm.c
 	bn/bn_blind.c
 	bn/bn_bpsw.c
 	bn/bn_const.c
 	bn/bn_convert.c
 	bn/bn_ctx.c
 	bn/bn_depr.c
 	bn/bn_div.c
 	bn/bn_err.c
 	bn/bn_exp.c
 	bn/bn_exp2.c
 	bn/bn_gcd.c
-	bn/bn_gf2m.c
+	bn/bn_isqrt.c
 	bn/bn_kron.c
 	bn/bn_lib.c
 	bn/bn_mod.c
 	bn/bn_mod_sqrt.c
 	bn/bn_mont.c
 	bn/bn_mpi.c
 	bn/bn_mul.c
 	bn/bn_nist.c
 	bn/bn_prime.c
 	bn/bn_print.c
 	bn/bn_rand.c
 	bn/bn_recp.c
 	bn/bn_shift.c
 	bn/bn_small_primes.c
 	bn/bn_sqr.c
 	bn/bn_sqrt.c
 	bn/bn_word.c
 	bn/bn_x931p.c
 	buffer/buf_err.c
 	buffer/buf_str.c
 	buffer/buffer.c
@ -440,16 +451,13 @@ set(
 	dh/dh_ameth.c
 	dh/dh_asn1.c
 	dh/dh_check.c
 	dh/dh_depr.c
 	dh/dh_err.c
 	dh/dh_gen.c
 	dh/dh_key.c
 	dh/dh_lib.c
 	dh/dh_pmeth.c
 	dh/dh_prn.c
 	dsa/dsa_ameth.c
 	dsa/dsa_asn1.c
 	dsa/dsa_depr.c
 	dsa/dsa_err.c
 	dsa/dsa_gen.c
 	dsa/dsa_key.c
@ -458,16 +466,11 @@ set(
 	dsa/dsa_ossl.c
 	dsa/dsa_pmeth.c
 	dsa/dsa_prn.c
 	dsa/dsa_sign.c
 	dsa/dsa_vrf.c
 	dso/dso_dlfcn.c
 	dso/dso_err.c
 	dso/dso_lib.c
 	dso/dso_null.c
 	dso/dso_openssl.c
 	ec/ec2_mult.c
 	ec/ec2_oct.c
 	ec/ec2_smpl.c
 	ec/ec_ameth.c
 	ec/ec_asn1.c
 	ec/ec_check.c
@ -483,9 +486,9 @@ set(
 	ec/ec_print.c
 	ec/eck_prn.c
 	ec/ecp_mont.c
 	ec/ecp_nist.c
 	ec/ecp_oct.c
 	ec/ecp_smpl.c
 	ec/ecx_methods.c
 	ecdh/ecdh_kdf.c
 	ecdh/ech_err.c
 	ecdh/ech_key.c
@ -494,8 +497,6 @@ set(
 	ecdsa/ecs_err.c
 	ecdsa/ecs_lib.c
 	ecdsa/ecs_ossl.c
 	ecdsa/ecs_sign.c
 	ecdsa/ecs_vrf.c
 	engine/eng_all.c
 	engine/eng_cnf.c
 	engine/eng_ctrl.c
@ -527,6 +528,7 @@ set(
 	evp/bio_enc.c
 	evp/bio_md.c
 	evp/c_all.c
 	evp/cipher_method_lib.c
 	evp/digest.c
 	evp/e_aes.c
 	evp/e_aes_cbc_hmac_sha1.c
@ -540,7 +542,6 @@ set(
 	evp/e_gost2814789.c
 	evp/e_idea.c
 	evp/e_null.c
 	evp/e_old.c
 	evp/e_rc2.c
 	evp/e_rc4.c
 	evp/e_rc4_hmac_md5.c
@ -562,6 +563,7 @@ set(
 	evp/m_null.c
 	evp/m_ripemd.c
 	evp/m_sha1.c
 	evp/m_sha3.c
 	evp/m_sigver.c
 	evp/m_streebog.c
 	evp/m_sm3.c
@ -602,6 +604,8 @@ set(
 	idea/i_ecb.c
 	idea/i_ofb64.c
 	idea/i_skey.c
 	kdf/hkdf_evp.c
 	kdf/kdf_err.c
 	lhash/lh_stats.c
 	lhash/lhash.c
 	md4/md4_dgst.c
@ -612,7 +616,6 @@ set(
 	modes/ccm128.c
 	modes/cfb128.c
 	modes/ctr128.c
 	modes/cts128.c
 	modes/gcm128.c
 	modes/ofb128.c
 	modes/xts128.c
@ -654,9 +657,9 @@ set(
 	pkcs12/p12_npas.c
 	pkcs12/p12_p8d.c
 	pkcs12/p12_p8e.c
 	pkcs12/p12_sbag.c
 	pkcs12/p12_utl.c
 	pkcs12/pk12err.c
 	pkcs7/bio_pk7.c
 	pkcs7/pk7_asn1.c
 	pkcs7/pk7_attr.c
 	pkcs7/pk7_doit.c
@ -679,7 +682,6 @@ set(
 	rsa/rsa_asn1.c
 	rsa/rsa_chk.c
 	rsa/rsa_crpt.c
 	rsa/rsa_depr.c
 	rsa/rsa_eay.c
 	rsa/rsa_err.c
 	rsa/rsa_gen.c
@ -694,9 +696,9 @@ set(
 	rsa/rsa_saos.c
 	rsa/rsa_sign.c
 	rsa/rsa_x931.c
-	sha/sha1_one.c
+	sha/sha1.c
 	sha/sha1dgst.c
 	sha/sha256.c
 	sha/sha3.c
 	sha/sha512.c
 	sm3/sm3.c
 	sm4/sm4.c
@ -715,17 +717,12 @@ set(
 	txt_db/txt_db.c
 	ui/ui_err.c
 	ui/ui_lib.c
 	ui/ui_null.c
 	ui/ui_util.c
 	whrlpool/wp_dgst.c
 	x509/by_dir.c
 	x509/by_file.c
 	x509/by_mem.c
 	x509/pcy_cache.c
 	x509/pcy_data.c
 	x509/pcy_lib.c
 	x509/pcy_map.c
 	x509/pcy_node.c
 	x509/pcy_tree.c
 	x509/x509_addr.c
 	x509/x509_akey.c
 	x509/x509_akeya.c
@ -741,7 +738,6 @@ set(
 	x509/x509_crld.c
 	x509/x509_d2.c
 	x509/x509_def.c
 	x509/x509_enum.c
 	x509/x509_err.c
 	x509/x509_ext.c
 	x509/x509_extku.c
@ -755,18 +751,16 @@ set(
 	x509/x509_ncons.c
 	x509/x509_obj.c
 	x509/x509_ocsp.c
 	x509/x509_pci.c
 	x509/x509_pcia.c
 	x509/x509_pcons.c
 	x509/x509_pku.c
 	x509/x509_pmaps.c
 	x509/x509_policy.c
 	x509/x509_prn.c
 	x509/x509_purp.c
 	x509/x509_r2x.c
 	x509/x509_req.c
 	x509/x509_set.c
 	x509/x509_skey.c
 	x509/x509_sxnet.c
 	x509/x509_trs.c
 	x509/x509_txt.c
 	x509/x509_utl.c
@ -987,20 +981,44 @@ target_include_directories(crypto_obj
 		bytestring
 		dh
 		dsa
 		curve25519
 		ec
 		ecdh
 		ecdsa
 		evp
 		hidden
 		hmac
 		modes
 		ocsp
 		pkcs12
 		rsa
 		sha
 		x509
 		../include/compat
 	PUBLIC
 		../include)
-add_library(crypto $<TARGET_OBJECTS:crypto_obj>)
+if(HOST_AARCH64)
 	target_include_directories(crypto_obj PRIVATE bn/arch/aarch64/)
 elseif(HOST_ARM)
 	target_include_directories(crypto_obj PRIVATE bn/arch/arm/)
 elseif(HOST_I386)
 	target_include_directories(crypto_obj PRIVATE bn/arch/i386/)
 elseif(HOST_MIPS64)
 	target_include_directories(crypto_obj PRIVATE bn/arch/mips64)
 elseif(HOST_POWERPC)
 	target_include_directories(crypto_obj PRIVATE bn/arch/powerpc)
 elseif(HOST_POWERPC64)
 	target_include_directories(crypto_obj PRIVATE bn/arch/powerpc64)
 elseif(HOST_RISCV64)
 	target_include_directories(crypto_obj PRIVATE bn/arch/riscv64)
 elseif(HOST_SPARC64)
 	target_include_directories(crypto_obj PRIVATE bn/arch/sparc64)
 elseif(HOST_X86_64)
 	target_include_directories(crypto_obj PRIVATE bn/arch/amd64)
 endif()
 add_library(crypto $<TARGET_OBJECTS:crypto_obj> empty.c)
 export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym)
 target_link_libraries(crypto ${PLATFORM_LIBS})
@ -1013,15 +1031,6 @@ set_target_properties(crypto PROPERTIES
 set_target_properties(crypto PROPERTIES VERSION
 	${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
 if(ENABLE_LIBRESSL_INSTALL)
 	install(
 		TARGETS crypto
 		ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
 		LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
 		RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
 	)
 endif(ENABLE_LIBRESSL_INSTALL)
 # build static library for regression test
 if(BUILD_SHARED_LIBS)
 	add_library(crypto-static STATIC $<TARGET_OBJECTS:crypto_obj>)
--- a/crypto/VERSION
+++ b/crypto/VERSION
@ -1 +1 @@
-49:0:0
+51:0:0
--- a/crypto/aes/aes-elf-x86_64.S
+++ b/crypto/aes/aes-elf-x86_64.S
@ -4,6 +4,7 @@
 .type	_x86_64_AES_encrypt,@function
 .align	16
 _x86_64_AES_encrypt:
 	endbr64
 	xorl	0(%r15),%eax
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
@ -157,6 +158,7 @@ _x86_64_AES_encrypt:
 .type	_x86_64_AES_encrypt_compact,@function
 .align	16
 _x86_64_AES_encrypt_compact:
 	endbr64
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@ -336,6 +338,7 @@ _x86_64_AES_encrypt_compact:
 .hidden	asm_AES_encrypt
 asm_AES_encrypt:
 AES_encrypt:
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -399,6 +402,7 @@ AES_encrypt:
 .type	_x86_64_AES_decrypt,@function
 .align	16
 _x86_64_AES_decrypt:
 	endbr64
 	xorl	0(%r15),%eax
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
@ -554,6 +558,7 @@ _x86_64_AES_decrypt:
 .type	_x86_64_AES_decrypt_compact,@function
 .align	16
 _x86_64_AES_decrypt_compact:
 	endbr64
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@ -784,6 +789,7 @@ _x86_64_AES_decrypt_compact:
 .hidden	asm_AES_decrypt
 asm_AES_decrypt:
 AES_decrypt:
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -850,6 +856,7 @@ AES_decrypt:
 .type	AES_set_encrypt_key,@function
 .align	16
 AES_set_encrypt_key:
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -875,6 +882,7 @@ AES_set_encrypt_key:
 .type	_x86_64_AES_set_encrypt_key,@function
 .align	16
 _x86_64_AES_set_encrypt_key:
 	endbr64
 	movl	%esi,%ecx
 	movq	%rdi,%rsi
 	movq	%rdx,%rdi
@ -1115,6 +1123,7 @@ _x86_64_AES_set_encrypt_key:
 .type	AES_set_decrypt_key,@function
 .align	16
 AES_set_decrypt_key:
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -1307,6 +1316,7 @@ AES_set_decrypt_key:
 .hidden	asm_AES_cbc_encrypt
 asm_AES_cbc_encrypt:
 AES_cbc_encrypt:
 	endbr64
 	cmpq	$0,%rdx
 	je	.Lcbc_epilogue
 	pushfq
@ -1756,6 +1766,7 @@ AES_cbc_encrypt:
 .Lcbc_epilogue:
 	retq
 .size	AES_cbc_encrypt,.-AES_cbc_encrypt
 .section	.rodata
 .align	64
 .LAES_Te:
 .long	0xa56363c6,0xa56363c6
@ -2540,8 +2551,8 @@ AES_cbc_encrypt:
 .byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
 .long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
 .long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
 .byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
 .text	
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
 #endif
--- a/crypto/aes/aes-macosx-x86_64.S
+++ b/crypto/aes/aes-macosx-x86_64.S
@ -4,6 +4,7 @@
 .p2align	4
 _x86_64_AES_encrypt:
 	xorl	0(%r15),%eax
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
@ -157,6 +158,7 @@ L$enc_loop:
 .p2align	4
 _x86_64_AES_encrypt_compact:
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@ -336,6 +338,7 @@ L$enc_compact_done:
 .private_extern	_asm_AES_encrypt
 _asm_AES_encrypt:
 _AES_encrypt:
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -399,6 +402,7 @@ L$enc_epilogue:
 .p2align	4
 _x86_64_AES_decrypt:
 	xorl	0(%r15),%eax
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
@ -554,6 +558,7 @@ L$dec_loop:
 .p2align	4
 _x86_64_AES_decrypt_compact:
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@ -784,6 +789,7 @@ L$dec_compact_done:
 .private_extern	_asm_AES_decrypt
 _asm_AES_decrypt:
 _AES_decrypt:
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -850,6 +856,7 @@ L$dec_epilogue:
 .p2align	4
 _AES_set_encrypt_key:
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -875,6 +882,7 @@ L$enc_key_epilogue:
 .p2align	4
 _x86_64_AES_set_encrypt_key:
 	movl	%esi,%ecx
 	movq	%rdi,%rsi
 	movq	%rdx,%rdi
@ -1115,6 +1123,7 @@ L$exit:
 .p2align	4
 _AES_set_decrypt_key:
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -1307,6 +1316,7 @@ L$dec_key_epilogue:
 .private_extern	_asm_AES_cbc_encrypt
 _asm_AES_cbc_encrypt:
 _AES_cbc_encrypt:
 	cmpq	$0,%rdx
 	je	L$cbc_epilogue
 	pushfq
@ -1756,6 +1766,7 @@ L$cbc_popfq:
 L$cbc_epilogue:
 	retq
 .section	__DATA,__const
 .p2align	6
 L$AES_Te:
 .long	0xa56363c6,0xa56363c6
@ -2540,5 +2551,5 @@ L$AES_Td:
 .byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
 .long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
 .long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
 .byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align	6
 .text	
--- a/crypto/aes/aes-masm-x86_64.S
+++ b/crypto/aes/aes-masm-x86_64.S
@ -72,6 +72,7 @@ OPTION	DOTNAME
 ALIGN	16
 _x86_64_AES_encrypt	PROC PRIVATE
 	endbr64
 	xor	eax,DWORD PTR[r15]
 	xor	ebx,DWORD PTR[4+r15]
 	xor	ecx,DWORD PTR[8+r15]
@ -225,6 +226,7 @@ _x86_64_AES_encrypt	ENDP
 ALIGN	16
 _x86_64_AES_encrypt_compact	PROC PRIVATE
 	endbr64
 	lea	r8,QWORD PTR[128+r14]
 	mov	edi,DWORD PTR[((0-128))+r8]
 	mov	ebp,DWORD PTR[((32-128))+r8]
@ -413,6 +415,7 @@ $L$SEH_begin_AES_encrypt::
 	mov	rdx,r8
 	endbr64
 	push	rbx
 	push	rbp
 	push	r12
@ -479,6 +482,7 @@ AES_encrypt	ENDP
 ALIGN	16
 _x86_64_AES_decrypt	PROC PRIVATE
 	endbr64
 	xor	eax,DWORD PTR[r15]
 	xor	ebx,DWORD PTR[4+r15]
 	xor	ecx,DWORD PTR[8+r15]
@ -634,6 +638,7 @@ _x86_64_AES_decrypt	ENDP
 ALIGN	16
 _x86_64_AES_decrypt_compact	PROC PRIVATE
 	endbr64
 	lea	r8,QWORD PTR[128+r14]
 	mov	edi,DWORD PTR[((0-128))+r8]
 	mov	ebp,DWORD PTR[((32-128))+r8]
@ -873,6 +878,7 @@ $L$SEH_begin_AES_decrypt::
 	mov	rdx,r8
 	endbr64
 	push	rbx
 	push	rbp
 	push	r12
@ -951,6 +957,7 @@ $L$SEH_begin_AES_set_encrypt_key::
 	mov	rdx,r8
 	endbr64
 	push	rbx
 	push	rbp
 	push	r12
@ -979,6 +986,7 @@ AES_set_encrypt_key	ENDP
 ALIGN	16
 _x86_64_AES_set_encrypt_key	PROC PRIVATE
 	endbr64
 	mov	ecx,esi
 	mov	rsi,rdi
 	mov	rdi,rdx
@ -1228,6 +1236,7 @@ $L$SEH_begin_AES_set_decrypt_key::
 	mov	rdx,r8
 	endbr64
 	push	rbx
 	push	rbp
 	push	r12
@ -1435,6 +1444,7 @@ $L$SEH_begin_AES_cbc_encrypt::
 	mov	r9,QWORD PTR[48+rsp]
 	endbr64
 	cmp	rdx,0
 	je	$L$cbc_epilogue
 	pushfq
@ -1887,6 +1897,8 @@ $L$cbc_epilogue::
 	DB	0F3h,0C3h		;repret
 $L$SEH_end_AES_cbc_encrypt::
 AES_cbc_encrypt	ENDP
 .text$	ENDS
 .rdata	SEGMENT READONLY ALIGN(8)
 ALIGN	64
 $L$AES_Te::
 	DD	0a56363c6h,0a56363c6h
@ -2671,15 +2683,14 @@ DB	017h,02bh,004h,07eh,0bah,077h,0d6h,026h
 DB	0e1h,069h,014h,063h,055h,021h,00ch,07dh
 	DD	080808080h,080808080h,0fefefefeh,0fefefefeh
 	DD	01b1b1b1bh,01b1b1b1bh,0,0
 DB	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32
 DB	67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97
 DB	112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103
 DB	62,0
 ALIGN	64
 .rdata	ENDS
 .text$	SEGMENT ALIGN(64) 'CODE'
 EXTERN	__imp_RtlVirtualUnwind:NEAR
 ALIGN	16
 block_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
@ -2738,6 +2749,7 @@ block_se_handler	ENDP
 ALIGN	16
 key_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
@ -2795,6 +2807,7 @@ key_se_handler	ENDP
 ALIGN	16
 cbc_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
--- a/crypto/aes/aes-mingw64-x86_64.S
+++ b/crypto/aes/aes-mingw64-x86_64.S
@ -4,6 +4,7 @@
 .def	_x86_64_AES_encrypt;	.scl 3;	.type 32;	.endef
 .p2align	4
 _x86_64_AES_encrypt:
 	endbr64
 	xorl	0(%r15),%eax
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
@ -157,6 +158,7 @@ _x86_64_AES_encrypt:
 .def	_x86_64_AES_encrypt_compact;	.scl 3;	.type 32;	.endef
 .p2align	4
 _x86_64_AES_encrypt_compact:
 	endbr64
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@ -344,6 +346,7 @@ AES_encrypt:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -409,6 +412,7 @@ AES_encrypt:
 .def	_x86_64_AES_decrypt;	.scl 3;	.type 32;	.endef
 .p2align	4
 _x86_64_AES_decrypt:
 	endbr64
 	xorl	0(%r15),%eax
 	xorl	4(%r15),%ebx
 	xorl	8(%r15),%ecx
@ -564,6 +568,7 @@ _x86_64_AES_decrypt:
 .def	_x86_64_AES_decrypt_compact;	.scl 3;	.type 32;	.endef
 .p2align	4
 _x86_64_AES_decrypt_compact:
 	endbr64
 	leaq	128(%r14),%r8
 	movl	0-128(%r8),%edi
 	movl	32-128(%r8),%ebp
@ -802,6 +807,7 @@ AES_decrypt:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -878,6 +884,7 @@ AES_set_encrypt_key:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -905,6 +912,7 @@ AES_set_encrypt_key:
 .def	_x86_64_AES_set_encrypt_key;	.scl 3;	.type 32;	.endef
 .p2align	4
 _x86_64_AES_set_encrypt_key:
 	endbr64
 	movl	%esi,%ecx
 	movq	%rdi,%rsi
 	movq	%rdx,%rdi
@ -1153,6 +1161,7 @@ AES_set_decrypt_key:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	pushq	%rbx
 	pushq	%rbp
 	pushq	%r12
@ -1358,6 +1367,7 @@ AES_cbc_encrypt:
 	movq	40(%rsp),%r8
 	movq	48(%rsp),%r9
 	endbr64
 	cmpq	$0,%rdx
 	je	.Lcbc_epilogue
 	pushfq
@ -1809,6 +1819,7 @@ AES_cbc_encrypt:
 	movq	16(%rsp),%rsi
 	retq
 .LSEH_end_AES_cbc_encrypt:
 .section	.rodata
 .p2align	6
 .LAES_Te:
 .long	0xa56363c6,0xa56363c6
@ -2593,12 +2604,13 @@ AES_cbc_encrypt:
 .byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
 .long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
 .long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
 .byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align	6
 .text	
 .def	block_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 block_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
@ -2657,6 +2669,7 @@ block_se_handler:
 .def	key_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 key_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
@ -2714,6 +2727,7 @@ key_se_handler:
 .def	cbc_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 cbc_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
--- a/crypto/aes/aes-mips.S
+++ b/crypto/aes/aes-mips.S
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@ -1,4 +1,4 @@
-/* $OpenBSD: aes_core.c,v 1.13 2015/11/05 21:59:13 miod Exp $ */
+/* $OpenBSD: aes_core.c,v 1.14 2022/11/26 16:08:50 tb Exp $ */
 /**
 * rijndael-alg-fst.c
 *
@ -36,7 +36,7 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 #ifndef AES_ASM
 /*
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
@ -1,4 +1,4 @@
-/* $OpenBSD: aes_ecb.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: aes_ecb.c,v 1.7 2022/11/26 16:08:50 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -56,7 +56,7 @@
 #endif
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 void
 AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@ -1,4 +1,4 @@
-/* $OpenBSD: aes_ige.c,v 1.8 2022/01/22 00:43:41 inoguchi Exp $ */
+/* $OpenBSD: aes_ige.c,v 1.9 2022/11/26 16:08:50 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
@ -52,7 +52,7 @@
 #include <openssl/aes.h>
 #include <openssl/crypto.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
 typedef struct {
--- a/crypto/aes/aes_local.h
+++ b/crypto/aes/aes_local.h
@ -1,4 +1,4 @@
-/* $OpenBSD: aes_locl.h,v 1.11 2016/12/21 15:49:29 jsing Exp $ */
+/* $OpenBSD: aes_local.h,v 1.2 2022/11/26 17:23:17 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -49,8 +49,8 @@
 *
 */
-#ifndef HEADER_AES_LOCL_H
+#ifndef HEADER_AES_LOCAL_H
-#define HEADER_AES_LOCL_H
+#define HEADER_AES_LOCAL_H
 #include <openssl/opensslconf.h>
@ -80,4 +80,4 @@ typedef unsigned char u8;
 __END_HIDDEN_DECLS
-#endif /* !HEADER_AES_LOCL_H */
+#endif /* !HEADER_AES_LOCAL_H */
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@ -1,4 +1,4 @@
-/* $OpenBSD: aes_misc.c,v 1.10 2014/07/09 11:10:50 bcook Exp $ */
+/* $OpenBSD: aes_misc.c,v 1.11 2022/11/26 16:08:50 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -52,7 +52,7 @@
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 const char *
 AES_options(void)
--- a/crypto/aes/aesni-elf-x86_64.S
+++ b/crypto/aes/aesni-elf-x86_64.S
@ -4,6 +4,7 @@
 .type	aesni_encrypt,@function
 .align	16
 aesni_encrypt:
 	endbr64
 	movups	(%rdi),%xmm2
 	movl	240(%rdx),%eax
 	movups	(%rdx),%xmm0
@ -25,6 +26,7 @@ aesni_encrypt:
 .type	aesni_decrypt,@function
 .align	16
 aesni_decrypt:
 	endbr64
 	movups	(%rdi),%xmm2
 	movl	240(%rdx),%eax
 	movups	(%rdx),%xmm0
@ -44,6 +46,7 @@ aesni_decrypt:
 .type	_aesni_encrypt3,@function
 .align	16
 _aesni_encrypt3:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -77,6 +80,7 @@ _aesni_encrypt3:
 .type	_aesni_decrypt3,@function
 .align	16
 _aesni_decrypt3:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -110,6 +114,7 @@ _aesni_decrypt3:
 .type	_aesni_encrypt4,@function
 .align	16
 _aesni_encrypt4:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -148,6 +153,7 @@ _aesni_encrypt4:
 .type	_aesni_decrypt4,@function
 .align	16
 _aesni_decrypt4:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -186,6 +192,7 @@ _aesni_decrypt4:
 .type	_aesni_encrypt6,@function
 .align	16
 _aesni_encrypt6:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -243,6 +250,7 @@ _aesni_encrypt6:
 .type	_aesni_decrypt6,@function
 .align	16
 _aesni_decrypt6:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -300,6 +308,7 @@ _aesni_decrypt6:
 .type	_aesni_encrypt8,@function
 .align	16
 _aesni_encrypt8:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -370,6 +379,7 @@ _aesni_encrypt8:
 .type	_aesni_decrypt8,@function
 .align	16
 _aesni_decrypt8:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -441,6 +451,7 @@ _aesni_decrypt8:
 .type	aesni_ecb_encrypt,@function
 .align	16
 aesni_ecb_encrypt:
 	endbr64
 	andq	$-16,%rdx
 	jz	.Lecb_ret
@ -743,6 +754,7 @@ aesni_ecb_encrypt:
 .type	aesni_ccm64_encrypt_blocks,@function
 .align	16
 aesni_ccm64_encrypt_blocks:
 	endbr64
 	movl	240(%rcx),%eax
 	movdqu	(%r8),%xmm9
 	movdqa	.Lincrement64(%rip),%xmm6
@ -887,6 +899,10 @@ aesni_ccm64_decrypt_blocks:
 .type	aesni_ctr32_encrypt_blocks,@function
 .align	16
 aesni_ctr32_encrypt_blocks:
 	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$32,%rsp
 	leaq	-8(%rax),%rbp
 	cmpq	$1,%rdx
 	je	.Lctr32_one_shortcut
@ -911,9 +927,9 @@ aesni_ctr32_encrypt_blocks:
 .byte	102,69,15,58,34,226,2
 	incq	%r11
 .byte	102,69,15,58,34,235,2
-	movdqa	%xmm12,-40(%rsp)
+	movdqa	%xmm12,0(%rsp)
 .byte	102,69,15,56,0,231
-	movdqa	%xmm13,-24(%rsp)
+	movdqa	%xmm13,16(%rsp)
 .byte	102,69,15,56,0,239
 	pshufd	$192,%xmm12,%xmm2
@ -953,7 +969,7 @@ aesni_ctr32_encrypt_blocks:
 	movdqa	.Lincrement32(%rip),%xmm13
 	pxor	%xmm0,%xmm5
 	aesenc	%xmm1,%xmm4
-	movdqa	-40(%rsp),%xmm12
+	movdqa	(%rsp),%xmm12
 	pxor	%xmm0,%xmm6
 	aesenc	%xmm1,%xmm5
 	pxor	%xmm0,%xmm7
@ -986,11 +1002,11 @@ aesni_ctr32_encrypt_blocks:
 	aesenc	%xmm1,%xmm2
 	paddd	%xmm13,%xmm12
 	aesenc	%xmm1,%xmm3
-	paddd	-24(%rsp),%xmm13
+	paddd	16(%rsp),%xmm13
 	aesenc	%xmm1,%xmm4
-	movdqa	%xmm12,-40(%rsp)
+	movdqa	%xmm12,0(%rsp)
 	aesenc	%xmm1,%xmm5
-	movdqa	%xmm13,-24(%rsp)
+	movdqa	%xmm13,16(%rsp)
 	aesenc	%xmm1,%xmm6
 .byte	102,69,15,56,0,231
 	aesenc	%xmm1,%xmm7
@ -1129,13 +1145,19 @@ aesni_ctr32_encrypt_blocks:
 	movups	%xmm11,48(%rsi)
 .Lctr32_done:
 	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lctr32_ret:
 	retq
 .size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
 .globl	aesni_xts_encrypt
 .type	aesni_xts_encrypt,@function
 .align	16
 aesni_xts_encrypt:
-	leaq	-104(%rsp),%rsp
+	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$96,%rsp
 	leaq	-8(%rax),%rbp
 	movups	(%r9),%xmm15
 	movl	240(%r8),%eax
 	movl	240(%rcx),%r10d
@ -1523,7 +1545,8 @@ aesni_xts_encrypt:
 	movups	%xmm2,-16(%rsi)
 .Lxts_enc_ret:
-	leaq	104(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lxts_enc_epilogue:
 	retq
 .size	aesni_xts_encrypt,.-aesni_xts_encrypt
@ -1531,7 +1554,10 @@ aesni_xts_encrypt:
 .type	aesni_xts_decrypt,@function
 .align	16
 aesni_xts_decrypt:
-	leaq	-104(%rsp),%rsp
+	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$96,%rsp
 	leaq	-8(%rax),%rbp
 	movups	(%r9),%xmm15
 	movl	240(%r8),%eax
 	movl	240(%rcx),%r10d
@ -1963,7 +1989,8 @@ aesni_xts_decrypt:
 	movups	%xmm2,(%rsi)
 .Lxts_dec_ret:
-	leaq	104(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lxts_dec_epilogue:
 	retq
 .size	aesni_xts_decrypt,.-aesni_xts_decrypt
@ -2030,6 +2057,10 @@ aesni_cbc_encrypt:
 .align	16
 .Lcbc_decrypt:
 	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$16,%rsp
 	leaq	-8(%rax),%rbp
 	movups	(%r8),%xmm9
 	movl	%r10d,%eax
 	cmpq	$112,%rdx
@ -2037,11 +2068,11 @@ aesni_cbc_encrypt:
 	shrl	$1,%r10d
 	subq	$112,%rdx
 	movl	%r10d,%eax
-	movaps	%xmm9,-24(%rsp)
+	movaps	%xmm9,(%rsp)
 	jmp	.Lcbc_dec_loop8_enter
 .align	16
 .Lcbc_dec_loop8:
-	movaps	%xmm0,-24(%rsp)
+	movaps	%xmm0,(%rsp)
 	movups	%xmm9,(%rsi)
 	leaq	16(%rsi),%rsi
 .Lcbc_dec_loop8_enter:
@ -2081,7 +2112,7 @@ aesni_cbc_encrypt:
 	movups	(%rdi),%xmm1
 	movups	16(%rdi),%xmm0
-	xorps	-24(%rsp),%xmm2
+	xorps	(%rsp),%xmm2
 	xorps	%xmm1,%xmm3
 	movups	32(%rdi),%xmm1
 	xorps	%xmm0,%xmm4
@ -2145,11 +2176,11 @@ aesni_cbc_encrypt:
 	jbe	.Lcbc_dec_six
 	movups	96(%rdi),%xmm8
-	movaps	%xmm9,-24(%rsp)
+	movaps	%xmm9,(%rsp)
 	call	_aesni_decrypt8
 	movups	(%rdi),%xmm1
 	movups	16(%rdi),%xmm0
-	xorps	-24(%rsp),%xmm2
+	xorps	(%rsp),%xmm2
 	xorps	%xmm1,%xmm3
 	movups	32(%rdi),%xmm1
 	xorps	%xmm0,%xmm4
@ -2281,14 +2312,16 @@ aesni_cbc_encrypt:
 	jmp	.Lcbc_dec_ret
 .align	16
 .Lcbc_dec_tail_partial:
-	movaps	%xmm2,-24(%rsp)
+	movaps	%xmm2,(%rsp)
 	movq	$16,%rcx
 	movq	%rsi,%rdi
 	subq	%rdx,%rcx
-	leaq	-24(%rsp),%rsi
+	leaq	(%rsp),%rsi
 .long	0x9066A4F3	
 .Lcbc_dec_ret:
 	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lcbc_ret:
 	retq
 .size	aesni_cbc_encrypt,.-aesni_cbc_encrypt
@ -2296,6 +2329,7 @@ aesni_cbc_encrypt:
 .type	aesni_set_decrypt_key,@function
 .align	16
 aesni_set_decrypt_key:
 	endbr64
 	subq	$8,%rsp
 	call	__aesni_set_encrypt_key
 	shll	$4,%esi
@ -2334,6 +2368,7 @@ aesni_set_decrypt_key:
 .type	aesni_set_encrypt_key,@function
 .align	16
 aesni_set_encrypt_key:
 	endbr64
 __aesni_set_encrypt_key:
 	subq	$8,%rsp
 	movq	$-1,%rax
@ -2522,6 +2557,7 @@ __aesni_set_encrypt_key:
 	retq
 .size	aesni_set_encrypt_key,.-aesni_set_encrypt_key
 .size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
 .section	.rodata
 .align	64
 .Lbswap_mask:
 .byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
@ -2531,9 +2567,8 @@ __aesni_set_encrypt_key:
 .long	1,0,0,0
 .Lxts_magic:
 .long	0x87,0,1,0
 .byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
 .text	
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
 #endif
--- a/crypto/aes/aesni-macosx-x86_64.S
+++ b/crypto/aes/aesni-macosx-x86_64.S
@ -4,6 +4,7 @@
 .p2align	4
 _aesni_encrypt:
 	movups	(%rdi),%xmm2
 	movl	240(%rdx),%eax
 	movups	(%rdx),%xmm0
@ -25,6 +26,7 @@ L$oop_enc1_1:
 .p2align	4
 _aesni_decrypt:
 	movups	(%rdi),%xmm2
 	movl	240(%rdx),%eax
 	movups	(%rdx),%xmm0
@ -44,6 +46,7 @@ L$oop_dec1_2:
 .p2align	4
 _aesni_encrypt3:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -77,6 +80,7 @@ L$enc_loop3:
 .p2align	4
 _aesni_decrypt3:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -110,6 +114,7 @@ L$dec_loop3:
 .p2align	4
 _aesni_encrypt4:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -148,6 +153,7 @@ L$enc_loop4:
 .p2align	4
 _aesni_decrypt4:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -186,6 +192,7 @@ L$dec_loop4:
 .p2align	4
 _aesni_encrypt6:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -243,6 +250,7 @@ L$enc_loop6_enter:
 .p2align	4
 _aesni_decrypt6:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -300,6 +308,7 @@ L$dec_loop6_enter:
 .p2align	4
 _aesni_encrypt8:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -370,6 +379,7 @@ L$enc_loop8_enter:
 .p2align	4
 _aesni_decrypt8:
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -441,6 +451,7 @@ L$dec_loop8_enter:
 .p2align	4
 _aesni_ecb_encrypt:
 	andq	$-16,%rdx
 	jz	L$ecb_ret
@ -743,6 +754,7 @@ L$ecb_ret:
 .p2align	4
 _aesni_ccm64_encrypt_blocks:
 	movl	240(%rcx),%eax
 	movdqu	(%r8),%xmm9
 	movdqa	L$increment64(%rip),%xmm6
@ -887,6 +899,10 @@ L$oop_enc1_6:
 .p2align	4
 _aesni_ctr32_encrypt_blocks:
 	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$32,%rsp
 	leaq	-8(%rax),%rbp
 	cmpq	$1,%rdx
 	je	L$ctr32_one_shortcut
@ -911,9 +927,9 @@ _aesni_ctr32_encrypt_blocks:
 .byte	102,69,15,58,34,226,2
 	incq	%r11
 .byte	102,69,15,58,34,235,2
-	movdqa	%xmm12,-40(%rsp)
+	movdqa	%xmm12,0(%rsp)
 .byte	102,69,15,56,0,231
-	movdqa	%xmm13,-24(%rsp)
+	movdqa	%xmm13,16(%rsp)
 .byte	102,69,15,56,0,239
 	pshufd	$192,%xmm12,%xmm2
@ -953,7 +969,7 @@ L$ctr32_loop6:
 	movdqa	L$increment32(%rip),%xmm13
 	pxor	%xmm0,%xmm5
 	aesenc	%xmm1,%xmm4
-	movdqa	-40(%rsp),%xmm12
+	movdqa	(%rsp),%xmm12
 	pxor	%xmm0,%xmm6
 	aesenc	%xmm1,%xmm5
 	pxor	%xmm0,%xmm7
@ -986,11 +1002,11 @@ L$ctr32_enc_loop6_enter:
 	aesenc	%xmm1,%xmm2
 	paddd	%xmm13,%xmm12
 	aesenc	%xmm1,%xmm3
-	paddd	-24(%rsp),%xmm13
+	paddd	16(%rsp),%xmm13
 	aesenc	%xmm1,%xmm4
-	movdqa	%xmm12,-40(%rsp)
+	movdqa	%xmm12,0(%rsp)
 	aesenc	%xmm1,%xmm5
-	movdqa	%xmm13,-24(%rsp)
+	movdqa	%xmm13,16(%rsp)
 	aesenc	%xmm1,%xmm6
 .byte	102,69,15,56,0,231
 	aesenc	%xmm1,%xmm7
@ -1129,13 +1145,19 @@ L$ctr32_four:
 	movups	%xmm11,48(%rsi)
 L$ctr32_done:
 	leaq	(%rbp),%rsp
 	popq	%rbp
 L$ctr32_ret:
 	retq
 .globl	_aesni_xts_encrypt
 .p2align	4
 _aesni_xts_encrypt:
-	leaq	-104(%rsp),%rsp
+	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$96,%rsp
 	leaq	-8(%rax),%rbp
 	movups	(%r9),%xmm15
 	movl	240(%r8),%eax
 	movl	240(%rcx),%r10d
@ -1523,7 +1545,8 @@ L$oop_enc1_10:
 	movups	%xmm2,-16(%rsi)
 L$xts_enc_ret:
-	leaq	104(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 L$xts_enc_epilogue:
 	retq
@ -1531,7 +1554,10 @@ L$xts_enc_epilogue:
 .p2align	4
 _aesni_xts_decrypt:
-	leaq	-104(%rsp),%rsp
+	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$96,%rsp
 	leaq	-8(%rax),%rbp
 	movups	(%r9),%xmm15
 	movl	240(%r8),%eax
 	movl	240(%rcx),%r10d
@ -1963,7 +1989,8 @@ L$oop_dec1_14:
 	movups	%xmm2,(%rsi)
 L$xts_dec_ret:
-	leaq	104(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 L$xts_dec_epilogue:
 	retq
@ -2030,6 +2057,10 @@ L$cbc_enc_tail:
 .p2align	4
 L$cbc_decrypt:
 	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$16,%rsp
 	leaq	-8(%rax),%rbp
 	movups	(%r8),%xmm9
 	movl	%r10d,%eax
 	cmpq	$112,%rdx
@ -2037,11 +2068,11 @@ L$cbc_decrypt:
 	shrl	$1,%r10d
 	subq	$112,%rdx
 	movl	%r10d,%eax
-	movaps	%xmm9,-24(%rsp)
+	movaps	%xmm9,(%rsp)
 	jmp	L$cbc_dec_loop8_enter
 .p2align	4
 L$cbc_dec_loop8:
-	movaps	%xmm0,-24(%rsp)
+	movaps	%xmm0,(%rsp)
 	movups	%xmm9,(%rsi)
 	leaq	16(%rsi),%rsi
 L$cbc_dec_loop8_enter:
@ -2081,7 +2112,7 @@ L$cbc_dec_loop8_enter:
 	movups	(%rdi),%xmm1
 	movups	16(%rdi),%xmm0
-	xorps	-24(%rsp),%xmm2
+	xorps	(%rsp),%xmm2
 	xorps	%xmm1,%xmm3
 	movups	32(%rdi),%xmm1
 	xorps	%xmm0,%xmm4
@ -2145,11 +2176,11 @@ L$cbc_dec_tail:
 	jbe	L$cbc_dec_six
 	movups	96(%rdi),%xmm8
-	movaps	%xmm9,-24(%rsp)
+	movaps	%xmm9,(%rsp)
 	call	_aesni_decrypt8
 	movups	(%rdi),%xmm1
 	movups	16(%rdi),%xmm0
-	xorps	-24(%rsp),%xmm2
+	xorps	(%rsp),%xmm2
 	xorps	%xmm1,%xmm3
 	movups	32(%rdi),%xmm1
 	xorps	%xmm0,%xmm4
@ -2281,14 +2312,16 @@ L$cbc_dec_tail_collected:
 	jmp	L$cbc_dec_ret
 .p2align	4
 L$cbc_dec_tail_partial:
-	movaps	%xmm2,-24(%rsp)
+	movaps	%xmm2,(%rsp)
 	movq	$16,%rcx
 	movq	%rsi,%rdi
 	subq	%rdx,%rcx
-	leaq	-24(%rsp),%rsi
+	leaq	(%rsp),%rsi
 .long	0x9066A4F3	
 L$cbc_dec_ret:
 	leaq	(%rbp),%rsp
 	popq	%rbp
 L$cbc_ret:
 	retq
@ -2296,6 +2329,7 @@ L$cbc_ret:
 .p2align	4
 _aesni_set_decrypt_key:
 	subq	$8,%rsp
 	call	__aesni_set_encrypt_key
 	shll	$4,%esi
@ -2334,6 +2368,7 @@ L$SEH_end_set_decrypt_key:
 .p2align	4
 _aesni_set_encrypt_key:
 __aesni_set_encrypt_key:
 	subq	$8,%rsp
 	movq	$-1,%rax
@ -2522,6 +2557,7 @@ L$key_expansion_256b:
 	retq
 .section	__DATA,__const
 .p2align	6
 L$bswap_mask:
 .byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
@ -2531,6 +2567,5 @@ L$increment64:
 .long	1,0,0,0
 L$xts_magic:
 .long	0x87,0,1,0
 .byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align	6
 .text	
--- a/crypto/aes/aesni-masm-x86_64.S
+++ b/crypto/aes/aesni-masm-x86_64.S
@ -72,6 +72,7 @@ PUBLIC	aesni_encrypt
 ALIGN	16
 aesni_encrypt	PROC PUBLIC
 	endbr64
 	movups	xmm2,XMMWORD PTR[rcx]
 	mov	eax,DWORD PTR[240+r8]
 	movups	xmm0,XMMWORD PTR[r8]
@ -93,6 +94,7 @@ PUBLIC	aesni_decrypt
 ALIGN	16
 aesni_decrypt	PROC PUBLIC
 	endbr64
 	movups	xmm2,XMMWORD PTR[rcx]
 	mov	eax,DWORD PTR[240+r8]
 	movups	xmm0,XMMWORD PTR[r8]
@ -112,6 +114,7 @@ aesni_decrypt	ENDP
 ALIGN	16
 _aesni_encrypt3	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -145,6 +148,7 @@ _aesni_encrypt3	ENDP
 ALIGN	16
 _aesni_decrypt3	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -178,6 +182,7 @@ _aesni_decrypt3	ENDP
 ALIGN	16
 _aesni_encrypt4	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -216,6 +221,7 @@ _aesni_encrypt4	ENDP
 ALIGN	16
 _aesni_decrypt4	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -254,6 +260,7 @@ _aesni_decrypt4	ENDP
 ALIGN	16
 _aesni_encrypt6	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -311,6 +318,7 @@ _aesni_encrypt6	ENDP
 ALIGN	16
 _aesni_decrypt6	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -368,6 +376,7 @@ _aesni_decrypt6	ENDP
 ALIGN	16
 _aesni_encrypt8	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -438,6 +447,7 @@ _aesni_encrypt8	ENDP
 ALIGN	16
 _aesni_decrypt8	PROC PRIVATE
 	endbr64
 	movups	xmm0,XMMWORD PTR[rcx]
 	shr	eax,1
 	movups	xmm1,XMMWORD PTR[16+rcx]
@ -520,6 +530,7 @@ $L$SEH_begin_aesni_ecb_encrypt::
 	mov	r8,QWORD PTR[40+rsp]
 	endbr64
 	and	rdx,-16
 	jz	$L$ecb_ret
@ -837,6 +848,7 @@ $L$SEH_begin_aesni_ccm64_encrypt_blocks::
 	mov	r9,QWORD PTR[48+rsp]
 	endbr64
 	lea	rsp,QWORD PTR[((-88))+rsp]
 	movaps	XMMWORD PTR[rsp],xmm6
 	movaps	XMMWORD PTR[16+rsp],xmm7
@ -1034,7 +1046,9 @@ $L$SEH_begin_aesni_ctr32_encrypt_blocks::
 	mov	r8,QWORD PTR[40+rsp]
-	lea	rsp,QWORD PTR[((-200))+rsp]
+	lea	rax,QWORD PTR[rsp]
 	push	rbp
 	sub	rsp,192
 	movaps	XMMWORD PTR[32+rsp],xmm6
 	movaps	XMMWORD PTR[48+rsp],xmm7
 	movaps	XMMWORD PTR[64+rsp],xmm8
@ -1046,6 +1060,7 @@ $L$SEH_begin_aesni_ctr32_encrypt_blocks::
 	movaps	XMMWORD PTR[160+rsp],xmm14
 	movaps	XMMWORD PTR[176+rsp],xmm15
 $L$ctr32_body::
 	lea	rbp,QWORD PTR[((-8))+rax]
 	cmp	rdx,1
 	je	$L$ctr32_one_shortcut
@ -1298,7 +1313,8 @@ $L$ctr32_done::
 	movaps	xmm13,XMMWORD PTR[144+rsp]
 	movaps	xmm14,XMMWORD PTR[160+rsp]
 	movaps	xmm15,XMMWORD PTR[176+rsp]
-	lea	rsp,QWORD PTR[200+rsp]
+	lea	rsp,QWORD PTR[rbp]
 	pop	rbp
 $L$ctr32_ret::
 	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue
 	mov	rsi,QWORD PTR[16+rsp]
@ -1321,7 +1337,9 @@ $L$SEH_begin_aesni_xts_encrypt::
 	mov	r9,QWORD PTR[48+rsp]
-	lea	rsp,QWORD PTR[((-264))+rsp]
+	lea	rax,QWORD PTR[rsp]
 	push	rbp
 	sub	rsp,256
 	movaps	XMMWORD PTR[96+rsp],xmm6
 	movaps	XMMWORD PTR[112+rsp],xmm7
 	movaps	XMMWORD PTR[128+rsp],xmm8
@ -1333,6 +1351,7 @@ $L$SEH_begin_aesni_xts_encrypt::
 	movaps	XMMWORD PTR[224+rsp],xmm14
 	movaps	XMMWORD PTR[240+rsp],xmm15
 $L$xts_enc_body::
 	lea	rbp,QWORD PTR[((-8))+rax]
 	movups	xmm15,XMMWORD PTR[r9]
 	mov	eax,DWORD PTR[240+r8]
 	mov	r10d,DWORD PTR[240+rcx]
@ -1730,7 +1749,8 @@ $L$xts_enc_ret::
 	movaps	xmm13,XMMWORD PTR[208+rsp]
 	movaps	xmm14,XMMWORD PTR[224+rsp]
 	movaps	xmm15,XMMWORD PTR[240+rsp]
-	lea	rsp,QWORD PTR[264+rsp]
+	lea	rsp,QWORD PTR[rbp]
 	pop	rbp
 $L$xts_enc_epilogue::
 	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue
 	mov	rsi,QWORD PTR[16+rsp]
@ -1753,7 +1773,9 @@ $L$SEH_begin_aesni_xts_decrypt::
 	mov	r9,QWORD PTR[48+rsp]
-	lea	rsp,QWORD PTR[((-264))+rsp]
+	lea	rax,QWORD PTR[rsp]
 	push	rbp
 	sub	rsp,256
 	movaps	XMMWORD PTR[96+rsp],xmm6
 	movaps	XMMWORD PTR[112+rsp],xmm7
 	movaps	XMMWORD PTR[128+rsp],xmm8
@ -1765,6 +1787,7 @@ $L$SEH_begin_aesni_xts_decrypt::
 	movaps	XMMWORD PTR[224+rsp],xmm14
 	movaps	XMMWORD PTR[240+rsp],xmm15
 $L$xts_dec_body::
 	lea	rbp,QWORD PTR[((-8))+rax]
 	movups	xmm15,XMMWORD PTR[r9]
 	mov	eax,DWORD PTR[240+r8]
 	mov	r10d,DWORD PTR[240+rcx]
@ -2206,7 +2229,8 @@ $L$xts_dec_ret::
 	movaps	xmm13,XMMWORD PTR[208+rsp]
 	movaps	xmm14,XMMWORD PTR[224+rsp]
 	movaps	xmm15,XMMWORD PTR[240+rsp]
-	lea	rsp,QWORD PTR[264+rsp]
+	lea	rsp,QWORD PTR[rbp]
 	pop	rbp
 $L$xts_dec_epilogue::
 	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue
 	mov	rsi,QWORD PTR[16+rsp]
@ -2288,12 +2312,15 @@ $L$cbc_enc_tail::
 ALIGN	16
 $L$cbc_decrypt::
-	lea	rsp,QWORD PTR[((-88))+rsp]
+	lea	rax,QWORD PTR[rsp]
-	movaps	XMMWORD PTR[rsp],xmm6
+	push	rbp
-	movaps	XMMWORD PTR[16+rsp],xmm7
+	sub	rsp,80
-	movaps	XMMWORD PTR[32+rsp],xmm8
+	movaps	XMMWORD PTR[16+rsp],xmm6
-	movaps	XMMWORD PTR[48+rsp],xmm9
+	movaps	XMMWORD PTR[32+rsp],xmm7
 	movaps	XMMWORD PTR[48+rsp],xmm8
 	movaps	XMMWORD PTR[64+rsp],xmm9
 $L$cbc_decrypt_body::
 	lea	rbp,QWORD PTR[((-8))+rax]
 	movups	xmm9,XMMWORD PTR[r8]
 	mov	eax,r10d
 	cmp	rdx,070h
@ -2301,11 +2328,11 @@ $L$cbc_decrypt_body::
 	shr	r10d,1
 	sub	rdx,070h
 	mov	eax,r10d
-	movaps	XMMWORD PTR[64+rsp],xmm9
+	movaps	XMMWORD PTR[rsp],xmm9
 	jmp	$L$cbc_dec_loop8_enter
 ALIGN	16
 $L$cbc_dec_loop8::
-	movaps	XMMWORD PTR[64+rsp],xmm0
+	movaps	XMMWORD PTR[rsp],xmm0
 	movups	XMMWORD PTR[rsi],xmm9
 	lea	rsi,QWORD PTR[16+rsi]
 $L$cbc_dec_loop8_enter::
@ -2345,7 +2372,7 @@ $L$cbc_dec_loop8_enter::
 	movups	xmm1,XMMWORD PTR[rdi]
 	movups	xmm0,XMMWORD PTR[16+rdi]
-	xorps	xmm2,XMMWORD PTR[64+rsp]
+	xorps	xmm2,XMMWORD PTR[rsp]
 	xorps	xmm3,xmm1
 	movups	xmm1,XMMWORD PTR[32+rdi]
 	xorps	xmm4,xmm0
@ -2409,11 +2436,11 @@ $L$cbc_dec_tail::
 	jbe	$L$cbc_dec_six
 	movups	xmm8,XMMWORD PTR[96+rdi]
-	movaps	XMMWORD PTR[64+rsp],xmm9
+	movaps	XMMWORD PTR[rsp],xmm9
 	call	_aesni_decrypt8
 	movups	xmm1,XMMWORD PTR[rdi]
 	movups	xmm0,XMMWORD PTR[16+rdi]
-	xorps	xmm2,XMMWORD PTR[64+rsp]
+	xorps	xmm2,XMMWORD PTR[rsp]
 	xorps	xmm3,xmm1
 	movups	xmm1,XMMWORD PTR[32+rdi]
 	xorps	xmm4,xmm0
@ -2545,19 +2572,20 @@ $L$cbc_dec_tail_collected::
 	jmp	$L$cbc_dec_ret
 ALIGN	16
 $L$cbc_dec_tail_partial::
-	movaps	XMMWORD PTR[64+rsp],xmm2
+	movaps	XMMWORD PTR[rsp],xmm2
 	mov	rcx,16
 	mov	rdi,rsi
 	sub	rcx,rdx
-	lea	rsi,QWORD PTR[64+rsp]
+	lea	rsi,QWORD PTR[rsp]
 	DD	09066A4F3h	
 $L$cbc_dec_ret::
-	movaps	xmm6,XMMWORD PTR[rsp]
+	movaps	xmm6,XMMWORD PTR[16+rsp]
-	movaps	xmm7,XMMWORD PTR[16+rsp]
+	movaps	xmm7,XMMWORD PTR[32+rsp]
-	movaps	xmm8,XMMWORD PTR[32+rsp]
+	movaps	xmm8,XMMWORD PTR[48+rsp]
-	movaps	xmm9,XMMWORD PTR[48+rsp]
+	movaps	xmm9,XMMWORD PTR[64+rsp]
-	lea	rsp,QWORD PTR[88+rsp]
+	lea	rsp,QWORD PTR[rbp]
 	pop	rbp
 $L$cbc_ret::
 	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue
 	mov	rsi,QWORD PTR[16+rsp]
@ -2568,6 +2596,7 @@ PUBLIC	aesni_set_decrypt_key
 ALIGN	16
 aesni_set_decrypt_key	PROC PUBLIC
 	endbr64
 	sub	rsp,8
 	call	__aesni_set_encrypt_key
 	shl	edx,4
@ -2606,6 +2635,7 @@ PUBLIC	aesni_set_encrypt_key
 ALIGN	16
 aesni_set_encrypt_key	PROC PUBLIC
 	endbr64
 __aesni_set_encrypt_key::
 	sub	rsp,8
 	mov	rax,-1
@ -2794,6 +2824,8 @@ $L$key_expansion_256b::
 	DB	0F3h,0C3h		;repret
 aesni_set_encrypt_key	ENDP
 .text$	ENDS
 .rdata	SEGMENT READONLY ALIGN(8)
 ALIGN	64
 $L$bswap_mask::
 DB	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
@ -2803,16 +2835,14 @@ $L$increment64::
 	DD	1,0,0,0
 $L$xts_magic::
 	DD	087h,0,1,0
 DB	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69
 DB	83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83
 DB	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
 DB	115,108,46,111,114,103,62,0
 ALIGN	64
 .rdata	ENDS
 .text$	SEGMENT ALIGN(64) 'CODE'
 EXTERN	__imp_RtlVirtualUnwind:NEAR
 ALIGN	16
 ecb_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
@ -2832,6 +2862,7 @@ ecb_se_handler	ENDP
 ALIGN	16
 ccm64_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
@ -2873,6 +2904,7 @@ ccm64_se_handler	ENDP
 ALIGN	16
 ctr32_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
@ -2901,14 +2933,14 @@ ctr32_se_handler	PROC PRIVATE
 	lea	rdi,QWORD PTR[512+r8]
 	mov	ecx,20
 	DD	0a548f3fch		
 	lea	rax,QWORD PTR[200+rax]
-	jmp	$L$common_seh_tail
+	jmp	$L$common_rbp_tail
 ctr32_se_handler	ENDP
 ALIGN	16
 xts_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
@ -2942,13 +2974,13 @@ xts_se_handler	PROC PRIVATE
 	lea	rdi,QWORD PTR[512+r8]
 	mov	ecx,20
 	DD	0a548f3fch		
 	lea	rax,QWORD PTR[((104+160))+rax]
-	jmp	$L$common_seh_tail
+	jmp	$L$common_rbp_tail
 xts_se_handler	ENDP
 ALIGN	16
 cbc_se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
@ -2975,11 +3007,16 @@ cbc_se_handler	PROC PRIVATE
 	cmp	rbx,r10
 	jae	$L$common_seh_tail
-	lea	rsi,QWORD PTR[rax]
+	lea	rsi,QWORD PTR[16+rax]
 	lea	rdi,QWORD PTR[512+r8]
 	mov	ecx,8
 	DD	0a548f3fch		
-	lea	rax,QWORD PTR[88+rax]
+
 $L$common_rbp_tail::
 	mov	rax,QWORD PTR[160+r8]
 	mov	rbp,QWORD PTR[rax]
 	lea	rax,QWORD PTR[8+rax]
 	mov	QWORD PTR[160+r8],rbp
 	jmp	$L$common_seh_tail
 $L$restore_cbc_rax::
--- a/crypto/aes/aesni-mingw64-x86_64.S
+++ b/crypto/aes/aesni-mingw64-x86_64.S
@ -4,6 +4,7 @@
 .def	aesni_encrypt;	.scl 2;	.type 32;	.endef
 .p2align	4
 aesni_encrypt:
 	endbr64
 	movups	(%rcx),%xmm2
 	movl	240(%r8),%eax
 	movups	(%r8),%xmm0
@ -25,6 +26,7 @@ aesni_encrypt:
 .def	aesni_decrypt;	.scl 2;	.type 32;	.endef
 .p2align	4
 aesni_decrypt:
 	endbr64
 	movups	(%rcx),%xmm2
 	movl	240(%r8),%eax
 	movups	(%r8),%xmm0
@ -44,6 +46,7 @@ aesni_decrypt:
 .def	_aesni_encrypt3;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_encrypt3:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -77,6 +80,7 @@ _aesni_encrypt3:
 .def	_aesni_decrypt3;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_decrypt3:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -110,6 +114,7 @@ _aesni_decrypt3:
 .def	_aesni_encrypt4;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_encrypt4:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -148,6 +153,7 @@ _aesni_encrypt4:
 .def	_aesni_decrypt4;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_decrypt4:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -186,6 +192,7 @@ _aesni_decrypt4:
 .def	_aesni_encrypt6;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_encrypt6:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -243,6 +250,7 @@ _aesni_encrypt6:
 .def	_aesni_decrypt6;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_decrypt6:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -300,6 +308,7 @@ _aesni_decrypt6:
 .def	_aesni_encrypt8;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_encrypt8:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -370,6 +379,7 @@ _aesni_encrypt8:
 .def	_aesni_decrypt8;	.scl 3;	.type 32;	.endef
 .p2align	4
 _aesni_decrypt8:
 	endbr64
 	movups	(%rcx),%xmm0
 	shrl	$1,%eax
 	movups	16(%rcx),%xmm1
@ -451,6 +461,7 @@ aesni_ecb_encrypt:
 	movq	%r9,%rcx
 	movq	40(%rsp),%r8
 	endbr64
 	andq	$-16,%rdx
 	jz	.Lecb_ret
@ -766,6 +777,7 @@ aesni_ccm64_encrypt_blocks:
 	movq	40(%rsp),%r8
 	movq	48(%rsp),%r9
 	endbr64
 	leaq	-88(%rsp),%rsp
 	movaps	%xmm6,(%rsp)
 	movaps	%xmm7,16(%rsp)
@ -959,7 +971,9 @@ aesni_ctr32_encrypt_blocks:
 	movq	%r9,%rcx
 	movq	40(%rsp),%r8
-	leaq	-200(%rsp),%rsp
+	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$192,%rsp
 	movaps	%xmm6,32(%rsp)
 	movaps	%xmm7,48(%rsp)
 	movaps	%xmm8,64(%rsp)
@ -971,6 +985,7 @@ aesni_ctr32_encrypt_blocks:
 	movaps	%xmm14,160(%rsp)
 	movaps	%xmm15,176(%rsp)
 .Lctr32_body:
 	leaq	-8(%rax),%rbp
 	cmpq	$1,%rdx
 	je	.Lctr32_one_shortcut
@ -1037,7 +1052,7 @@ aesni_ctr32_encrypt_blocks:
 	movdqa	.Lincrement32(%rip),%xmm13
 	pxor	%xmm0,%xmm5
 	aesenc	%xmm1,%xmm4
-	movdqa	0(%rsp),%xmm12
+	movdqa	(%rsp),%xmm12
 	pxor	%xmm0,%xmm6
 	aesenc	%xmm1,%xmm5
 	pxor	%xmm0,%xmm7
@ -1223,7 +1238,8 @@ aesni_ctr32_encrypt_blocks:
 	movaps	144(%rsp),%xmm13
 	movaps	160(%rsp),%xmm14
 	movaps	176(%rsp),%xmm15
-	leaq	200(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lctr32_ret:
 	movq	8(%rsp),%rdi
 	movq	16(%rsp),%rsi
@ -1244,7 +1260,9 @@ aesni_xts_encrypt:
 	movq	40(%rsp),%r8
 	movq	48(%rsp),%r9
-	leaq	-264(%rsp),%rsp
+	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$256,%rsp
 	movaps	%xmm6,96(%rsp)
 	movaps	%xmm7,112(%rsp)
 	movaps	%xmm8,128(%rsp)
@ -1256,6 +1274,7 @@ aesni_xts_encrypt:
 	movaps	%xmm14,224(%rsp)
 	movaps	%xmm15,240(%rsp)
 .Lxts_enc_body:
 	leaq	-8(%rax),%rbp
 	movups	(%r9),%xmm15
 	movl	240(%r8),%eax
 	movl	240(%rcx),%r10d
@ -1653,7 +1672,8 @@ aesni_xts_encrypt:
 	movaps	208(%rsp),%xmm13
 	movaps	224(%rsp),%xmm14
 	movaps	240(%rsp),%xmm15
-	leaq	264(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lxts_enc_epilogue:
 	movq	8(%rsp),%rdi
 	movq	16(%rsp),%rsi
@ -1674,7 +1694,9 @@ aesni_xts_decrypt:
 	movq	40(%rsp),%r8
 	movq	48(%rsp),%r9
-	leaq	-264(%rsp),%rsp
+	leaq	(%rsp),%rax
 	pushq	%rbp
 	subq	$256,%rsp
 	movaps	%xmm6,96(%rsp)
 	movaps	%xmm7,112(%rsp)
 	movaps	%xmm8,128(%rsp)
@ -1686,6 +1708,7 @@ aesni_xts_decrypt:
 	movaps	%xmm14,224(%rsp)
 	movaps	%xmm15,240(%rsp)
 .Lxts_dec_body:
 	leaq	-8(%rax),%rbp
 	movups	(%r9),%xmm15
 	movl	240(%r8),%eax
 	movl	240(%rcx),%r10d
@ -2127,7 +2150,8 @@ aesni_xts_decrypt:
 	movaps	208(%rsp),%xmm13
 	movaps	224(%rsp),%xmm14
 	movaps	240(%rsp),%xmm15
-	leaq	264(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lxts_dec_epilogue:
 	movq	8(%rsp),%rdi
 	movq	16(%rsp),%rsi
@ -2207,12 +2231,15 @@ aesni_cbc_encrypt:
 .p2align	4
 .Lcbc_decrypt:
-	leaq	-88(%rsp),%rsp
+	leaq	(%rsp),%rax
-	movaps	%xmm6,(%rsp)
+	pushq	%rbp
-	movaps	%xmm7,16(%rsp)
+	subq	$80,%rsp
-	movaps	%xmm8,32(%rsp)
+	movaps	%xmm6,16(%rsp)
-	movaps	%xmm9,48(%rsp)
+	movaps	%xmm7,32(%rsp)
 	movaps	%xmm8,48(%rsp)
 	movaps	%xmm9,64(%rsp)
 .Lcbc_decrypt_body:
 	leaq	-8(%rax),%rbp
 	movups	(%r8),%xmm9
 	movl	%r10d,%eax
 	cmpq	$112,%rdx
@ -2220,11 +2247,11 @@ aesni_cbc_encrypt:
 	shrl	$1,%r10d
 	subq	$112,%rdx
 	movl	%r10d,%eax
-	movaps	%xmm9,64(%rsp)
+	movaps	%xmm9,(%rsp)
 	jmp	.Lcbc_dec_loop8_enter
 .p2align	4
 .Lcbc_dec_loop8:
-	movaps	%xmm0,64(%rsp)
+	movaps	%xmm0,(%rsp)
 	movups	%xmm9,(%rsi)
 	leaq	16(%rsi),%rsi
 .Lcbc_dec_loop8_enter:
@ -2264,7 +2291,7 @@ aesni_cbc_encrypt:
 	movups	(%rdi),%xmm1
 	movups	16(%rdi),%xmm0
-	xorps	64(%rsp),%xmm2
+	xorps	(%rsp),%xmm2
 	xorps	%xmm1,%xmm3
 	movups	32(%rdi),%xmm1
 	xorps	%xmm0,%xmm4
@ -2328,11 +2355,11 @@ aesni_cbc_encrypt:
 	jbe	.Lcbc_dec_six
 	movups	96(%rdi),%xmm8
-	movaps	%xmm9,64(%rsp)
+	movaps	%xmm9,(%rsp)
 	call	_aesni_decrypt8
 	movups	(%rdi),%xmm1
 	movups	16(%rdi),%xmm0
-	xorps	64(%rsp),%xmm2
+	xorps	(%rsp),%xmm2
 	xorps	%xmm1,%xmm3
 	movups	32(%rdi),%xmm1
 	xorps	%xmm0,%xmm4
@ -2464,19 +2491,20 @@ aesni_cbc_encrypt:
 	jmp	.Lcbc_dec_ret
 .p2align	4
 .Lcbc_dec_tail_partial:
-	movaps	%xmm2,64(%rsp)
+	movaps	%xmm2,(%rsp)
 	movq	$16,%rcx
 	movq	%rsi,%rdi
 	subq	%rdx,%rcx
-	leaq	64(%rsp),%rsi
+	leaq	(%rsp),%rsi
 .long	0x9066A4F3	
 .Lcbc_dec_ret:
-	movaps	(%rsp),%xmm6
+	movaps	16(%rsp),%xmm6
-	movaps	16(%rsp),%xmm7
+	movaps	32(%rsp),%xmm7
-	movaps	32(%rsp),%xmm8
+	movaps	48(%rsp),%xmm8
-	movaps	48(%rsp),%xmm9
+	movaps	64(%rsp),%xmm9
-	leaq	88(%rsp),%rsp
+	leaq	(%rbp),%rsp
 	popq	%rbp
 .Lcbc_ret:
 	movq	8(%rsp),%rdi
 	movq	16(%rsp),%rsi
@ -2486,6 +2514,7 @@ aesni_cbc_encrypt:
 .def	aesni_set_decrypt_key;	.scl 2;	.type 32;	.endef
 .p2align	4
 aesni_set_decrypt_key:
 	endbr64
 	subq	$8,%rsp
 	call	__aesni_set_encrypt_key
 	shll	$4,%edx
@ -2524,6 +2553,7 @@ aesni_set_decrypt_key:
 .def	aesni_set_encrypt_key;	.scl 2;	.type 32;	.endef
 .p2align	4
 aesni_set_encrypt_key:
 	endbr64
 __aesni_set_encrypt_key:
 	subq	$8,%rsp
 	movq	$-1,%rax
@ -2712,6 +2742,7 @@ __aesni_set_encrypt_key:
 	retq
 .section	.rodata
 .p2align	6
 .Lbswap_mask:
 .byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
@ -2721,13 +2752,13 @@ __aesni_set_encrypt_key:
 .long	1,0,0,0
 .Lxts_magic:
 .long	0x87,0,1,0
 .byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align	6
 .text	
 .def	ecb_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 ecb_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
@ -2747,6 +2778,7 @@ ecb_se_handler:
 .def	ccm64_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 ccm64_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
@ -2788,6 +2820,7 @@ ccm64_se_handler:
 .def	ctr32_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 ctr32_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
@ -2816,14 +2849,14 @@ ctr32_se_handler:
 	leaq	512(%r8),%rdi
 	movl	$20,%ecx
 .long	0xa548f3fc		
 	leaq	200(%rax),%rax
-	jmp	.Lcommon_seh_tail
+	jmp	.Lcommon_rbp_tail
 .def	xts_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 xts_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
@ -2857,13 +2890,13 @@ xts_se_handler:
 	leaq	512(%r8),%rdi
 	movl	$20,%ecx
 .long	0xa548f3fc		
 	leaq	104+160(%rax),%rax
-	jmp	.Lcommon_seh_tail
+	jmp	.Lcommon_rbp_tail
 .def	cbc_se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 cbc_se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
@ -2890,11 +2923,16 @@ cbc_se_handler:
 	cmpq	%r10,%rbx
 	jae	.Lcommon_seh_tail
-	leaq	0(%rax),%rsi
+	leaq	16(%rax),%rsi
 	leaq	512(%r8),%rdi
 	movl	$8,%ecx
 .long	0xa548f3fc		
-	leaq	88(%rax),%rax
+
 .Lcommon_rbp_tail:
 	movq	160(%r8),%rax
 	movq	(%rax),%rbp
 	leaq	8(%rax),%rax
 	movq	%rbp,160(%r8)
 	jmp	.Lcommon_seh_tail
 .Lrestore_cbc_rax:
--- a/crypto/aes/aesni-sha1-elf-x86_64.S
+++ b/crypto/aes/aesni-sha1-elf-x86_64.S
@ -7,6 +7,7 @@
 .type	aesni_cbc_sha1_enc,@function
 .align	16
 aesni_cbc_sha1_enc:
 	endbr64
 	movl	OPENSSL_ia32cap_P+0(%rip),%r10d
 	movl	OPENSSL_ia32cap_P+4(%rip),%r11d
@ -16,6 +17,7 @@ aesni_cbc_sha1_enc:
 .type	aesni_cbc_sha1_enc_ssse3,@function
 .align	16
 aesni_cbc_sha1_enc_ssse3:
 	endbr64
 	movq	8(%rsp),%r10
@ -1386,6 +1388,7 @@ aesni_cbc_sha1_enc_ssse3:
 .Lepilogue_ssse3:
 	retq
 .size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
 .section	.rodata
 .align	64
 K_XX_XX:
 .long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
@ -1393,9 +1396,8 @@ K_XX_XX:
 .long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
 .long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
 .long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
 .byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
 .text	
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
 #endif
--- a/crypto/aes/aesni-sha1-macosx-x86_64.S
+++ b/crypto/aes/aesni-sha1-macosx-x86_64.S
@ -8,6 +8,7 @@
 .p2align	4
 _aesni_cbc_sha1_enc:
 	movl	_OPENSSL_ia32cap_P+0(%rip),%r10d
 	movl	_OPENSSL_ia32cap_P+4(%rip),%r11d
 	jmp	aesni_cbc_sha1_enc_ssse3
@ -16,6 +17,7 @@ _aesni_cbc_sha1_enc:
 .p2align	4
 aesni_cbc_sha1_enc_ssse3:
 	movq	8(%rsp),%r10
@ -1386,6 +1388,7 @@ L$aesenclast5:
 L$epilogue_ssse3:
 	retq
 .section	__DATA,__const
 .p2align	6
 K_XX_XX:
 .long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
@ -1393,6 +1396,5 @@ K_XX_XX:
 .long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
 .long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
 .long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
 .byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align	6
 .text	
--- a/crypto/aes/aesni-sha1-masm-x86_64.S
+++ b/crypto/aes/aesni-sha1-masm-x86_64.S
@ -75,6 +75,7 @@ PUBLIC	aesni_cbc_sha1_enc
 ALIGN	16
 aesni_cbc_sha1_enc	PROC PUBLIC
 	endbr64
 	mov	r10d,DWORD PTR[((OPENSSL_ia32cap_P+0))]
 	mov	r11d,DWORD PTR[((OPENSSL_ia32cap_P+4))]
@ -96,6 +97,7 @@ $L$SEH_begin_aesni_cbc_sha1_enc_ssse3::
 	mov	r9,QWORD PTR[48+rsp]
 	endbr64
 	mov	r10,QWORD PTR[56+rsp]
@ -1490,6 +1492,8 @@ $L$epilogue_ssse3::
 	DB	0F3h,0C3h		;repret
 $L$SEH_end_aesni_cbc_sha1_enc_ssse3::
 aesni_cbc_sha1_enc_ssse3	ENDP
 .text$	ENDS
 .rdata	SEGMENT READONLY ALIGN(8)
 ALIGN	64
 K_XX_XX::
 	DD	05a827999h,05a827999h,05a827999h,05a827999h	
@ -1497,17 +1501,14 @@ K_XX_XX::
 	DD	08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch	
 	DD	0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h	
 	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh	
 DB	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115
 DB	116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52
 DB	44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32
 DB	60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111
 DB	114,103,62,0
 ALIGN	64
 .rdata	ENDS
 .text$	SEGMENT ALIGN(64) 'CODE'
 EXTERN	__imp_RtlVirtualUnwind:NEAR
 ALIGN	16
 ssse3_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
--- a/crypto/aes/aesni-sha1-mingw64-x86_64.S
+++ b/crypto/aes/aesni-sha1-mingw64-x86_64.S
@ -7,6 +7,7 @@
 .def	aesni_cbc_sha1_enc;	.scl 2;	.type 32;	.endef
 .p2align	4
 aesni_cbc_sha1_enc:
 	endbr64
 	movl	OPENSSL_ia32cap_P+0(%rip),%r10d
 	movl	OPENSSL_ia32cap_P+4(%rip),%r11d
@ -27,6 +28,7 @@ aesni_cbc_sha1_enc_ssse3:
 	movq	40(%rsp),%r8
 	movq	48(%rsp),%r9
 	endbr64
 	movq	56(%rsp),%r10
@ -1420,6 +1422,7 @@ aesni_cbc_sha1_enc_ssse3:
 	movq	16(%rsp),%rsi
 	retq
 .LSEH_end_aesni_cbc_sha1_enc_ssse3:
 .section	.rodata
 .p2align	6
 K_XX_XX:
 .long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
@ -1427,13 +1430,13 @@ K_XX_XX:
 .long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
 .long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
 .long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
 .byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align	6
 .text	
 .def	ssse3_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 ssse3_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
--- a/crypto/aes/bsaes-elf-x86_64.S
+++ b/crypto/aes/bsaes-elf-x86_64.S
@ -7,6 +7,7 @@
 .type	_bsaes_encrypt8,@function
 .align	64
 _bsaes_encrypt8:
 	endbr64
 	leaq	.LBS0(%rip),%r11
 	movdqa	(%rax),%xmm8
@ -479,6 +480,7 @@ _bsaes_encrypt8_bitslice:
 .type	_bsaes_decrypt8,@function
 .align	64
 _bsaes_decrypt8:
 	endbr64
 	leaq	.LBS0(%rip),%r11
 	movdqa	(%rax),%xmm8
@ -984,6 +986,7 @@ _bsaes_decrypt8:
 .type	_bsaes_key_convert,@function
 .align	16
 _bsaes_key_convert:
 	endbr64
 	leaq	.Lmasks(%rip),%r11
 	movdqu	(%rcx),%xmm7
 	leaq	16(%rcx),%rcx
@ -1068,6 +1071,7 @@ _bsaes_key_convert:
 .type	bsaes_cbc_encrypt,@function
 .align	16
 bsaes_cbc_encrypt:
 	endbr64
 	cmpl	$0,%r9d
 	jne	asm_AES_cbc_encrypt
 	cmpq	$128,%rdx
@ -1318,6 +1322,7 @@ bsaes_cbc_encrypt:
 .type	bsaes_ctr32_encrypt_blocks,@function
 .align	16
 bsaes_ctr32_encrypt_blocks:
 	endbr64
 	movq	%rsp,%rax
 .Lctr_enc_prologue:
 	pushq	%rbp
@ -1517,6 +1522,7 @@ bsaes_ctr32_encrypt_blocks:
 .type	bsaes_xts_encrypt,@function
 .align	16
 bsaes_xts_encrypt:
 	endbr64
 	movq	%rsp,%rax
 .Lxts_enc_prologue:
 	pushq	%rbp
@ -1969,6 +1975,7 @@ bsaes_xts_encrypt:
 .type	bsaes_xts_decrypt,@function
 .align	16
 bsaes_xts_decrypt:
 	endbr64
 	movq	%rsp,%rax
 .Lxts_dec_prologue:
 	pushq	%rbp
@ -2442,6 +2449,7 @@ bsaes_xts_decrypt:
 .Lxts_dec_epilogue:
 	retq
 .size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
 .section	.rodata
 .type	_bsaes_const,@object
 .align	64
 _bsaes_const:
@ -2494,9 +2502,9 @@ _bsaes_const:
 .quad	0x02060a0e03070b0f, 0x0004080c0105090d
 .L63:
 .quad	0x6363636363636363, 0x6363636363636363
 .byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
 .align	64
 .size	_bsaes_const,.-_bsaes_const
 .text	
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
 #endif
--- a/crypto/aes/bsaes-macosx-x86_64.S
+++ b/crypto/aes/bsaes-macosx-x86_64.S
@ -7,6 +7,7 @@
 .p2align	6
 _bsaes_encrypt8:
 	leaq	L$BS0(%rip),%r11
 	movdqa	(%rax),%xmm8
@ -479,6 +480,7 @@ L$enc_done:
 .p2align	6
 _bsaes_decrypt8:
 	leaq	L$BS0(%rip),%r11
 	movdqa	(%rax),%xmm8
@ -984,6 +986,7 @@ L$dec_done:
 .p2align	4
 _bsaes_key_convert:
 	leaq	L$masks(%rip),%r11
 	movdqu	(%rcx),%xmm7
 	leaq	16(%rcx),%rcx
@ -1068,6 +1071,7 @@ L$key_loop:
 .p2align	4
 _bsaes_cbc_encrypt:
 	cmpl	$0,%r9d
 	jne	_asm_AES_cbc_encrypt
 	cmpq	$128,%rdx
@ -1318,6 +1322,7 @@ L$cbc_dec_epilogue:
 .p2align	4
 _bsaes_ctr32_encrypt_blocks:
 	movq	%rsp,%rax
 L$ctr_enc_prologue:
 	pushq	%rbp
@ -1517,6 +1522,7 @@ L$ctr_enc_epilogue:
 .p2align	4
 _bsaes_xts_encrypt:
 	movq	%rsp,%rax
 L$xts_enc_prologue:
 	pushq	%rbp
@ -1969,6 +1975,7 @@ L$xts_enc_epilogue:
 .p2align	4
 _bsaes_xts_decrypt:
 	movq	%rsp,%rax
 L$xts_dec_prologue:
 	pushq	%rbp
@ -2442,6 +2449,7 @@ L$xts_dec_bzero:
 L$xts_dec_epilogue:
 	retq
 .section	__DATA,__const
 .p2align	6
 _bsaes_const:
@ -2494,6 +2502,6 @@ L$M0:
 .quad	0x02060a0e03070b0f, 0x0004080c0105090d
 L$63:
 .quad	0x6363636363636363, 0x6363636363636363
 .byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
 .p2align	6
 .text	
--- a/crypto/aes/bsaes-masm-x86_64.S
+++ b/crypto/aes/bsaes-masm-x86_64.S
@ -75,6 +75,7 @@ EXTERN	asm_AES_decrypt:NEAR
 ALIGN	64
 _bsaes_encrypt8	PROC PRIVATE
 	endbr64
 	lea	r11,QWORD PTR[$L$BS0]
 	movdqa	xmm8,XMMWORD PTR[rax]
@ -547,6 +548,7 @@ _bsaes_encrypt8	ENDP
 ALIGN	64
 _bsaes_decrypt8	PROC PRIVATE
 	endbr64
 	lea	r11,QWORD PTR[$L$BS0]
 	movdqa	xmm8,XMMWORD PTR[rax]
@ -1052,6 +1054,7 @@ _bsaes_decrypt8	ENDP
 ALIGN	16
 _bsaes_key_convert	PROC PRIVATE
 	endbr64
 	lea	r11,QWORD PTR[$L$masks]
 	movdqu	xmm7,XMMWORD PTR[rcx]
 	lea	rcx,QWORD PTR[16+rcx]
@ -1136,6 +1139,7 @@ PUBLIC	bsaes_cbc_encrypt
 ALIGN	16
 bsaes_cbc_encrypt	PROC PUBLIC
 	endbr64
 	mov	r11d,DWORD PTR[48+rsp]
 	cmp	r11d,0
 	jne	asm_AES_cbc_encrypt
@ -1411,6 +1415,7 @@ PUBLIC	bsaes_ctr32_encrypt_blocks
 ALIGN	16
 bsaes_ctr32_encrypt_blocks	PROC PUBLIC
 	endbr64
 	mov	rax,rsp
 $L$ctr_enc_prologue::
 	push	rbp
@ -1634,6 +1639,7 @@ PUBLIC	bsaes_xts_encrypt
 ALIGN	16
 bsaes_xts_encrypt	PROC PUBLIC
 	endbr64
 	mov	rax,rsp
 $L$xts_enc_prologue::
 	push	rbp
@ -2111,6 +2117,7 @@ PUBLIC	bsaes_xts_decrypt
 ALIGN	16
 bsaes_xts_decrypt	PROC PUBLIC
 	endbr64
 	mov	rax,rsp
 $L$xts_dec_prologue::
 	push	rbp
@ -2609,6 +2616,8 @@ $L$xts_dec_bzero::
 $L$xts_dec_epilogue::
 	DB	0F3h,0C3h		;repret
 bsaes_xts_decrypt	ENDP
 .text$	ENDS
 .rdata	SEGMENT READONLY ALIGN(8)
 ALIGN	64
 _bsaes_const::
@ -2661,17 +2670,15 @@ $L$M0::
 	DQ	002060a0e03070b0fh,00004080c0105090dh
 $L$63::
 	DQ	06363636363636363h,06363636363636363h
 DB	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102
 DB	111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44
 DB	32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44
 DB	32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32
 DB	65,110,100,121,32,80,111,108,121,97,107,111,118,0
 ALIGN	64
 .rdata	ENDS
 .text$	SEGMENT ALIGN(64) 'CODE'
 EXTERN	__imp_RtlVirtualUnwind:NEAR
 ALIGN	16
 se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
--- a/crypto/aes/bsaes-mingw64-x86_64.S
+++ b/crypto/aes/bsaes-mingw64-x86_64.S
@ -7,6 +7,7 @@
 .def	_bsaes_encrypt8;	.scl 3;	.type 32;	.endef
 .p2align	6
 _bsaes_encrypt8:
 	endbr64
 	leaq	.LBS0(%rip),%r11
 	movdqa	(%rax),%xmm8
@ -479,6 +480,7 @@ _bsaes_encrypt8_bitslice:
 .def	_bsaes_decrypt8;	.scl 3;	.type 32;	.endef
 .p2align	6
 _bsaes_decrypt8:
 	endbr64
 	leaq	.LBS0(%rip),%r11
 	movdqa	(%rax),%xmm8
@ -984,6 +986,7 @@ _bsaes_decrypt8:
 .def	_bsaes_key_convert;	.scl 3;	.type 32;	.endef
 .p2align	4
 _bsaes_key_convert:
 	endbr64
 	leaq	.Lmasks(%rip),%r11
 	movdqu	(%rcx),%xmm7
 	leaq	16(%rcx),%rcx
@ -1068,6 +1071,7 @@ _bsaes_key_convert:
 .def	bsaes_cbc_encrypt;	.scl 2;	.type 32;	.endef
 .p2align	4
 bsaes_cbc_encrypt:
 	endbr64
 	movl	48(%rsp),%r11d
 	cmpl	$0,%r11d
 	jne	asm_AES_cbc_encrypt
@ -1343,6 +1347,7 @@ bsaes_cbc_encrypt:
 .def	bsaes_ctr32_encrypt_blocks;	.scl 2;	.type 32;	.endef
 .p2align	4
 bsaes_ctr32_encrypt_blocks:
 	endbr64
 	movq	%rsp,%rax
 .Lctr_enc_prologue:
 	pushq	%rbp
@ -1566,6 +1571,7 @@ bsaes_ctr32_encrypt_blocks:
 .def	bsaes_xts_encrypt;	.scl 2;	.type 32;	.endef
 .p2align	4
 bsaes_xts_encrypt:
 	endbr64
 	movq	%rsp,%rax
 .Lxts_enc_prologue:
 	pushq	%rbp
@ -2043,6 +2049,7 @@ bsaes_xts_encrypt:
 .def	bsaes_xts_decrypt;	.scl 2;	.type 32;	.endef
 .p2align	4
 bsaes_xts_decrypt:
 	endbr64
 	movq	%rsp,%rax
 .Lxts_dec_prologue:
 	pushq	%rbp
@ -2541,6 +2548,7 @@ bsaes_xts_decrypt:
 .Lxts_dec_epilogue:
 	retq
 .section	.rodata
 .p2align	6
 _bsaes_const:
@ -2593,13 +2601,14 @@ _bsaes_const:
 .quad	0x02060a0e03070b0f, 0x0004080c0105090d
 .L63:
 .quad	0x6363636363636363, 0x6363636363636363
 .byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
 .p2align	6
 .text	
 .def	se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
--- a/crypto/aes/vpaes-elf-x86_64.S
+++ b/crypto/aes/vpaes-elf-x86_64.S
@ -19,6 +19,7 @@
 .type	_vpaes_encrypt_core,@function
 .align	16
 _vpaes_encrypt_core:
 	endbr64
 	movq	%rdx,%r9
 	movq	$16,%r11
 	movl	240(%rdx),%eax
@ -109,6 +110,7 @@ _vpaes_encrypt_core:
 .type	_vpaes_decrypt_core,@function
 .align	16
 _vpaes_decrypt_core:
 	endbr64
 	movq	%rdx,%r9
 	movl	240(%rdx),%eax
 	movdqa	%xmm9,%xmm1
@ -216,6 +218,7 @@ _vpaes_decrypt_core:
 .type	_vpaes_schedule_core,@function
 .align	16
 _vpaes_schedule_core:
 	endbr64
@ -401,6 +404,7 @@ _vpaes_schedule_core:
 .type	_vpaes_schedule_192_smear,@function
 .align	16
 _vpaes_schedule_192_smear:
 	endbr64
 	pshufd	$128,%xmm6,%xmm0
 	pxor	%xmm0,%xmm6
 	pshufd	$254,%xmm7,%xmm0
@ -432,6 +436,7 @@ _vpaes_schedule_192_smear:
 .type	_vpaes_schedule_round,@function
 .align	16
 _vpaes_schedule_round:
 	endbr64
 	pxor	%xmm1,%xmm1
 .byte	102,65,15,58,15,200,15
@ -499,6 +504,7 @@ _vpaes_schedule_low_round:
 .type	_vpaes_schedule_transform,@function
 .align	16
 _vpaes_schedule_transform:
 	endbr64
 	movdqa	%xmm9,%xmm1
 	pandn	%xmm0,%xmm1
 	psrld	$4,%xmm1
@ -537,6 +543,7 @@ _vpaes_schedule_transform:
 .type	_vpaes_schedule_mangle,@function
 .align	16
 _vpaes_schedule_mangle:
 	endbr64
 	movdqa	%xmm0,%xmm4
 	movdqa	.Lk_mc_forward(%rip),%xmm5
 	testq	%rcx,%rcx
@ -610,6 +617,7 @@ _vpaes_schedule_mangle:
 .type	vpaes_set_encrypt_key,@function
 .align	16
 vpaes_set_encrypt_key:
 	endbr64
 	movl	%esi,%eax
 	shrl	$5,%eax
 	addl	$5,%eax
@ -626,6 +634,7 @@ vpaes_set_encrypt_key:
 .type	vpaes_set_decrypt_key,@function
 .align	16
 vpaes_set_decrypt_key:
 	endbr64
 	movl	%esi,%eax
 	shrl	$5,%eax
 	addl	$5,%eax
@ -647,6 +656,7 @@ vpaes_set_decrypt_key:
 .type	vpaes_encrypt,@function
 .align	16
 vpaes_encrypt:
 	endbr64
 	movdqu	(%rdi),%xmm0
 	call	_vpaes_preheat
 	call	_vpaes_encrypt_core
@ -658,6 +668,7 @@ vpaes_encrypt:
 .type	vpaes_decrypt,@function
 .align	16
 vpaes_decrypt:
 	endbr64
 	movdqu	(%rdi),%xmm0
 	call	_vpaes_preheat
 	call	_vpaes_decrypt_core
@ -668,6 +679,7 @@ vpaes_decrypt:
 .type	vpaes_cbc_encrypt,@function
 .align	16
 vpaes_cbc_encrypt:
 	endbr64
 	xchgq	%rcx,%rdx
 	subq	$16,%rcx
 	jc	.Lcbc_abort
@ -713,6 +725,7 @@ vpaes_cbc_encrypt:
 .type	_vpaes_preheat,@function
 .align	16
 _vpaes_preheat:
 	endbr64
 	leaq	.Lk_s0F(%rip),%r10
 	movdqa	-32(%r10),%xmm10
 	movdqa	-16(%r10),%xmm11
@ -728,6 +741,7 @@ _vpaes_preheat:
 .section	.rodata
 .type	_vpaes_consts,@object
 .align	64
 _vpaes_consts:
@ -824,9 +838,9 @@ _vpaes_consts:
 .Lk_dsbo:
 .quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
 .quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
 .byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
 .align	64
 .size	_vpaes_consts,.-_vpaes_consts
 .text	
 #if defined(HAVE_GNU_STACK)
 .section .note.GNU-stack,"",%progbits
 #endif
--- a/crypto/aes/vpaes-macosx-x86_64.S
+++ b/crypto/aes/vpaes-macosx-x86_64.S
@ -19,6 +19,7 @@
 .p2align	4
 _vpaes_encrypt_core:
 	movq	%rdx,%r9
 	movq	$16,%r11
 	movl	240(%rdx),%eax
@ -109,6 +110,7 @@ L$enc_entry:
 .p2align	4
 _vpaes_decrypt_core:
 	movq	%rdx,%r9
 	movl	240(%rdx),%eax
 	movdqa	%xmm9,%xmm1
@ -221,6 +223,7 @@ _vpaes_schedule_core:
 	call	_vpaes_preheat		
 	movdqa	L$k_rcon(%rip),%xmm8
 	movdqu	(%rdi),%xmm0
@ -401,6 +404,7 @@ L$schedule_mangle_last_dec:
 .p2align	4
 _vpaes_schedule_192_smear:
 	pshufd	$128,%xmm6,%xmm0
 	pxor	%xmm0,%xmm6
 	pshufd	$254,%xmm7,%xmm0
@ -433,6 +437,7 @@ _vpaes_schedule_192_smear:
 .p2align	4
 _vpaes_schedule_round:
 	pxor	%xmm1,%xmm1
 .byte	102,65,15,58,15,200,15
 .byte	102,69,15,58,15,192,15
@ -499,6 +504,7 @@ _vpaes_schedule_low_round:
 .p2align	4
 _vpaes_schedule_transform:
 	movdqa	%xmm9,%xmm1
 	pandn	%xmm0,%xmm1
 	psrld	$4,%xmm1
@ -537,6 +543,7 @@ _vpaes_schedule_transform:
 .p2align	4
 _vpaes_schedule_mangle:
 	movdqa	%xmm0,%xmm4
 	movdqa	L$k_mc_forward(%rip),%xmm5
 	testq	%rcx,%rcx
@ -610,6 +617,7 @@ L$schedule_mangle_both:
 .p2align	4
 _vpaes_set_encrypt_key:
 	movl	%esi,%eax
 	shrl	$5,%eax
 	addl	$5,%eax
@ -626,6 +634,7 @@ _vpaes_set_encrypt_key:
 .p2align	4
 _vpaes_set_decrypt_key:
 	movl	%esi,%eax
 	shrl	$5,%eax
 	addl	$5,%eax
@ -647,6 +656,7 @@ _vpaes_set_decrypt_key:
 .p2align	4
 _vpaes_encrypt:
 	movdqu	(%rdi),%xmm0
 	call	_vpaes_preheat
 	call	_vpaes_encrypt_core
@ -658,6 +668,7 @@ _vpaes_encrypt:
 .p2align	4
 _vpaes_decrypt:
 	movdqu	(%rdi),%xmm0
 	call	_vpaes_preheat
 	call	_vpaes_decrypt_core
@ -668,6 +679,7 @@ _vpaes_decrypt:
 .p2align	4
 _vpaes_cbc_encrypt:
 	xchgq	%rcx,%rdx
 	subq	$16,%rcx
 	jc	L$cbc_abort
@ -713,6 +725,7 @@ L$cbc_abort:
 .p2align	4
 _vpaes_preheat:
 	leaq	L$k_s0F(%rip),%r10
 	movdqa	-32(%r10),%xmm10
 	movdqa	-16(%r10),%xmm11
@ -728,6 +741,7 @@ _vpaes_preheat:
 .section	__DATA,__const
 .p2align	6
 _vpaes_consts:
@ -824,6 +838,6 @@ L$k_dsbe:
 L$k_dsbo:
 .quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
 .quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
 .byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
 .p2align	6
 .text	
--- a/crypto/aes/vpaes-masm-x86_64.S
+++ b/crypto/aes/vpaes-masm-x86_64.S
@ -87,6 +87,7 @@ OPTION	DOTNAME
 ALIGN	16
 _vpaes_encrypt_core	PROC PRIVATE
 	endbr64
 	mov	r9,rdx
 	mov	r11,16
 	mov	eax,DWORD PTR[240+rdx]
@ -177,6 +178,7 @@ _vpaes_encrypt_core	ENDP
 ALIGN	16
 _vpaes_decrypt_core	PROC PRIVATE
 	endbr64
 	mov	r9,rdx
 	mov	eax,DWORD PTR[240+rdx]
 	movdqa	xmm1,xmm9
@ -284,6 +286,7 @@ _vpaes_decrypt_core	ENDP
 ALIGN	16
 _vpaes_schedule_core	PROC PRIVATE
 	endbr64
@ -469,6 +472,7 @@ _vpaes_schedule_core	ENDP
 ALIGN	16
 _vpaes_schedule_192_smear	PROC PRIVATE
 	endbr64
 	pshufd	xmm0,xmm6,080h
 	pxor	xmm6,xmm0
 	pshufd	xmm0,xmm7,0FEh
@ -500,6 +504,7 @@ _vpaes_schedule_192_smear	ENDP
 ALIGN	16
 _vpaes_schedule_round	PROC PRIVATE
 	endbr64
 	pxor	xmm1,xmm1
 DB	102,65,15,58,15,200,15
@ -567,6 +572,7 @@ _vpaes_schedule_round	ENDP
 ALIGN	16
 _vpaes_schedule_transform	PROC PRIVATE
 	endbr64
 	movdqa	xmm1,xmm9
 	pandn	xmm1,xmm0
 	psrld	xmm1,4
@ -605,6 +611,7 @@ _vpaes_schedule_transform	ENDP
 ALIGN	16
 _vpaes_schedule_mangle	PROC PRIVATE
 	endbr64
 	movdqa	xmm4,xmm0
 	movdqa	xmm5,XMMWORD PTR[$L$k_mc_forward]
 	test	rcx,rcx
@ -687,6 +694,7 @@ $L$SEH_begin_vpaes_set_encrypt_key::
 	mov	rdx,r8
 	endbr64
 	lea	rsp,QWORD PTR[((-184))+rsp]
 	movaps	XMMWORD PTR[16+rsp],xmm6
 	movaps	XMMWORD PTR[32+rsp],xmm7
@ -739,6 +747,7 @@ $L$SEH_begin_vpaes_set_decrypt_key::
 	mov	rdx,r8
 	endbr64
 	lea	rsp,QWORD PTR[((-184))+rsp]
 	movaps	XMMWORD PTR[16+rsp],xmm6
 	movaps	XMMWORD PTR[32+rsp],xmm7
@ -796,6 +805,7 @@ $L$SEH_begin_vpaes_encrypt::
 	mov	rdx,r8
 	endbr64
 	lea	rsp,QWORD PTR[((-184))+rsp]
 	movaps	XMMWORD PTR[16+rsp],xmm6
 	movaps	XMMWORD PTR[32+rsp],xmm7
@ -843,6 +853,7 @@ $L$SEH_begin_vpaes_decrypt::
 	mov	rdx,r8
 	endbr64
 	lea	rsp,QWORD PTR[((-184))+rsp]
 	movaps	XMMWORD PTR[16+rsp],xmm6
 	movaps	XMMWORD PTR[32+rsp],xmm7
@ -892,6 +903,7 @@ $L$SEH_begin_vpaes_cbc_encrypt::
 	mov	r9,QWORD PTR[48+rsp]
 	endbr64
 	xchg	rdx,rcx
 	sub	rcx,16
 	jc	$L$cbc_abort
@ -964,6 +976,7 @@ vpaes_cbc_encrypt	ENDP
 ALIGN	16
 _vpaes_preheat	PROC PRIVATE
 	endbr64
 	lea	r10,QWORD PTR[$L$k_s0F]
 	movdqa	xmm10,XMMWORD PTR[((-32))+r10]
 	movdqa	xmm11,XMMWORD PTR[((-16))+r10]
@ -979,6 +992,8 @@ _vpaes_preheat	ENDP
 .text$	ENDS
 .rdata	SEGMENT READONLY ALIGN(8)
 ALIGN	64
 _vpaes_consts::
@ -1075,17 +1090,15 @@ $L$k_dsbe::
 $L$k_dsbo::
 	DQ	01387EA537EF94000h,0C7AA6DB9D4943E2Dh
 	DQ	012D7560F93441D00h,0CA4B8159D8C58E9Ch
 DB	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105
 DB	111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54
 DB	52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97
 DB	109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32
 DB	85,110,105,118,101,114,115,105,116,121,41,0
 ALIGN	64
 .rdata	ENDS
 .text$	SEGMENT ALIGN(64) 'CODE'
 EXTERN	__imp_RtlVirtualUnwind:NEAR
 ALIGN	16
 se_handler	PROC PRIVATE
 	endbr64
 	push	rsi
 	push	rdi
 	push	rbx
--- a/crypto/aes/vpaes-mingw64-x86_64.S
+++ b/crypto/aes/vpaes-mingw64-x86_64.S
@ -19,6 +19,7 @@
 .def	_vpaes_encrypt_core;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_encrypt_core:
 	endbr64
 	movq	%rdx,%r9
 	movq	$16,%r11
 	movl	240(%rdx),%eax
@ -109,6 +110,7 @@ _vpaes_encrypt_core:
 .def	_vpaes_decrypt_core;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_decrypt_core:
 	endbr64
 	movq	%rdx,%r9
 	movl	240(%rdx),%eax
 	movdqa	%xmm9,%xmm1
@ -216,6 +218,7 @@ _vpaes_decrypt_core:
 .def	_vpaes_schedule_core;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_schedule_core:
 	endbr64
@ -401,6 +404,7 @@ _vpaes_schedule_core:
 .def	_vpaes_schedule_192_smear;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_schedule_192_smear:
 	endbr64
 	pshufd	$128,%xmm6,%xmm0
 	pxor	%xmm0,%xmm6
 	pshufd	$254,%xmm7,%xmm0
@ -432,6 +436,7 @@ _vpaes_schedule_192_smear:
 .def	_vpaes_schedule_round;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_schedule_round:
 	endbr64
 	pxor	%xmm1,%xmm1
 .byte	102,65,15,58,15,200,15
@ -499,6 +504,7 @@ _vpaes_schedule_low_round:
 .def	_vpaes_schedule_transform;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_schedule_transform:
 	endbr64
 	movdqa	%xmm9,%xmm1
 	pandn	%xmm0,%xmm1
 	psrld	$4,%xmm1
@ -537,6 +543,7 @@ _vpaes_schedule_transform:
 .def	_vpaes_schedule_mangle;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_schedule_mangle:
 	endbr64
 	movdqa	%xmm0,%xmm4
 	movdqa	.Lk_mc_forward(%rip),%xmm5
 	testq	%rcx,%rcx
@ -618,6 +625,7 @@ vpaes_set_encrypt_key:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	leaq	-184(%rsp),%rsp
 	movaps	%xmm6,16(%rsp)
 	movaps	%xmm7,32(%rsp)
@ -668,6 +676,7 @@ vpaes_set_decrypt_key:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	leaq	-184(%rsp),%rsp
 	movaps	%xmm6,16(%rsp)
 	movaps	%xmm7,32(%rsp)
@ -723,6 +732,7 @@ vpaes_encrypt:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	leaq	-184(%rsp),%rsp
 	movaps	%xmm6,16(%rsp)
 	movaps	%xmm7,32(%rsp)
@ -768,6 +778,7 @@ vpaes_decrypt:
 	movq	%rdx,%rsi
 	movq	%r8,%rdx
 	endbr64
 	leaq	-184(%rsp),%rsp
 	movaps	%xmm6,16(%rsp)
 	movaps	%xmm7,32(%rsp)
@ -815,6 +826,7 @@ vpaes_cbc_encrypt:
 	movq	40(%rsp),%r8
 	movq	48(%rsp),%r9
 	endbr64
 	xchgq	%rcx,%rdx
 	subq	$16,%rcx
 	jc	.Lcbc_abort
@ -886,6 +898,7 @@ vpaes_cbc_encrypt:
 .def	_vpaes_preheat;	.scl 3;	.type 32;	.endef
 .p2align	4
 _vpaes_preheat:
 	endbr64
 	leaq	.Lk_s0F(%rip),%r10
 	movdqa	-32(%r10),%xmm10
 	movdqa	-16(%r10),%xmm11
@ -901,6 +914,7 @@ _vpaes_preheat:
 .section	.rodata
 .p2align	6
 _vpaes_consts:
@ -997,13 +1011,14 @@ _vpaes_consts:
 .Lk_dsbo:
 .quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
 .quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
 .byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
 .p2align	6
 .text	
 .def	se_handler;	.scl 3;	.type 32;	.endef
 .p2align	4
 se_handler:
 	endbr64
 	pushq	%rsi
 	pushq	%rdi
 	pushq	%rbx
--- a/crypto/armv4cpuid.S
+++ b/crypto/armv4cpuid.S
@ -9,43 +9,6 @@
 #undef	__thumb2__
 #endif
 .align	5
 .globl	OPENSSL_atomic_add
 .type	OPENSSL_atomic_add,%function
 OPENSSL_atomic_add:
 #if __ARM_ARCH__>=6
 .Ladd:	ldrex	r2,[r0]
 	add	r3,r2,r1
 	strex	r2,r3,[r0]
 	cmp	r2,#0
 	bne	.Ladd
 	mov	r0,r3
 	bx	lr
 #else
 	stmdb	sp!,{r4,r5,r6,lr}
 	ldr	r2,.Lspinlock
 	adr	r3,.Lspinlock
 	mov	r4,r0
 	mov	r5,r1
 	add	r6,r3,r2	@ &spinlock
 	b	.+8
 .Lspin:	bl	sched_yield
 	mov	r0,#-1
 	swp	r0,r0,[r6]
 	cmp	r0,#0
 	bne	.Lspin
 	ldr	r2,[r4]
 	add	r2,r2,r5
 	str	r2,[r4]
 	str	r0,[r6]		@ release spinlock
 	ldmia	sp!,{r4,r5,r6,lr}
 	tst	lr,#1
 	moveq	pc,lr
 .word	0xe12fff1e	@ bx	lr
 #endif
 .size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
 #if __ARM_ARCH__>=7
 .arch	armv7-a
 .fpu	neon
@ -102,64 +65,5 @@ _armv8_pmull_probe:
 .size	_armv8_pmull_probe,.-_armv8_pmull_probe
 #endif
 .globl	OPENSSL_wipe_cpu
 .type	OPENSSL_wipe_cpu,%function
 OPENSSL_wipe_cpu:
 #if __ARM_ARCH__>=7
 	ldr	r0,.LOPENSSL_armcap
 	adr	r1,.LOPENSSL_armcap
 	ldr	r0,[r1,r0]
 #ifdef	__APPLE__
 	ldr	r0,[r0]
 #endif
 #endif
 	eor	r2,r2,r2
 	eor	r3,r3,r3
 	eor	ip,ip,ip
 #if __ARM_ARCH__>=7
 	tst	r0,#1
 	beq	.Lwipe_done
 	veor	q0, q0, q0
 	veor	q1, q1, q1
 	veor	q2, q2, q2
 	veor	q3, q3, q3
 	veor	q8, q8, q8
 	veor	q9, q9, q9
 	veor	q10, q10, q10
 	veor	q11, q11, q11
 	veor	q12, q12, q12
 	veor	q13, q13, q13
 	veor	q14, q14, q14
 	veor	q15, q15, q15
 .Lwipe_done:
 #endif
 	mov	r0,sp
 #if __ARM_ARCH__>=5
 	bx	lr
 #else
 	tst	lr,#1
 	moveq	pc,lr
 .word	0xe12fff1e	@ bx	lr
 #endif
 .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 .align	5
 #if __ARM_ARCH__>=7
 .LOPENSSL_armcap:
 .word	OPENSSL_armcap_P-.
 #endif
 #if __ARM_ARCH__>=6
 .align	5
 #else
 .Lspinlock:
 .word	atomic_add_spinlock-.Lspinlock
 .align	5
 .data
 .align	2
 atomic_add_spinlock:
 .word	0
 #endif
 .comm	OPENSSL_armcap_P,4,4
 .hidden	OPENSSL_armcap_P
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_bitstr.c,v 1.33 2021/12/25 08:52:44 jsing Exp $ */
+/* $OpenBSD: a_bitstr.c,v 1.38 2023/01/13 14:46:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -56,6 +56,7 @@
 * [including the GNU Public Licence.]
 */
 #include <limits.h>
 #include <stdio.h>
 #include <string.h>
@ -65,6 +66,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 #include "bytestring.h"
 const ASN1_ITEM ASN1_BIT_STRING_it = {
 	.itype = ASN1_ITYPE_PRIMITIVE,
 	.utype = V_ASN1_BIT_STRING,
@ -83,6 +86,25 @@ ASN1_BIT_STRING_free(ASN1_BIT_STRING *a)
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it);
 }
 static void
 asn1_abs_clear_unused_bits(ASN1_BIT_STRING *abs)
 {
 	abs->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
 }
 int
 asn1_abs_set_unused_bits(ASN1_BIT_STRING *abs, uint8_t unused_bits)
 {
 	if (unused_bits > 7)
 		return 0;
 	asn1_abs_clear_unused_bits(abs);
 	abs->flags |= ASN1_STRING_FLAG_BITS_LEFT | unused_bits;
 	return 1;
 }
 int
 ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 {
@ -104,7 +126,7 @@ ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	if (a == NULL)
 		return 0;
-	a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
+	asn1_abs_clear_unused_bits(a);
 	if ((a->length < (w + 1)) || (a->data == NULL)) {
 		if (!value)
@ -219,17 +241,27 @@ i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	if (a == NULL)
 		return (0);
 	if (a->length == INT_MAX)
 		return (0);
 	ret = a->length + 1;
 	if (pp == NULL)
 		return (ret);
 	len = a->length;
 	if (len > 0) {
 		if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
 			bits = (int)a->flags & 0x07;
 		} else {
 			j = 0;
 			for (; len > 0; len--) {
 				if (a->data[len - 1])
 					break;
 			}
-			j = a->data[len - 1];
+			if (len > 0)
 				j = a->data[len - 1];
 			if (j & 0x01)
 				bits = 0;
 			else if (j & 0x02)
@ -252,10 +284,6 @@ i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	} else
 		bits = 0;
 	ret = 1 + len;
 	if (pp == NULL)
 		return (ret);
 	p= *pp;
 	*(p++) = (unsigned char)bits;
@ -269,68 +297,90 @@ i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	return (ret);
 }
-ASN1_BIT_STRING *
+int
-c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **pp, long len)
+c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs)
 {
-	ASN1_BIT_STRING *ret = NULL;
+	ASN1_BIT_STRING *abs = NULL;
-	const unsigned char *p;
+	uint8_t *data = NULL;
-	unsigned char *s;
+	size_t data_len = 0;
-	int i;
+	uint8_t unused_bits;
 	int ret = 0;
-	if (len < 1) {
+	if (out_abs == NULL)
 		goto err;
 	if (*out_abs != NULL) {
 		ASN1_BIT_STRING_free(*out_abs);
 		*out_abs = NULL;
 	}
 	if (!CBS_get_u8(cbs, &unused_bits)) {
 		ASN1error(ASN1_R_STRING_TOO_SHORT);
 		goto err;
 	}
-	if (a == NULL || *a == NULL) {
+	if (!CBS_stow(cbs, &data, &data_len))
 		if ((ret = ASN1_BIT_STRING_new()) == NULL)
 			return (NULL);
 	} else
 		ret = *a;
 	p = *pp;
 	i = *(p++);
 	if (i > 7) {
 		ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
 		goto err;
-	}
+	if (data_len > INT_MAX)
 		goto err;
 	if ((abs = ASN1_BIT_STRING_new()) == NULL)
 		goto err;
 	abs->data = data;
 	abs->length = (int)data_len;
 	data = NULL;
 	/*
 	 * We do this to preserve the settings. If we modify the settings,
 	 * via the _set_bit function, we will recalculate on output.
 	 */
-	ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
+	if (!asn1_abs_set_unused_bits(abs, unused_bits)) {
-	ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
+		ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
 		goto err;
 	}
 	if (abs->length > 0)
 		abs->data[abs->length - 1] &= 0xff << unused_bits;
-	/* using one because of the bits left byte */
+	*out_abs = abs;
-	if (len-- > 1) {
+	abs = NULL;
 		if ((s = malloc(len)) == NULL) {
 			ASN1error(ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
 		memcpy(s, p, len);
 		s[len - 1] &= (0xff << i);
 		p += len;
 	} else
 		s = NULL;
-	free(ret->data);
+	ret = 1;
 	ret->data = s;
 	ret->length = (int)len;
 	ret->type = V_ASN1_BIT_STRING;
 	if (a != NULL)
 		*a = ret;
 	*pp = p;
 	return (ret);
 err:
-	if (a == NULL || *a != ret)
+	ASN1_BIT_STRING_free(abs);
-		ASN1_BIT_STRING_free(ret);
+	freezero(data, data_len);
-	return (NULL);
+	return ret;
 }
 ASN1_BIT_STRING *
 c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out_abs, const unsigned char **pp, long len)
 {
 	ASN1_BIT_STRING *abs = NULL;
 	CBS content;
 	if (out_abs != NULL) {
 		ASN1_BIT_STRING_free(*out_abs);
 		*out_abs = NULL;
 	}
 	if (len < 0) {
 		ASN1error(ASN1_R_LENGTH_ERROR);
 		return NULL;
 	}
 	CBS_init(&content, *pp, len);
 	if (!c2i_ASN1_BIT_STRING_cbs(&abs, &content))
 		return NULL;
 	*pp = CBS_data(&content);
 	if (out_abs != NULL)
 		*out_abs = abs;
 	return abs;
 }
 int
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_enum.c,v 1.23 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: a_enum.c,v 1.28 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -57,7 +57,7 @@
 */
 #include <limits.h>
-#include <stdio.h>
+#include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
@ -65,6 +65,9 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 #include "asn1_local.h"
 #include "bytestring.h"
 /*
 * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
 * for comments on encoding see a_int.c
@ -82,6 +85,16 @@ ASN1_ENUMERATED_new(void)
 	return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it);
 }
 static void
 asn1_aenum_clear(ASN1_ENUMERATED *aenum)
 {
 	freezero(aenum->data, aenum->length);
 	memset(aenum, 0, sizeof(*aenum));
 	aenum->type = V_ASN1_ENUMERATED;
 }
 void
 ASN1_ENUMERATED_free(ASN1_ENUMERATED *a)
 {
@ -89,73 +102,65 @@ ASN1_ENUMERATED_free(ASN1_ENUMERATED *a)
 }
 int
-ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum)
 {
-	int j, k;
+	CBS cbs;
 	unsigned int i;
 	unsigned char buf[sizeof(long) + 1];
 	long d;
-	a->type = V_ASN1_ENUMERATED;
+	*out_val = 0;
-	if (a->length < (int)(sizeof(long) + 1)) {
+
-		free(a->data);
+	if (aenum == NULL || aenum->length < 0)
-		a->data = calloc(1, sizeof(long) + 1);
+		return 0;
-	}
+
-	if (a->data == NULL) {
+	if (aenum->type != V_ASN1_ENUMERATED &&
-		ASN1error(ERR_R_MALLOC_FAILURE);
+	    aenum->type != V_ASN1_NEG_ENUMERATED) {
-		return (0);
+		ASN1error(ASN1_R_WRONG_INTEGER_TYPE);
-	}
+		return 0;
 	d = v;
 	if (d < 0) {
 		d = -d;
 		a->type = V_ASN1_NEG_ENUMERATED;
 	}
-	for (i = 0; i < sizeof(long); i++) {
+	CBS_init(&cbs, aenum->data, aenum->length);
-		if (d == 0)
+
-			break;
+	return asn1_aint_get_int64(&cbs, (aenum->type == V_ASN1_NEG_ENUMERATED),
-		buf[i] = (int)d & 0xff;
+	    out_val);
-		d >>= 8;
+}
 int
 ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val)
 {
 	uint64_t uval;
 	asn1_aenum_clear(aenum);
 	uval = (uint64_t)val;
 	if (val < 0) {
 		aenum->type = V_ASN1_NEG_ENUMERATED;
 		uval = -uval;
 	}
-	j = 0;
+
-	for (k = i - 1; k >= 0; k--)
+	return asn1_aint_set_uint64(uval, &aenum->data, &aenum->length);
 		a->data[j++] = buf[k];
 	a->length = j;
 	return (1);
 }
 long
-ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
+ASN1_ENUMERATED_get(const ASN1_ENUMERATED *aenum)
 {
-	int neg = 0, i;
+	int64_t val;
 	unsigned long r = 0;
-	if (a == NULL)
+	if (aenum == NULL)
 		return (0L);
 	i = a->type;
 	if (i == V_ASN1_NEG_ENUMERATED)
 		neg = 1;
 	else if (i != V_ASN1_ENUMERATED)
 		return -1;
 	if (a->length > (int)sizeof(long)) {
 		/* hmm... a bit ugly */
 		return -1;
 	}
 	if (a->data == NULL)
 		return 0;
-
+	if (!ASN1_ENUMERATED_get_int64(&val, aenum))
-	for (i = 0; i < a->length; i++) {
+		return -1;
-		r <<= 8;
+	if (val < LONG_MIN || val > LONG_MAX) {
-		r |= (unsigned char)a->data[i];
+		/* hmm... a bit ugly, return all ones */
 		return -1;
 	}
-	if (r > LONG_MAX)
+	return (long)val;
-		return -1;
+}
-	if (neg)
+int
-		return -(long)r;
+ASN1_ENUMERATED_set(ASN1_ENUMERATED *aenum, long val)
-	return (long)r;
+{
 	return ASN1_ENUMERATED_set_int64(aenum, val);
 }
 ASN1_ENUMERATED *
@ -340,6 +345,28 @@ a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
 	return (ret);
 }
 int
 c2i_ASN1_ENUMERATED_cbs(ASN1_ENUMERATED **out_aenum, CBS *cbs)
 {
 	ASN1_ENUMERATED *aenum = NULL;
 	if (out_aenum == NULL)
 		return 0;
 	if (*out_aenum != NULL) {
 		ASN1_INTEGER_free(*out_aenum);
 		*out_aenum = NULL;
 	}
 	if (!c2i_ASN1_INTEGER_cbs((ASN1_INTEGER **)&aenum, cbs))
 		return 0;
 	aenum->type = V_ASN1_ENUMERATED | (aenum->type & V_ASN1_NEG);
 	*out_aenum = aenum;
 	return 1;
 }
 int
 i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out)
 {
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_int.c,v 1.38 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: a_int.c,v 1.46 2022/08/28 17:49:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -66,6 +66,8 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 #include "bytestring.h"
 const ASN1_ITEM ASN1_INTEGER_it = {
 	.itype = ASN1_ITYPE_PRIMITIVE,
 	.utype = V_ASN1_INTEGER,
@ -78,6 +80,16 @@ ASN1_INTEGER_new(void)
 	return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it);
 }
 static void
 asn1_aint_clear(ASN1_INTEGER *aint)
 {
 	freezero(aint->data, aint->length);
 	memset(aint, 0, sizeof(*aint));
 	aint->type = V_ASN1_INTEGER;
 }
 void
 ASN1_INTEGER_free(ASN1_INTEGER *a)
 {
@ -100,105 +112,211 @@ ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 }
 int
-ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
+ASN1_INTEGER_cmp(const ASN1_INTEGER *a, const ASN1_INTEGER *b)
 {
-	int neg, ret;
+	int ret = 1;
-	/* Compare signs */
+	/* Compare sign, then content. */
-	neg = x->type & V_ASN1_NEG;
+	if ((a->type & V_ASN1_NEG) == (b->type & V_ASN1_NEG))
-	if (neg != (y->type & V_ASN1_NEG)) {
+		ret = ASN1_STRING_cmp(a, b);
 		if (neg)
 			return -1;
 		else
 			return 1;
 	}
-	ret = ASN1_STRING_cmp(x, y);
+	if ((a->type & V_ASN1_NEG) != 0)
 	if (neg)
 		return -ret;
-	else
+
-		return ret;
+	return ret;
 }
 int
-ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+asn1_aint_get_uint64(CBS *cbs, uint64_t *out_val)
 {
-	int j, k;
+	uint64_t val = 0;
-	unsigned int i;
+	uint8_t u8;
 	unsigned char buf[sizeof(long) + 1];
 	long d;
-	a->type = V_ASN1_INTEGER;
+	*out_val = 0;
-	/* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */
+
-	if (a->length < (int)(sizeof(long) + 1)) {
+	while (CBS_len(cbs) > 0) {
-		free(a->data);
+		if (!CBS_get_u8(cbs, &u8))
-		a->data = calloc(1, sizeof(long) + 1);
+			return 0;
-	}
+		if (val > (UINT64_MAX >> 8)) {
-	if (a->data == NULL) {
+			ASN1error(ASN1_R_TOO_LARGE);
-		ASN1error(ERR_R_MALLOC_FAILURE);
+			return 0;
-		return (0);
+		}
-	}
+		val = val << 8 | u8;
 	d = v;
 	if (d < 0) {
 		d = -d;
 		a->type = V_ASN1_NEG_INTEGER;
 	}
-	for (i = 0; i < sizeof(long); i++) {
+	*out_val = val;
-		if (d == 0)
+
-			break;
+	return 1;
 		buf[i] = (int)d & 0xff;
 		d >>= 8;
 	}
 	j = 0;
 	for (k = i - 1; k >= 0; k--)
 		a->data[j++] = buf[k];
 	a->length = j;
 	return (1);
 }
-/*
+int
- * XXX this particular API is a gibbering eidrich horror that makes it
+asn1_aint_set_uint64(uint64_t val, uint8_t **out_data, int *out_len)
 * impossible to determine valid return cases from errors.. "a bit
 * ugly" is preserved for posterity, unfortunately this is probably
 * unfixable without changing public API
 */
 long
 ASN1_INTEGER_get(const ASN1_INTEGER *a)
 {
-	int neg = 0, i;
+	uint8_t *data = NULL;
-	unsigned long r = 0;
+	size_t data_len = 0;
 	int started = 0;
 	uint8_t u8;
 	CBB cbb;
 	int i;
 	int ret = 0;
-	if (a == NULL)
+	if (!CBB_init(&cbb, sizeof(long)))
-		return (0L);
+		goto err;
-	i = a->type;
+
-	if (i == V_ASN1_NEG_INTEGER)
+	if (out_data == NULL || out_len == NULL)
-		neg = 1;
+		goto err;
-	else if (i != V_ASN1_INTEGER)
+	if (*out_data != NULL || *out_len != 0)
 		goto err;
 	for (i = sizeof(uint64_t) - 1; i >= 0; i--) {
 		u8 = (val >> (i * 8)) & 0xff;
 		if (!started && i != 0 && u8 == 0)
 			continue;
 		if (!CBB_add_u8(&cbb, u8))
 			goto err;
 		started = 1;
 	}
 	if (!CBB_finish(&cbb, &data, &data_len))
 		goto err;
 	if (data_len > INT_MAX)
 		goto err;
 	*out_data = data;
 	*out_len = (int)data_len;
 	data = NULL;
 	ret = 1;
 err:
 	CBB_cleanup(&cbb);
 	freezero(data, data_len);
 	return ret;
 }
 int
 asn1_aint_get_int64(CBS *cbs, int negative, int64_t *out_val)
 {
 	uint64_t val;
 	if (!asn1_aint_get_uint64(cbs, &val))
 		return 0;
 	if (negative) {
 		if (val > (uint64_t)INT64_MIN) {
 			ASN1error(ASN1_R_TOO_SMALL);
 			return 0;
 		}
 		*out_val = (int64_t)-val;
 	} else {
 		if (val > (uint64_t)INT64_MAX) {
 			ASN1error(ASN1_R_TOO_LARGE);
 			return 0;
 		}
 		*out_val = (int64_t)val;
 	}
 	return 1;
 }
 int
 ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint)
 {
 	uint64_t val;
 	CBS cbs;
 	*out_val = 0;
 	if (aint == NULL || aint->length < 0)
 		return 0;
 	if (aint->type == V_ASN1_NEG_INTEGER) {
 		ASN1error(ASN1_R_ILLEGAL_NEGATIVE_VALUE);
 		return 0;
 	}
 	if (aint->type != V_ASN1_INTEGER) {
 		ASN1error(ASN1_R_WRONG_INTEGER_TYPE);
 		return 0;
 	}
 	CBS_init(&cbs, aint->data, aint->length);
 	if (!asn1_aint_get_uint64(&cbs, &val))
 		return 0;
 	*out_val = val;
 	return 1;
 }
 int
 ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val)
 {
 	asn1_aint_clear(aint);
 	return asn1_aint_set_uint64(val, &aint->data, &aint->length);
 }
 int
 ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint)
 {
 	CBS cbs;
 	*out_val = 0;
 	if (aint == NULL || aint->length < 0)
 		return 0;
 	if (aint->type != V_ASN1_INTEGER &&
 	    aint->type != V_ASN1_NEG_INTEGER) {
 		ASN1error(ASN1_R_WRONG_INTEGER_TYPE);
 		return 0;
 	}
 	CBS_init(&cbs, aint->data, aint->length);
 	return asn1_aint_get_int64(&cbs, (aint->type == V_ASN1_NEG_INTEGER),
 	    out_val);
 }
 int
 ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val)
 {
 	uint64_t uval;
 	asn1_aint_clear(aint);
 	uval = (uint64_t)val;
 	if (val < 0) {
 		aint->type = V_ASN1_NEG_INTEGER;
 		uval = -uval;
 	}
 	return asn1_aint_set_uint64(uval, &aint->data, &aint->length);
 }
 long
 ASN1_INTEGER_get(const ASN1_INTEGER *aint)
 {
 	int64_t val;
 	if (aint == NULL)
 		return 0;
 	if (!ASN1_INTEGER_get_int64(&val, aint))
 		return -1;
-
+	if (val < LONG_MIN || val > LONG_MAX) {
 	if (!ASN1_INTEGER_valid(a))
 		return -1; /* XXX best effort */
 	if (a->length > (int)sizeof(long)) {
 		/* hmm... a bit ugly, return all ones */
 		return -1;
 	}
 	if (a->data == NULL)
 		return 0;
-	for (i = 0; i < a->length; i++) {
+	return (long)val;
-		r <<= 8;
+}
 		r |= (unsigned char)a->data[i];
 	}
-	if (r > LONG_MAX)
+int
-		return -1;
+ASN1_INTEGER_set(ASN1_INTEGER *aint, long val)
-
+{
-	if (neg)
+	return ASN1_INTEGER_set_int64(aint, val);
 		return -(long)r;
 	return (long)r;
 }
 ASN1_INTEGER *
@ -392,198 +510,246 @@ a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
 	return (ret);
 }
-/*
+static void
- * This converts an ASN1 INTEGER into its content encoding.
+asn1_aint_twos_complement(uint8_t *data, size_t data_len)
 * The internal representation is an ASN1_STRING whose data is a big endian
 * representation of the value, ignoring the sign. The sign is determined by
 * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
 *
 * Positive integers are no problem: they are almost the same as the DER
 * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
 *
 * Negative integers are a bit trickier...
 * The DER representation of negative integers is in 2s complement form.
 * The internal form is converted by complementing each octet and finally
 * adding one to the result. This can be done less messily with a little trick.
 * If the internal form has trailing zeroes then they will become FF by the
 * complement and 0 by the add one (due to carry) so just copy as many trailing
 * zeros to the destination as there are in the source. The carry will add one
 * to the last none zero octet: so complement this octet and add one and finally
 * complement any left over until you get to the start of the string.
 *
 * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
 * with 0xff. However if the first byte is 0x80 and one of the following bytes
 * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
 * followed by optional zeros isn't padded.
 */
 int
 i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 {
-	int pad = 0, ret, i, neg;
+	uint8_t carry = 1;
-	unsigned char *p, *n, pb = 0;
+	ssize_t i;
-	if (!ASN1_INTEGER_valid(a))
+	for (i = data_len - 1; i >= 0; i--) {
-		return 0;
+		data[i] = (data[i] ^ 0xff) + carry;
-
+		if (data[i] != 0)
-	neg = a->type & V_ASN1_NEG;
+			carry = 0;
 	if (a->length == 0)
 		ret = 1;
 	else {
 		ret = a->length;
 		i = a->data[0];
 		if (!neg && (i > 127)) {
 			pad = 1;
 			pb = 0;
 		} else if (neg) {
 			if (i > 128) {
 				pad = 1;
 				pb = 0xFF;
 			} else if (i == 128) {
 				/*
 				 * Special case: if any other bytes non zero we pad:
 				 * otherwise we don't.
 				 */
 				for (i = 1; i < a->length; i++) if (a->data[i]) {
 					pad = 1;
 					pb = 0xFF;
 					break;
 				}
 			}
 		}
 		ret += pad;
 	}
 	if (pp == NULL)
 		return (ret);
 	p= *pp;
 	if (pad)
 		*(p++) = pb;
 	if (a->length == 0)
 		*(p++) = 0;
 	else if (!neg)
 		memcpy(p, a->data, a->length);
 	else {
 		/* Begin at the end of the encoding */
 		n = a->data + a->length - 1;
 		p += a->length - 1;
 		i = a->length;
 		/* Copy zeros to destination as long as source is zero */
 		while (!*n) {
 			*(p--) = 0;
 			n--;
 			i--;
 		}
 		/* Complement and increment next octet */
 		*(p--) = ((*(n--)) ^ 0xff) + 1;
 		i--;
 		/* Complement any octets left */
 		for (; i > 0; i--)
 			*(p--) = *(n--) ^ 0xff;
 	}
 	*pp += ret;
 	return (ret);
 }
-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+static int
-
+asn1_aint_keep_twos_padding(const uint8_t *data, size_t data_len)
 ASN1_INTEGER *
 c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len)
 {
-	ASN1_INTEGER *ret = NULL;
+	size_t i;
 	const unsigned char *p, *pend;
 	unsigned char *to, *s;
 	int i;
-	if ((a == NULL) || ((*a) == NULL)) {
+	/*
-		if ((ret = ASN1_INTEGER_new()) == NULL)
+	 * If a two's complement value has a padding byte (0xff) and the rest
-			return (NULL);
+	 * of the value is all zeros, the padding byte cannot be removed as when
-	} else
+	 * converted from two's complement this becomes 0x01 (in the place of
-		ret = (*a);
+	 * the padding byte) followed by the same number of zero bytes.
 	 */
 	if (data_len <= 1 || data[0] != 0xff)
 		return 0;
 	for (i = 1; i < data_len; i++) {
 		if (data[i] != 0)
 			return 0;
 	}
 	return 1;
 }
-	if (!ASN1_INTEGER_valid(ret)) {
+static int
-		/*
+i2c_ASN1_INTEGER_cbb(ASN1_INTEGER *aint, CBB *cbb)
-		 * XXX using i for an alert is confusing,
+{
-		 * we should call this al
+	uint8_t *data = NULL;
-		 */
+	size_t data_len = 0;
-		i = ERR_R_ASN1_LENGTH_MISMATCH;
+	uint8_t padding, val;
 	uint8_t msb;
 	CBS cbs;
 	int ret = 0;
 	if (aint->length < 0)
 		goto err;
-	}
+	if (aint->data == NULL && aint->length != 0)
 	p = *pp;
 	pend = p + len;
 	/* We must malloc stuff, even for 0 bytes otherwise it
 	 * signifies a missing NULL parameter. */
 	if (len < 0 || len > INT_MAX) {
 		i = ERR_R_ASN1_LENGTH_MISMATCH;
 		goto err;
-	}
+
-	s = malloc(len + 1);
+	if ((aint->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED &&
-	if (s == NULL) {
+	    (aint->type & ~V_ASN1_NEG) != V_ASN1_INTEGER)
 		i = ERR_R_MALLOC_FAILURE;
 		goto err;
-	}
+
-	to = s;
+	CBS_init(&cbs, aint->data, aint->length);
-	if (!len) {
+
-		/* Strictly speaking this is an illegal INTEGER but we
+	/* Find the first non-zero byte. */
-		 * tolerate it.
+	while (CBS_len(&cbs) > 0) {
-		 */
+		if (!CBS_peek_u8(&cbs, &val))
-		ret->type = V_ASN1_INTEGER;
+			goto err;
-	} else if (*p & 0x80) /* a negative number */ {
+		if (val != 0)
-		ret->type = V_ASN1_NEG_INTEGER;
+			break;
-		if ((*p == 0xff) && (len != 1)) {
+		if (!CBS_skip(&cbs, 1))
-			p++;
+			goto err;
 			len--;
 		}
 		i = len;
 		p += i - 1;
 		to += i - 1;
 		while((!*p) && i) {
 			*(to--) = 0;
 			i--;
 			p--;
 		}
 		/* Special case: if all zeros then the number will be of
 		 * the form FF followed by n zero bytes: this corresponds to
 		 * 1 followed by n zero bytes. We've already written n zeros
 		 * so we just append an extra one and set the first byte to
 		 * a 1. This is treated separately because it is the only case
 		 * where the number of bytes is larger than len.
 		 */
 		if (!i) {
 			*s = 1;
 			s[len] = 0;
 			len++;
 		} else {
 			*(to--) = (*(p--) ^ 0xff) + 1;
 			i--;
 			for (; i > 0; i--)
 				*(to--) = *(p--) ^ 0xff;
 		}
 	} else {
 		ret->type = V_ASN1_INTEGER;
 		if ((*p == 0) && (len != 1)) {
 			p++;
 			len--;
 		}
 		memcpy(s, p, len);
 	}
-	free(ret->data);
+	/* A zero value is encoded as a single octet. */
-	ret->data = s;
+	if (CBS_len(&cbs) == 0) {
-	ret->length = (int)len;
+		if (!CBB_add_u8(cbb, 0))
-	if (a != NULL)
+			goto err;
-		(*a) = ret;
+		goto done;
-	*pp = pend;
+	}
-	return (ret);
+
 	if (!CBS_stow(&cbs, &data, &data_len))
 		goto err;
 	if ((aint->type & V_ASN1_NEG) != 0)
 		asn1_aint_twos_complement(data, data_len);
 	/* Topmost bit indicates sign, padding is all zeros or all ones. */
 	msb = (data[0] >> 7);
 	padding = (msb - 1) & 0xff;
 	/* See if we need a padding octet to avoid incorrect sign. */
 	if (((aint->type & V_ASN1_NEG) == 0 && msb == 1) ||
 	    ((aint->type & V_ASN1_NEG) != 0 && msb == 0)) {
 		if (!CBB_add_u8(cbb, padding))
 			goto err;
 	}
 	if (!CBB_add_bytes(cbb, data, data_len))
 		goto err;
 done:
 	ret = 1;
 err:
-	ASN1error(i);
+	freezero(data, data_len);
-	if (a == NULL || *a != ret)
+
-		ASN1_INTEGER_free(ret);
+	return ret;
-	return (NULL);
+}
 int
 i2c_ASN1_INTEGER(ASN1_INTEGER *aint, unsigned char **pp)
 {
 	uint8_t *data = NULL;
 	size_t data_len = 0;
 	CBB cbb;
 	int ret = -3;
 	if (!CBB_init(&cbb, 0))
 		goto err;
 	if (!i2c_ASN1_INTEGER_cbb(aint, &cbb))
 		goto err;
 	if (!CBB_finish(&cbb, &data, &data_len))
 		goto err;
 	if (data_len > INT_MAX)
 		goto err;
 	if (pp != NULL) {
 		if ((uintptr_t)*pp > UINTPTR_MAX - data_len)
 			goto err;
 		memcpy(*pp, data, data_len);
 		*pp += data_len;
 	}
 	ret = data_len;
 err:
 	freezero(data, data_len);
 	CBB_cleanup(&cbb);
 	return ret;
 }
 int
 c2i_ASN1_INTEGER_cbs(ASN1_INTEGER **out_aint, CBS *cbs)
 {
 	ASN1_INTEGER *aint = NULL;
 	uint8_t *data = NULL;
 	size_t data_len = 0;
 	uint8_t padding, val;
 	uint8_t negative;
 	int ret = 0;
 	if (out_aint == NULL)
 		goto err;
 	if (*out_aint != NULL) {
 		ASN1_INTEGER_free(*out_aint);
 		*out_aint = NULL;
 	}
 	if (CBS_len(cbs) == 0) {
 		/* XXX INVALID ENCODING? */
 		ASN1error(ERR_R_ASN1_LENGTH_MISMATCH);
 		goto err;
 	}
 	if (!CBS_peek_u8(cbs, &val))
 		goto err;
 	/* Topmost bit indicates sign, padding is all zeros or all ones. */
 	negative = (val >> 7);
 	padding = ~(negative - 1) & 0xff;
 	/*
 	 * Ensure that the first 9 bits are not all zero or all one, as per
 	 * X.690 section 8.3.2. Remove the padding octet if possible.
 	 */
 	if (CBS_len(cbs) > 1 && val == padding) {
 		if (!asn1_aint_keep_twos_padding(CBS_data(cbs), CBS_len(cbs))) {
 			if (!CBS_get_u8(cbs, &padding))
 				goto err;
 			if (!CBS_peek_u8(cbs, &val))
 				goto err;
 			if ((val >> 7) == (padding >> 7)) {
 				/* XXX INVALID ENCODING? */
 				ASN1error(ERR_R_ASN1_LENGTH_MISMATCH);
 				goto err;
 			}
 		}
 	}
 	if (!CBS_stow(cbs, &data, &data_len))
 		goto err;
 	if (data_len > INT_MAX)
 		goto err;
 	if ((aint = ASN1_INTEGER_new()) == NULL)
 		goto err;
 	/*
 	 * Negative integers are handled as a separate type - convert from
 	 * two's complement for internal representation.
 	 */
 	if (negative) {
 		aint->type = V_ASN1_NEG_INTEGER;
 		asn1_aint_twos_complement(data, data_len);
 	}
 	aint->data = data;
 	aint->length = (int)data_len;
 	data = NULL;
 	*out_aint = aint;
 	aint = NULL;
 	ret = 1;
 err:
 	ASN1_INTEGER_free(aint);
 	freezero(data, data_len);
 	return ret;
 }
 ASN1_INTEGER *
 c2i_ASN1_INTEGER(ASN1_INTEGER **out_aint, const unsigned char **pp, long len)
 {
 	ASN1_INTEGER *aint = NULL;
 	CBS content;
 	if (out_aint != NULL) {
 		ASN1_INTEGER_free(*out_aint);
 		*out_aint = NULL;
 	}
 	if (len < 0) {
 		ASN1error(ASN1_R_LENGTH_ERROR);
 		return NULL;
 	}
 	CBS_init(&content, *pp, len);
 	if (!c2i_ASN1_INTEGER_cbs(&aint, &content))
 		return NULL;
 	*pp = CBS_data(&content);
 	if (out_aint != NULL)
 		*out_aint = aint;
 	return aint;
 }
 int
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_mbstr.c,v 1.24 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: a_mbstr.c,v 1.26 2022/12/26 07:18:51 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@ -63,7 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/err.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 static int traverse_string(const unsigned char *p, int len, int inform,
    int (*rfunc)(unsigned long value, void *in), void *arg);
@ -276,7 +276,7 @@ traverse_string(const unsigned char *p, int len, int inform,
 		case MBSTRING_BMP:
 			value = *p++ << 8;
 			value |= *p++;
-			/* BMP is explictly defined to not support surrogates */
+			/* BMP is explicitly defined to not support surrogates */
 			if (UNICODE_IS_SURROGATE(value))
 				return -1;
 			len -= 2;
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.46 2022/04/10 12:42:33 inoguchi Exp $ */
+/* $OpenBSD: a_object.c,v 1.50 2023/05/23 11:51:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -66,7 +66,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 const ASN1_ITEM ASN1_OBJECT_it = {
 	.itype = ASN1_ITYPE_PRIMITIVE,
@ -433,6 +433,9 @@ i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, int no
 	if (buf_len > 0)
 		buf[0] = '\0';
 	if (aobj == NULL || aobj->data == NULL)
 		return 0;
 	if (!CBB_init(&cbb, 0))
 		goto err;
 	if (!i2t_ASN1_OBJECT_cbb(aobj, &cbb, no_name))
@ -529,9 +532,14 @@ c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content)
 	size_t data_len;
 	CBS cbs;
-	if (out_aobj == NULL || *out_aobj != NULL)
+	if (out_aobj == NULL)
 		goto err;
 	if (*out_aobj != NULL) {
 		ASN1_OBJECT_free(*out_aobj);
 		*out_aobj = NULL;
 	}
 	/* Parse and validate OID encoding per X.690 8.19.2. */
 	CBS_dup(content, &cbs);
 	if (CBS_len(&cbs) == 0) {
@ -651,7 +659,7 @@ d2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long length)
 	if (!c2i_ASN1_OBJECT_cbs(&aobj, &content))
 		return NULL;
-	*pp = CBS_data(&content);
+	*pp = CBS_data(&cbs);
 	if (out_aobj != NULL)
 		*out_aobj = aobj;
--- a/crypto/asn1/a_pkey.c
+++ b/crypto/asn1/a_pkey.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_pkey.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: a_pkey.c,v 1.4 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -71,8 +71,8 @@
 #include <openssl/engine.h>
 #endif
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "evp_locl.h"
+#include "evp_local.h"
 EVP_PKEY *
 d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_print.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: a_print.c,v 1.12 2023/03/12 11:49:02 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -72,7 +72,7 @@ ASN1_PRINTABLE_type(const unsigned char *s, int len)
 	if (s == NULL)
 		return (V_ASN1_PRINTABLESTRING);
-	while ((*s) && (len-- != 0)) {
+	while (len-- > 0 && *s != '\0') {
 		c= *(s++);
 		if (!(((c >= 'a') && (c <= 'z')) ||
 		    ((c >= 'A') && (c <= 'Z')) ||
--- a/crypto/asn1/a_pubkey.c
+++ b/crypto/asn1/a_pubkey.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_pubkey.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: a_pubkey.c,v 1.4 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -76,7 +76,7 @@
 #include <openssl/rsa.h>
 #endif
-#include "evp_locl.h"
+#include "evp_local.h"
 EVP_PKEY *
 d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_strex.c,v 1.31 2021/12/25 12:11:57 jsing Exp $ */
+/* $OpenBSD: a_strex.c,v 1.32 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -63,7 +63,7 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 #include "charmap.h"
--- a/crypto/asn1/a_string.c
+++ b/crypto/asn1/a_string.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_string.c,v 1.7 2022/03/17 17:17:58 jsing Exp $ */
+/* $OpenBSD: a_string.c,v 1.13 2022/11/28 07:50:47 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -63,7 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/err.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 ASN1_STRING *
 ASN1_STRING_new(void)
@ -199,12 +199,6 @@ ASN1_STRING_set0(ASN1_STRING *astr, void *data, int len)
 	astr->length = len;
 }
 void
 asn1_add_error(const unsigned char *address, int offset)
 {
 	ERR_asprintf_error_data("offset=%d", offset);
 }
 int
 ASN1_STRING_length(const ASN1_STRING *astr)
 {
@ -276,25 +270,39 @@ ASN1_STRING_print(BIO *bp, const ASN1_STRING *astr)
 int
 ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
 {
-	ASN1_STRING stmp, *str = &stmp;
+	ASN1_STRING *astr = NULL;
-	int mbflag, ret;
+	int mbflag;
 	int ret = -1;
 	/*
 	 * XXX We can't fail on *out != NULL here since things like haproxy and
 	 * grpc pass in a pointer to an uninitialized pointer on the stack.
 	 */
 	if (out == NULL)
 		goto err;
 	if (in == NULL)
-		return -1;
+		goto err;
 	if ((mbflag = asn1_tag2charwidth(in->type)) == -1)
-		return -1;
+		goto err;
 	mbflag |= MBSTRING_FLAG;
-	stmp.data = NULL;
+	if ((ret = ASN1_mbstring_copy(&astr, in->data, in->length, mbflag,
-	stmp.length = 0;
+	    B_ASN1_UTF8STRING)) < 0)
-	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
+		goto err;
-	    B_ASN1_UTF8STRING);
+
-	if (ret < 0)
+	*out = astr->data;
-		return ret;
+	ret = astr->length;
-	*out = stmp.data;
+
-	return stmp.length;
+	astr->data = NULL;
 	astr->length = 0;
 err:
 	ASN1_STRING_free(astr);
 	return ret;
 }
 int
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_time.c,v 1.33 2021/12/25 07:48:09 jsing Exp $ */
+/* $OpenBSD: a_time.c,v 1.36 2022/11/26 16:08:50 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
@ -67,8 +67,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/err.h>
-#include "o_time.h"
+#include "asn1_local.h"
 #include "asn1_locl.h"
 const ASN1_ITEM ASN1_TIME_it = {
 	.itype = ASN1_ITYPE_MSTRING,
@ -92,8 +91,7 @@ ASN1_TIME_free(ASN1_TIME *a)
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it);
 }
-/* Public API in OpenSSL. Kept internal for now. */
+int
 static int
 ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
 {
 	time_t now;
@ -104,7 +102,7 @@ ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
 	time(&now);
 	memset(tm, 0, sizeof(*tm));
-	return gmtime_r(&now, tm) != NULL;
+	return asn1_time_time_t_to_tm(&now, tm);
 }
 int
--- a/crypto/asn1/a_time_posix.c
+++ b/crypto/asn1/a_time_posix.c
@ -0,0 +1,274 @@
 /* $OpenBSD: a_time_posix.c,v 1.3 2023/01/01 16:58:23 miod Exp $ */
 /*
 * Copyright (c) 2022, Google Inc.
 * Copyright (c) 2022, Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 /*
 * Time conversion to/from POSIX time_t and struct tm, with no support
 * for time zones other than UTC
 */
 #include <inttypes.h>
 #include <limits.h>
 #include <string.h>
 #include <time.h>
 #define SECS_PER_HOUR (int64_t)(60 * 60)
 #define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
 /*
 * Is a year/month/day combination valid, in the range from year 0000
 * to 9999?
 */
 static int
 is_valid_date(int year, int month, int day)
 {
 	int days_in_month;
 	if (day < 1 || month < 1 || year < 0 || year > 9999)
 		return 0;
 	switch (month) {
 	case 1:
 	case 3:
 	case 5:
 	case 7:
 	case 8:
 	case 10:
 	case 12:
 		days_in_month = 31;
 		break;
 	case 4:
 	case 6:
 	case 9:
 	case 11:
 		days_in_month = 30;
 		break;
 	case 2:
 		if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0)
 			days_in_month = 29;
 		else
 			days_in_month = 28;
 		break;
 	default:
 		return 0;
 	}
 	return day <= days_in_month;
 }
 /*
 * Is a time valid? Leap seconds of 60 are not considered valid, as
 * the POSIX time in seconds does not include them.
 */
 static int
 is_valid_time(int hours, int minutes, int seconds)
 {
 	return hours >= 0 && minutes >= 0 && seconds >= 0 && hours <= 23 &&
 	    minutes <= 59 && seconds <= 59;
 }
 /* Is a int64 time representing a time within our expected range? */
 static int
 is_valid_epoch_time(int64_t time)
 {
 	/* 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC */
 	return (int64_t)-62167219200LL <= time &&
 	    time <= (int64_t)253402300799LL;
 }
 /*
 * Inspired by algorithms presented in
 * https://howardhinnant.github.io/date_algorithms.html
 * (Public Domain)
 */
 static int
 posix_time_from_utc(int year, int month, int day, int hours,  int minutes,
    int seconds, int64_t *out_time)
 {
 	int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
 	if (!is_valid_date(year, month, day) ||
 	    !is_valid_time(hours, minutes, seconds))
 		return 0;
 	if (month <= 2)
 		year--;  /* Start years on Mar 1, so leap days end a year. */
 	/* At this point year will be in the range -1 and 9999.*/
 	era = (year >= 0 ? year : year - 399) / 400;
 	year_of_era = year - era * 400;
 	day_of_year = (153 * (month > 2 ? month - 3 : month + 9) + 2) /
 	    5 + day - 1;
 	day_of_era = year_of_era * 365 + year_of_era / 4 - year_of_era /
 	    100 + day_of_year;
 	posix_days = era * 146097 + day_of_era - 719468;
 	*out_time = posix_days * SECS_PER_DAY + hours * SECS_PER_HOUR +
 	    minutes * 60 + seconds;
 	return 1;
 }
 /*
 * Inspired by algorithms presented in
 * https://howardhinnant.github.io/date_algorithms.html
 * (Public Domain)
 */
 static int
 utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
    int *out_hours, int *out_minutes, int *out_seconds)
 {
 	int64_t days, leftover_seconds, era, day_of_era, year_of_era,
 	    day_of_year, month_of_year;
 	if (!is_valid_epoch_time(time))
 		return 0;
 	days = time / SECS_PER_DAY;
 	leftover_seconds = time % SECS_PER_DAY;
 	if (leftover_seconds < 0) {
 		days--;
 		leftover_seconds += SECS_PER_DAY;
 	}
 	days += 719468;  /*  Shift to starting epoch of Mar 1 0000. */
 	/* At this point, days will be in the range -61 and 3652364. */
 	era = (days > 0 ? days : days - 146096) / 146097;
 	day_of_era = days - era * 146097;
 	year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 -
 	    day_of_era / 146096) /
 	    365;
 	*out_year = year_of_era + era * 400;  /* Year starts on Mar 1 */
 	day_of_year = day_of_era - (365 * year_of_era + year_of_era / 4 -
 	    year_of_era / 100);
 	month_of_year = (5 * day_of_year + 2) / 153;
 	*out_month = (month_of_year < 10 ? month_of_year + 3 :
 	    month_of_year - 9);
 	if (*out_month <= 2)
 		(*out_year)++;  /* Adjust year back to Jan 1 start of year. */
 	*out_day = day_of_year - (153 * month_of_year + 2) / 5 + 1;
 	*out_hours = leftover_seconds / SECS_PER_HOUR;
 	leftover_seconds %= SECS_PER_HOUR;
 	*out_minutes = leftover_seconds / 60;
 	*out_seconds = leftover_seconds % 60;
 	return 1;
 }
 static int
 asn1_time_tm_to_posix(const struct tm *tm, int64_t *out)
 {
 	/* Ensure additions below do not overflow */
 	if (tm->tm_year > 9999)
 		return 0;
 	if (tm->tm_mon > 12)
 		return 0;
 	return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
 	    tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, out);
 }
 static int
 asn1_time_posix_to_tm(int64_t time, struct tm *out_tm)
 {
 	memset(out_tm, 0, sizeof(struct tm));
 	if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon,
 	    &out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min,
 	    &out_tm->tm_sec))
 		return 0;
 	out_tm->tm_year -= 1900;
 	out_tm->tm_mon -= 1;
 	return 1;
 }
 int
 asn1_time_tm_to_time_t(const struct tm *tm, time_t *out)
 {
 	int64_t posix_time;
 	if (!asn1_time_tm_to_posix(tm, &posix_time))
 		return 0;
 #ifdef SMALL_TIME_T
 	/* For portable. */
 	if (sizeof(time_t) == sizeof(int32_t) &&
 	    (posix_time > INT32_MAX || posix_time < INT32_MIN))
 		return 0;
 #endif
 	*out = posix_time;
 	return 1;
 }
 int
 asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
 {
 	int64_t posix_time = *time;
 	return asn1_time_posix_to_tm(posix_time, out_tm);
 }
 int
 OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
 {
 	int64_t posix_time;
 	/* Ensure additions below do not overflow */
 	if (tm->tm_year > 9999)
 		return 0;
 	if (tm->tm_mon > 12)
 		return 0;
 	if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
 	    tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time))
 		return 0;
 	if (!utc_from_posix_time(posix_time + off_day * SECS_PER_DAY +
 	    offset_sec, &tm->tm_year, &tm->tm_mon, &tm->tm_mday, &tm->tm_hour,
 	    &tm->tm_min, &tm->tm_sec))
 		return 0;
 	tm->tm_year -= 1900;
 	tm->tm_mon -= 1;
 	return 1;
 }
 int
 OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
    const struct tm *to)
 {
 	int64_t time_to, time_from, timediff, daydiff;
 	if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1,
 	    to->tm_mday, to->tm_hour, to->tm_min, to->tm_sec, &time_to))
 		return 0;
 	if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1,
 	    from->tm_mday, from->tm_hour, from->tm_min,
 	    from->tm_sec, &time_from))
 		return 0;
 	timediff = time_to - time_from;
 	daydiff = timediff / SECS_PER_DAY;
 	timediff %= SECS_PER_DAY;
 	if (daydiff > INT_MAX || daydiff < INT_MIN)
 		return 0;
 	*out_secs = timediff;
 	*out_days = daydiff;
 	return 1;
 }
--- a/crypto/asn1/a_time_tm.c
+++ b/crypto/asn1/a_time_tm.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.19 2022/03/31 13:04:47 tb Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.27 2022/11/26 16:08:50 tb Exp $ */
 /*
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
@ -14,6 +14,7 @@
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include <ctype.h>
 #include <limits.h>
 #include <stdio.h>
@ -23,7 +24,8 @@
 #include <openssl/asn1t.h>
 #include <openssl/err.h>
-#include "o_time.h"
+#include "bytestring.h"
 #include "asn1_local.h"
 #define RFC5280 0
 #define GENTIME_LENGTH 15
@ -66,7 +68,7 @@ ASN1_time_tm_clamp_notafter(struct tm *tm)
 	struct tm broken_os_epoch_tm;
 	time_t broken_os_epoch_time = INT_MAX;
-	if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL)
+	if (!asn1_time_time_t_to_tm(&broken_os_epoch_time, &broken_os_epoch_tm))
 		return 0;
 	if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
@ -75,59 +77,232 @@ ASN1_time_tm_clamp_notafter(struct tm *tm)
 	return 1;
 }
-/* Format a time as an RFC 5280 format Generalized time */
+/* Convert time to GeneralizedTime, X.690, 11.7. */
-char *
+ASN1_TIME *
-gentime_string_from_tm(struct tm *tm)
+tm_to_gentime(struct tm *tm, ASN1_TIME *atime)
 {
-	char *ret = NULL;
+	char *time_str = NULL;
 	int year;
 	year = tm->tm_year + 1900;
-	if (year < 0 || year > 9999)
+	if (year < 0 || year > 9999) {
-		return (NULL);
+		ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
 		goto err;
 	}
-	if (asprintf(&ret, "%04u%02u%02u%02u%02u%02uZ", year,
+	if (asprintf(&time_str, "%04u%02u%02u%02u%02u%02uZ", year,
 	    tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min,
-	    tm->tm_sec) == -1)
+	    tm->tm_sec) == -1) {
-		ret = NULL;
+		time_str = NULL;
 		ASN1error(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
-	return (ret);
+	if (atime == NULL)
 		atime = ASN1_TIME_new();
 	if (atime == NULL) {
 		ASN1error(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 	free(atime->data);
 	atime->data = time_str;
 	atime->length = GENTIME_LENGTH;
 	atime->type = V_ASN1_GENERALIZEDTIME;
 	return (atime);
 err:
 	free(time_str);
 	return (NULL);
 }
-/* Format a time as an RFC 5280 format UTC time */
+/* Convert time to UTCTime, X.690, 11.8. */
-char *
+ASN1_TIME *
-utctime_string_from_tm(struct tm *tm)
+tm_to_utctime(struct tm *tm, ASN1_TIME *atime)
 {
-	char *ret = NULL;
+	char *time_str = NULL;
-	if (tm->tm_year >= 150 || tm->tm_year < 50)
+	if (tm->tm_year >= 150 || tm->tm_year < 50) {
-		return (NULL);
+		ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
 		goto err;
 	}
-	if (asprintf(&ret, "%02u%02u%02u%02u%02u%02uZ",
+	if (asprintf(&time_str, "%02u%02u%02u%02u%02u%02uZ",
 	    tm->tm_year % 100,  tm->tm_mon + 1, tm->tm_mday,
-	    tm->tm_hour, tm->tm_min, tm->tm_sec) == -1)
+	    tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) {
-		ret = NULL;
+		time_str = NULL;
 		ASN1error(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
-	return (ret);
+	if (atime == NULL)
 		atime = ASN1_TIME_new();
 	if (atime == NULL) {
 		ASN1error(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 	free(atime->data);
 	atime->data = time_str;
 	atime->length = UTCTIME_LENGTH;
 	atime->type = V_ASN1_UTCTIME;
 	return (atime);
 err:
 	free(time_str);
 	return (NULL);
 }
-/* Format a time correctly for an X509 object as per RFC 5280 */
+ASN1_TIME *
-char *
+tm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime)
 rfc5280_string_from_tm(struct tm *tm)
 {
 	char *ret = NULL;
 	int year;
 	year = tm->tm_year + 1900;
-	if (year < 1950 || year > 9999)
+	if (year < 1950 || year > 9999) {
 		ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
 		return (NULL);
 	}
 	if (year < 2050)
-		ret = utctime_string_from_tm(tm);
+		return (tm_to_utctime(tm, atime));
 	else
 		ret = gentime_string_from_tm(tm);
-	return (ret);
+	return (tm_to_gentime(tm, atime));
 }
 static int
 cbs_get_two_digit_value(CBS *cbs, int *out)
 {
 	uint8_t first_digit, second_digit;
 	if (!CBS_get_u8(cbs, &first_digit))
 		return 0;
 	if (!isdigit(first_digit))
 		return 0;
 	if (!CBS_get_u8(cbs, &second_digit))
 		return 0;
 	if (!isdigit(second_digit))
 		return 0;
 	*out = (first_digit - '0') * 10 + (second_digit - '0');
 	return 1;
 }
 static int
 is_valid_day(int year, int month, int day)
 {
 	if (day < 1)
 		return 0;
 	switch (month) {
 	case 1:
 	case 3:
 	case 5:
 	case 7:
 	case 8:
 	case 10:
 	case 12:
 		return day <= 31;
 	case 4:
 	case 6:
 	case 9:
 	case 11:
 		return day <= 30;
 	case 2:
 		if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0)
 			return day <= 29;
 		 else
 			return day <= 28;
 	default:
 		return 0;
 	}
 }
 /*
 * asn1_time_parse_cbs returns one if |cbs| is a valid DER-encoded, ASN.1 Time
 * body within the limitations imposed by RFC 5280, or zero otherwise. The time
 * is expected to parse as a Generalized Time if is_gentime is true, and as a
 * UTC Time otherwise. If |out_tm| is non-NULL, |*out_tm| will be zeroed, and
 * then set to the corresponding time in UTC. This function does not compute
 * |out_tm->tm_wday| or |out_tm->tm_yday|. |cbs| is not consumed.
 */
 int
 asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm)
 {
 	int year, month, day, hour, min, sec, val;
 	CBS copy;
 	uint8_t tz;
 	CBS_dup(cbs, &copy);
 	if (is_gentime) {
 		if (!cbs_get_two_digit_value(&copy, &val))
 			return 0;
 		year = val * 100;
 		if (!cbs_get_two_digit_value(&copy, &val))
 			return 0;
 		year += val;
 	} else {
 		year = 1900;
 		if (!cbs_get_two_digit_value(&copy, &val))
 			return 0;
 		year += val;
 		if (year < 1950)
 			year += 100;
 		if (year >= 2050)
 			return 0;  /* A Generalized time must be used. */
 	}
 	if (!cbs_get_two_digit_value(&copy, &month))
 		return 0;
 	if (month < 1 || month > 12)
 		return 0; /* Reject invalid months. */
 	if (!cbs_get_two_digit_value(&copy, &day))
 		return 0;
 	if (!is_valid_day(year, month, day))
 		return 0; /* Reject invalid days. */
 	if (!cbs_get_two_digit_value(&copy, &hour))
 		return 0;
 	if (hour > 23)
 		return 0; /* Reject invalid hours. */
 	if (!cbs_get_two_digit_value(&copy, &min))
 		return 0;
 	if (min > 59)
 		return 0; /* Reject invalid minutes. */
 	if (!cbs_get_two_digit_value(&copy, &sec))
 		return 0;
 	if (sec > 59)
 		return 0; /* Reject invalid seconds. Leap seconds are invalid. */
 	if (!CBS_get_u8(&copy, &tz))
 		return 0;
 	if (tz != 'Z')
 		return 0; /* Reject anything but Z on the end. */
 	if (CBS_len(&copy) != 0)
 		return 0;  /* Reject invalid lengths. */
 	if (out_tm != NULL) {
 		memset(out_tm, 0, sizeof(*out_tm));
 		/* Fill in the tm fields corresponding to what we validated. */
 		out_tm->tm_year = year - 1900;
 		out_tm->tm_mon = month - 1;
 		out_tm->tm_mday = day;
 		out_tm->tm_hour = hour;
 		out_tm->tm_min = min;
 		out_tm->tm_sec = sec;
 	}
 	return 1;
 }
 /*
@ -145,83 +320,29 @@ rfc5280_string_from_tm(struct tm *tm)
 *
 * Fills in *tm with the corresponding time if tm is non NULL.
 */
 #define	ATOI2(ar)	((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0'))
 int
 ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
 {
-	size_t i;
+	struct tm tml, *tmp = tm ? tm : &tml;
 	int type = 0;
-	struct tm ltm;
+	CBS cbs;
 	struct tm *lt;
 	const char *p;
 	if (bytes == NULL)
 		return (-1);
-	/* Constrain to valid lengths. */
+	CBS_init(&cbs, bytes, len);
 	if (len != UTCTIME_LENGTH && len != GENTIME_LENGTH)
 		return (-1);
-	lt = tm;
+	if (CBS_len(&cbs) == UTCTIME_LENGTH)
-	if (lt == NULL)
+		type = V_ASN1_UTCTIME;
-		lt = &ltm;
+	if (CBS_len(&cbs) == GENTIME_LENGTH)
 	memset(lt, 0, sizeof(*lt));
 	/* Timezone is required and must be GMT (Zulu). */
 	if (bytes[len - 1] != 'Z')
 		return (-1);
 	/* Make sure everything else is digits. */
 	for (i = 0; i < len - 1; i++) {
 		if (isdigit((unsigned char)bytes[i]))
 			continue;
 		return (-1);
 	}
 	/*
 	 * Validate and convert the time
 	 */
 	p = bytes;
 	switch (len) {
 	case GENTIME_LENGTH:
 		if (mode == V_ASN1_UTCTIME)
 			return (-1);
 		lt->tm_year = (ATOI2(p) * 100) - 1900;	/* cc */
 		type = V_ASN1_GENERALIZEDTIME;
-		/* FALLTHROUGH */
+	if (asn1_time_parse_cbs(&cbs, type == V_ASN1_GENERALIZEDTIME, tmp)) {
-	case UTCTIME_LENGTH:
+		if (mode != 0 && mode != type)
-		if (type == 0) {
+			return -1;
-			if (mode == V_ASN1_GENERALIZEDTIME)
+		return type;
 				return (-1);
 			type = V_ASN1_UTCTIME;
 		}
 		lt->tm_year += ATOI2(p);		/* yy */
 		if (type == V_ASN1_UTCTIME) {
 			if (lt->tm_year < 50)
 				lt->tm_year += 100;
 		}
 		lt->tm_mon = ATOI2(p) - 1;		/* mm */
 		if (lt->tm_mon < 0 || lt->tm_mon > 11)
 			return (-1);
 		lt->tm_mday = ATOI2(p);			/* dd */
 		if (lt->tm_mday < 1 || lt->tm_mday > 31)
 			return (-1);
 		lt->tm_hour = ATOI2(p);			/* HH */
 		if (lt->tm_hour < 0 || lt->tm_hour > 23)
 			return (-1);
 		lt->tm_min = ATOI2(p);			/* MM */
 		if (lt->tm_min < 0 || lt->tm_min > 59)
 			return (-1);
 		lt->tm_sec = ATOI2(p);			/* SS */
 		/* Leap second 60 is not accepted. Reconsider later? */
 		if (lt->tm_sec < 0 || lt->tm_sec > 59)
 			return (-1);
 		break;
 	default:
 		return (-1);
 	}
-	return (type);
+	return -1;
 }
 /*
@ -256,63 +377,26 @@ static ASN1_TIME *
 ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec,
    int mode)
 {
 	int allocated = 0;
 	struct tm tm;
 	size_t len;
 	char *p;
-	if (gmtime_r(&t, &tm) == NULL)
+	if (!asn1_time_time_t_to_tm(&t, &tm))
 		return (NULL);
-	if (offset_day || offset_sec) {
+	if (offset_day != 0 || offset_sec != 0) {
 		if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec))
 			return (NULL);
 	}
 	switch (mode) {
 	case V_ASN1_UTCTIME:
-		p = utctime_string_from_tm(&tm);
+		return (tm_to_utctime(&tm, s));
 		break;
 	case V_ASN1_GENERALIZEDTIME:
-		p = gentime_string_from_tm(&tm);
+		return (tm_to_gentime(&tm, s));
 		break;
 	case RFC5280:
-		p = rfc5280_string_from_tm(&tm);
+		return (tm_to_rfc5280_time(&tm, s));
 		break;
 	default:
 		return (NULL);
 	}
 	if (p == NULL) {
 		ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
 		return (NULL);
 	}
 	if (s == NULL) {
 		if ((s = ASN1_TIME_new()) == NULL) {
 			free(p);
 			return (NULL);
 		}
 		allocated = 1;
 	}
 	len = strlen(p);
 	switch (len) {
 	case GENTIME_LENGTH:
 		s->type = V_ASN1_GENERALIZEDTIME;
 		break;
 	case UTCTIME_LENGTH:
 		s->type = V_ASN1_UTCTIME;
 		break;
 	default:
 		if (allocated)
 			ASN1_TIME_free(s);
 		free(p);
 		return (NULL);
 	}
 	free(s->data);
 	s->data = p;
 	s->length = len;
 	return (s);
 }
 ASN1_TIME *
@ -326,7 +410,7 @@ ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm)
 {
 	time_t t;
-	if ((t = timegm(tm)) == -1)
+	if (!asn1_time_tm_to_time_t(tm, &t))
 		return NULL;
 	return (ASN1_TIME_adj(s, t, 0, 0));
 }
@ -348,31 +432,23 @@ ASN1_TIME_check(const ASN1_TIME *t)
 ASN1_GENERALIZEDTIME *
 ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
 {
-	ASN1_GENERALIZEDTIME *tmp = NULL;
+	ASN1_GENERALIZEDTIME *agt = NULL;
 	struct tm tm;
 	char *str;
 	if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
 		return (NULL);
 	if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type))
 		return (NULL);
 	if ((str = gentime_string_from_tm(&tm)) == NULL)
 		return (NULL);
 	if (out != NULL)
-		tmp = *out;
+		agt = *out;
-	if (tmp == NULL && (tmp = ASN1_GENERALIZEDTIME_new()) == NULL) {
+	if ((agt = tm_to_gentime(&tm, agt)) == NULL)
 		free(str);
 		return (NULL);
 	}
 	if (out != NULL)
-		*out = tmp;
+		*out = agt;
-	free(tmp->data);
+	return (agt);
 	tmp->data = str;
 	tmp->length = strlen(str);
 	return (tmp);
 }
 int
@ -381,6 +457,61 @@ ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 	return (ASN1_TIME_set_string_internal(s, str, 0));
 }
 static int
 ASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode)
 {
 	struct tm tm1, tm2;
 	/*
 	 * This function has never handled failure conditions properly
 	 * The OpenSSL version used to simply follow NULL pointers on failure.
 	 * BoringSSL and OpenSSL now make it return -2 on failure.
 	 *
 	 * The danger is that users of this function will not differentiate the
 	 * -2 failure case from s < t2. Callers must be careful. Sadly this is
 	 * one of those pervasive things from OpenSSL we must continue with.
 	 */
 	if (ASN1_time_parse(s->data, s->length, &tm1, mode) == -1)
 		return -2;
 	if (!asn1_time_time_t_to_tm(&t2, &tm2))
 		return -2;
 	return ASN1_time_tm_cmp(&tm1, &tm2);
 }
 int
 ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2)
 {
 	struct tm tm1, tm2;
 	if (t1->type != V_ASN1_UTCTIME && t1->type != V_ASN1_GENERALIZEDTIME)
 		return -2;
 	if (t2->type != V_ASN1_UTCTIME && t2->type != V_ASN1_GENERALIZEDTIME)
 		return -2;
 	if (ASN1_time_parse(t1->data, t1->length, &tm1, t1->type) == -1)
 		return -2;
 	if (ASN1_time_parse(t1->data, t2->length, &tm2, t2->type) == -1)
 		return -2;
 	return ASN1_time_tm_cmp(&tm1, &tm2);
 }
 int
 ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
 {
 	if (s->type == V_ASN1_UTCTIME)
 		return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME);
 	if (s->type == V_ASN1_GENERALIZEDTIME)
 		return ASN1_TIME_cmp_time_t_internal(s, t,
 		    V_ASN1_GENERALIZEDTIME);
 	return -2;
 }
 /*
 * ASN1_UTCTIME wrappers
 */
@ -415,26 +546,11 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
 }
 int
-ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t2)
+ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 {
-	struct tm tm1, tm2;
+	if (s->type == V_ASN1_UTCTIME)
-
+		return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME);
-	/*
+	return -2;
 	 * This function has never handled failure conditions properly
 	 * and should be deprecated. The OpenSSL version used to
 	 * simply follow NULL pointers on failure. BoringSSL and
 	 * OpenSSL now make it return -2 on failure.
 	 *
 	 * The danger is that users of this function will not
 	 * differentiate the -2 failure case from t1 < t2.
 	 */
 	if (ASN1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1)
 		return (-2); /* XXX */
 	if (gmtime_r(&t2, &tm2) == NULL)
 		return (-2); /* XXX */
 	return ASN1_time_tm_cmp(&tm1, &tm2);
 }
 /*
@ -470,3 +586,19 @@ ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
 	return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec,
 	    V_ASN1_GENERALIZEDTIME));
 }
 int
 ASN1_TIME_normalize(ASN1_TIME *t)
 {
 	struct tm tm;
 	if (!ASN1_TIME_to_tm(t, &tm))
 		return 0;
 	return tm_to_rfc5280_time(&tm, t) != NULL;
 }
 int
 ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
 {
 	return ASN1_TIME_set_string_internal(s, str, RFC5280);
 }
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_type.c,v 1.23 2021/12/25 12:19:16 jsing Exp $ */
+/* $OpenBSD: a_type.c,v 1.25 2023/03/11 14:05:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -104,10 +104,14 @@ ASN1_TYPE_free(ASN1_TYPE *a)
 int
 ASN1_TYPE_get(const ASN1_TYPE *a)
 {
-	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+	/* Special non-pointer types. */
-		return (a->type);
+	if (a->type == V_ASN1_BOOLEAN || a->type == V_ASN1_NULL)
-	else
+		return a->type;
-		return (0);
+
 	if (a->value.ptr != NULL)
 		return a->type;
 	return 0;
 }
 void
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@ -1,4 +1,4 @@
-/* $OpenBSD: a_utf8.c,v 1.8 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: a_utf8.c,v 1.9 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -60,7 +60,7 @@
 #include <openssl/asn1.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 /* UTF8 utilities */
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.30 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@ -68,140 +68,106 @@
 #include <openssl/engine.h>
 #endif
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "evp_locl.h"
+#include "evp_local.h"
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
+extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
-/* Keep this sorted in type order !! */
+static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = {
-static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
+	&cmac_asn1_meth,
 #ifndef OPENSSL_NO_RSA
 	&rsa_asn1_meths[0],
 	&rsa_asn1_meths[1],
 #endif
 #ifndef OPENSSL_NO_DH
 	&dh_asn1_meth,
 #endif
 #ifndef OPENSSL_NO_DSA
 	&dsa_asn1_meths[0],
 	&dsa_asn1_meths[1],
 	&dsa_asn1_meths[2],
 	&dsa_asn1_meths[3],
 	&dsa_asn1_meths[4],
 #endif
 #ifndef OPENSSL_NO_EC
 	&eckey_asn1_meth,
-#endif
+	&ed25519_asn1_meth,
 #ifndef OPENSSL_NO_GOST
 	&gostr01_asn1_meths[0],
 	&gostimit_asn1_meth,
-#endif
+	&gostr01_asn1_meths[0],
 	&hmac_asn1_meth,
 	&cmac_asn1_meth,
 #ifndef OPENSSL_NO_RSA
 	&rsa_pss_asn1_meth,
 #endif
 #ifndef OPENSSL_NO_GOST
 	&gostr01_asn1_meths[1],
 	&gostr01_asn1_meths[2],
-#endif
+	&hmac_asn1_meth,
 	&rsa_asn1_meths[0],
 	&rsa_asn1_meths[1],
 	&rsa_pss_asn1_meth,
 	&x25519_asn1_meth,
 };
-typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
+static const size_t asn1_methods_count =
    sizeof(asn1_methods) / sizeof(asn1_methods[0]);
 DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD)
-static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
+static STACK_OF(EVP_PKEY_ASN1_METHOD) *asn1_app_methods = NULL;
 static int ameth_cmp_BSEARCH_CMP_FN(const void *, const void *);
 static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *, const EVP_PKEY_ASN1_METHOD * const *);
 static const EVP_PKEY_ASN1_METHOD * *OBJ_bsearch_ameth(const EVP_PKEY_ASN1_METHOD * *key, const EVP_PKEY_ASN1_METHOD * const *base, int num);
 static int
 ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
    const EVP_PKEY_ASN1_METHOD * const *b)
 {
 	return ((*a)->pkey_id - (*b)->pkey_id);
 }
 static int
 ameth_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
 {
 	const EVP_PKEY_ASN1_METHOD * const *a = a_;
 	const EVP_PKEY_ASN1_METHOD * const *b = b_;
 	return ameth_cmp(a, b);
 }
 static const EVP_PKEY_ASN1_METHOD * *
 OBJ_bsearch_ameth(const EVP_PKEY_ASN1_METHOD * *key, const EVP_PKEY_ASN1_METHOD * const *base, int num)
 {
 	return (const EVP_PKEY_ASN1_METHOD * *)OBJ_bsearch_(key, base, num, sizeof(const EVP_PKEY_ASN1_METHOD *),
 	    ameth_cmp_BSEARCH_CMP_FN);
 }
 int
 EVP_PKEY_asn1_get_count(void)
 {
-	int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *);
+	int num = asn1_methods_count;
-	if (app_methods)
+
-		num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
+	if (asn1_app_methods != NULL)
 		num += sk_EVP_PKEY_ASN1_METHOD_num(asn1_app_methods);
 	return num;
 }
 const EVP_PKEY_ASN1_METHOD *
 EVP_PKEY_asn1_get0(int idx)
 {
-	int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *);
+	int num = asn1_methods_count;
 	if (idx < 0)
 		return NULL;
 	if (idx < num)
-		return standard_methods[idx];
+		return asn1_methods[idx];
 	idx -= num;
-	return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+
 	return sk_EVP_PKEY_ASN1_METHOD_value(asn1_app_methods, idx);
 }
 static const EVP_PKEY_ASN1_METHOD *
-pkey_asn1_find(int type)
+pkey_asn1_find(int pkey_id)
 {
-	EVP_PKEY_ASN1_METHOD tmp;
+	const EVP_PKEY_ASN1_METHOD *ameth;
-	const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;
+	int i;
-	tmp.pkey_id = type;
+
-	if (app_methods) {
+	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
-		int idx;
+		ameth = EVP_PKEY_asn1_get0(i);
-		idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
+		if (ameth->pkey_id == pkey_id)
-		if (idx >= 0)
+			return ameth;
 			return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
 	}
-	ret = OBJ_bsearch_ameth(&t, standard_methods,
+
-	    sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *));
+	return NULL;
 	if (!ret || !*ret)
 		return NULL;
 	return *ret;
 }
-/* Find an implementation of an ASN1 algorithm. If 'pe' is not NULL
+/*
 * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL
 * also search through engines and set *pe to a functional reference
 * to the engine implementing 'type' or NULL if no engine implements
 * it.
 */
 const EVP_PKEY_ASN1_METHOD *
 EVP_PKEY_asn1_find(ENGINE **pe, int type)
 {
-	const EVP_PKEY_ASN1_METHOD *t;
+	const EVP_PKEY_ASN1_METHOD *mp;
 	for (;;) {
-		t = pkey_asn1_find(type);
+		if ((mp = pkey_asn1_find(type)) == NULL)
 		if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS))
 			break;
-		type = t->pkey_base_id;
+		if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0)
 			break;
 		type = mp->pkey_base_id;
 	}
 	if (pe) {
 #ifndef OPENSSL_NO_ENGINE
@ -215,14 +181,15 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type)
 #endif
 		*pe = NULL;
 	}
-	return t;
+	return mp;
 }
 const EVP_PKEY_ASN1_METHOD *
 EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
 {
 	int i;
 	const EVP_PKEY_ASN1_METHOD *ameth;
 	int i;
 	if (len == -1)
 		len = strlen(str);
 	if (pe) {
@ -242,7 +209,7 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
 #endif
 		*pe = NULL;
 	}
-	for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
 		ameth = EVP_PKEY_asn1_get0(i);
 		if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
 			continue;
@ -256,14 +223,15 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
 int
 EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
 {
-	if (app_methods == NULL) {
+	if (asn1_app_methods == NULL) {
-		app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
+		asn1_app_methods = sk_EVP_PKEY_ASN1_METHOD_new(NULL);
-		if (!app_methods)
+		if (asn1_app_methods == NULL)
 			return 0;
 	}
-	if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
+
 	if (!sk_EVP_PKEY_ASN1_METHOD_push(asn1_app_methods, ameth))
 		return 0;
-	sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
+
 	return 1;
 }
@ -273,8 +241,9 @@ EVP_PKEY_asn1_add_alias(int to, int from)
 	EVP_PKEY_ASN1_METHOD *ameth;
 	ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
-	if (!ameth)
+	if (ameth == NULL)
 		return 0;
 	ameth->pkey_base_id = to;
 	if (!EVP_PKEY_asn1_add0(ameth)) {
 		EVP_PKEY_asn1_free(ameth);
@ -430,6 +399,13 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 	ameth->pkey_ctrl = pkey_ctrl;
 }
 void
 EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_security_bits)(const EVP_PKEY *pkey))
 {
 	ameth->pkey_security_bits = pkey_security_bits;
 }
 void
 EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_check)(const EVP_PKEY *pk))
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_err.c,v 1.22 2020/12/08 15:06:42 tb Exp $ */
+/* $OpenBSD: asn1_err.c,v 1.25 2022/08/29 06:48:58 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@ -53,11 +53,6 @@
 *
 */
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
 * made to it will be overwritten when the script next updates this file,
 * only reason strings will be preserved.
 */
 #include <stdio.h>
 #include <openssl/opensslconf.h>
@ -65,7 +60,6 @@
 #include <openssl/err.h>
 #include <openssl/asn1.h>
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
@ -118,6 +112,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
 	{ERR_REASON(ASN1_R_ILLEGAL_HEX)          , "illegal hex"},
 	{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) , "illegal implicit tag"},
 	{ERR_REASON(ASN1_R_ILLEGAL_INTEGER)      , "illegal integer"},
 	{ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"},
 	{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"},
 	{ERR_REASON(ASN1_R_ILLEGAL_NULL)         , "illegal null"},
 	{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE)   , "illegal null value"},
@ -177,8 +172,11 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
 	{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   , "tag value too high"},
 	{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"},
 	{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
 	{ERR_REASON(ASN1_R_TOO_LARGE)            , "too large"},
 	{ERR_REASON(ASN1_R_TOO_LONG)             , "too long"},
 	{ERR_REASON(ASN1_R_TOO_SMALL)            , "too small"},
 	{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) , "type not constructed"},
 	{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE)   , "type not primitive"},
 	{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
 	{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), "unable to decode rsa private key"},
 	{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       , "unexpected eoc"},
@ -195,12 +193,12 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
 	{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), "unsupported encryption algorithm"},
 	{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "unsupported public key type"},
 	{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     , "unsupported type"},
 	{ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE)   , "wrong integer type"},
 	{ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
 	{ERR_REASON(ASN1_R_WRONG_TAG)            , "wrong tag"},
 	{ERR_REASON(ASN1_R_WRONG_TYPE)           , "wrong type"},
 	{0, NULL}
 };
 #endif
 void
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_gen.c,v 1.18 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: asn1_gen.c,v 1.20 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2002.
 */
@ -62,6 +62,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 #include "asn1_local.h"
 #define ASN1_GEN_FLAG		0x10000
 #define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
 #define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)
@ -754,10 +756,9 @@ asn1_str2type(const char *str, int format, int utype)
 		}
 		if ((utype == V_ASN1_BIT_STRING) && no_unused) {
-			atmp->value.asn1_string->flags &=
+			if (!asn1_abs_set_unused_bits(atmp->value.asn1_string,
-			    ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+			    0))
-			atmp->value.asn1_string->flags |=
+				goto bad_str;
 			    ASN1_STRING_FLAG_BITS_LEFT;
 		}
 		break;
--- a/crypto/asn1/asn1_item.c
+++ b/crypto/asn1/asn1_item.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_item.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */
+/* $OpenBSD: asn1_item.c,v 1.6 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -116,8 +116,8 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "evp_locl.h"
+#include "evp_local.h"
 /*
 * ASN1_ITEM version of dup: this follows the model above except we don't need
@ -234,9 +234,11 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	const EVP_MD *type;
 	EVP_PKEY *pkey;
 	unsigned char *buf_in = NULL, *buf_out = NULL;
-	size_t inl = 0, outl = 0, outll = 0;
+	size_t buf_out_len = 0;
 	int in_len = 0, out_len = 0;
 	int signid, paramtype;
-	int rv;
+	int rv = 2;
 	int ret = 0;
 	type = EVP_MD_CTX_md(ctx);
 	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
@ -250,7 +252,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
 		    signature);
 		if (rv == 1)
-			outl = signature->length;
+			out_len = signature->length;
 		/* Return value meanings:
 		 * <=0: error.
 		 *   1: method does everything.
@ -261,8 +263,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 			ASN1error(ERR_R_EVP_LIB);
 		if (rv <= 1)
 			goto err;
-	} else
+	}
 		rv = 2;
 	if (rv == 2) {
 		if (!pkey->ameth ||
@ -286,36 +287,48 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	}
-	inl = ASN1_item_i2d(asn, &buf_in, it);
+	if ((in_len = ASN1_item_i2d(asn, &buf_in, it)) <= 0) {
-	outll = outl = EVP_PKEY_size(pkey);
+		in_len = 0;
-	buf_out = malloc(outl);
+		goto err;
-	if ((buf_in == NULL) || (buf_out == NULL)) {
+	}
-		outl = 0;
+
 	if ((out_len = EVP_PKEY_size(pkey)) <= 0) {
 		out_len = 0;
 		goto err;
 	}
 	if ((buf_out = malloc(out_len)) == NULL) {
 		ASN1error(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
-	if (!EVP_DigestSignUpdate(ctx, buf_in, inl) ||
+	buf_out_len = out_len;
-	    !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
+	if (!EVP_DigestSignUpdate(ctx, buf_in, in_len) ||
-		outl = 0;
+	    !EVP_DigestSignFinal(ctx, buf_out, &buf_out_len)) {
 		ASN1error(ERR_R_EVP_LIB);
 		goto err;
 	}
 	free(signature->data);
 	signature->data = buf_out;
 	buf_out = NULL;
 	signature->length = outl;
 	/* In the interests of compatibility, I'll make sure that
 	 * the bit string has a 'not-used bits' value of 0
 	 */
 	signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 	signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 	if (buf_out_len > INT_MAX) {
 		ASN1error(ASN1_R_TOO_LONG);
 		goto err;
 	}
 	ASN1_STRING_set0(signature, buf_out, (int)buf_out_len);
 	buf_out = NULL;
 	if (!asn1_abs_set_unused_bits(signature, 0)) {
 		ASN1error(ERR_R_ASN1_LIB);
 		goto err;
 	}
 	ret = (int)buf_out_len;
 err:
 	EVP_MD_CTX_cleanup(ctx);
-	freezero((char *)buf_in, inl);
+	freezero(buf_in, in_len);
-	freezero((char *)buf_out, outll);
+	freezero(buf_out, out_len);
-	return (outl);
+
 	return ret;
 }
 int
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.52 2022/03/26 14:47:58 jsing Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.54 2022/05/05 19:18:56 jsing Exp $ */
 /*
 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
 *
@ -20,7 +20,7 @@
 #include "bytestring.h"
-static int
+int
 asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
    int *out_constructed, uint32_t *out_tag_number)
 {
@ -76,12 +76,12 @@ asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
 	return 1;
 }
-static int
+int
 asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite,
-    uint32_t *out_length)
+    size_t *out_length)
 {
 	uint8_t len_bytes;
-	uint32_t length;
+	size_t length;
 	uint8_t val;
 	/*
@ -127,7 +127,7 @@ asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite,
 			return 0;
 		if (der_mode && length == 0 && val == 0)
 			return 0;
-		if (length > (UINT32_MAX >> 8))
+		if (length > (SIZE_MAX >> 8))
 			return 0;
 		length = (length << 8) | val;
 	}
@ -140,11 +140,12 @@ asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite,
 int
 asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_tag_class,
    int *out_constructed, uint32_t *out_tag_number, int *out_indefinite,
-    uint32_t *out_length)
+    size_t *out_length)
 {
 	int constructed, indefinite;
-	uint32_t tag_number, length;
+	uint32_t tag_number;
 	uint8_t tag_class;
 	size_t length;
 	*out_tag_class = 0;
 	*out_constructed = 0;
@ -176,8 +177,9 @@ asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number,
    CBS *out_content)
 {
 	int constructed, indefinite;
-	uint32_t tag_number, length;
+	uint32_t tag_number;
 	uint8_t tag_class;
 	size_t length;
 	*out_tag_number = 0;
--- a/crypto/asn1/asn1_local.h
+++ b/crypto/asn1/asn1_local.h
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.24 2022/03/26 14:47:58 jsing Exp $ */
+/* $OpenBSD: asn1_local.h,v 1.2 2023/04/25 19:08:30 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@ -112,6 +112,7 @@ struct evp_pkey_asn1_method_st {
 	int (*pkey_size)(const EVP_PKEY *pk);
 	int (*pkey_bits)(const EVP_PKEY *pk);
 	int (*pkey_security_bits)(const EVP_PKEY *pk);
 	int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
 	    int derlen);
@ -141,6 +142,15 @@ struct evp_pkey_asn1_method_st {
 	int (*pkey_check)(const EVP_PKEY *pk);
 	int (*pkey_public_check)(const EVP_PKEY *pk);
 	int (*pkey_param_check)(const EVP_PKEY *pk);
 	int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
 	    size_t len);
 	int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
 	    size_t len);
 	int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key,
 	    size_t *out_len);
 	int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key,
 	    size_t *out_len);
 } /* EVP_PKEY_ASN1_METHOD */;
 /* Method to handle CRL access.
@ -171,9 +181,9 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_cleanup(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it);
 int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
 int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);
@ -193,16 +203,62 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value);
 int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
 int asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
    int *out_constructed, uint32_t *out_tag_number);
 int asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite,
    size_t *out_length);
 int asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
    int *out_constructed, uint32_t *out_tag_number, int *out_indefinite,
-    uint32_t *out_length);
+    size_t *out_length);
 int asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number,
    CBS *out_content);
 int asn1_must_be_constructed(int tag);
 int asn1_must_be_primitive(int tag);
 int asn1_tag2charwidth(int tag);
 int asn1_abs_set_unused_bits(ASN1_BIT_STRING *abs, uint8_t unused_bits);
 int c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs);
 int c2i_ASN1_ENUMERATED_cbs(ASN1_ENUMERATED **out_aenum, CBS *cbs);
 int asn1_aint_get_uint64(CBS *cbs, uint64_t *out_val);
 int asn1_aint_set_uint64(uint64_t val, uint8_t **out_data, int *out_len);
 int asn1_aint_get_int64(CBS *cbs, int negative, int64_t *out_val);
 int c2i_ASN1_INTEGER_cbs(ASN1_INTEGER **out_aint, CBS *cbs);
 int c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content);
 int i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len,
    int no_name);
 ASN1_OBJECT *t2i_ASN1_OBJECT_internal(const char *oid);
 int asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm);
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
    long length);
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
    const unsigned char **pp, long length);
 int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
    long length);
 int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
 int OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from,
    const struct tm *to);
 int asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm);
 int asn1_time_tm_to_time_t(const struct tm *tm, time_t *out);
 int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
 int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
    const ASN1_ITEM *it);
 int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
    const char *hdr, const ASN1_ITEM *it);
 int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
    int ctype_nid, int econt_nid, STACK_OF(X509_ALGOR) *mdalgs,
    const ASN1_ITEM *it);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
 __END_HIDDEN_DECLS
--- a/crypto/asn1/asn1_old.c
+++ b/crypto/asn1/asn1_old.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_old.c,v 1.2 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: asn1_old.c,v 1.3 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -63,7 +63,7 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 #ifndef NO_OLD_ASN1
--- a/crypto/asn1/asn1_old_lib.c
+++ b/crypto/asn1/asn1_old_lib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_old_lib.c,v 1.3 2022/01/14 07:57:17 tb Exp $ */
+/* $OpenBSD: asn1_old_lib.c,v 1.5 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -63,7 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/err.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 static void asn1_put_length(unsigned char **pp, int length);
@ -72,8 +72,9 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
    int *pclass, long omax)
 {
 	int constructed, indefinite;
-	uint32_t tag_number, length;
+	uint32_t tag_number;
 	uint8_t tag_class;
 	size_t length;
 	CBS cbs;
 	int ret = 0;
@ -99,7 +100,7 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 	 * signal an error by setting the 8th bit in the return value... but we
 	 * still provide all of the decoded data.
 	 */
-	if (length > CBS_len(&cbs)) {
+	if (length > CBS_len(&cbs) || length > LONG_MAX) {
 		ASN1error(ASN1_R_TOO_LONG);
 		ret = 0x80;
 	}
--- a/crypto/asn1/asn1_types.c
+++ b/crypto/asn1/asn1_types.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_types.c,v 1.1 2021/12/14 17:35:21 jsing Exp $ */
+/* $OpenBSD: asn1_types.c,v 1.2 2022/09/03 18:52:18 jsing Exp $ */
 /*
 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
 *
@ -19,10 +19,14 @@
 #include <openssl/asn1.h>
 #define ASN1_ENCODING_CONSTRUCTED_ONLY	1
 #define ASN1_ENCODING_PRIMITIVE_ONLY	2
 struct asn1_type {
 	const char *name;
 	uint32_t bit_value;
 	int char_width;
 	int encoding;
 };
 /*
@ -40,12 +44,14 @@ static const struct asn1_type asn1_types[31] = {
 		.name = "BOOLEAN",
 		.bit_value = 0,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[2] = {
 		/* Tag 2 (0x02) - Integer */
 		.name = "INTEGER",
 		.bit_value = 0,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[3] = {
 		/* Tag 3 (0x03) - BitString */
@ -64,12 +70,14 @@ static const struct asn1_type asn1_types[31] = {
 		.name = "NULL",
 		.bit_value = 0,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[6] = {
 		/* Tag 6 (0x06) - Object Identifier */
 		.name = "OBJECT",
 		.bit_value = 0,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[7] = {
 		/* Tag 7 (0x07) - Object Descriptor */
@ -88,12 +96,14 @@ static const struct asn1_type asn1_types[31] = {
 		.name = "REAL",
 		.bit_value = B_ASN1_UNKNOWN,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[10] = {
 		/* Tag 10 (0x0a) - Enumerated */
 		.name = "ENUMERATED",
 		.bit_value = B_ASN1_UNKNOWN,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[11] = {
 		/* Tag 11 (0x0b) - Embedded PDV */
@ -112,12 +122,14 @@ static const struct asn1_type asn1_types[31] = {
 		.name = "<ASN1 13 RELATIVE OID>",
 		.bit_value = B_ASN1_UNKNOWN,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[14] = {
 		/* Tag 14 (0x0e) - Time */
 		.name = "<ASN1 14 TIME>",
 		.bit_value = B_ASN1_UNKNOWN,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
 	},
 	[15] = {
 		/* Tag 15 (0x0f) - Reserved */
@ -130,12 +142,14 @@ static const struct asn1_type asn1_types[31] = {
 		.name = "SEQUENCE",
 		.bit_value = B_ASN1_SEQUENCE,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_CONSTRUCTED_ONLY,
 	},
 	[17] = {
 		/* Tag 17 (0x11) - Set */
 		.name = "SET",
 		.bit_value = 0,
 		.char_width = -1,
 		.encoding = ASN1_ENCODING_CONSTRUCTED_ONLY,
 	},
 	[18] = {
 		/* Tag 18 (0x12) - NumericString */
@ -226,6 +240,32 @@ asn1_type_by_tag(int tag)
 	return &asn1_types[tag];
 }
 int
 asn1_must_be_constructed(int tag)
 {
 	const struct asn1_type *at;
 	if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED)
 		tag &= ~V_ASN1_NEG;
 	if ((at = asn1_type_by_tag(tag)) != NULL)
 		return at->encoding == ASN1_ENCODING_CONSTRUCTED_ONLY;
 	return 0;
 }
 int
 asn1_must_be_primitive(int tag)
 {
 	const struct asn1_type *at;
 	if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED)
 		tag &= ~V_ASN1_NEG;
 	if ((at = asn1_type_by_tag(tag)) != NULL)
 		return at->encoding == ASN1_ENCODING_PRIMITIVE_ONLY;
 	return 0;
 }
 int
 asn1_tag2charwidth(int tag)
 {
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn_mime.c,v 1.29 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: asn_mime.c,v 1.31 2023/04/19 16:36:34 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@ -62,8 +62,8 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "evp_locl.h"
+#include "evp_local.h"
 /* Generalised MIME like utilities for streaming ASN1. Although many
 * have a PKCS7/CMS like flavour others are more general purpose.
@ -663,9 +663,8 @@ multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
 #define MIME_QUOTE	5
 #define MIME_COMMENT	6
-
+static STACK_OF(MIME_HEADER) *
-static
+mime_parse_hdr(BIO *bio)
 STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 {
 	char *p, *q, c;
 	char *ntmp;
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@ -1,4 +1,4 @@
-/* $OpenBSD: asn_moid.c,v 1.14 2022/01/07 11:13:54 tb Exp $ */
+/* $OpenBSD: asn_moid.c,v 1.15 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@ -65,7 +65,7 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 /* Simple ASN1 OID module: add all objects in a given section */
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bio_asn1.c,v 1.17 2022/01/14 08:40:57 tb Exp $ */
+/* $OpenBSD: bio_asn1.c,v 1.21 2023/03/25 10:45:20 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@ -163,7 +163,7 @@ asn1_bio_new(BIO *b)
 	ctx->state = ASN1_STATE_START;
 	b->init = 1;
-	b->ptr = (char *)ctx;
+	b->ptr = ctx;
 	b->flags = 0;
 	return 1;
@ -172,11 +172,16 @@ asn1_bio_new(BIO *b)
 static int
 asn1_bio_free(BIO *b)
 {
-	BIO_ASN1_BUF_CTX *ctx;
+	BIO_ASN1_BUF_CTX *ctx = b->ptr;
 	ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
 	if (ctx == NULL)
 		return 0;
 	if (ctx->prefix_free != NULL)
 		ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
 	if (ctx->suffix_free != NULL)
 		ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
 	free(ctx->buf);
 	free(ctx);
 	b->init = 0;
@ -194,8 +199,8 @@ asn1_bio_write(BIO *b, const char *in , int inl)
 	if (!in || (inl < 0) || (b->next_bio == NULL))
 		return 0;
-	ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
+
-	if (ctx == NULL)
+	if ((ctx = b->ptr) == NULL)
 		return 0;
 	wrlen = 0;
@ -254,7 +259,7 @@ asn1_bio_write(BIO *b, const char *in , int inl)
 				wrmax = inl;
 			ret = BIO_write(b->next_bio, in, wrmax);
 			if (ret <= 0)
-				break;
+				goto done;
 			wrlen += ret;
 			ctx->copylen -= ret;
 			in += ret;
@ -360,8 +365,7 @@ asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
 	BIO_ASN1_EX_FUNCS *ex_func;
 	long ret = 1;
-	ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
+	if ((ctx = b->ptr) == NULL)
 	if (ctx == NULL)
 		return 0;
 	switch (cmd) {
@ -452,11 +456,12 @@ asn1_bio_get_ex(BIO *b, int cmd, asn1_ps_func **ex_func,
 	BIO_ASN1_EX_FUNCS extmp;
 	int ret;
-	ret = BIO_ctrl(b, cmd, 0, &extmp);
+	if ((ret = BIO_ctrl(b, cmd, 0, &extmp)) <= 0)
-	if (ret > 0) {
+		return ret;
-		*ex_func = extmp.ex_func;
+
-		*ex_free_func = extmp.ex_free_func;
+	*ex_func = extmp.ex_func;
-	}
+	*ex_free_func = extmp.ex_free_func;
 	return ret;
 }
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ndef.c,v 1.11 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: bio_ndef.c,v 1.22 2023/04/25 19:08:30 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@ -52,12 +52,14 @@
 *
 */
 #include <stdio.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
-#include <stdio.h>
+#include "asn1_local.h"
 /* Experimental NDEF ASN1 BIO support routines */
@ -101,32 +103,49 @@ BIO *
 BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
 {
 	NDEF_SUPPORT *ndef_aux = NULL;
-	BIO *asn_bio = NULL;
+	BIO *asn_bio = NULL, *pop_bio = NULL;
 	const ASN1_AUX *aux = it->funcs;
 	ASN1_STREAM_ARG sarg;
-	if (!aux || !aux->asn1_cb) {
+	if (aux == NULL || aux->asn1_cb == NULL) {
 		ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED);
-		return NULL;
+		goto err;
 	}
 	ndef_aux = malloc(sizeof(NDEF_SUPPORT));
 	asn_bio = BIO_new(BIO_f_asn1());
-	/* ASN1 bio needs to be next to output BIO */
+	if ((asn_bio = BIO_new(BIO_f_asn1())) == NULL)
 	out = BIO_push(asn_bio, out);
 	if (!ndef_aux || !asn_bio || !out)
 		goto err;
-	BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+	if (BIO_push(asn_bio, out) == NULL)
-	BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+		goto err;
 	pop_bio = asn_bio;
-	/* Now let callback prepend any digest, cipher etc BIOs
+	/*
-	 * ASN1 structure needs.
+	 * Set up prefix and suffix handlers first. This ensures that ndef_aux
 	 * is freed as part of asn_bio once it is the asn_bio's ex_arg.
 	 */
 	if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0)
 		goto err;
 	if (BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0)
 		goto err;
 	/*
 	 * Allocate early to avoid the tricky cleanup after the asn1_cb().
 	 * Ownership of ndef_aux is transferred to asn_bio in BIO_ctrl().
 	 * Keep a reference to populate it after callback success.
 	 */
 	if ((ndef_aux = calloc(1, sizeof(*ndef_aux))) == NULL)
 		goto err;
 	if (BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) {
 		free(ndef_aux);
 		goto err;
 	}
 	/*
 	 * The callback prepends BIOs to the chain starting at asn_bio for
 	 * digest, cipher, etc. The resulting chain starts at sarg.ndef_bio.
 	 */
-	sarg.out = out;
+	sarg.out = asn_bio;
 	sarg.ndef_bio = NULL;
 	sarg.boundary = NULL;
@ -137,15 +156,14 @@ BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
 	ndef_aux->it = it;
 	ndef_aux->ndef_bio = sarg.ndef_bio;
 	ndef_aux->boundary = sarg.boundary;
-	ndef_aux->out = out;
+	ndef_aux->out = asn_bio;
 	BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
 	return sarg.ndef_bio;
 err:
 	BIO_pop(pop_bio);
 	BIO_free(asn_bio);
-	free(ndef_aux);
+
 	return NULL;
 }
@ -178,29 +196,34 @@ ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 static int
 ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 {
-	NDEF_SUPPORT *ndef_aux;
+	NDEF_SUPPORT **pndef_aux = parg;
-	if (!parg)
+	if (pndef_aux == NULL || *pndef_aux == NULL)
 		return 0;
-	ndef_aux = *(NDEF_SUPPORT **)parg;
+	free((*pndef_aux)->derbuf);
 	(*pndef_aux)->derbuf = NULL;
 	free(ndef_aux->derbuf);
 	ndef_aux->derbuf = NULL;
 	*pbuf = NULL;
 	*plen = 0;
 	return 1;
 }
 static int
 ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 {
-	NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
+	NDEF_SUPPORT **pndef_aux = parg;
 	/* Ensure ndef_prefix_free() won't fail, so we won't leak *pndef_aux. */
 	if (pndef_aux == NULL || *pndef_aux == NULL)
 		return 0;
 	if (!ndef_prefix_free(b, pbuf, plen, parg))
 		return 0;
 	free(*pndef_aux);
 	*pndef_aux = NULL;
 	return 1;
 }
--- a/crypto/asn1/nsseq.c
+++ b/crypto/asn1/nsseq.c
@ -1,129 +0,0 @@
 /* $OpenBSD: nsseq.c,v 1.10 2015/02/11 04:00:39 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 static int
 nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
 	if (operation == ASN1_OP_NEW_POST) {
 		NETSCAPE_CERT_SEQUENCE *nsseq;
 		nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
 		nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
 	}
 	return 1;
 }
 /* Netscape certificate sequence structure */
 static const ASN1_AUX NETSCAPE_CERT_SEQUENCE_aux = {
 	.asn1_cb = nsseq_cb,
 };
 static const ASN1_TEMPLATE NETSCAPE_CERT_SEQUENCE_seq_tt[] = {
 	{
 		.offset = offsetof(NETSCAPE_CERT_SEQUENCE, type),
 		.field_name = "type",
 		.item = &ASN1_OBJECT_it,
 	},
 	{
 		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
 		.offset = offsetof(NETSCAPE_CERT_SEQUENCE, certs),
 		.field_name = "certs",
 		.item = &X509_it,
 	},
 };
 const ASN1_ITEM NETSCAPE_CERT_SEQUENCE_it = {
 	.itype = ASN1_ITYPE_SEQUENCE,
 	.utype = V_ASN1_SEQUENCE,
 	.templates = NETSCAPE_CERT_SEQUENCE_seq_tt,
 	.tcount = sizeof(NETSCAPE_CERT_SEQUENCE_seq_tt) / sizeof(ASN1_TEMPLATE),
 	.funcs = &NETSCAPE_CERT_SEQUENCE_aux,
 	.size = sizeof(NETSCAPE_CERT_SEQUENCE),
 	.sname = "NETSCAPE_CERT_SEQUENCE",
 };
 NETSCAPE_CERT_SEQUENCE *
 d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, const unsigned char **in, long len)
 {
 	return (NETSCAPE_CERT_SEQUENCE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &NETSCAPE_CERT_SEQUENCE_it);
 }
 int
 i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_CERT_SEQUENCE_it);
 }
 NETSCAPE_CERT_SEQUENCE *
 NETSCAPE_CERT_SEQUENCE_new(void)
 {
 	return (NETSCAPE_CERT_SEQUENCE *)ASN1_item_new(&NETSCAPE_CERT_SEQUENCE_it);
 }
 void
 NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_CERT_SEQUENCE_it);
 }
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbev2.c,v 1.27 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: p5_pbev2.c,v 1.28 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999-2004.
 */
@ -64,7 +64,7 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
-#include "evp_locl.h"
+#include "evp_local.h"
 /* PKCS#5 v2.0 password based encryption structures */
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@ -1,4 +1,4 @@
-/* $OpenBSD: p8_pkey.c,v 1.20 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: p8_pkey.c,v 1.21 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@ -62,7 +62,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 /* Minor tweak to operation: zero private key data */
 static int
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@ -1,4 +1,4 @@
-/* $OpenBSD: t_crl.c,v 1.20 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: t_crl.c,v 1.21 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@ -66,7 +66,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 int
 X509_CRL_print_fp(FILE *fp, X509_CRL *x)
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@ -1,4 +1,4 @@
-/* $OpenBSD: t_pkey.c,v 1.17 2021/12/04 16:08:32 tb Exp $ */
+/* $OpenBSD: t_pkey.c,v 1.19 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -62,7 +62,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
-#include "bn_lcl.h"
+#include "bn_local.h"
 int
 ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
@ -114,3 +114,32 @@ ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
 	}
 	return (1);
 }
 #define ASN1_BUF_PRINT_WIDTH		15
 #define ASN1_BUF_PRINT_MAX_INDENT	64
 int
 ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
 {
 	size_t i;
 	for (i = 0; i < buflen; i++) {
 		if ((i % ASN1_BUF_PRINT_WIDTH) == 0) {
 			if (i > 0 && BIO_puts(bp, "\n") <= 0)
 				return 0;
 			if (!BIO_indent(bp, indent, ASN1_BUF_PRINT_MAX_INDENT))
 				return 0;
 		}
 		/*
 		 * Use colon separators for each octet for compatibility as
 		 * this function is used to print out key components.
 		 */
 		if (BIO_printf(bp, "%02x%s", buf[i],
 		    (i == buflen - 1) ? "" : ":") <= 0)
 			return 0;
 	}
 	if (BIO_write(bp, "\n", 1) <= 0)
 		return 0;
 	return 1;
 }
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@ -1,4 +1,4 @@
-/* $OpenBSD: t_req.c,v 1.21 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: t_req.c,v 1.24 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -74,7 +74,7 @@
 #include <openssl/rsa.h>
 #endif
-#include "x509_lcl.h"
+#include "x509_local.h"
 int
 X509_REQ_print_fp(FILE *fp, X509_REQ *x)
@ -102,7 +102,7 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 	X509_REQ_INFO *ri;
 	EVP_PKEY *pkey;
 	STACK_OF(X509_ATTRIBUTE) *sk;
-	STACK_OF(X509_EXTENSION) *exts;
+	STACK_OF(X509_EXTENSION) *exts = NULL;
 	char mlch = ' ';
 	int nmindent = 0;
@ -176,7 +176,6 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 				ASN1_TYPE *at;
 				X509_ATTRIBUTE *a;
 				ASN1_BIT_STRING *bs = NULL;
 				ASN1_TYPE *t;
 				int j, type = 0, count = 1, ii = 0;
 				a = sk_X509_ATTRIBUTE_value(sk, i);
@ -186,20 +185,12 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 				if (BIO_printf(bp, "%12s", "") <= 0)
 					goto err;
 				if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) {
-					if (a->single) {
+					ii = 0;
-						t = a->value.single;
+					count = sk_ASN1_TYPE_num(a->set);
 						type = t->type;
 						bs = t->value.bit_string;
 					} else {
 						ii = 0;
 						count = sk_ASN1_TYPE_num(
 						    a->value.set);
 get_next:
-						at = sk_ASN1_TYPE_value(
+					at = sk_ASN1_TYPE_value(a->set, ii);
-						    a->value.set, ii);
+					type = at->type;
-						type = at->type;
+					bs = at->value.asn1_string;
 						bs = at->value.asn1_string;
 					}
 				}
 				for (j = 25 - j; j > 0; j--)
 					if (BIO_write(bp, " ", 1) != 1)
@ -247,6 +238,7 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 					goto err;
 			}
 			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
 			exts = NULL;
 		}
 	}
@ -258,6 +250,7 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 	return (1);
 err:
 	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
 	X509error(ERR_R_BUF_LIB);
 	return (0);
 }
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@ -1,4 +1,4 @@
-/* $OpenBSD: t_spki.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: t_spki.c,v 1.14 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@ -71,7 +71,7 @@
 #include <openssl/rsa.h>
 #endif
-#include "x509_lcl.h"
+#include "x509_local.h"
 /* Print out an SPKI */
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@ -1,4 +1,4 @@
-/* $OpenBSD: t_x509.c,v 1.37 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: t_x509.c,v 1.41 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -77,8 +77,8 @@
 #include <openssl/rsa.h>
 #endif
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "x509_lcl.h"
+#include "x509_local.h"
 int
 X509_print_fp(FILE *fp, X509 *x)
@ -118,7 +118,6 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey = NULL;
 	const char *neg;
 	if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
 		mlch = '\n';
@ -137,9 +136,15 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	}
 	if (!(cflag & X509_FLAG_NO_VERSION)) {
 		l = X509_get_version(x);
-		if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n",
+		if (l >= 0 && l <= 2) {
-		    "", l + 1, l) <= 0)
+			if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n",
-			goto err;
+			    "", l + 1, l) <= 0)
 				goto err;
 		} else {
 			if (BIO_printf(bp, "%8sVersion: unknown (%ld)\n",
 			    "", l) <= 0)
 				goto err;
 		}
 	}
 	if (!(cflag & X509_FLAG_NO_SERIAL)) {
 		if (BIO_write(bp, "        Serial Number:", 22) <= 0)
@ -149,18 +154,15 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 		l = -1;
 		if (bs->length <= (int)sizeof(long))
 			l = ASN1_INTEGER_get(bs);
-		if (l != -1) {
+		if (l >= 0) {
-			if (bs->type == V_ASN1_NEG_INTEGER) {
+			if (BIO_printf(bp, " %ld (0x%lx)\n", l, l) <= 0)
 				l = -l;
 				neg = "-";
 			} else
 				neg = "";
 			if (BIO_printf(bp, " %s%lu (%s0x%lx)\n",
 			    neg, l, neg, l) <= 0)
 				goto err;
 		} else {
-			neg = (bs->type == V_ASN1_NEG_INTEGER) ?
+			const char *neg = "";
-			    " (Negative)" : "";
+
 			if (bs->type == V_ASN1_NEG_INTEGER)
 				neg = " (Negative)";
 			if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
 				goto err;
 			for (i = 0; i < bs->length; i++) {
@ -468,9 +470,8 @@ int
 X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
 {
 	char *s, *c, *b;
-	int ret = 0, l, i;
+	int i;
-
+	int ret = 0;
 	l = 80 - 2 - obase;
 	b = X509_NAME_oneline(name, NULL, 0);
 	if (b == NULL)
@ -495,12 +496,10 @@ X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
 				if (BIO_write(bp, ", ", 2) != 2)
 					goto err;
 			}
 			l--;
 		}
 		if (*s == '\0')
 			break;
 		s++;
 		l--;
 	}
 	ret = 1;
--- a/crypto/asn1/t_x509a.c
+++ b/crypto/asn1/t_x509a.c
@ -1,4 +1,4 @@
-/* $OpenBSD: t_x509a.c,v 1.10 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: t_x509a.c,v 1.11 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@ -62,7 +62,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 /* X509_CERT_AUX and string set routines */
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_enc.c,v 1.24 2022/01/07 11:13:54 tb Exp $ */
+/* $OpenBSD: tasn_enc.c,v 1.31 2023/04/30 16:46:49 job Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -64,7 +64,7 @@
 #include <openssl/err.h>
 #include <openssl/objects.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
    const ASN1_ITEM *it, int tag, int aclass);
@ -106,22 +106,28 @@ static int
 asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it,
    int flags)
 {
-	if (out && !*out) {
+	unsigned char *p, *buf;
-		unsigned char *p, *buf;
+	int len;
-		int len;
+
-		len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+	if (out == NULL || *out != NULL)
-		if (len <= 0)
+		return ASN1_item_ex_i2d(&val, out, it, -1, flags);
-			return len;
+
-		buf = malloc(len);
+	if ((len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags)) <= 0)
 		if (!buf)
 			return -1;
 		p = buf;
 		ASN1_item_ex_i2d(&val, &p, it, -1, flags);
 		*out = buf;
 		return len;
 	if ((buf = calloc(1, len)) == NULL)
 		return -1;
 	p = buf;
 	if (ASN1_item_ex_i2d(&val, &p, it, -1, flags) != len) {
 		freezero(buf, len);
 		ASN1error(ASN1_R_LENGTH_ERROR);
 		return -1;
 	}
-	return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+	*out = buf;
 	return len;
 }
 /* Encode an item, taking care of IMPLICIT tagging (if any).
@ -494,7 +500,7 @@ static int
 asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
    const ASN1_ITEM *it, int tag, int aclass)
 {
-	int len;
+	int olen, len;
 	int utype;
 	int usetag;
 	int ndef = 0;
@ -505,7 +511,7 @@ asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
 	 * out the underlying type.
 	 */
-	len = asn1_ex_i2c(pval, NULL, &utype, it);
+	olen = len = asn1_ex_i2c(pval, NULL, &utype, it);
 	/* If SEQUENCE, SET or OTHER then header is
 	 * included in pseudo content octets so don't
@ -529,6 +535,10 @@ asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
 		len = 0;
 	}
 	/* Treat any other negative value as an error. */
 	if (len < 0)
 		return -1;
 	/* If not implicitly tagged get tag from underlying type */
 	if (tag == -1)
 		tag = utype;
@ -537,7 +547,8 @@ asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
 	if (out) {
 		if (usetag)
 			ASN1_put_object(out, ndef, len, tag, aclass);
-		asn1_ex_i2c(pval, *out, &utype, it);
+		if (asn1_ex_i2c(pval, *out, &utype, it) != olen)
 			return -1;
 		if (ndef)
 			ASN1_put_eoc(out);
 		else
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_fre.c,v 1.18 2022/01/07 12:24:17 tb Exp $ */
+/* $OpenBSD: tasn_fre.c,v 1.21 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -62,27 +62,26 @@
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+static void asn1_item_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
    int combine);
 /* Free up an ASN1 structure */
 void
 ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
 {
-	asn1_item_combine_free(&val, it, 0);
+	asn1_item_free(&val, it);
 }
 void
 ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	asn1_item_combine_free(pval, it, 0);
+	asn1_item_free(pval, it);
 }
 static void
-asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+asn1_item_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	const ASN1_TEMPLATE *tt = NULL, *seqtt;
 	const ASN1_EXTERN_FUNCS *ef;
@ -126,10 +125,8 @@ asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 		}
 		if (asn1_cb)
 			asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
-		if (!combine) {
+		free(*pval);
-			free(*pval);
+		*pval = NULL;
 			*pval = NULL;
 		}
 		break;
 	case ASN1_ITYPE_EXTERN:
@ -147,7 +144,7 @@ asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 			if (i == 2)
 				return;
 		}
-		asn1_enc_free(pval, it);
+		asn1_enc_cleanup(pval, it);
 		/* If we free up as normal we will invalidate any
 		 * ANY DEFINED BY field and we wont be able to
 		 * determine the type of the field it defines. So
@ -164,10 +161,8 @@ asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 		}
 		if (asn1_cb)
 			asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
-		if (!combine) {
+		free(*pval);
-			free(*pval);
+		*pval = NULL;
 			*pval = NULL;
 		}
 		break;
 	}
 }
@ -181,14 +176,12 @@ ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
 			ASN1_VALUE *vtmp;
 			vtmp = sk_ASN1_VALUE_value(sk, i);
-			asn1_item_combine_free(&vtmp, tt->item,
+			asn1_item_free(&vtmp, tt->item);
 			    0);
 		}
 		sk_ASN1_VALUE_free(sk);
 		*pval = NULL;
 	} else
-		asn1_item_combine_free(pval, tt->item,
+		asn1_item_free(pval, tt->item);
 		    tt->flags & ASN1_TFLG_COMBINE);
 }
 void
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_new.c,v 1.21 2022/01/07 12:24:17 tb Exp $ */
+/* $OpenBSD: tasn_new.c,v 1.23 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -64,10 +64,9 @@
 #include <openssl/asn1t.h>
 #include <string.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int asn1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
    int combine);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
@ -86,11 +85,11 @@ ASN1_item_new(const ASN1_ITEM *it)
 int
 ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	return asn1_item_ex_combine_new(pval, it, 0);
+	return asn1_item_ex_new(pval, it);
 }
 static int
-asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+asn1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	const ASN1_TEMPLATE *tt = NULL;
 	const ASN1_EXTERN_FUNCS *ef;
@ -102,9 +101,7 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 	if (aux != NULL && aux->asn1_cb != NULL)
 		asn1_cb = aux->asn1_cb;
-	if (!combine)
+	*pval = NULL;
 		*pval = NULL;
 	switch (it->itype) {
 	case ASN1_ITYPE_EXTERN:
@ -137,11 +134,9 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 				return 1;
 			}
 		}
-		if (!combine) {
+		*pval = calloc(1, it->size);
-			*pval = calloc(1, it->size);
+		if (!*pval)
-			if (!*pval)
+			goto memerr;
 				goto memerr;
 		}
 		asn1_set_choice_selector(pval, -1, it);
 		if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
 			goto auxerr;
@ -157,13 +152,11 @@ asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
 				return 1;
 			}
 		}
-		if (!combine) {
+		*pval = calloc(1, it->size);
-			*pval = calloc(1, it->size);
+		if (!*pval)
-			if (!*pval)
+			goto memerr;
-				goto memerr;
+		asn1_do_lock(pval, 0, it);
-			asn1_do_lock(pval, 0, it);
+		asn1_enc_init(pval, it);
 			asn1_enc_init(pval, it);
 		}
 		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
 			pseqval = asn1_get_field_ptr(pval, tt);
 			if (!ASN1_template_new(pseqval, tt))
@ -249,7 +242,7 @@ ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 		goto done;
 	}
 	/* Otherwise pass it back to the item routine */
-	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+	ret = asn1_item_ex_new(pval, it);
 done:
 	return ret;
 }
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_prn.c,v 1.22 2021/12/03 17:10:49 jsing Exp $ */
+/* $OpenBSD: tasn_prn.c,v 1.24 2023/04/17 08:43:16 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -65,22 +65,17 @@
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 /* Print routines.
 */
 /* ASN1_PCTX routines */
-ASN1_PCTX default_pctx = {
+static const ASN1_PCTX default_pctx = {
-	ASN1_PCTX_FLAGS_SHOW_ABSENT,	/* flags */
+	.flags = ASN1_PCTX_FLAGS_SHOW_ABSENT,
 	0,				/* nm_flags */
 	0,				/* cert_flags */
 	0,				/* oid_flags */
 	0				/* str_flags */
 };
 ASN1_PCTX *
 ASN1_PCTX_new(void)
 {
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_utl.c,v 1.13 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: tasn_utl.c,v 1.18 2022/12/26 07:18:51 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -56,13 +56,17 @@
 *
 */
 #include <limits.h>
 #include <stddef.h>
 #include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/err.h>
 #include "bytestring.h"
 /* Utility functions for manipulating fields and offsets */
 /* Add 'offset' to 'addr' */
@ -96,7 +100,7 @@ asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
 /* Do reference counting. The value 'op' decides what to do.
 * if it is +1 then the count is incremented. If op is 0 count is
 * set to 1. If op is -1 count is decremented and the return value
- * is the current refrence count or 0 if no reference count exists.
+ * is the current reference count or 0 if no reference count exists.
 */
 int
@ -123,79 +127,96 @@ asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
 static ASN1_ENCODING *
 asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	const ASN1_AUX *aux;
+	const ASN1_AUX *aux = it->funcs;
-	if (!pval || !*pval)
+	if (pval == NULL || *pval == NULL)
 		return NULL;
-	aux = it->funcs;
+
-	if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+	if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0)
 		return NULL;
 	return offset2ptr(*pval, aux->enc_offset);
 }
 void
 asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	ASN1_ENCODING *enc;
+	ASN1_ENCODING *aenc;
-	enc = asn1_get_enc_ptr(pval, it);
+	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
-	if (enc) {
+		return;
-		enc->enc = NULL;
+
-		enc->len = 0;
+	aenc->enc = NULL;
-		enc->modified = 1;
+	aenc->len = 0;
-	}
+	aenc->modified = 1;
 }
 static void
 asn1_enc_clear(ASN1_ENCODING *aenc)
 {
 	freezero(aenc->enc, aenc->len);
 	aenc->enc = NULL;
 	aenc->len = 0;
 	aenc->modified = 1;
 }
 void
-asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+asn1_enc_cleanup(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	ASN1_ENCODING *enc;
+	ASN1_ENCODING *aenc;
-	enc = asn1_get_enc_ptr(pval, it);
+	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
-	if (enc) {
+		return;
-		free(enc->enc);
+
-		enc->enc = NULL;
+	asn1_enc_clear(aenc);
 		enc->len = 0;
 		enc->modified = 1;
 	}
 }
 int
-asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it)
    const ASN1_ITEM *it)
 {
-	ASN1_ENCODING *enc;
+	ASN1_ENCODING *aenc;
 	uint8_t *data = NULL;
 	size_t data_len = 0;
-	enc = asn1_get_enc_ptr(pval, it);
+	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
 	if (!enc)
 		return 1;
-	free(enc->enc);
+	asn1_enc_clear(aenc);
-	enc->enc = malloc(inlen);
+
-	if (!enc->enc)
+	if (!CBS_stow(cbs, &data, &data_len))
 		return 0;
-	memcpy(enc->enc, in, inlen);
+	if (data_len > LONG_MAX) {
-	enc->len = inlen;
+		freezero(data, data_len);
-	enc->modified = 0;
+		return 0;
 	}
 	aenc->enc = data;
 	aenc->len = (long)data_len;
 	aenc->modified = 0;
 	return 1;
 }
 int
-asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+asn1_enc_restore(int *out_len, unsigned char **out, ASN1_VALUE **pval,
    const ASN1_ITEM *it)
 {
-	ASN1_ENCODING *enc;
+	ASN1_ENCODING *aenc;
-	enc = asn1_get_enc_ptr(pval, it);
+	if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
 	if (!enc || enc->modified)
 		return 0;
-	if (out) {
+
-		memcpy(*out, enc->enc, enc->len);
+	if (aenc->modified)
-		*out += enc->len;
+		return 0;
 	if (out != NULL) {
 		memcpy(*out, aenc->enc, aenc->len);
 		*out += aenc->len;
 	}
-	if (len)
+
-		*len = enc->len;
+	if (out_len != NULL)
 		*out_len = aenc->len;
 	return 1;
 }
@ -205,8 +226,6 @@ asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
 	ASN1_VALUE **pvaltmp;
 	if (tt->flags & ASN1_TFLG_COMBINE)
 		return pval;
 	pvaltmp = offset2ptr(*pval, tt->offset);
 	/* NOTE for BOOLEAN types the field is just a plain
 	 * int so we can't return int **, so settle for
--- a/crypto/asn1/x_attrib.c
+++ b/crypto/asn1/x_attrib.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_attrib.c,v 1.16 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: x_attrib.c,v 1.18 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -62,50 +62,16 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
-/* X509_ATTRIBUTE: this has the following form:
+/*
- *
+ * XXX - remove X509_ATTRIBUTE_SET_it with next major bump.
 * typedef struct x509_attributes_st
 *	{
 *	ASN1_OBJECT *object;
 *	int single;
 *	union	{
 *		char		*ptr;
 * 		STACK_OF(ASN1_TYPE) *set;
 * 		ASN1_TYPE	*single;
 *		} value;
 *	} X509_ATTRIBUTE;
 *
 * this needs some extra thought because the CHOICE type is
 * merged with the main structure and because the value can
 * be anything at all we *must* try the SET OF first because
 * the ASN1_ANY type will swallow anything including the whole
 * SET OF structure.
 */
 static const ASN1_TEMPLATE X509_ATTRIBUTE_SET_ch_tt[] = {
 	{
 		.flags = ASN1_TFLG_SET_OF,
 		.tag = 0,
 		.offset = offsetof(X509_ATTRIBUTE, value.set),
 		.field_name = "value.set",
 		.item = &ASN1_ANY_it,
 	},
 	{
 		.flags = 0,
 		.tag = 0,
 		.offset = offsetof(X509_ATTRIBUTE, value.single),
 		.field_name = "value.single",
 		.item = &ASN1_ANY_it,
 	},
 };
 const ASN1_ITEM X509_ATTRIBUTE_SET_it = {
 	.itype = ASN1_ITYPE_CHOICE,
-	.utype = offsetof(X509_ATTRIBUTE, single),
+	.utype = 0,
-	.templates = X509_ATTRIBUTE_SET_ch_tt,
+	.templates = NULL,
-	.tcount = sizeof(X509_ATTRIBUTE_SET_ch_tt) / sizeof(ASN1_TEMPLATE),
+	.tcount = 0,
 	.funcs = NULL,
 	.size = sizeof(X509_ATTRIBUTE),
 	.sname = "X509_ATTRIBUTE",
@ -119,13 +85,12 @@ static const ASN1_TEMPLATE X509_ATTRIBUTE_seq_tt[] = {
 		.field_name = "object",
 		.item = &ASN1_OBJECT_it,
 	},
 	/* CHOICE type merged with parent */
 	{
-		.flags = 0 | ASN1_TFLG_COMBINE,
+		.flags = ASN1_TFLG_SET_OF,
 		.tag = 0,
-		.offset = 0,
+		.offset = offsetof(X509_ATTRIBUTE, set),
-		.field_name = NULL,
+		.field_name = "set",
-		.item = &X509_ATTRIBUTE_SET_it,
+		.item = &ASN1_ANY_it,
 	},
 };
@ -183,12 +148,9 @@ X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 	if ((ret = X509_ATTRIBUTE_new()) == NULL)
 		return (NULL);
 	ret->object = oid;
 	ret->single = 0;
 	if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
 		goto err;
 	if ((val = ASN1_TYPE_new()) == NULL)
 		goto err;
-	if (!sk_ASN1_TYPE_push(ret->value.set, val))
+	if (!sk_ASN1_TYPE_push(ret->set, val))
 		goto err;
 	ASN1_TYPE_set(val, atrtype, value);
--- a/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_bignum.c,v 1.10 2019/04/01 15:49:22 jsing Exp $ */
+/* $OpenBSD: x_bignum.c,v 1.13 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -61,15 +61,16 @@
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
 #include "asn1_local.h"
 #include "bytestring.h"
 /*
- * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * Custom primitive type for that reads an ASN.1 INTEGER into a BIGNUM.
 * BIGNUM directly. Currently it ignores the sign which isn't a problem since
 * all BIGNUMs used are non negative and anything that looks negative is
 * normally due to an encoding error.
 */
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
    const ASN1_ITEM *it);
@ -83,7 +84,7 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
 	.flags = 0,
 	.prim_new = bn_new,
 	.prim_free = bn_free,
-	.prim_clear = NULL,	/* XXX */
+	.prim_clear = bn_clear,
 	.prim_c2i = bn_c2i,
 	.prim_i2c = bn_i2c,
 	.prim_print = bn_print,
@ -112,11 +113,17 @@ const ASN1_ITEM CBIGNUM_it = {
 static int
 bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	*pval = (ASN1_VALUE *)BN_new();
+	if ((*pval = (ASN1_VALUE *)BN_new()) == NULL)
 	if (*pval)
 		return 1;
 	else
 		return 0;
 	return 1;
 }
 static void
 bn_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	BN_free((BIGNUM *)*pval);
 	*pval = NULL;
 }
 static void
@ -124,56 +131,70 @@ bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	if (*pval == NULL)
 		return;
-	BN_clear_free((BIGNUM *)*pval);
+
-	*pval = NULL;
+	bn_clear(pval, it);
 }
 static int
-bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+bn_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype, const ASN1_ITEM *it)
 {
-	BIGNUM *bn;
+	ASN1_INTEGER *aint = NULL;
-	int pad, len;
+	unsigned char **pp = NULL;
 	const BIGNUM *bn;
 	int ret;
 	if (*pval == NULL)
 		return -1;
-	bn = (BIGNUM *)*pval;
+
-	/* If MSB set in an octet we need a padding byte */
+	bn = (const BIGNUM *)*pval;
-	if (BN_num_bits(bn) & 0x7)
+
-		pad = 0;
+	if ((aint = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
-	else
+		return -1;
-		pad = 1;
+
-	if (cont) {
+	if (content != NULL)
-		if (pad)
+		pp = &content;
-			*cont++ = 0;
+
-		len = BN_bn2bin(bn, cont);
+	ret = i2c_ASN1_INTEGER(aint, pp);
-	} else
+
-		len = BN_num_bytes(bn);
+	ASN1_INTEGER_free(aint);
-	return pad + len;
+
 	return ret;
 }
 static int
-bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+bn_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
-    char *free_cont, const ASN1_ITEM *it)
+    char *free_content, const ASN1_ITEM *it)
 {
 	ASN1_INTEGER *aint = NULL;
 	BIGNUM *bn;
 	CBS cbs;
 	int ret = 0;
-	if (*pval == NULL) {
+	bn_clear(pval, it);
-		if (bn_new(pval, it) == 0)
+
-			return 0;
+	if (len < 0)
-	}
+		goto err;
-	bn = (BIGNUM *)*pval;
+	CBS_init(&cbs, content, len);
-	if (!BN_bin2bn(cont, len, bn)) {
+	if (!c2i_ASN1_INTEGER_cbs(&aint, &cbs))
-		bn_free(pval, it);
+		goto err;
-		return 0;
+
-	}
+	if ((bn = ASN1_INTEGER_to_BN(aint, NULL)) == NULL)
-	return 1;
+		goto err;
 	*pval = (ASN1_VALUE *)bn;
 	ret = 1;
 err:
 	ASN1_INTEGER_free(aint);
 	return ret;
 }
 static int
 bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
    const ASN1_PCTX *pctx)
 {
-	BIGNUM *bn = (BIGNUM *)*pval;
+	const BIGNUM *bn = (BIGNUM *)*pval;
 	if (!BN_print(out, bn))
 		return 0;
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.37 2022/02/24 22:05:06 beck Exp $ */
+/* $OpenBSD: x_crl.c,v 1.39 2022/12/26 16:00:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -65,8 +65,8 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "x509_lcl.h"
+#include "x509_local.h"
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
    const X509_REVOKED * const *b);
@ -755,3 +755,9 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
 	if (palg != NULL)
 		*palg = crl->sig_alg;
 }
 const X509_ALGOR *
 X509_CRL_get0_tbs_sigalg(const X509_CRL *crl)
 {
 	return crl->crl->sig_alg;
 }
--- a/crypto/asn1/x_exten.c
+++ b/crypto/asn1/x_exten.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_exten.c,v 1.17 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: x_exten.c,v 1.18 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -61,7 +61,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 static const ASN1_TEMPLATE X509_EXTENSION_seq_tt[] = {
 	{
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_long.c,v 1.16 2019/04/20 11:13:15 jsing Exp $ */
+/* $OpenBSD: x_long.c,v 1.19 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@ -56,13 +56,15 @@
 *
 */
-#include <stdio.h>
+#include <limits.h>
 #include <string.h>
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include "asn1_local.h"
 /*
 * Custom primitive type for long handling. This converts between an
 * ASN1_INTEGER and a long directly.
@ -70,11 +72,12 @@
 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void long_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+static int long_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype,
    const ASN1_ITEM *it);
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *content, int len,
-    int utype, char *free_cont, const ASN1_ITEM *it);
+    int utype, char *free_content, const ASN1_ITEM *it);
 static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
    int indent, const ASN1_PCTX *pctx);
@ -83,7 +86,7 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
 	.flags = 0,
 	.prim_new = long_new,
 	.prim_free = long_free,
-	.prim_clear = long_free,	/* Clear should set to initial value */
+	.prim_clear = long_clear,
 	.prim_c2i = long_c2i,
 	.prim_i2c = long_i2c,
 	.prim_print = long_print,
@ -109,108 +112,127 @@ const ASN1_ITEM ZLONG_it = {
 	.sname = "ZLONG",
 };
 static void
 long_get(ASN1_VALUE **pval, long *out_val)
 {
 	memcpy(out_val, pval, sizeof(long));
 }
 static void
 long_set(ASN1_VALUE **pval, long val)
 {
 	memcpy(pval, &val, sizeof(long));
 }
 static int
 long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	*(long *)pval = it->size;
+	long_clear(pval, it);
 	return 1;
 }
 static void
 long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	*(long *)pval = it->size;
+	long_clear(pval, it);
 }
 static void
 long_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	/* Zero value. */
 	long_set(pval, it->size);
 }
 static int
-long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+long_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype,
    const ASN1_ITEM *it)
 {
-	long ltmp;
+	ASN1_INTEGER *aint;
-	unsigned long utmp;
+	uint8_t **pp = NULL;
-	int clen, pad, i;
+	long val;
-	/* this exists to bypass broken gcc optimization */
+	int ret = 0;
 	char *cp = (char *)pval;
-	/* use memcpy, because we may not be long aligned */
+	long_get(pval, &val);
 	memcpy(&ltmp, cp, sizeof(long));
-	if (ltmp == it->size)
+	/*
-		return -1;
+	 * The zero value for this type (stored in the overloaded it->size
-	/* Convert the long to positive: we subtract one if negative so
+	 * field) is considered to be invalid.
 	 * we can cleanly handle the padding if only the MSB of the leading
 	 * octet is set.
 	 */
-	if (ltmp < 0)
+	if (val == it->size)
-		utmp = -(ltmp + 1);
+		return -1;
 	else
 		utmp = ltmp;
 	clen = BN_num_bits_word(utmp);
 	/* If MSB of leading octet set we need to pad */
 	if (!(clen & 0x7))
 		pad = 1;
 	else
 		pad = 0;
-	/* Convert number of bits to number of octets */
+	if ((aint = ASN1_INTEGER_new()) == NULL)
-	clen = (clen + 7) >> 3;
+		goto err;
 	if (!ASN1_INTEGER_set_int64(aint, (int64_t)val))
 		goto err;
 	if (content != NULL)
 		pp = &content;
 	ret = i2c_ASN1_INTEGER(aint, pp);
-	if (cont) {
+ err:
-		if (pad)
+	ASN1_INTEGER_free(aint);
-			*cont++ = (ltmp < 0) ? 0xff : 0;
+
-		for (i = clen - 1; i >= 0; i--) {
+	return ret;
 			cont[i] = (unsigned char)(utmp & 0xff);
 			if (ltmp < 0)
 				cont[i] ^= 0xff;
 			utmp >>= 8;
 		}
 	}
 	return clen + pad;
 }
 static int
-long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+long_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
-    char *free_cont, const ASN1_ITEM *it)
+    char *free_content, const ASN1_ITEM *it)
 {
-	int neg, i;
+	ASN1_INTEGER *aint = NULL;
-	long ltmp;
+	const uint8_t **pp = NULL;
-	unsigned long utmp = 0;
+	int64_t val = 0;
-	char *cp = (char *)pval;
+	int ret = 0;
-	if (len > (int)sizeof(long)) {
+
 	/*
 	 * The original long_i2c() mishandled 0 values and encoded them as
 	 * content with zero length, rather than a single zero byte. Permit
 	 * zero length content here for backwards compatibility.
 	 */
 	if (len != 0) {
 		if (content != NULL)
 			pp = &content;
 		if (!c2i_ASN1_INTEGER(&aint, pp, len))
 			goto err;
 		if (!ASN1_INTEGER_get_int64(&val, aint))
 			goto err;
 	}
 	if (val < LONG_MIN || val > LONG_MAX) {
 		ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-		return 0;
+		goto err;
 	}
-	/* Is it negative? */
+
-	if (len && (cont[0] & 0x80))
+	/*
-		neg = 1;
+	 * The zero value for this type (stored in the overloaded it->size
-	else
+	 * field) is considered to be invalid.
-		neg = 0;
+	 */
-	utmp = 0;
+	if (val == (int64_t)it->size) {
 	for (i = 0; i < len; i++) {
 		utmp <<= 8;
 		if (neg)
 			utmp |= cont[i] ^ 0xff;
 		else
 			utmp |= cont[i];
 	}
 	ltmp = (long)utmp;
 	if (neg) {
 		ltmp = -ltmp;
 		ltmp--;
 	}
 	if (ltmp == it->size) {
 		ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-		return 0;
+		goto err;
 	}
-	memcpy(cp, &ltmp, sizeof(long));
+
-	return 1;
+	long_set(pval, (long)val);
 	ret = 1;
 err:
 	ASN1_INTEGER_free(aint);
 	return ret;
 }
 static int
 long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
    const ASN1_PCTX *pctx)
 {
-	if (BIO_printf(out, "%ld\n", *(long *)pval) <= 0)
+	long val;
 	long_get(pval, &val);
 	if (BIO_printf(out, "%ld\n", val) <= 0)
 		return 0;
 	return 1;
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_name.c,v 1.37 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: x_name.c,v 1.38 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -64,8 +64,8 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "x509_lcl.h"
+#include "x509_local.h"
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_pubkey.c,v 1.31 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: x_pubkey.c,v 1.33 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -71,9 +71,9 @@
 #include <openssl/rsa.h>
 #endif
-#include "asn1_locl.h"
+#include "asn1_local.h"
-#include "evp_locl.h"
+#include "evp_local.h"
-#include "x509_lcl.h"
+#include "x509_local.h"
 /* Minor tweak to operation: free up EVP_PKEY */
 static int
@ -716,15 +716,13 @@ X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
 {
 	if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
 		return 0;
-	if (penc) {
+
-		free(pub->public_key->data);
+	if (penc == NULL)
-		pub->public_key->data = penc;
+		return 1;
-		pub->public_key->length = penclen;
+
-		/* Set number of unused bits to zero */
+	ASN1_STRING_set0(pub->public_key, penc, penclen);
-		pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+
-		pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+	return asn1_abs_set_unused_bits(pub->public_key, 0);
 	}
 	return 1;
 }
 int
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_req.c,v 1.18 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: x_req.c,v 1.19 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -61,7 +61,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 /* X509_REQ_INFO is handled in an unusual way to get round
 * invalid encodings. Some broken certificate requests don't
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_sig.c,v 1.13 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: x_sig.c,v 1.14 2022/11/26 16:08:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -61,7 +61,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 static const ASN1_TEMPLATE X509_SIG_seq_tt[] = {
 	{
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509.c,v 1.30 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: x_x509.c,v 1.35 2023/04/28 16:30:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -65,7 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 static const ASN1_AUX X509_CINF_aux = {
 	.flags = ASN1_AFLG_ENCODING,
@ -169,8 +169,6 @@ X509_CINF_free(X509_CINF *a)
 }
 /* X509 top level structure needs a bit of customisation */
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
 static int
 x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
@ -205,7 +203,6 @@ x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 		ASN1_OCTET_STRING_free(ret->skid);
 		AUTHORITY_KEYID_free(ret->akid);
 		CRL_DIST_POINTS_free(ret->crldp);
 		policy_cache_free(ret->policy_cache);
 		GENERAL_NAMES_free(ret->altname);
 		NAME_CONSTRAINTS_free(ret->nc);
 #ifndef OPENSSL_NO_RFC3779
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509a.c,v 1.18 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: x_x509a.c,v 1.19 2022/11/26 16:08:50 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@ -62,7 +62,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 /* X509_CERT_AUX routines. These are used to encode additional
 * user modifiable data about a certificate. This data is
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bf_cfb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */
+/* $OpenBSD: bf_cfb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -57,65 +57,68 @@
 */
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
-/* The input and output encrypted as though 64bit cfb mode is being
+#include "bf_local.h"
 /*
 * The input and output encrypted as though 64bit cfb mode is being
 * used.  The extra state information to record how much of the
 * 64bit block we have used is contained in *num;
 */
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+void
-	     const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	{
+    const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
-	BF_LONG v0,v1,t;
+{
 	BF_LONG v0, v1, t;
 	int n= *num;
-	long l=length;
+	long l = length;
 	BF_LONG ti[2];
-	unsigned char *iv,c,cc;
+	unsigned char *iv, c, cc;
-	iv=(unsigned char *)ivec;
+	iv = (unsigned char *)ivec;
-	if (encrypt)
+	if (encrypt) {
-		{
+		while (l--) {
-		while (l--)
+			if (n == 0) {
-			{
+				n2l(iv, v0);
-			if (n == 0)
+				ti[0] = v0;
-				{
+				n2l(iv, v1);
-				n2l(iv,v0); ti[0]=v0;
+				ti[1] = v1;
-				n2l(iv,v1); ti[1]=v1;
+				BF_encrypt((BF_LONG *)ti, schedule);
-				BF_encrypt((BF_LONG *)ti,schedule);
+				iv = (unsigned char *)ivec;
-				iv=(unsigned char *)ivec;
+				t = ti[0];
-				t=ti[0]; l2n(t,iv);
+				l2n(t, iv);
-				t=ti[1]; l2n(t,iv);
+				t = ti[1];
-				iv=(unsigned char *)ivec;
+				l2n(t, iv);
-				}
+				iv = (unsigned char *)ivec;
 			}
 			c= *(in++)^iv[n];
-			*(out++)=c;
+			*(out++) = c;
-			iv[n]=c;
+			iv[n] = c;
-			n=(n+1)&0x07;
+			n = (n + 1)&0x07;
 			}
 		}
-	else
+	} else {
-		{
+		while (l--) {
-		while (l--)
+			if (n == 0) {
-			{
+				n2l(iv, v0);
-			if (n == 0)
+				ti[0] = v0;
-				{
+				n2l(iv, v1);
-				n2l(iv,v0); ti[0]=v0;
+				ti[1] = v1;
-				n2l(iv,v1); ti[1]=v1;
+				BF_encrypt((BF_LONG *)ti, schedule);
-				BF_encrypt((BF_LONG *)ti,schedule);
+				iv = (unsigned char *)ivec;
-				iv=(unsigned char *)ivec;
+				t = ti[0];
-				t=ti[0]; l2n(t,iv);
+				l2n(t, iv);
-				t=ti[1]; l2n(t,iv);
+				t = ti[1];
-				iv=(unsigned char *)ivec;
+				l2n(t, iv);
-				}
+				iv = (unsigned char *)ivec;
 			}
 			cc= *(in++);
-			c=iv[n];
+			c = iv[n];
-			iv[n]=cc;
+			iv[n] = cc;
-			*(out++)=c^cc;
+			*(out++) = c^cc;
-			n=(n+1)&0x07;
+			n = (n + 1)&0x07;
 			}
 		}
 	v0=v1=ti[0]=ti[1]=t=c=cc=0;
 	*num=n;
 	}
-
+	v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
 	*num = n;
 }
--- a/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bf_ecb.c,v 1.6 2014/07/09 11:10:50 bcook Exp $ */
+/* $OpenBSD: bf_ecb.c,v 1.9 2022/11/26 16:08:51 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -57,16 +57,19 @@
 */
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include <openssl/opensslv.h>
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+#include "bf_local.h"
 /*
 * Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
 * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
 * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
 */
-const char *BF_options(void)
+const char *
-	{
+BF_options(void)
 {
 #ifdef BF_PTR
 	return("blowfish(ptr)");
 #elif defined(BF_PTR2)
@ -74,21 +77,25 @@ const char *BF_options(void)
 #else
 	return("blowfish(idx)");
 #endif
-	}
+}
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+void
-	     const BF_KEY *key, int encrypt)
+BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	{
+    const BF_KEY *key, int encrypt)
-	BF_LONG l,d[2];
+{
 	BF_LONG l, d[2];
-	n2l(in,l); d[0]=l;
+	n2l(in, l);
-	n2l(in,l); d[1]=l;
+	d[0] = l;
 	n2l(in, l);
 	d[1] = l;
 	if (encrypt)
-		BF_encrypt(d,key);
+		BF_encrypt(d, key);
 	else
-		BF_decrypt(d,key);
+		BF_decrypt(d, key);
-	l=d[0]; l2n(l,out);
+	l = d[0];
-	l=d[1]; l2n(l,out);
+	l2n(l, out);
-	l=d[0]=d[1]=0;
+	l = d[1];
-	}
+	l2n(l, out);
-
+	l = d[0] = d[1] = 0;
 }
--- a/crypto/bf/bf_enc.c
+++ b/crypto/bf/bf_enc.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bf_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */
+/* $OpenBSD: bf_enc.c,v 1.9 2022/11/26 16:08:51 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -57,9 +57,11 @@
 */
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+#include "bf_local.h"
 /*
 * Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
 * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
 * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
 */
@ -69,238 +71,234 @@
 to modify the code.
 #endif
-void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+void
-	{
+BF_encrypt(BF_LONG *data, const BF_KEY *key)
 {
 #ifndef BF_PTR2
-	BF_LONG l,r;
+	BF_LONG l, r;
-	const BF_LONG *p,*s;
+	const BF_LONG *p, *s;
-	p=key->P;
+	p = key->P;
-	s= &(key->S[0]);
+	s = &(key->S[0]);
-	l=data[0];
+	l = data[0];
-	r=data[1];
+	r = data[1];
-	l^=p[0];
+	l ^= p[0];
-	BF_ENC(r,l,s,p[ 1]);
+	BF_ENC(r, l,s, p[1]);
-	BF_ENC(l,r,s,p[ 2]);
+	BF_ENC(l, r,s, p[2]);
-	BF_ENC(r,l,s,p[ 3]);
+	BF_ENC(r, l,s, p[3]);
-	BF_ENC(l,r,s,p[ 4]);
+	BF_ENC(l, r,s, p[4]);
-	BF_ENC(r,l,s,p[ 5]);
+	BF_ENC(r, l,s, p[5]);
-	BF_ENC(l,r,s,p[ 6]);
+	BF_ENC(l, r,s, p[6]);
-	BF_ENC(r,l,s,p[ 7]);
+	BF_ENC(r, l,s, p[7]);
-	BF_ENC(l,r,s,p[ 8]);
+	BF_ENC(l, r,s, p[8]);
-	BF_ENC(r,l,s,p[ 9]);
+	BF_ENC(r, l,s, p[9]);
-	BF_ENC(l,r,s,p[10]);
+	BF_ENC(l, r,s, p[10]);
-	BF_ENC(r,l,s,p[11]);
+	BF_ENC(r, l,s, p[11]);
-	BF_ENC(l,r,s,p[12]);
+	BF_ENC(l, r,s, p[12]);
-	BF_ENC(r,l,s,p[13]);
+	BF_ENC(r, l,s, p[13]);
-	BF_ENC(l,r,s,p[14]);
+	BF_ENC(l, r,s, p[14]);
-	BF_ENC(r,l,s,p[15]);
+	BF_ENC(r, l,s, p[15]);
-	BF_ENC(l,r,s,p[16]);
+	BF_ENC(l, r,s, p[16]);
 #if BF_ROUNDS == 20
-	BF_ENC(r,l,s,p[17]);
+	BF_ENC(r, l,s, p[17]);
-	BF_ENC(l,r,s,p[18]);
+	BF_ENC(l, r,s, p[18]);
-	BF_ENC(r,l,s,p[19]);
+	BF_ENC(r, l,s, p[19]);
-	BF_ENC(l,r,s,p[20]);
+	BF_ENC(l, r,s, p[20]);
 #endif
-	r^=p[BF_ROUNDS+1];
+	r ^= p[BF_ROUNDS + 1];
-	data[1]=l&0xffffffffL;
+	data[1] = l&0xffffffffL;
-	data[0]=r&0xffffffffL;
+	data[0] = r&0xffffffffL;
 #else
-	BF_LONG l,r,t,*k;
+	BF_LONG l, r,t, *k;
-	l=data[0];
+	l = data[0];
-	r=data[1];
+	r = data[1];
-	k=(BF_LONG*)key;
+	k = (BF_LONG*)key;
-	l^=k[0];
+	l ^= k[0];
-	BF_ENC(r,l,k, 1);
+	BF_ENC(r, l, k, 1);
-	BF_ENC(l,r,k, 2);
+	BF_ENC(l, r, k, 2);
-	BF_ENC(r,l,k, 3);
+	BF_ENC(r, l, k, 3);
-	BF_ENC(l,r,k, 4);
+	BF_ENC(l, r, k, 4);
-	BF_ENC(r,l,k, 5);
+	BF_ENC(r, l, k, 5);
-	BF_ENC(l,r,k, 6);
+	BF_ENC(l, r, k, 6);
-	BF_ENC(r,l,k, 7);
+	BF_ENC(r, l, k, 7);
-	BF_ENC(l,r,k, 8);
+	BF_ENC(l, r, k, 8);
-	BF_ENC(r,l,k, 9);
+	BF_ENC(r, l, k, 9);
-	BF_ENC(l,r,k,10);
+	BF_ENC(l, r,k, 10);
-	BF_ENC(r,l,k,11);
+	BF_ENC(r, l,k, 11);
-	BF_ENC(l,r,k,12);
+	BF_ENC(l, r,k, 12);
-	BF_ENC(r,l,k,13);
+	BF_ENC(r, l,k, 13);
-	BF_ENC(l,r,k,14);
+	BF_ENC(l, r,k, 14);
-	BF_ENC(r,l,k,15);
+	BF_ENC(r, l,k, 15);
-	BF_ENC(l,r,k,16);
+	BF_ENC(l, r,k, 16);
 #if BF_ROUNDS == 20
-	BF_ENC(r,l,k,17);
+	BF_ENC(r, l,k, 17);
-	BF_ENC(l,r,k,18);
+	BF_ENC(l, r,k, 18);
-	BF_ENC(r,l,k,19);
+	BF_ENC(r, l,k, 19);
-	BF_ENC(l,r,k,20);
+	BF_ENC(l, r,k, 20);
 #endif
-	r^=k[BF_ROUNDS+1];
+	r ^= k[BF_ROUNDS + 1];
-	data[1]=l&0xffffffffL;
+	data[1] = l&0xffffffffL;
-	data[0]=r&0xffffffffL;
+	data[0] = r&0xffffffffL;
 #endif
-	}
+}
 #ifndef BF_DEFAULT_OPTIONS
-void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+void
-	{
+BF_decrypt(BF_LONG *data, const BF_KEY *key)
 {
 #ifndef BF_PTR2
-	BF_LONG l,r;
+	BF_LONG l, r;
-	const BF_LONG *p,*s;
+	const BF_LONG *p, *s;
-	p=key->P;
+	p = key->P;
-	s= &(key->S[0]);
+	s = &(key->S[0]);
-	l=data[0];
+	l = data[0];
-	r=data[1];
+	r = data[1];
-	l^=p[BF_ROUNDS+1];
+	l ^= p[BF_ROUNDS + 1];
 #if BF_ROUNDS == 20
-	BF_ENC(r,l,s,p[20]);
+	BF_ENC(r, l,s, p[20]);
-	BF_ENC(l,r,s,p[19]);
+	BF_ENC(l, r,s, p[19]);
-	BF_ENC(r,l,s,p[18]);
+	BF_ENC(r, l,s, p[18]);
-	BF_ENC(l,r,s,p[17]);
+	BF_ENC(l, r,s, p[17]);
 #endif
-	BF_ENC(r,l,s,p[16]);
+	BF_ENC(r, l,s, p[16]);
-	BF_ENC(l,r,s,p[15]);
+	BF_ENC(l, r,s, p[15]);
-	BF_ENC(r,l,s,p[14]);
+	BF_ENC(r, l,s, p[14]);
-	BF_ENC(l,r,s,p[13]);
+	BF_ENC(l, r,s, p[13]);
-	BF_ENC(r,l,s,p[12]);
+	BF_ENC(r, l,s, p[12]);
-	BF_ENC(l,r,s,p[11]);
+	BF_ENC(l, r,s, p[11]);
-	BF_ENC(r,l,s,p[10]);
+	BF_ENC(r, l,s, p[10]);
-	BF_ENC(l,r,s,p[ 9]);
+	BF_ENC(l, r,s, p[9]);
-	BF_ENC(r,l,s,p[ 8]);
+	BF_ENC(r, l,s, p[8]);
-	BF_ENC(l,r,s,p[ 7]);
+	BF_ENC(l, r,s, p[7]);
-	BF_ENC(r,l,s,p[ 6]);
+	BF_ENC(r, l,s, p[6]);
-	BF_ENC(l,r,s,p[ 5]);
+	BF_ENC(l, r,s, p[5]);
-	BF_ENC(r,l,s,p[ 4]);
+	BF_ENC(r, l,s, p[4]);
-	BF_ENC(l,r,s,p[ 3]);
+	BF_ENC(l, r,s, p[3]);
-	BF_ENC(r,l,s,p[ 2]);
+	BF_ENC(r, l,s, p[2]);
-	BF_ENC(l,r,s,p[ 1]);
+	BF_ENC(l, r,s, p[1]);
-	r^=p[0];
+	r ^= p[0];
-	data[1]=l&0xffffffffL;
+	data[1] = l&0xffffffffL;
-	data[0]=r&0xffffffffL;
+	data[0] = r&0xffffffffL;
 #else
-	BF_LONG l,r,t,*k;
+	BF_LONG l, r,t, *k;
-	l=data[0];
+	l = data[0];
-	r=data[1];
+	r = data[1];
-	k=(BF_LONG *)key;
+	k = (BF_LONG *)key;
-	l^=k[BF_ROUNDS+1];
+	l ^= k[BF_ROUNDS + 1];
 #if BF_ROUNDS == 20
-	BF_ENC(r,l,k,20);
+	BF_ENC(r, l,k, 20);
-	BF_ENC(l,r,k,19);
+	BF_ENC(l, r,k, 19);
-	BF_ENC(r,l,k,18);
+	BF_ENC(r, l,k, 18);
-	BF_ENC(l,r,k,17);
+	BF_ENC(l, r,k, 17);
 #endif
-	BF_ENC(r,l,k,16);
+	BF_ENC(r, l,k, 16);
-	BF_ENC(l,r,k,15);
+	BF_ENC(l, r,k, 15);
-	BF_ENC(r,l,k,14);
+	BF_ENC(r, l,k, 14);
-	BF_ENC(l,r,k,13);
+	BF_ENC(l, r,k, 13);
-	BF_ENC(r,l,k,12);
+	BF_ENC(r, l,k, 12);
-	BF_ENC(l,r,k,11);
+	BF_ENC(l, r,k, 11);
-	BF_ENC(r,l,k,10);
+	BF_ENC(r, l,k, 10);
-	BF_ENC(l,r,k, 9);
+	BF_ENC(l, r, k, 9);
-	BF_ENC(r,l,k, 8);
+	BF_ENC(r, l, k, 8);
-	BF_ENC(l,r,k, 7);
+	BF_ENC(l, r, k, 7);
-	BF_ENC(r,l,k, 6);
+	BF_ENC(r, l, k, 6);
-	BF_ENC(l,r,k, 5);
+	BF_ENC(l, r, k, 5);
-	BF_ENC(r,l,k, 4);
+	BF_ENC(r, l, k, 4);
-	BF_ENC(l,r,k, 3);
+	BF_ENC(l, r, k, 3);
-	BF_ENC(r,l,k, 2);
+	BF_ENC(r, l, k, 2);
-	BF_ENC(l,r,k, 1);
+	BF_ENC(l, r, k, 1);
-	r^=k[0];
+	r ^= k[0];
-	data[1]=l&0xffffffffL;
+	data[1] = l&0xffffffffL;
-	data[0]=r&0xffffffffL;
+	data[0] = r&0xffffffffL;
 #endif
-	}
+}
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+void
-	     const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	{
+    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
-	BF_LONG tin0,tin1;
+{
-	BF_LONG tout0,tout1,xor0,xor1;
+	BF_LONG tin0, tin1;
-	long l=length;
+	BF_LONG tout0, tout1, xor0, xor1;
 	long l = length;
 	BF_LONG tin[2];
-	if (encrypt)
+	if (encrypt) {
-		{
+		n2l(ivec, tout0);
-		n2l(ivec,tout0);
+		n2l(ivec, tout1);
-		n2l(ivec,tout1);
+		ivec -= 8;
-		ivec-=8;
+		for (l -= 8; l >= 0; l -= 8) {
-		for (l-=8; l>=0; l-=8)
+			n2l(in, tin0);
-			{
+			n2l(in, tin1);
-			n2l(in,tin0);
+			tin0 ^= tout0;
-			n2l(in,tin1);
+			tin1 ^= tout1;
-			tin0^=tout0;
+			tin[0] = tin0;
-			tin1^=tout1;
+			tin[1] = tin1;
-			tin[0]=tin0;
+			BF_encrypt(tin, schedule);
-			tin[1]=tin1;
+			tout0 = tin[0];
-			BF_encrypt(tin,schedule);
+			tout1 = tin[1];
-			tout0=tin[0];
+			l2n(tout0, out);
-			tout1=tin[1];
+			l2n(tout1, out);
 			l2n(tout0,out);
 			l2n(tout1,out);
 			}
 		if (l != -8)
 			{
 			n2ln(in,tin0,tin1,l+8);
 			tin0^=tout0;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
 			BF_encrypt(tin,schedule);
 			tout0=tin[0];
 			tout1=tin[1];
 			l2n(tout0,out);
 			l2n(tout1,out);
 			}
 		l2n(tout0,ivec);
 		l2n(tout1,ivec);
 		}
-	else
+		if (l != -8) {
-		{
+			n2ln(in, tin0, tin1, l + 8);
-		n2l(ivec,xor0);
+			tin0 ^= tout0;
-		n2l(ivec,xor1);
+			tin1 ^= tout1;
-		ivec-=8;
+			tin[0] = tin0;
-		for (l-=8; l>=0; l-=8)
+			tin[1] = tin1;
-			{
+			BF_encrypt(tin, schedule);
-			n2l(in,tin0);
+			tout0 = tin[0];
-			n2l(in,tin1);
+			tout1 = tin[1];
-			tin[0]=tin0;
+			l2n(tout0, out);
-			tin[1]=tin1;
+			l2n(tout1, out);
 			BF_decrypt(tin,schedule);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2n(tout0,out);
 			l2n(tout1,out);
 			xor0=tin0;
 			xor1=tin1;
 			}
 		if (l != -8)
 			{
 			n2l(in,tin0);
 			n2l(in,tin1);
 			tin[0]=tin0;
 			tin[1]=tin1;
 			BF_decrypt(tin,schedule);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2nn(tout0,tout1,out,l+8);
 			xor0=tin0;
 			xor1=tin1;
 			}
 		l2n(xor0,ivec);
 		l2n(xor1,ivec);
 		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
+		l2n(tout0, ivec);
-	tin[0]=tin[1]=0;
+		l2n(tout1, ivec);
 	} else {
 		n2l(ivec, xor0);
 		n2l(ivec, xor1);
 		ivec -= 8;
 		for (l -= 8; l >= 0; l -= 8) {
 			n2l(in, tin0);
 			n2l(in, tin1);
 			tin[0] = tin0;
 			tin[1] = tin1;
 			BF_decrypt(tin, schedule);
 			tout0 = tin[0]^xor0;
 			tout1 = tin[1]^xor1;
 			l2n(tout0, out);
 			l2n(tout1, out);
 			xor0 = tin0;
 			xor1 = tin1;
 		}
 		if (l != -8) {
 			n2l(in, tin0);
 			n2l(in, tin1);
 			tin[0] = tin0;
 			tin[1] = tin1;
 			BF_decrypt(tin, schedule);
 			tout0 = tin[0]^xor0;
 			tout1 = tin[1]^xor1;
 			l2nn(tout0, tout1, out, l + 8);
 			xor0 = tin0;
 			xor1 = tin1;
 		}
 		l2n(xor0, ivec);
 		l2n(xor1, ivec);
 	}
 	tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
 	tin[0] = tin[1] = 0;
 }
 #endif
--- a/crypto/bf/bf_local.h
+++ b/crypto/bf/bf_local.h
@ -1,4 +1,4 @@
-/* $OpenBSD: bf_locl.h,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: bf_local.h,v 1.1 2022/11/26 16:08:51 tb Exp $ */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bf_ofb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */
+/* $OpenBSD: bf_ofb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -57,54 +57,55 @@
 */
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
-/* The input and output encrypted as though 64bit ofb mode is being
+#include "bf_local.h"
 /*
 * The input and output encrypted as though 64bit ofb mode is being
 * used.  The extra state information to record how much of the
 * 64bit block we have used is contained in *num;
 */
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+void
-	     const BF_KEY *schedule, unsigned char *ivec, int *num)
+BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	{
+    const BF_KEY *schedule, unsigned char *ivec, int *num)
-	BF_LONG v0,v1,t;
+{
 	BF_LONG v0, v1, t;
 	int n= *num;
-	long l=length;
+	long l = length;
 	unsigned char d[8];
 	char *dp;
 	BF_LONG ti[2];
 	unsigned char *iv;
-	int save=0;
+	int save = 0;
-	iv=(unsigned char *)ivec;
+	iv = (unsigned char *)ivec;
-	n2l(iv,v0);
+	n2l(iv, v0);
-	n2l(iv,v1);
+	n2l(iv, v1);
-	ti[0]=v0;
+	ti[0] = v0;
-	ti[1]=v1;
+	ti[1] = v1;
-	dp=(char *)d;
+	dp = (char *)d;
-	l2n(v0,dp);
+	l2n(v0, dp);
-	l2n(v1,dp);
+	l2n(v1, dp);
-	while (l--)
+	while (l--) {
-		{
+		if (n == 0) {
-		if (n == 0)
+			BF_encrypt((BF_LONG *)ti, schedule);
-			{
+			dp = (char *)d;
-			BF_encrypt((BF_LONG *)ti,schedule);
+			t = ti[0];
-			dp=(char *)d;
+			l2n(t, dp);
-			t=ti[0]; l2n(t,dp);
+			t = ti[1];
-			t=ti[1]; l2n(t,dp);
+			l2n(t, dp);
 			save++;
-			}
+		}
 		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
+		n = (n + 1)&0x07;
 		}
 	if (save)
 		{
 		v0=ti[0];
 		v1=ti[1];
 		iv=(unsigned char *)ivec;
 		l2n(v0,iv);
 		l2n(v1,iv);
 		}
 	t=v0=v1=ti[0]=ti[1]=0;
 	*num=n;
 	}
-
+	if (save) {
 		v0 = ti[0];
 		v1 = ti[1];
 		iv = (unsigned char *)ivec;
 		l2n(v0, iv);
 		l2n(v1, iv);
 	}
 	t = v0 = v1 = ti[0] = ti[1] = 0;
 	*num = n;
 }
--- a/crypto/bf/bf_pi.h
+++ b/crypto/bf/bf_pi.h
@ -1,328 +0,0 @@
 /* $OpenBSD: bf_pi.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 __BEGIN_HIDDEN_DECLS
 static const BF_KEY bf_init= {
 	{
 	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
 	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
 	0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
 	0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
 	0x9216d5d9L, 0x8979fb1b
 	},{
 	0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 
 	0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 
 	0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, 
 	0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, 
 	0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, 
 	0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 
 	0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, 
 	0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, 
 	0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, 
 	0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, 
 	0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 
 	0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 
 	0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, 
 	0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, 
 	0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, 
 	0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 
 	0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 
 	0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, 
 	0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, 
 	0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, 
 	0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 
 	0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 
 	0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, 
 	0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, 
 	0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, 
 	0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 
 	0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 
 	0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, 
 	0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, 
 	0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, 
 	0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 
 	0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 
 	0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, 
 	0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, 
 	0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, 
 	0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 
 	0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 
 	0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, 
 	0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, 
 	0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, 
 	0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 
 	0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 
 	0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, 
 	0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, 
 	0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, 
 	0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 
 	0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 
 	0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, 
 	0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, 
 	0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, 
 	0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 
 	0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 
 	0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, 
 	0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, 
 	0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, 
 	0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 
 	0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 
 	0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, 
 	0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, 
 	0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, 
 	0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 
 	0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 
 	0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, 
 	0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, 
 	0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, 
 	0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 
 	0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 
 	0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, 
 	0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, 
 	0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, 
 	0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 
 	0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 
 	0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, 
 	0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, 
 	0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, 
 	0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 
 	0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 
 	0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, 
 	0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, 
 	0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, 
 	0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 
 	0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 
 	0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, 
 	0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, 
 	0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, 
 	0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 
 	0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 
 	0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, 
 	0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, 
 	0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, 
 	0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 
 	0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 
 	0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, 
 	0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, 
 	0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, 
 	0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 
 	0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 
 	0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, 
 	0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, 
 	0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, 
 	0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 
 	0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 
 	0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, 
 	0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, 
 	0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, 
 	0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 
 	0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 
 	0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, 
 	0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, 
 	0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, 
 	0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 
 	0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 
 	0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, 
 	0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, 
 	0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, 
 	0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 
 	0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 
 	0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, 
 	0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, 
 	0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, 
 	0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 
 	0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 
 	0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, 
 	0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, 
 	0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, 
 	0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 
 	0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 
 	0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, 
 	0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, 
 	0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, 
 	0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 
 	0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, 
 	0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, 
 	0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, 
 	0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, 
 	0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 
 	0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 
 	0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, 
 	0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, 
 	0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, 
 	0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 
 	0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 
 	0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, 
 	0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, 
 	0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, 
 	0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 
 	0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 
 	0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, 
 	0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, 
 	0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, 
 	0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 
 	0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 
 	0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, 
 	0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, 
 	0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, 
 	0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 
 	0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 
 	0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, 
 	0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, 
 	0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, 
 	0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 
 	0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 
 	0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, 
 	0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, 
 	0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, 
 	0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 
 	0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 
 	0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, 
 	0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, 
 	0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, 
 	0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 
 	0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 
 	0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, 
 	0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, 
 	0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, 
 	0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 
 	0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 
 	0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, 
 	0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, 
 	0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, 
 	0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 
 	0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 
 	0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, 
 	0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, 
 	0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, 
 	0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 
 	0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 
 	0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, 
 	0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, 
 	0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, 
 	0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 
 	0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, 
 	0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, 
 	0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, 
 	0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, 
 	0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 
 	0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 
 	0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, 
 	0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, 
 	0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, 
 	0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 
 	0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 
 	0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, 
 	0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, 
 	0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, 
 	0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 
 	0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 
 	0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, 
 	0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, 
 	0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, 
 	0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 
 	0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 
 	0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, 
 	0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, 
 	0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, 
 	0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 
 	0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 
 	0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, 
 	0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, 
 	0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, 
 	0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 
 	0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 
 	0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, 
 	0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, 
 	0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, 
 	0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 
 	0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 
 	0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, 
 	0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, 
 	0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, 
 	0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 
 	0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 
 	0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, 
 	0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, 
 	0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, 
 	0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 
 	0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 
 	0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, 
 	0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, 
 	0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, 
 	0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 
 	0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 
 	0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, 
 	0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, 
 	0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, 
 	0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 
 	0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 
 	0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, 
 	0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, 
 	0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, 
 	0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 
 	0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 
 	0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
 	0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
 	0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
 	0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
 	}
 	};
 __END_HIDDEN_DECLS
--- a/crypto/bf/bf_skey.c
+++ b/crypto/bf/bf_skey.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bf_skey.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: bf_skey.c,v 1.17 2022/11/26 16:08:51 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -58,60 +58,330 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+#include "bf_local.h"
-	{
+
 static const BF_KEY bf_init = {
 	.P = {
 		0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
 		0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
 		0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
 		0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
 		0x9216d5d9L, 0x8979fb1b
 	},
 	.S = {
 		0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L,
 		0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L,
 		0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L,
 		0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL,
 		0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
 		0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L,
 		0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL,
 		0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL,
 		0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L,
 		0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
 		0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL,
 		0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL,
 		0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL,
 		0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L,
 		0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
 		0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L,
 		0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L,
 		0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L,
 		0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL,
 		0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
 		0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L,
 		0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L,
 		0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L,
 		0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL,
 		0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
 		0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL,
 		0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL,
 		0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L,
 		0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL,
 		0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
 		0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL,
 		0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L,
 		0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L,
 		0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL,
 		0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
 		0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L,
 		0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL,
 		0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L,
 		0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL,
 		0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
 		0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L,
 		0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL,
 		0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L,
 		0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L,
 		0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
 		0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L,
 		0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L,
 		0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL,
 		0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL,
 		0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
 		0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L,
 		0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L,
 		0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L,
 		0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL,
 		0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
 		0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL,
 		0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL,
 		0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L,
 		0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L,
 		0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
 		0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L,
 		0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L,
 		0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L,
 		0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL,
 		0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
 		0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L,
 		0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L,
 		0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL,
 		0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L,
 		0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
 		0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL,
 		0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L,
 		0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L,
 		0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L,
 		0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
 		0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL,
 		0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L,
 		0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L,
 		0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L,
 		0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
 		0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL,
 		0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL,
 		0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL,
 		0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L,
 		0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
 		0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L,
 		0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L,
 		0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL,
 		0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL,
 		0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
 		0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL,
 		0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L,
 		0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL,
 		0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL,
 		0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
 		0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L,
 		0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L,
 		0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L,
 		0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L,
 		0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
 		0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L,
 		0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL,
 		0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L,
 		0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL,
 		0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
 		0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L,
 		0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L,
 		0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L,
 		0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L,
 		0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
 		0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L,
 		0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L,
 		0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L,
 		0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L,
 		0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
 		0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L,
 		0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L,
 		0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L,
 		0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L,
 		0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
 		0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL,
 		0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL,
 		0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L,
 		0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL,
 		0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
 		0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L,
 		0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L,
 		0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L,
 		0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L,
 		0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
 		0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL,
 		0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L,
 		0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L,
 		0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L,
 		0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
 		0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL,
 		0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL,
 		0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L,
 		0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L,
 		0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
 		0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L,
 		0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL,
 		0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L,
 		0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL,
 		0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
 		0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL,
 		0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L,
 		0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL,
 		0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L,
 		0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
 		0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL,
 		0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L,
 		0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L,
 		0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L,
 		0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
 		0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL,
 		0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L,
 		0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL,
 		0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L,
 		0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
 		0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L,
 		0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL,
 		0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL,
 		0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL,
 		0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
 		0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L,
 		0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL,
 		0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL,
 		0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL,
 		0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
 		0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL,
 		0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L,
 		0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L,
 		0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L,
 		0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
 		0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL,
 		0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL,
 		0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L,
 		0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L,
 		0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
 		0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L,
 		0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L,
 		0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L,
 		0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L,
 		0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
 		0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L,
 		0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L,
 		0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL,
 		0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L,
 		0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
 		0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L,
 		0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L,
 		0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL,
 		0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL,
 		0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
 		0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L,
 		0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L,
 		0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L,
 		0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L,
 		0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
 		0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L,
 		0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L,
 		0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L,
 		0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L,
 		0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
 		0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L,
 		0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L,
 		0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL,
 		0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL,
 		0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
 		0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL,
 		0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL,
 		0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL,
 		0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L,
 		0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
 		0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL,
 		0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L,
 		0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L,
 		0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L,
 		0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
 		0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL,
 		0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL,
 		0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L,
 		0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L,
 		0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
 		0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL,
 		0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L,
 		0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L,
 		0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L,
 		0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
 		0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L,
 		0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L,
 		0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L,
 		0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL,
 		0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
 		0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L,
 		0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L,
 		0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L,
 		0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L,
 		0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
 		0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L,
 		0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL,
 		0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL,
 		0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L,
 		0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
 		0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL,
 		0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L,
 		0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL,
 		0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L,
 		0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
 		0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L,
 		0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L,
 		0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL,
 		0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L,
 		0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
 		0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
 	}
 };
 void
 BF_set_key(BF_KEY *key, int len, const unsigned char *data)
 {
 	int i;
-	BF_LONG *p,ri,in[2];
+	BF_LONG *p, ri, in[2];
-	const unsigned char *d,*end;
+	const unsigned char *d, *end;
 	memcpy(key, &bf_init, sizeof(BF_KEY));
 	p = key->P;
-	memcpy(key,&bf_init,sizeof(BF_KEY));
+	if (len > ((BF_ROUNDS + 2)*4))
-	p=key->P;
+		len = (BF_ROUNDS + 2)*4;
-	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+	d = data;
-
+	end = &(data[len]);
-	d=data;
+	for (i = 0; i < (BF_ROUNDS + 2); i++) {
 	end= &(data[len]);
 	for (i=0; i<(BF_ROUNDS+2); i++)
 		{
 		ri= *(d++);
-		if (d >= end) d=data;
+		if (d >= end)
 			d = data;
-		ri<<=8;
+		ri <<= 8;
-		ri|= *(d++);
+		ri |= *(d++);
-		if (d >= end) d=data;
+		if (d >= end)
 			d = data;
-		ri<<=8;
+		ri <<= 8;
-		ri|= *(d++);
+		ri |= *(d++);
-		if (d >= end) d=data;
+		if (d >= end)
 			d = data;
-		ri<<=8;
+		ri <<= 8;
-		ri|= *(d++);
+		ri |= *(d++);
-		if (d >= end) d=data;
+		if (d >= end)
 			d = data;
 		p[i]^=ri;
 		}
 	in[0]=0L;
 	in[1]=0L;
 	for (i=0; i<(BF_ROUNDS+2); i+=2)
 		{
 		BF_encrypt(in,key);
 		p[i  ]=in[0];
 		p[i+1]=in[1];
 		}
 	p=key->S;
 	for (i=0; i<4*256; i+=2)
 		{
 		BF_encrypt(in,key);
 		p[i  ]=in[0];
 		p[i+1]=in[1];
 		}
 	}
 	in[0] = 0L;
 	in[1] = 0L;
 	for (i = 0; i < (BF_ROUNDS + 2); i += 2) {
 		BF_encrypt(in, key);
 		p[i  ] = in[0];
 		p[i + 1] = in[1];
 	}
 	p = key->S;
 	for (i = 0; i < 4*256; i += 2) {
 		BF_encrypt(in, key);
 		p[i  ] = in[0];
 		p[i + 1] = in[1];
 	}
 }
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@ -1,4 +1,4 @@
-/* $OpenBSD: b_dump.c,v 1.22 2021/07/11 20:18:07 beck Exp $ */
+/* $OpenBSD: b_dump.c,v 1.23 2022/10/17 18:26:41 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -80,11 +80,11 @@ int
 BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
    void *u, const char *s, int len, int indent)
 {
 	int ret = 0;
 	char buf[288 + 1], tmp[20], str[128 + 1];
 	int i, j, rows, trc, written;
 	unsigned char ch;
 	int dump_width;
 	int ret = 0;
 	trc = 0;
@ -95,14 +95,13 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
 	if (indent < 0)
 		indent = 0;
-	if (indent) {
+	if (indent > 64)
-		if (indent > 128)
+		indent = 64;
-			indent = 128;
+	memset(str, ' ', indent);
 		memset(str, ' ', indent);
 	}
 	str[indent] = '\0';
-	dump_width = DUMP_WIDTH_LESS_INDENT(indent);
+	if ((dump_width = DUMP_WIDTH_LESS_INDENT(indent)) <= 0)
 		return -1;
 	rows = (len / dump_width);
 	if ((rows * dump_width) < len)
 		rows++;
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@ -1,4 +1,4 @@
-/* $OpenBSD: b_sock.c,v 1.69 2018/02/07 00:52:05 bluhm Exp $ */
+/* $OpenBSD: b_sock.c,v 1.70 2022/12/22 20:13:45 schwarze Exp $ */
 /*
 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
 *
@ -47,6 +47,7 @@ BIO_get_host_ip(const char *str, unsigned char *ip)
 	int error;
 	if (str == NULL) {
 		BIOerror(BIO_R_BAD_HOSTNAME_LOOKUP);
 		ERR_asprintf_error_data("NULL host provided");
 		return (0);
 	}
@ -79,6 +80,7 @@ BIO_get_port(const char *str, unsigned short *port_ptr)
 	}
 	if ((error = getaddrinfo(NULL, str, &hints, &res)) != 0) {
 		BIOerror(BIO_R_INVALID_ARGUMENT);
 		ERR_asprintf_error_data("getaddrinfo: service='%s' : %s'", str,
 		    gai_strerror(error));
 		return (0);
@ -129,8 +131,14 @@ BIO_get_accept_socket(char *host, int bind_mode)
 	char *h, *p, *str = NULL;
 	int error, ret = 0, s = -1;
-	if (host == NULL || (str = strdup(host)) == NULL)
+	if (host == NULL) {
 		BIOerror(BIO_R_NO_PORT_SPECIFIED);
 		return (-1);
 	}
 	if ((str = strdup(host)) == NULL) {
 		BIOerror(ERR_R_MALLOC_FAILURE);
 		return (-1);
 	}
 	p = NULL;
 	h = str;
 	if ((p = strrchr(str, ':')) == NULL) {
@ -148,6 +156,7 @@ BIO_get_accept_socket(char *host, int bind_mode)
 	}
 	if ((error = getaddrinfo(h, p, &hints, &res)) != 0) {
 		BIOerror(BIO_R_BAD_HOSTNAME_LOOKUP);
 		ERR_asprintf_error_data("getaddrinfo: '%s:%s': %s'", h, p,
 		    gai_strerror(error));
 		goto err;
@ -203,9 +212,10 @@ BIO_accept(int sock, char **addr)
 	socklen_t sin_len = sizeof(sin);
 	int ret = -1;
-	if (addr == NULL)
+	if (addr == NULL) {
 		BIOerror(BIO_R_NULL_PARAMETER);
 		goto end;
-
+	}
 	ret = accept(sock, (struct sockaddr *)&sin, &sin_len);
 	if (ret == -1) {
 		if (BIO_sock_should_retry(ret))
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@ -1,4 +1,4 @@
-/* $OpenBSD: bio_err.c,v 1.18 2022/01/14 08:40:57 tb Exp $ */
+/* $OpenBSD: bio_err.c,v 1.19 2022/07/12 14:42:48 kn Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@ -53,11 +53,6 @@
 *
 */
 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
 * made to it will be overwritten when the script next updates this file,
 * only reason strings will be preserved.
 */
 #include <stdio.h>
 #include <openssl/opensslconf.h>
@ -65,7 +60,6 @@
 #include <openssl/err.h>
 #include <openssl/bio.h>
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
--- a/Show More
+++ b/Show More