From openssl at openssl.org  Sat May  1 01:23:44 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Sat, 01 May 2021 01:23:44 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 enable-fuzz-afl no-shared no-module
Message-ID: <1619832224.910720.2942640.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

d77ba503a2 Adjust ssl_test_new for SHA1 security level
8ce390e139 Adjust sslapitest for SHA1 security level
fdf312709a Adjust dtlstest for SHA1 security level
0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0".
c404e4fab3 Add test case for openssl crl -noout -hash output
872b7979c7 crl: noout is not an output item
3b9e47695f CHANGES: document the FIPS provider configuration and installation
f2ea01d9f1 README-FIPS: document the installation of the FIPS provider
b2d8c7b6a3 Configure: disable fips mode by default
afa0a13c1a Configure: sort the disablables alphabetically
d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows
18da9fc31f Configure/Makefile: install the fips provider if it was configured
4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
5b68918185 Configure/Makefile: separate install of the FIPS module
c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path
b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation
59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
2395ad8079 test: never run fipsinstall if the tests are not enabled.
3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output
2e535eb50a Configuration: rework how dependency making is handled
0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative
e9b30d9f50 Test a Finished message at the wrong time results in unexpected message
f42e68dc47 Defer Finished MAC handling until after state transition
460d2fbcd7 Store the list of activated providers in the libctx
2d5695016d Properly protect access to the provider flag_activated field
98369ef25f Add a threading test for loading/unloading providers
4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms
176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts
1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
624359374b Skip test_fipsload when fips is disabled.
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
cdf63a3736 Add X509 version constants.
d97adfda28 memleaktest with MSVC's AddressSanitizer
67ea4beb94 OPENSSL_sk functions are effectively already documented
5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer()
e1491a2f15 Add testing for updated cipher IV
8365652287 Use "canonical" names when matching the output of the commands
680dbd16dc Skip GOST engine tests in out of tree builds
eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby
c0a79e9836 Rename some globals, add ossl prefix.
e6760e3e84 Add system guessing for linux64-riscv64 target
e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT.
1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
94471ccfda add verbosity for pyca job
a938f0045e re-add pyca/cryptography testing
a09fb26ba9 add wycheproof submodule
f2561fa566 updated pyca/cryptography submodule version
3e4981dd59 Avoid #include with inline function on C++Builder
c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
990aa405db Doc updates for DH/DSA examples
f1ffaaeece Fixes related to separation of DH and DHX types
6c9bc258d2 Add type_name member to provided methods and use it
d21224f1ad Documentation fix for openssl-verify certificates

Build log ended with (last 100 lines):

../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo5.pem -out_trusted root.crt => 0
    not ok 47 - popo NONE
# ------------------------------------------------------------------------------
    #   Failed test 'popo NONE'
    #   at ../openssl/test/recipes/80-test_cmp_http.t line 145.
Warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# cmp_main:../openssl/apps/cmp.c:2582:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2191:CMP warning: -proxy option argument is empty string, resetting option
# setup_client_ctx:../openssl/apps/cmp.c:1891:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:1941:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem -out_trusted root.crt => 0
    not ok 48 - popo KEYENC not supported
# ------------------------------------------------------------------------------
    # Looks like you failed 3 tests of 92.
not ok 5 - CMP app CLI Mock enrollment
# ------------------------------------------------------------------------------
# 
#   Failed test 'CMP app CLI Mock enrollment
# '
#   at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335.
Killing mock server with pid=2933095
# Looks like you failed 3 tests of 5.80-test_cmp_http.t ................. 
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/5 subtests 

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ skipped: Test only supported in a shared build
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. skipped: test_tls13secrets is not supported in this build
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
80-test_cmp_http.t               (Wstat: 768 Tests: 5 Failed: 3)
  Failed tests:  2-3, 5
  Non-zero exit status: 3
Files=234, Tests=2772, 954 wallclock secs (71.01 usr  1.39 sys + 822.18 cusr 71.37 csys = 965.95 CPU)
Result: FAIL
make[1]: *** [Makefile:2498: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl'
make: *** [Makefile:2495: tests] Error 2

From pauli at openssl.org  Sat May  1 03:09:31 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 01 May 2021 03:09:31 +0000
Subject: [openssl]  master update
Message-ID: <1619838571.135347.1499.nullmailer@dev.openssl.org>

The branch master has been updated
       via  38e12964a62b8bfb54693b92f13642e3c61bd8c4 (commit)
      from  91034b68b39e3525f09fb263b9272de410a3ba4c (commit)


- Log -----------------------------------------------------------------
commit 38e12964a62b8bfb54693b92f13642e3c61bd8c4
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Fri Apr 30 11:45:51 2021 +1000

    Fix no-fips-securitychecks test failure
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15091)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/30-test_evp_data/evppkey_ecdsa.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index f09edd9032..7202b5ce70 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -210,6 +210,7 @@ Result = DIGESTSIGNINIT_ERROR
 # Test that SHA1 is not allowed in fips mode for signing
 Availablein = fips
 Sign = P-256
+Securitycheck = 1
 Ctrl = digest:SHA1
 Input = "0123456789ABCDEF1234"
 Result = PKEY_CTRL_ERROR

From pauli at openssl.org  Sat May  1 03:10:26 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 01 May 2021 03:10:26 +0000
Subject: [openssl]  master update
Message-ID: <1619838626.226036.3276.nullmailer@dev.openssl.org>

The branch master has been updated
       via  535130c39d33df41b6a7d14302a93ffaa10ebc46 (commit)
      from  38e12964a62b8bfb54693b92f13642e3c61bd8c4 (commit)


- Log -----------------------------------------------------------------
commit 535130c39d33df41b6a7d14302a93ffaa10ebc46
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Apr 29 15:19:11 2021 +0200

    Add -latomic to threads enabled 32bit linux builds
    
    It might not be necessary with the most recent toolchain versions
    but apparently many 32bit linux architectures and commonly used
    toolchain versions require this.
    
    It is also harmless to include even on architectures that do not
    need it.
    
    Fixes #14083
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15086)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/10-main.conf | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 1e53f20861..8427a561e3 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -675,7 +675,7 @@ my %targets = (
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
-    "linux-generic32" => {
+    "linux-generic" => {
         inherit_from     => [ "BASE_unix" ],
         CC               => "gcc",
         CXX              => "g++",
@@ -697,8 +697,13 @@ my %targets = (
         shared_ldflag    => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
         enable           => [ "afalgeng" ],
     },
+    "linux-generic32" => {
+        inherit_from     => [ "linux-generic" ],
+        ex_libs          => add(threads("-latomic")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+    },
     "linux-generic64" => {
-        inherit_from     => [ "linux-generic32" ],
+        inherit_from     => [ "linux-generic" ],
         bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
     },
 
@@ -945,6 +950,7 @@ my %targets = (
         cflags           => add("-m64 -mcpu=ultrasparc"),
         cxxflags         => add("-m64 -mcpu=ultrasparc"),
         lib_cppflags     => add("-DB_ENDIAN"),
+        ex_libs          => add(threads("-latomic")),
         bn_ops           => "BN_LLONG RC4_CHAR",
         asm_arch         => 'sparcv9',
         perlasm_scheme   => 'void',

From pauli at openssl.org  Sat May  1 03:13:54 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 01 May 2021 03:13:54 +0000
Subject: [openssl]  master update
Message-ID: <1619838834.477956.6682.nullmailer@dev.openssl.org>

The branch master has been updated
       via  39da32729401110572da1782c80bef39c6f3f64b (commit)
      from  535130c39d33df41b6a7d14302a93ffaa10ebc46 (commit)


- Log -----------------------------------------------------------------
commit 39da32729401110572da1782c80bef39c6f3f64b
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Apr 29 16:32:59 2021 +0200

    Simplify AppVeyor configuration
    
    Adjust the stuff we are building and testing in various
    configurations to trim the run time a little bit.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15087)

-----------------------------------------------------------------------

Summary of changes:
 appveyor.yml | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/appveyor.yml b/appveyor.yml
index 20d81c1b12..9bb6f04e0a 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -15,15 +15,6 @@ configuration:
     - minimal
 
 for:
-    -
-        only_commits:
-            message: /\[extended tests\]/
-        configuration:
-            - shared
-            - plain
-            - minimal
-        environment:
-            EXTENDED_TESTS: yes
     -
         branches:
             only:
@@ -32,8 +23,6 @@ for:
             - shared
             - plain
             - minimal
-        environment:
-            EXTENDED_TESTS: yes
 
 before_build:
     - ps: >-
@@ -50,11 +39,11 @@ before_build:
         }
     - ps: >-
         If ($env:Configuration -Match "shared") {
-            $env:CONFIG_OPTS=""
+            $env:CONFIG_OPTS="enable-fips"
         } ElseIf ($env:Configuration -Match "minimal") {
             $env:CONFIG_OPTS="no-bulk no-asm -DOPENSSL_SMALL_FOOTPRINT"
         } Else {
-            $env:CONFIG_OPTS="no-shared"
+            $env:CONFIG_OPTS="no-fips no-shared"
         }
     - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM%
     - mkdir _build
@@ -80,13 +69,13 @@ build_script:
 test_script:
     - cd _build
     - ps: >-
-        if ($env:EXTENDED_TESTS) {
+        if ($env:Configuration -Match "plain") {
             cmd /c "%NMAKE% test VERBOSE_FAILURE=yes 2>&1"
         } Else {
             cmd /c "%NMAKE% test VERBOSE_FAILURE=yes TESTS=-test_fuzz 2>&1"
         }
     - ps: >-
-        if ($env:EXTENDED_TESTS) {
+        if ($env:Configuration -Match "shared") {
             mkdir ..\_install
             cmd /c "%NMAKE% install DESTDIR=..\_install 2>&1"
         }

From pauli at openssl.org  Sat May  1 03:45:35 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 01 May 2021 03:45:35 +0000
Subject: [tools]  master update
Message-ID: <1619840735.547826.26639.nullmailer@dev.openssl.org>

The branch master has been updated
       via  fa7b4ef4e67bb944a40c83539b216c398426bfc1 (commit)
      from  ee7da65b64a2409255d9effb751b4082642e3d39 (commit)


- Log -----------------------------------------------------------------
commit fa7b4ef4e67bb944a40c83539b216c398426bfc1
Author: Pauli <pauli at openssl.org>
Date:   Fri Apr 30 09:56:39 2021 +1000

    Add additional run-checker no-XXX options.
    
    There were a number of options missing:
    
        no-autoload-config
        no-buildtest-c++
        no-bulk
        no-cmp
        no-ktls
        no-module
        no-padlockeng
        no-pinshared
        no-secure-memory
        no-siv
        no-uplink
        enable-acvp-tests
        enable-fips
        enable-fips no-fips-securitychecks
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/tools/pull/84)

-----------------------------------------------------------------------

Summary of changes:
 run-checker/run-checker.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 05d6332..b59283c 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -43,7 +43,11 @@ enable-unit-test no-whirlpool enable-weak-ssl-ciphers enable-zlib
 enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
 no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
-no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch)
+no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch no-autoload-config
+'no-buildtest-c++' no-bulk no-cmp no-ktls no-module no-padlockeng
+no-pinshared no-secure-memory no-siv no-uplink enable-acvp-tests enable-fips
+'enable-fips no-fips-securitychecks'
+)
 
 run-hook () {
     local hookname=$1; shift

From beldmit at gmail.com  Sat May  1 11:09:49 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Sat, 01 May 2021 11:09:49 +0000
Subject: [openssl]  master update
Message-ID: <1619867389.406198.32592.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd (commit)
      from  39da32729401110572da1782c80bef39c6f3f64b (commit)


- Log -----------------------------------------------------------------
commit c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Fri Apr 30 11:27:19 2021 +0200

    Use OCSP-specific error code for clarity
    
    Fixes #12735
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/xxxxx)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt   | 1 +
 include/openssl/sslerr.h | 1 +
 ssl/ssl_err.c            | 2 ++
 ssl/statem/statem_clnt.c | 3 ++-
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 517ebc0a01..d3e29a5553 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1409,6 +1409,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
 SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
 SSL_R_NULL_SSL_CTX:195:null ssl ctx
 SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:305:ocsp callback failure
 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
 	old session compression algorithm not returned
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 7fea8a87b7..30d843cf2d 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -203,6 +203,7 @@
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
 # define SSL_R_NULL_SSL_CTX                               195
 # define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OCSP_CALLBACK_FAILURE                      305
 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
 # define SSL_R_OVERFLOW_ERROR                             237
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 357cfc7d94..347b263d69 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -312,6 +312,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
     "null ssl method passed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+    "ocsp callback failure"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
     "old session cipher not returned"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 2178be95bd..dab4d1c4bc 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2699,7 +2699,8 @@ int tls_process_initial_server_flight(SSL *s)
             return 0;
         }
         if (ret < 0) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_R_OCSP_CALLBACK_FAILURE);
             return 0;
         }
     }

From dev at ddvo.net  Sat May  1 11:13:22 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 01 May 2021 11:13:22 +0000
Subject: [openssl]  master update
Message-ID: <1619867602.838453.2753.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f4407385f58242dcc6ae95a60c2a3dc8782bee42 (commit)
      from  c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd (commit)


- Log -----------------------------------------------------------------
commit f4407385f58242dcc6ae95a60c2a3dc8782bee42
Author: Rich Salz <rsalz at akamai.com>
Date:   Sat May 1 13:11:49 2021 +0200

    APPS: Document the core of the opt_ API
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    (Merged from https://github.com/openssl/openssl/pull/14995)

-----------------------------------------------------------------------

Summary of changes:
 apps/include/fmt.h            |   3 +-
 apps/include/opt.h            |   3 -
 apps/lib/opt.c                |   6 +-
 doc/internal/man3/OPTIONS.pod | 301 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 306 insertions(+), 7 deletions(-)
 create mode 100644 doc/internal/man3/OPTIONS.pod

diff --git a/apps/include/fmt.h b/apps/include/fmt.h
index c9edd4707e..f235899bf8 100644
--- a/apps/include/fmt.h
+++ b/apps/include/fmt.h
@@ -17,7 +17,8 @@
 #ifndef OSSL_APPS_FMT_H
 #define OSSL_APPS_FMT_H
 
-/* On some platforms, it's important to distinguish between text and binary
+/*
+ * On some platforms, it's important to distinguish between text and binary
  * files.  On some, there might even be specific file formats for different
  * contents.  The FORMAT_xxx macros are meant to express an intent with the
  * file being read or created.
diff --git a/apps/include/opt.h b/apps/include/opt.h
index f9ac5accae..f22e9af05e 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -349,7 +349,6 @@ char *opt_init(int ac, char **av, const OPTIONS * o);
 int opt_next(void);
 void opt_begin(void);
 int opt_format(const char *s, unsigned long flags, int *result);
-const char *format2str(int format);
 int opt_int(const char *arg, int *result);
 int opt_int_arg(void);
 int opt_ulong(const char *arg, unsigned long *result);
@@ -381,8 +380,6 @@ int opt_verify(int i, X509_VERIFY_PARAM *vpm);
 int opt_rand(int i);
 int opt_provider(int i);
 void opt_help(const OPTIONS * list);
-void opt_print(const OPTIONS * opt, int doingparams, int width);
-int opt_format_error(const char *s, unsigned long flags);
 void print_format_error(int format, unsigned long flags);
 int opt_isdir(const char *name);
 int opt_printf_stderr(const char *fmt, ...);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 83ae28cdc1..a6b6f7ce4f 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -227,7 +227,7 @@ static OPT_PAIR formats[] = {
 };
 
 /* Print an error message about a failed format parse. */
-int opt_format_error(const char *s, unsigned long flags)
+static int opt_format_error(const char *s, unsigned long flags)
 {
     OPT_PAIR *ap;
 
@@ -325,7 +325,7 @@ int opt_format(const char *s, unsigned long flags, int *result)
 }
 
 /* Return string representing the given format. */
-const char *format2str(int format)
+static const char *format2str(int format)
 {
     switch (format) {
     default:
@@ -973,7 +973,7 @@ static const char *valtype2param(const OPTIONS *o)
     return "parm";
 }
 
-void opt_print(const OPTIONS *o, int doingparams, int width)
+static void opt_print(const OPTIONS *o, int doingparams, int width)
 {
     const char* help;
     char start[80 + 1];
diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod
new file mode 100644
index 0000000000..3c0fcdaf80
--- /dev/null
+++ b/doc/internal/man3/OPTIONS.pod
@@ -0,0 +1,301 @@
+=pod
+
+=head1 NAME
+
+OPTIONS, OPT_PAIR,
+opt_progname, opt_appname, opt_getprog, opt_init, opt_format,
+opt_int, opt_long, opt_imax, opt_umax, opt_ulong, opt_pair,
+opt_string, opt_cipher, opt_md, opt_next, opt_arg, opt_flag, opt_unknown,
+opt_num_rest, opt_rest, opt_help, opt_isdir
+- Option parsing for commands and tests
+
+=head1 SYNOPSIS
+
+ #include "opt.h"
+
+ typedef struct { ... }  OPTIONS;
+ typedef struct { ... } OPT_PAIR;
+
+ char *opt_progname(const char *argv0);
+ char *opt_appname(const char *arg0);
+ char *opt_getprog(void);
+ char *opt_init(int argc, char **argv, const OPTIONS *o);
+
+ int opt_next(void);
+ void opt_help(const OPTIONS *list);
+ char *opt_arg(void);
+ char *opt_flag(void);
+ char *opt_unknown(void);
+ int opt_cipher(const char *name, EVP_CIPHER **cipherp);
+ int opt_md(const char *name, EVP_MD **mdp);
+
+ int opt_int(const char *value, int *result);
+ int opt_long(const char *value, long *result);
+ int opt_imax(const char *value, intmax_t *result);
+ int opt_umax(const char *value, uintmax_t *result);
+ int opt_ulong(const char *value, unsigned long *result);
+
+ int opt_isdir(const char *name);
+
+ int opt_format(const char *s, unsigned long flags, int *result);
+ int opt_string(const char *name, const char **options);
+ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result);
+
+ int opt_num_rest(void);
+ char **opt_rest(void);
+
+=head1 DESCRIPTION
+
+The functions on this page provide a common set of option-parsing for
+the OpenSSL command and the internal test programs.
+It is intended to be used like the standard getopt(3) routine, except
+that multi-character flag names are supported, and a variety of parsing
+and other utility functions are also provided.
+
+Programs that use this should make sure to set the appropriate C<-I>
+flag.
+
+These routines expect a global B<BIO> named B<bio_err> to point to
+the equivalent of B<stderr>. This is already done in the OpenSSL
+application.
+
+=head2 Data Types
+
+Each program should define, near the main() routine, an enumeration
+that is the set of options the program accepts. For example:
+
+    typedef enum OPTION_choice {
+        OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+        OPT_YES, OPT_NAME, OPT_COUNT, OPT_OFILE,
+        ...
+    } OPTION_CHOICE;
+
+The first two lines must appear exactly as shown. In addition to
+defining symbolic names for the constants that opt_next() returns,
+it also helps guarantee that every command has a C<-help> option.
+The third line is a sample
+set of flags, and the closing C<typedef> name is used for error-checking
+as discussed below.
+By declaring the variable as an C<OPTION_CHOICE>, with the right warning
+flags, the compiler could check that all specified options are handled.
+
+The B<OPTIONS> C<typedef> specifies an option: what type of argument
+it takes (if any), and an optional "help" string.  It is a C<struct>
+containing these fields:
+
+    const char *name;
+    int retval;
+    int valtype;
+    const char *helpstr;
+
+The B<name> is the name of the option that the user would type. Options
+are words prefaced with a minus sign. If the user uses two minus signs,
+this is also accepted for compatibility with other GNU software. Some
+names are special, and are described below.
+
+The B<retval> is the value to return if the option is found. It should be
+one of the choices in the enumeration above.
+
+The B<valtype> defines what the option's parameter must be. It should
+be chosen from the following set:
+
+    \0  No value
+    '-' No value
+    's' A text string
+    '/' A directory
+    '<' Name of file to open for input
+    '>' Name of file to open for output
+    'n' A signed number that fits in the C<int> type
+    'p' A positive number that fits in the C<int> type
+    'N' A nonnegative number that fits in the C<int> type
+    'M' A signed number that fits in the C<intmax_t> type
+    'U' An unsigned number that fits in the C<uintmax_t> type
+    'l' A signed number that fits in the C<long> type
+    'u' An unsigned number that fits in the C<unsigned long> type
+    'c' File in PEM, DER, or S/MIME format
+    'F' A file in PEM or DER format
+    'E' Like 'F' but also allows ENGINE
+    'f' Any file format
+
+The B<helpstr> is what to display when the user uses the help option,
+which should be C<"help">.
+
+A program should declare its options right after the enumeration,
+and should follow the ordering of the enumeration as this helps
+readability and maintainability:
+
+    static OPTIONS my_options[] = {
+        {"help", OPT_HELP, '-', "Display this summary"},
+        {"yes", OPT_YES, '-', "Print an affirmative reply"},
+        {"count", OPT_COUNT, 'p', "Repeat count"},
+        {"output" OPT_OFILE, '>', "Output file; default is stdout"},
+        {NULL}
+    };
+
+Note that the B<OPT_HELP> option is explicitly listed, and the list ends with
+an entry of all-null's. The other two special options, B<OPT_ERR> and B<OPT_EOF>
+should not appear in the array.
+
+If the help string is too long to fit into one line, it may be continued
+on multiple lines; each entry should use B<OPT_MORE_STR>, like this:
+
+        {"output" OPT_OFILE, '>', "Output file; default is stdout"},
+        {OPT_MORE_STR, 0, 0,
+         "This flag is not really needed on Unix systems"},
+        {OPT_MORE_STR, 0, 0,
+         "(Unix and descendents for ths win!)"}
+
+Each subsequent line will be indented the correct amount.
+
+By default, the help display will include a standard prolog:
+
+    Usage: PROGRAM [options]
+    Valid options are:
+    ...detailed list of options...
+
+Sometimes there are parameters that should appear in the synopsis.
+Use B<OPT_HELP_STR> as the first entry in your array:
+
+    {OPT_HELP_STR, 1, '-', Usage: %s [options] [text...]\n"}
+
+The B<retval> and B<valtype> are ignored, and the B<helpstr> should
+follow the general construction as shown. The C<%s> will get the program
+name.
+
+If a command has a large set of options, it can be useful to break them
+into sections.  Use the macro B<OPT_SECTION> or B<OPT_SECTION_STR>
+to indicate this. The two lines below are equivalent:
+
+    OPT_SECTION("Validation"),
+    {OPT_SECTION_STR, 1, '-', "Validation options:\n"},
+
+In addition to providing help about options, you can provide a description
+of the parameters a command takes. These should appear at the end of
+the options and are indicated by using B<OPT_PARAM_STR> or the
+B<OPT_PARAMETERS> macro:
+
+    OPT_PARAMETERS()
+    {OPT_PARAM_STR, 1, '-', "Parameters:\n"}
+
+Every "option" after after this should contain the parameter and 
+the help string:
+
+    {"text", 0, 0, "Words to display (optional)"},
+
+=head2 Functions
+
+The opt_init() function takes the "argc, argv" arguments given to main() and
+a pointer to the list of options. It returns the simple program
+name, as defined by opt_progname().
+
+The opt_progname() function takes the full pathname, C<argv[0]>, and returns
+the simple short name of the executable, to be used for error messages and
+the like.  The opt_appname() functions takes the "application" name (such
+as the specific command from L<openssl(1)> and appends it to the program
+name. This function should only be called once.  Once set, opt_getprog()
+also returns the value.
+
+Once opt_init() has been called, opt_next() can be called in a loop to
+fetch each option in turn. It returns -1, or OPT_EOF when the
+end of arguments has been reached. This is typically done like this:
+
+    prog = opt_init(argc, argv, my_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+    opthelp:
+            fprintf(stderr, "%s: Use -help for summary\n", prog);
+            exit(1);
+        case OPT_HELP:
+            opt_help(my_options);
+            exit(0);
+        ...other options...
+        }
+    }
+
+The opt_help() function takes a list of option definitions and prints a
+nicely-formatted output.
+
+Within the option parsing loop, opt_flag() returns the option,
+without any leading hyphens. The opt_arg() function returns
+the option's value, if there is one.
+
+In an option list, there can be at most one option with the empty string.
+This is a "wildcard" or "unknown" option. For example, it allows an
+option to be be taken as digest algorithm, like C<-sha1>. The
+function opt_cipher() takes the specified I<name> and fills in
+the cipher into I<cipherp>.  The function opt_md() does the same
+thing for message digest.
+
+There are a several useful functions for parsing numbers.  These are
+opt_int(), opt_long(), opt_ulong(), opt_imax(), and opt_umax().  They all
+take C<0x> to mean hexadecimal and C<0> to mean octal, and will do the
+necessary range-checking. They return 1 if successful and fill in the
+C<result> pointer with the value, or 0 on error. Note that opt_next()
+will also do range-check on the argument if the appropriate B<valtype>
+field is specified for the option. This means that error-checking inside
+the C<switch> C<case> can often be elided.
+
+The opt_isdir() function returns 1 if the specified I<name> is
+a directory, or 0 if not. The opt_format() function takes a string value,
+such as used with the B<-informat> or similar option, and fills
+the value from the constants in F<fmt.h> file.
+
+The opt_string() function checks that I<name> appears in the
+NULL-terminated array of strings. It returns 1 if found,
+or prints a diagnostic and returns 0 if not.
+
+The opt_pair() function takes a list of I<pairs>, each of which
+has a text name and an integer. The specified I<name> is
+found on the list, it puts the index in I<*result>, and returns
+1. If not found, it returns 0.
+
+After processing all the options, the opt_num_rest() returns what is
+left, and opt_rest() returns a pointer to the first non-option.
+If there were no parameters, it will point to the NULL that is
+at the end of the standard B<argv> array.
+
+=head2 Common Options
+
+There are a few groups of options that are common to many OpenSSL programs.
+These are handled with sets of macros that define common option names
+and common code to handle them.  The categories are identified by a
+letter:
+
+    V   Validation
+    X   Extended certificate
+    S   TLS/SSL
+    R   Random state
+
+The B<OPT_x_ENUM> macro is used to define the numeration values, where B<x>
+is one of the letters above.  The B<OPT_x_OPTIONS> macro is used to
+list the set of common options, and the B<OPT_x_CASES> is used in
+the C<switch> statement.
+
+The common options are used throughout the sources for the OpenSSL commands.
+They are also used with common descriptions when generating the
+manpages, in the file F<doc/perlvars.pm>, which follow a similar naming
+convention.
+
+=head1 RETURN VALUES
+
+Detailed above.
+
+=head1 EXAMPLES
+
+The best examples can be found in sources for the commands in the F<apps>
+directory of the source tree.
+A notable exception is F<apps/cmp.c> which uses this API, but does
+things very differently.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use this
+file except in compliance with the License.  You can obtain a copy in the file
+LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

From openssl at openssl.org  Sat May  1 14:05:36 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Sat, 01 May 2021 14:05:36 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
 --strict-warnings no-sock
Message-ID: <1619877936.155001.174098.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-sock

Commit log since last time:

d77ba503a2 Adjust ssl_test_new for SHA1 security level
8ce390e139 Adjust sslapitest for SHA1 security level
fdf312709a Adjust dtlstest for SHA1 security level
0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0".
c404e4fab3 Add test case for openssl crl -noout -hash output
872b7979c7 crl: noout is not an output item
3b9e47695f CHANGES: document the FIPS provider configuration and installation
f2ea01d9f1 README-FIPS: document the installation of the FIPS provider
b2d8c7b6a3 Configure: disable fips mode by default
afa0a13c1a Configure: sort the disablables alphabetically
d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows
18da9fc31f Configure/Makefile: install the fips provider if it was configured
4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
5b68918185 Configure/Makefile: separate install of the FIPS module
c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path
b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation
59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
2395ad8079 test: never run fipsinstall if the tests are not enabled.
3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output
2e535eb50a Configuration: rework how dependency making is handled
0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative
e9b30d9f50 Test a Finished message at the wrong time results in unexpected message
f42e68dc47 Defer Finished MAC handling until after state transition
460d2fbcd7 Store the list of activated providers in the libctx
2d5695016d Properly protect access to the provider flag_activated field
98369ef25f Add a threading test for loading/unloading providers
4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms
176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts
1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
624359374b Skip test_fipsload when fips is disabled.
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
cdf63a3736 Add X509 version constants.
d97adfda28 memleaktest with MSVC's AddressSanitizer
67ea4beb94 OPENSSL_sk functions are effectively already documented
5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer()
e1491a2f15 Add testing for updated cipher IV
8365652287 Use "canonical" names when matching the output of the commands
680dbd16dc Skip GOST engine tests in out of tree builds
eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby
c0a79e9836 Rename some globals, add ossl prefix.
e6760e3e84 Add system guessing for linux64-riscv64 target
e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT.
1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
94471ccfda add verbosity for pyca job
a938f0045e re-add pyca/cryptography testing
a09fb26ba9 add wycheproof submodule
f2561fa566 updated pyca/cryptography submodule version
3e4981dd59 Avoid #include with inline function on C++Builder
c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
990aa405db Doc updates for DH/DSA examples
f1ffaaeece Fixes related to separation of DH and DHX types
6c9bc258d2 Add type_name member to provided methods and use it
d21224f1ad Documentation fix for openssl-verify certificates

From beldmit at gmail.com  Sat May  1 15:54:19 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Sat, 01 May 2021 15:54:19 +0000
Subject: [openssl]  master update
Message-ID: <1619884459.541810.23716.nullmailer@dev.openssl.org>

The branch master has been updated
       via  dd28d1c4d305574e5feacb0f3fee21192b9ccf2f (commit)
      from  f4407385f58242dcc6ae95a60c2a3dc8782bee42 (commit)


- Log -----------------------------------------------------------------
commit dd28d1c4d305574e5feacb0f3fee21192b9ccf2f
Author: Hubert Kario <hkario at redhat.com>
Date:   Fri Apr 30 16:45:47 2021 +0200

    man: s_server: fix text repetition in -alpn description
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/15099)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/openssl-s_server.pod.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 55227d9080..243ab8b3e0 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -672,7 +672,7 @@ disabling the ephemeral DH cipher suites.
 
 =item B<-alpn> I<val>, B<-nextprotoneg> I<val>
 
-These flags enable the Enable the Application-Layer Protocol Negotiation
+These flags enable the Application-Layer Protocol Negotiation
 or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
 IETF standard and replaces NPN.
 The I<val> list is a comma-separated list of supported protocol

From beldmit at gmail.com  Sat May  1 16:21:17 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Sat, 01 May 2021 16:21:17 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1619886077.440003.25812.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  6682083fa51fb94b95afd68b2b57f7609d9e41e7 (commit)
      from  7c65179ad95d0f6f598ee82e763fce2567fe5802 (commit)


- Log -----------------------------------------------------------------
commit 6682083fa51fb94b95afd68b2b57f7609d9e41e7
Author: Hubert Kario <hkario at redhat.com>
Date:   Fri Apr 30 16:41:17 2021 +0200

    man: s_server: fix typo in -alpn option description
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/15098)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/s_server.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 9fdac49190..aa6c19d31f 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -701,7 +701,7 @@ disabling the ephemeral DH cipher suites.
 
 =item B<-alpn val>, B<-nextprotoneg val>
 
-These flags enable the Enable the Application-Layer Protocol Negotiation
+These flags enable the Application-Layer Protocol Negotiation
 or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
 IETF standard and replaces NPN.
 The B<val> list is a comma-separated list of supported protocol

From beldmit at gmail.com  Sat May  1 16:24:51 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Sat, 01 May 2021 16:24:51 +0000
Subject: [openssl]  master update
Message-ID: <1619886291.614160.14340.nullmailer@dev.openssl.org>

The branch master has been updated
       via  045a893091994a5837a2bec9cc5646ae9ff07a2c (commit)
      from  dd28d1c4d305574e5feacb0f3fee21192b9ccf2f (commit)


- Log -----------------------------------------------------------------
commit 045a893091994a5837a2bec9cc5646ae9ff07a2c
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date:   Tue Apr 27 22:50:18 2021 +0200

    ssl:  fix possible ref counting fields use before init.
    
    `strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is called.
    The possible call is made before reference and lock fields setup.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/15052)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_lib.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3d0f309fd2..27a5ec4581 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3181,6 +3181,15 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
     if (ret == NULL)
         goto err;
 
+    /* Init the reference counting before any call to SSL_CTX_free */
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
     ret->libctx = libctx;
     if (propq != NULL) {
         ret->propq = OPENSSL_strdup(propq);
@@ -3196,13 +3205,6 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
     ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
     /* We take the system default. */
     ret->session_timeout = meth->get_timeout();
-    ret->references = 1;
-    ret->lock = CRYPTO_THREAD_lock_new();
-    if (ret->lock == NULL) {
-        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(ret);
-        return NULL;
-    }
     ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
     ret->verify_mode = SSL_VERIFY_NONE;
     if ((ret->cert = ssl_cert_new()) == NULL)

From openssl at openssl.org  Sat May  1 16:25:02 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Sat, 01 May 2021 16:25:02 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
 --strict-warnings no-stdio
Message-ID: <1619886302.516074.426867.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-stdio

Commit log since last time:

d77ba503a2 Adjust ssl_test_new for SHA1 security level
8ce390e139 Adjust sslapitest for SHA1 security level
fdf312709a Adjust dtlstest for SHA1 security level
0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0".
c404e4fab3 Add test case for openssl crl -noout -hash output
872b7979c7 crl: noout is not an output item
3b9e47695f CHANGES: document the FIPS provider configuration and installation
f2ea01d9f1 README-FIPS: document the installation of the FIPS provider
b2d8c7b6a3 Configure: disable fips mode by default
afa0a13c1a Configure: sort the disablables alphabetically
d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows
18da9fc31f Configure/Makefile: install the fips provider if it was configured
4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
5b68918185 Configure/Makefile: separate install of the FIPS module
c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path
b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation
59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
2395ad8079 test: never run fipsinstall if the tests are not enabled.
3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output
2e535eb50a Configuration: rework how dependency making is handled
0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative
e9b30d9f50 Test a Finished message at the wrong time results in unexpected message
f42e68dc47 Defer Finished MAC handling until after state transition
460d2fbcd7 Store the list of activated providers in the libctx
2d5695016d Properly protect access to the provider flag_activated field
98369ef25f Add a threading test for loading/unloading providers
4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms
176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts
1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
624359374b Skip test_fipsload when fips is disabled.
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
cdf63a3736 Add X509 version constants.
d97adfda28 memleaktest with MSVC's AddressSanitizer
67ea4beb94 OPENSSL_sk functions are effectively already documented
5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer()
e1491a2f15 Add testing for updated cipher IV
8365652287 Use "canonical" names when matching the output of the commands
680dbd16dc Skip GOST engine tests in out of tree builds
eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby
c0a79e9836 Rename some globals, add ossl prefix.
e6760e3e84 Add system guessing for linux64-riscv64 target
e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT.
1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
94471ccfda add verbosity for pyca job
a938f0045e re-add pyca/cryptography testing
a09fb26ba9 add wycheproof submodule
f2561fa566 updated pyca/cryptography submodule version
3e4981dd59 Avoid #include with inline function on C++Builder
c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
990aa405db Doc updates for DH/DSA examples
f1ffaaeece Fixes related to separation of DH and DHX types
6c9bc258d2 Add type_name member to provided methods and use it
d21224f1ad Documentation fix for openssl-verify certificates

From openssl at openssl.org  Sun May  2 00:24:08 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Sun, 02 May 2021 00:24:08 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
 --strict-warnings no-dtls1_2
Message-ID: <1619915048.081407.1322936.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2

Commit log since last time:

d77ba503a2 Adjust ssl_test_new for SHA1 security level
8ce390e139 Adjust sslapitest for SHA1 security level
fdf312709a Adjust dtlstest for SHA1 security level
0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0".
c404e4fab3 Add test case for openssl crl -noout -hash output
872b7979c7 crl: noout is not an output item
3b9e47695f CHANGES: document the FIPS provider configuration and installation
f2ea01d9f1 README-FIPS: document the installation of the FIPS provider
b2d8c7b6a3 Configure: disable fips mode by default
afa0a13c1a Configure: sort the disablables alphabetically
d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows
18da9fc31f Configure/Makefile: install the fips provider if it was configured
4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
5b68918185 Configure/Makefile: separate install of the FIPS module
c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path
b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation
59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
2395ad8079 test: never run fipsinstall if the tests are not enabled.
3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output
2e535eb50a Configuration: rework how dependency making is handled
0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative
e9b30d9f50 Test a Finished message at the wrong time results in unexpected message
f42e68dc47 Defer Finished MAC handling until after state transition
460d2fbcd7 Store the list of activated providers in the libctx
2d5695016d Properly protect access to the provider flag_activated field
98369ef25f Add a threading test for loading/unloading providers
4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms
176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts
1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
624359374b Skip test_fipsload when fips is disabled.
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
cdf63a3736 Add X509 version constants.
d97adfda28 memleaktest with MSVC's AddressSanitizer
67ea4beb94 OPENSSL_sk functions are effectively already documented
5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer()
e1491a2f15 Add testing for updated cipher IV
8365652287 Use "canonical" names when matching the output of the commands
680dbd16dc Skip GOST engine tests in out of tree builds
eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby
c0a79e9836 Rename some globals, add ossl prefix.
e6760e3e84 Add system guessing for linux64-riscv64 target
e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT.
1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
94471ccfda add verbosity for pyca job
a938f0045e re-add pyca/cryptography testing
a09fb26ba9 add wycheproof submodule
f2561fa566 updated pyca/cryptography submodule version
3e4981dd59 Avoid #include with inline function on C++Builder
c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
990aa405db Doc updates for DH/DSA examples
f1ffaaeece Fixes related to separation of DH and DHX types
6c9bc258d2 Add type_name member to provided methods and use it
d21224f1ad Documentation fix for openssl-verify certificates

From openssl at openssl.org  Sun May  2 03:05:25 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Sun, 02 May 2021 03:05:25 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
 --strict-warnings no-dtls1_2-method
Message-ID: <1619924725.184135.1621289.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method

Commit log since last time:

d77ba503a2 Adjust ssl_test_new for SHA1 security level
8ce390e139 Adjust sslapitest for SHA1 security level
fdf312709a Adjust dtlstest for SHA1 security level
0f077b5fd8 asn1_lib.c: ASN1_put_object: Remove comment about "class 0".
c404e4fab3 Add test case for openssl crl -noout -hash output
872b7979c7 crl: noout is not an output item
3b9e47695f CHANGES: document the FIPS provider configuration and installation
f2ea01d9f1 README-FIPS: document the installation of the FIPS provider
b2d8c7b6a3 Configure: disable fips mode by default
afa0a13c1a Configure: sort the disablables alphabetically
d9ce268151 build.info: add the Perl wrapper to build generator programs on Windows
18da9fc31f Configure/Makefile: install the fips provider if it was configured
4e282708c5 Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
5b68918185 Configure/Makefile: separate install of the FIPS module
c3bda8a2e0 Configure/Makefile: correct the FIPS module configuration file path
b6821df0d0 Configure/Makefile: use the correct openssl app for FIPS installation
59cf286919 Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
f4585aeca9 runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
2395ad8079 test: never run fipsinstall if the tests are not enabled.
3babc1e468 util/add-depends.pl: Adapt to localized /showIncludes output
2e535eb50a Configuration: rework how dependency making is handled
0bd138b8c3 Windows bulding: Make dependency generation not quite as talkative
e9b30d9f50 Test a Finished message at the wrong time results in unexpected message
f42e68dc47 Defer Finished MAC handling until after state transition
460d2fbcd7 Store the list of activated providers in the libctx
2d5695016d Properly protect access to the provider flag_activated field
98369ef25f Add a threading test for loading/unloading providers
4189dc3782 CMS ESS: Move four internal aux function to where they belong in crypto/cms
176a9a682a TS ESS: Move four internal aux function to where they belong in crypto/ts
1751768cd1 ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
624359374b Skip test_fipsload when fips is disabled.
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
cdf63a3736 Add X509 version constants.
d97adfda28 memleaktest with MSVC's AddressSanitizer
67ea4beb94 OPENSSL_sk functions are effectively already documented
5fd7eb5c8a Improve the implementation of X509_STORE_CTX_get1_issuer()
e1491a2f15 Add testing for updated cipher IV
8365652287 Use "canonical" names when matching the output of the commands
680dbd16dc Skip GOST engine tests in out of tree builds
eaf8a40d97 Prefer fetch over legacy get_digestby/get_cipherby
c0a79e9836 Rename some globals, add ossl prefix.
e6760e3e84 Add system guessing for linux64-riscv64 target
e466dc3646 Test that we don't have a memory leak in d2i_ASN1_OBJECT.
1727465471 ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
94471ccfda add verbosity for pyca job
a938f0045e re-add pyca/cryptography testing
a09fb26ba9 add wycheproof submodule
f2561fa566 updated pyca/cryptography submodule version
3e4981dd59 Avoid #include with inline function on C++Builder
c85c5e1a53 Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
990aa405db Doc updates for DH/DSA examples
f1ffaaeece Fixes related to separation of DH and DHX types
6c9bc258d2 Add type_name member to provided methods and use it
d21224f1ad Documentation fix for openssl-verify certificates

From pauli at openssl.org  Sun May  2 07:14:24 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sun, 02 May 2021 07:14:24 +0000
Subject: [openssl]  master update
Message-ID: <1619939664.830121.8765.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d1a770414acd34c774248ce8efbe202fd7a44041 (commit)
      from  045a893091994a5837a2bec9cc5646ae9ff07a2c (commit)


- Log -----------------------------------------------------------------
commit d1a770414acd34c774248ce8efbe202fd7a44041
Author: Pauli <pauli at openssl.org>
Date:   Fri Apr 30 12:14:33 2021 +1000

    acvp-test: disable the ACVP testing code by default
    
    It's only useful for the FIPS lab and shouldn't be in production.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15092)

-----------------------------------------------------------------------

Summary of changes:
 Configure  | 1 +
 INSTALL.md | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Configure b/Configure
index 7acbbc56b9..dc0b1924b7 100755
--- a/Configure
+++ b/Configure
@@ -513,6 +513,7 @@ my %deprecated_disablables = (
 
 our %disabled = ( # "what"         => "comment"
                   "fips"                => "default",
+                  "acvp-tests"          => "default",
                   "asan"                => "default",
                   "buildtest-c++"       => "default",
                   "crypto-mdebug"       => "default",
diff --git a/INSTALL.md b/INSTALL.md
index 9414556427..f89e1aed53 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -521,9 +521,9 @@ never be used in production environments.  It will only work when used with
 gcc or clang and should be used in conjunction with the [no-shared](#no-shared)
 option.
 
-### no-acvp-tests
+### enable-acvp-tests
 
-Do not build support for Automated Cryptographic Validation Protocol (ACVP)
+Build support for Automated Cryptographic Validation Protocol (ACVP)
 tests.
 
 This is required for FIPS validation purposes. Certain ACVP tests require

From scan-admin at coverity.com  Sun May  2 07:47:10 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 02 May 2021 07:47:10 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for openssl/openssl
Message-ID: <608e58fe1d0dd_2dd9c2ad54c2ff9a83575d@prd-scan-dashboard-0.mail>


    Your request for analysis of openssl/openssl has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DPogg_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGnV9nKXrVwLPw0EyaLnPyNXjP2udr-2B-2B2nI4qwiDG8BL-2F1sdj12toUySAT19jmhDoUSpjIeNcwP4oQQjsPYySj-2BHfpgYZKFPIeu9QGGxlR0El1OMNzascgPtuasoI3dR3h9ZPw7shqCOO2G8GDloxx4-2FRS-2BZkGCs-2FvV-2BQJS0FDKKzxdoV9dANvL-2FkqoPVN37oQ-3D

    Build ID: 384322

    Analysis Summary:
       New defects found: 4
       Defects eliminated: 4

    If you have difficulty understanding any defects, email us at scan-admin at coverity.com,
    or post your question to StackOverflow
    at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DIc7X_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGnV9nKXrVwLPw0EyaLnPyNXjP2udr-2B-2B2nI4qwiDG8BL2qyhZ0xDsj7MJSMUbI-2FdGPjVTmC-2Bhf8PzdSI9hVC2Fi6xEpsKciN7MHakIne-2F8HOHtDXncVJlAW4HdkmIqvMVnG4ZQGde-2BOsCr4H1A0z7zigvdEIoU6AOrTXZvb3KO7tpdvrNIV4X7nOYQjUhuMjZA-3D

From scan-admin at coverity.com  Sun May  2 07:52:32 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 02 May 2021 07:52:32 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2
Message-ID: <608e5a40100bd_2e0502ad54c2ff9a835755@prd-scan-dashboard-0.mail>


    Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D7MgP_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGWMYfeUWHXsf1L-2FK4PKziXSiGJ29DA6ktFz5tesU1cjHHDqQ5sOMagX6dTBZNMgfh7MPLhxRgOwFrLXlUtlgHDtg7zXiVDSNm7IkFIupp4np8MH-2FAJhwDQqwBUNrkF14Ke9-2BcUXiy8AvhfuBmTAB212mKOdr2YYiBpdM-2B5p-2BAOrlsmZNkbhrhgwj1DxSNxjbU-3D

    Build ID: 384323

    Analysis Summary:
       New defects found: 0
       Defects eliminated: 0


From openssl at openssl.org  Mon May  3 01:11:04 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 03 May 2021 01:11:04 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-asm
Message-ID: <1620004264.471940.2161701.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm

Commit log since last time:

d1a770414a acvp-test: disable the ACVP testing code by default
045a893091 ssl:  fix possible ref counting fields use before init.
dd28d1c4d3 man: s_server: fix text repetition in -alpn description
f4407385f5 APPS: Document the core of the opt_ API
c0f4400c40 Use OCSP-specific error code for clarity
39da327294 Simplify AppVeyor configuration
535130c39d Add -latomic to threads enabled 32bit linux builds
38e12964a6 Fix no-fips-securitychecks test failure
91034b68b3 apps/ca,req,x509: Switch to EVP_DigestSignInit_ex
4489655c23 Fix typo in OSSL_DECODER_CTX_set_input_structure
b7f7a15f6a STORE: Fix the repeated prompting of passphrase
b594a22717 SM2 signatures work correctly only with SM3 digests
2c181ac5a6 sm2: Cleanup handling of DIGEST and DIGEST_SIZE parameters
c230e938c7 CORE: Rework the pre-population of the namemap
e73fc81345 STORE: Use the 'expect' param to limit the amount of decoders used
38230e3011 acvp: fix the no-acvp_test build
455f254252 Update OSSL_STORE_attach() documentation to indicate it increases the ref_count of the passed in bio
857c223bf7 Fix memory leak in load_key_certs_crls() when using stdin.
e9d62da6c3 Fix CRL app so that stdin works.
9ac653d81a Document the API breaking constification changes
0b31c36797 Remove dated term and fixed typo anther
c7d848e220 remove end of line whitespace
b536880c45 Add library context and property query support into the PKCS12 API

Build log ended with (last 100 lines):

	test/sysdefaulttest-bin-sysdefaulttest.o \
	-lssl test/libtestutil.a -lcrypto -ldl -pthread 
rm -f test/tls13ccstest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L.   \
	-o test/tls13ccstest \
	test/helpers/tls13ccstest-bin-ssltestlib.o \
	test/tls13ccstest-bin-tls13ccstest.o \
	-lssl test/libtestutil.a -lcrypto -ldl -pthread 
rm -f test/tls13secretstest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L.   \
	-o test/tls13secretstest \
	crypto/tls13secretstest-bin-packet.o \
	ssl/tls13secretstest-bin-tls13_enc.o \
	test/tls13secretstest-bin-tls13secretstest.o \
	-lssl test/libtestutil.a -lcrypto -ldl -pthread 
rm -f test/uitest
${LDCMD:-clang} -pthread -m64 -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L.   \
	-o test/uitest \
	apps/lib/uitest-bin-apps_ui.o test/uitest-bin-uitest.o \
	-lssl test/libtestutil.a -lcrypto -ldl -pthread 
make[1]: Leaving directory '/home/openssl/run-checker/no-asm'
$ make test
make depend && make _tests
make[1]: Entering directory '/home/openssl/run-checker/no-asm'
make[1]: Leaving directory '/home/openssl/run-checker/no-asm'
make[1]: Entering directory '/home/openssl/run-checker/no-asm'
( SRCTOP=../openssl \
  BLDTOP=. \
  PERL="/usr/bin/perl" \
  FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
  EXE_EXT= \
  /usr/bin/perl ../openssl/test/run_tests.pl  )
01-test_abort.t .................... ok
01-test_fipsmodule_cnf.t ........... skipped: Test only supported in a fips build
01-test_sanity.t ................... ok
01-test_symbol_presence.t .......... ok
01-test_test.t ..................... ok
02-test_errstr.t ................... ok
02-test_internal_context.t ......... ok
02-test_internal_ctype.t ........... ok
02-test_internal_keymgmt.t ......... ok
02-test_internal_provider.t ........ ok
02-test_lhash.t .................... ok
02-test_ordinals.t ................. ok
02-test_sparse_array.t ............. ok
02-test_stack.t .................... ok
03-test_exdata.t ................... ok
03-test_fipsinstall.t .............. skipped: Test only supported in a fips build
03-test_internal_asn1.t ............ ok
03-test_internal_asn1_dsa.t ........ ok
03-test_internal_bn.t .............. ok
03-test_internal_chacha.t .......... ok
03-test_internal_curve448.t ........ ok
03-test_internal_ec.t .............. ok
03-test_internal_ffc.t ............. ok
03-test_internal_mdc2.t ............ ok
03-test_internal_modes.t ........... ok
03-test_internal_namemap.t ......... ok
03-test_internal_poly1305.t ........ ok
03-test_internal_rsa_sp800_56b.t ... ok
03-test_internal_siphash.t ......... ok
03-test_internal_sm2.t ............. ok
03-test_internal_sm4.t ............. ok
03-test_internal_ssl_cert_table.t .. ok
03-test_internal_x509.t ............ ok
03-test_params_api.t ............... ok
03-test_property.t ................. ok
03-test_ui.t ....................... ok
04-test_asn1_decode.t .............. ok
04-test_asn1_encode.t .............. ok
04-test_asn1_string_table.t ........ ok
04-test_bio_callback.t ............. ok
04-test_bioprint.t ................. ok
04-test_conf.t ..................... ok
04-test_encoder_decoder.t .......... ok
04-test_encoder_decoder_legacy.t ... ok
04-test_err.t ...................... ok
04-test_hexstring.t ................ ok
04-test_param_build.t .............. ok
04-test_params.t ................... ok
04-test_params_conversion.t ........ ok
04-test_pem_read_depr.t ............ ok
04-test_pem_reading.t .............. ok
04-test_provider.t ................. ok
04-test_provider_fallback.t ........ ok
05-test_bf.t ....................... ok
05-test_cast.t ..................... ok
05-test_cmac.t ..................... ok
05-test_des.t ...................... ok
05-test_hmac.t ..................... ok
05-test_idea.t ..................... ok
05-test_rand.t ..................... ok
05-test_rc2.t ...................... ok
05-test_rc4.t ...................... ok
05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build
06-test_algorithmid.t .............. ok
06-test_rdrand_sanity.t ............ ok
make[1]: *** wait: No child processes.  Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: *** wait: No child processes.  Stop.

From openssl at openssl.org  Mon May  3 08:11:53 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 03 May 2021 08:11:53 +0000
Subject: FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-des
Message-ID: <1620029513.838878.2962319.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

d1a770414a acvp-test: disable the ACVP testing code by default
045a893091 ssl:  fix possible ref counting fields use before init.
dd28d1c4d3 man: s_server: fix text repetition in -alpn description
f4407385f5 APPS: Document the core of the opt_ API
c0f4400c40 Use OCSP-specific error code for clarity
39da327294 Simplify AppVeyor configuration
535130c39d Add -latomic to threads enabled 32bit linux builds
38e12964a6 Fix no-fips-securitychecks test failure
91034b68b3 apps/ca,req,x509: Switch to EVP_DigestSignInit_ex
4489655c23 Fix typo in OSSL_DECODER_CTX_set_input_structure
b7f7a15f6a STORE: Fix the repeated prompting of passphrase
b594a22717 SM2 signatures work correctly only with SM3 digests
2c181ac5a6 sm2: Cleanup handling of DIGEST and DIGEST_SIZE parameters
c230e938c7 CORE: Rework the pre-population of the namemap
e73fc81345 STORE: Use the 'expect' param to limit the amount of decoders used
38230e3011 acvp: fix the no-acvp_test build
455f254252 Update OSSL_STORE_attach() documentation to indicate it increases the ref_count of the passed in bio
857c223bf7 Fix memory leak in load_key_certs_crls() when using stdin.
e9d62da6c3 Fix CRL app so that stdin works.
9ac653d81a Document the API breaking constification changes
0b31c36797 Remove dated term and fixed typo anther
c7d848e220 remove end of line whitespace
b536880c45 Add library context and property query support into the PKCS12 API

Build log ended with (last 100 lines):

70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok

# 
Killing mock server with pid=295230680-test_cmp_http.t ................. ok

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok

pkcs12: Unknown cipher: descert
pkcs12: Use -help for summary.
../../util/wrap.pl ../../apps/openssl pkcs12 -export -in ../../../openssl/test/certs/v3-certs-RC2.p12 -passin 'pass:v3-certs' -provider default -provider legacy -nokeys -passout 'pass:v3-certs' -descert -out out3.p12 => 1
not ok 7 - test_pkcs12_passcerts_legacy
# ------------------------------------------------------------------------------
#   Failed test 'test_pkcs12_passcerts_legacy'
#   at ../openssl/test/recipes/80-test_pkcs12.t line 102.
# Looks like you failed 1 test of 7.80-test_pkcs12.t ................... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/7 subtests 
	(less 1 skipped subtest: 5 okay)
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
80-test_pkcs12.t                 (Wstat: 256 Tests: 7 Failed: 1)
  Failed test:  7
  Non-zero exit status: 1
Files=234, Tests=3067, 934 wallclock secs (65.32 usr  1.23 sys + 814.88 cusr 72.32 csys = 953.75 CPU)
Result: FAIL
make[1]: *** [Makefile:3122: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-des'
make: *** [Makefile:3119: tests] Error 2

From openssl at openssl.org  Tue May  4 01:12:46 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Tue, 04 May 2021 01:12:46 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 enable-fuzz-afl no-shared no-module
Message-ID: <1620090766.781023.681260.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

d1a770414a acvp-test: disable the ACVP testing code by default
045a893091 ssl:  fix possible ref counting fields use before init.
dd28d1c4d3 man: s_server: fix text repetition in -alpn description
f4407385f5 APPS: Document the core of the opt_ API
c0f4400c40 Use OCSP-specific error code for clarity
39da327294 Simplify AppVeyor configuration
535130c39d Add -latomic to threads enabled 32bit linux builds
38e12964a6 Fix no-fips-securitychecks test failure
91034b68b3 apps/ca,req,x509: Switch to EVP_DigestSignInit_ex
4489655c23 Fix typo in OSSL_DECODER_CTX_set_input_structure
b7f7a15f6a STORE: Fix the repeated prompting of passphrase
b594a22717 SM2 signatures work correctly only with SM3 digests
2c181ac5a6 sm2: Cleanup handling of DIGEST and DIGEST_SIZE parameters
c230e938c7 CORE: Rework the pre-population of the namemap
e73fc81345 STORE: Use the 'expect' param to limit the amount of decoders used
38230e3011 acvp: fix the no-acvp_test build
455f254252 Update OSSL_STORE_attach() documentation to indicate it increases the ref_count of the passed in bio
857c223bf7 Fix memory leak in load_key_certs_crls() when using stdin.
e9d62da6c3 Fix CRL app so that stdin works.
9ac653d81a Document the API breaking constification changes
0b31c36797 Remove dated term and fixed typo anther
c7d848e220 remove end of line whitespace
b536880c45 Add library context and property query support into the PKCS12 API

Build log ended with (last 100 lines):

../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo5.pem -out_trusted root.crt => 0
    not ok 47 - popo NONE
# ------------------------------------------------------------------------------
    #   Failed test 'popo NONE'
    #   at ../openssl/test/recipes/80-test_cmp_http.t line 145.
Warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# cmp_main:../openssl/apps/cmp.c:2582:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2191:CMP warning: -proxy option argument is empty string, resetting option
# setup_client_ctx:../openssl/apps/cmp.c:1891:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:1941:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem -out_trusted root.crt => 0
    not ok 48 - popo KEYENC not supported
# ------------------------------------------------------------------------------
    # Looks like you failed 3 tests of 92.
not ok 5 - CMP app CLI Mock enrollment
# ------------------------------------------------------------------------------
# 
#   Failed test 'CMP app CLI Mock enrollment
# '
#   at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335.
Killing mock server with pid=671765
# Looks like you failed 3 tests of 5.80-test_cmp_http.t ................. 
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/5 subtests 

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ skipped: Test only supported in a shared build
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. skipped: test_tls13secrets is not supported in this build
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
80-test_cmp_http.t               (Wstat: 768 Tests: 5 Failed: 3)
  Failed tests:  2-3, 5
  Non-zero exit status: 3
Files=234, Tests=2775, 892 wallclock secs (68.50 usr  1.41 sys + 771.22 cusr 67.09 csys = 908.22 CPU)
Result: FAIL
make[1]: *** [Makefile:2515: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl'
make: *** [Makefile:2512: tests] Error 2

From levitte at openssl.org  Tue May  4 08:19:10 2021
From: levitte at openssl.org (Richard Levitte)
Date: Tue, 04 May 2021 08:19:10 +0000
Subject: [openssl]  master update
Message-ID: <1620116350.911291.17510.nullmailer@dev.openssl.org>

The branch master has been updated
       via  02669b677e6263b3d337ceb526b8b030477fe26b (commit)
       via  0d6c144e8d0c53e8947e3a76225ea33b3e29abc8 (commit)
      from  d1a770414acd34c774248ce8efbe202fd7a44041 (commit)


- Log -----------------------------------------------------------------
commit 02669b677e6263b3d337ceb526b8b030477fe26b
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Apr 29 12:50:33 2021 +0200

    Windows build file: add forgotten quotes on POD->html command line
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15084)

commit 0d6c144e8d0c53e8947e3a76225ea33b3e29abc8
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat May 1 07:29:27 2021 +0200

    OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
    
    The perl interpreter name itself might contain spaces and need quoting.
    __fixup_prg() does this for us.
    
    Fixes #14256
    
    Co-authored-by: Tom?? Mr?z <tomas at openssl.org>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15084)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/windows-makefile.tmpl | 2 +-
 util/perl/OpenSSL/Test.pm            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 4843106de2..014c1eb8d1 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -686,7 +686,7 @@ EOF
           my $pod = $gen0;
           return <<"EOF";
 $args{src}: "$pod"
-	\$(PERL) \$(SRCDIR)/util/mkpod2html.pl -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc"
+	"\$(PERL)" "\$(SRCDIR)/util/mkpod2html.pl" -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc"
 EOF
       } elsif (platform->isdef($args{src})) {
           #
diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm
index 4dc1bad188..55f26cc630 100644
--- a/util/perl/OpenSSL/Test.pm
+++ b/util/perl/OpenSSL/Test.pm
@@ -1232,7 +1232,7 @@ sub __wrap_cmd {
             # In the Windows case, we run perl explicitly.  We might not
             # need it, but that depends on if the user has associated the
             # '.pl' extension with a perl interpreter, so better be safe.
-            @prefix = ( $^X, $std_wrapper );
+            @prefix = ( __fixup_prg($^X), $std_wrapper );
         } else {
             # Otherwise, we assume Unix semantics, and trust that the #!
             # line activates perl for us.

From beldmit at gmail.com  Tue May  4 08:20:13 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Tue, 04 May 2021 08:20:13 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1620116413.798153.18720.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  4b1be3c8868cf0b26a031f68ffebc34248e1836c (commit)
      from  6682083fa51fb94b95afd68b2b57f7609d9e41e7 (commit)


- Log -----------------------------------------------------------------
commit 4b1be3c8868cf0b26a031f68ffebc34248e1836c
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Sat May 1 13:29:05 2021 +0200

    Use OCSP-specific error code for clarity
    
    Fixes #12735 for 1.1.1
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15109)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt   | 1 +
 include/openssl/sslerr.h | 3 ++-
 ssl/ssl_err.c            | 4 +++-
 ssl/statem/statem_clnt.c | 2 +-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7e1776375d..e0e60ffa38 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2784,6 +2784,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
 SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
 SSL_R_NULL_SSL_CTX:195:null ssl ctx
 SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
 	old session compression algorithm not returned
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 82983d3c1e..9060fd1b75 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -633,6 +633,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
 # define SSL_R_NULL_SSL_CTX                               195
 # define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OCSP_CALLBACK_FAILURE                      294
 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
 # define SSL_R_OVERFLOW_ERROR                             237
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 4b12ed1485..d0c69821b5 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1018,6 +1018,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
     "null ssl method passed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+    "ocsp callback failure"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
     "old session cipher not returned"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index de58f1a4b7..5543e08c59 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2833,7 +2833,7 @@ int tls_process_initial_server_flight(SSL *s)
         if (ret < 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
-                     ERR_R_MALLOC_FAILURE);
+                     SSL_R_OCSP_CALLBACK_FAILURE);
             return 0;
         }
     }

From levitte at openssl.org  Tue May  4 09:34:41 2021
From: levitte at openssl.org (Richard Levitte)
Date: Tue, 04 May 2021 09:34:41 +0000
Subject: [openssl]  master update
Message-ID: <1620120881.348139.10172.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f97bc7c4240ba370c323c0d753d9d97f7a7c89bf (commit)
       via  49f699b54d982c431c13f29ea08628ab599f1e6e (commit)
       via  be22315235605ac50f735758f6c6edcb262146db (commit)
       via  27ca03ea829443ee750db148dde87cf3da900d9c (commit)
       via  841a438c7f67f697dd6710b26cc6536dd76a420a (commit)
      from  02669b677e6263b3d337ceb526b8b030477fe26b (commit)


- Log -----------------------------------------------------------------
commit f97bc7c4240ba370c323c0d753d9d97f7a7c89bf
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Apr 27 11:23:12 2021 +0200

    [TEMPORARY] make 'make update' verbose in ci.yml
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8871)

commit 49f699b54d982c431c13f29ea08628ab599f1e6e
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 3 13:24:39 2019 +0200

    GitHub CI: ensure that unifdef is installed
    
    This is required for 'make update' and fips checksums
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8871)

commit be22315235605ac50f735758f6c6edcb262146db
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 3 13:12:59 2019 +0200

    FIPS module checksums: add scripts and Makefile rule
    
    This adds the following scripts:
    
    util/lang-compress.pl:
    
    Compress source code, which language is determined by the first argument.
    For the moment, we know 'perl' (perlasm source code), 'C' (C source code)
    and 'S' (Assembler with C preprocessor directives).
    This removes comments and empty lines, and compresses series of horizontal
    spaces to one single space in the languages where that's appropriate.
    
    util/fips-checksums.sh:
    
    Takes source file names as arguments, pushes them through
    util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates
    the checksum on the result.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8871)

commit 27ca03ea829443ee750db148dde87cf3da900d9c
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Apr 26 19:44:24 2021 +0200

    Unix build file: Add a target to create providers/fips.module.sources
    
    This file will be the basis for the FIPS module checksum calculation
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8871)

commit 841a438c7f67f697dd6710b26cc6536dd76a420a
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Apr 26 19:41:54 2021 +0200

    Add OpenSSL::Config::Query and use it in configdata.pm
    
    OpenSSL::Config::Query is a configuration querying tool that's meant
    to make it easier to query the diverse configuration data for info.
    That's much easier than to dig through all the parts of %unified_info.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8871)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml          |   6 +-
 Configurations/unix-Makefile.tmpl |  53 +++++
 configdata.pm.in                  |  26 ++-
 providers/fips-sources.checksums  | 459 +++++++++++++++++++++++++++++++++++++
 providers/fips.checksum           |   1 +
 providers/fips.module.sources     | 467 ++++++++++++++++++++++++++++++++++++++
 util/c-compress-test.pl           |  54 +++++
 util/fips-checksums.sh            |  31 +++
 util/lang-compress.pl             | 189 +++++++++++++++
 util/perl/OpenSSL/Config/Query.pm | 177 +++++++++++++++
 10 files changed, 1460 insertions(+), 3 deletions(-)
 create mode 100644 providers/fips-sources.checksums
 create mode 100644 providers/fips.checksum
 create mode 100644 providers/fips.module.sources
 create mode 100755 util/c-compress-test.pl
 create mode 100755 util/fips-checksums.sh
 create mode 100755 util/lang-compress.pl
 create mode 100644 util/perl/OpenSSL/Config/Query.pm

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2e18fba41a..e37c7f54d8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,13 +15,17 @@ jobs:
   check_update:
     runs-on: ubuntu-latest
     steps:
+    - name: install unifdef
+      run: |
+        sudo apt-get update
+        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
     - uses: actions/checkout at v2
     - name: config
       run: ./config --strict-warnings enable-fips && perl configdata.pm --dump
     - name: make build_generated
       run: make -s build_generated
     - name: make update
-      run: make -s update
+      run: make update
     - name: git diff
       run: git diff --exit-code
 
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 4ace44477d..d98c42c85e 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1055,6 +1055,9 @@ uninstall_html_docs:
 # It's important that generate_buildinfo comes after ordinals, as ordinals
 # is sensitive to build.info changes.
 update: generate errors ordinals generate_buildinfo
+{- output_off() if $disabled{fips}; "" -}
+update: fips-checksums
+{- output_on() if $disabled{fips}; "" -}
 
 generate: generate_apps generate_crypto_bn generate_crypto_objects \
           generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids
@@ -1137,6 +1140,42 @@ generate_doc_buildinfo:
                 mv $(SRCDIR)/doc/build.info.new $(SRCDIR)/doc/build.info; \
           fi )
 
+{- output_off() if $disabled{fips}; "" -}
+generate_fips_sources: $(SRCDIR)/providers/fips.module.sources
+$(SRCDIR)/providers/fips.module.sources: \
+                $(SRCDIR)/Configure \
+                {- join(" \\\n" . ' ' x 16,
+                        fill_lines(" ", $COLUMNS - 16,
+                                   @{$config{build_file_templates}},
+                                   @{$config{build_infos}},
+                                   @{$config{conf_files}})) -}
+	rm -rf sources-tmp
+	mkdir sources-tmp
+	( \
+	  srcdir=`cd $(SRCDIR); pwd`; \
+	  cd sources-tmp \
+	  && $$srcdir/Configure enable-fips \
+	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \
+	  && $$srcdir/Configure enable-fips no-asm \
+	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \
+	)
+	( \
+	  srcdir2=`if [ "$(SRCDIR)" = "." ]; then echo ".."; elif echo "$(SRCDIR)" | grep '^/' > /dev/null; then echo "$(SRCDIR)"; else echo "../$(SRCDIR)"; fi`; \
+	  cat sources-tmp/sources1 sources-tmp/sources2 \
+	  | grep -v ' : \\$$' | sed -e 's| \\$$||' -e "s|^  $$srcdir2/||"; \
+	  cd $(SRCDIR); \
+	  for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \
+		   crypto/aes/asm/*.pl crypto/aes/asm/*.S \
+		   crypto/ec/asm/*.pl \
+		   crypto/md5/asm/*.pl \
+		   crypto/modes/asm/*.pl \
+		   crypto/sha/asm/*.pl; do \
+	    echo "$$x"; \
+	  done \
+	) | sort | uniq > $(SRCDIR)/providers/fips.module.sources
+	rm -rf sources-tmp
+{- output_on() if $disabled{fips}; "" -}
+
 # Set to -force to force a rebuild
 ERROR_REBUILD=
 errors:
@@ -1231,6 +1270,20 @@ tags TAGS: FORCE
 	-ctags -R .
 	-etags `find . -name '*.[ch]' -o -name '*.pm'`
 
+{- output_off() if $disabled{fips}; "" -}
+fips-checksums: generate_fips_sources
+	if which unifdef > /dev/null; then \
+	    ( cd $(SRCDIR) \
+	      && cat providers/fips.module.sources \
+	             | xargs ./util/fips-checksums.sh \
+	             > providers/fips-sources.checksums \
+	      && sha256sum providers/fips-sources.checksums \
+	             > providers/fips.checksum ); \
+	else \
+	    echo >&2 "WARNING: unifdef not in your \$$PATH, FIPS checksums not calculated"; \
+	fi
+{- output_on() if $disabled{fips}; "" -}
+
 # Release targets (note: only available on Unix) #####################
 
 tar:
diff --git a/configdata.pm.in b/configdata.pm.in
index 279b8f75c9..3481eab277 100644
--- a/configdata.pm.in
+++ b/configdata.pm.in
@@ -112,13 +112,14 @@ unless (caller) {
     use File::Basename;
     use Pod::Usage;
 
+    use lib '{- sourcedir('util', 'perl') -}';
+    use OpenSSL::fallback '{- sourcefile('external', 'perl', 'MODULES.txt') -}';
+
     my $here = dirname($0);
 
     if (scalar @ARGV == 0) {
         # With no arguments, re-create the build file
 
-        use lib '{- sourcedir('util', 'perl') -}';
-        use OpenSSL::fallback '{- sourcefile('external', 'perl', 'MODULES.txt') -}';
         use OpenSSL::Template;
 
         my $prepend = <<'_____';
@@ -172,6 +173,7 @@ _____
     my $buildparams = undef;
     my $reconf = undef;
     my $verbose = undef;
+    my $query = undef;
     my $help = undef;
     my $man = undef;
     GetOptions('dump|d'                 => \$dump,
@@ -183,6 +185,7 @@ _____
                'build-parameters|b'     => \$buildparams,
                'reconfigure|reconf|r'   => \$reconf,
                'verbose|v'              => \$verbose,
+               'query|q=s'              => \$query,
                'help'                   => \$help,
                'man'                    => \$man)
         or die "Errors in command line arguments\n";
@@ -320,6 +323,25 @@ _____
         chdir $here;
         exec $^X,catfile($config{sourcedir}, 'Configure'),'reconf';
     }
+    if ($query) {
+        use OpenSSL::Config::Query;
+
+        my $confquery = OpenSSL::Config::Query->new(info => \%unified_info,
+                                                    config => \%config);
+        my $result = eval "\$confquery->$query";
+
+        # We may need a result class with a printing function at some point.
+        # Until then, we assume that we get a scalar, or a list or a hash table
+        # with scalar values and simply print them in some orderly fashion.
+        if (ref $result eq 'ARRAY') {
+            print "$_\n" foreach @$result;
+        } elsif (ref $result eq 'HASH') {
+            print "$_ : \\\n  ", join(" \\\n  ", @{$result->{$_}}), "\n"
+                foreach sort keys %$result;
+        } elsif (ref $result eq 'SCALAR') {
+            print "$$result\n";
+        }
+    }
 }
 
 1;
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
new file mode 100644
index 0000000000..50d19c5117
--- /dev/null
+++ b/providers/fips-sources.checksums
@@ -0,0 +1,459 @@
+0e22ea0cf34ef3871e30df0bc302dc29352d38001d1622ddb78a27a374b6aee8  crypto/aes/aes_cbc.c
+6028cd3c2e466625cc0b8b9b6a12278e5935aec3bff1eab006c6f13a1e248260  crypto/aes/aes_core.c
+3fac41ce96acb9189eac2d5571425c3ff33a34c884ae7e275e1fd3068b5fc662  crypto/aes/aes_ecb.c
+a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd  crypto/aes/aes_misc.c
+6979c133f76f4623e62e6e970deae70fa025e713a72b71aead5a048d49e47f6f  crypto/aes/asm/aes-586.pl
+92be9ff608331a432e95247a8f4fb9e46897d0cb76f2b6db809b61d44287964a  crypto/aes/asm/aes-armv4.pl
+953897f86e2de9fa27ef411155ab3aed133af94885f1507e76449c142da78656  crypto/aes/asm/aes-c64xplus.pl
+00196f01f5218ad731e6a058d406078f7228a9756d9d73f51c0d0c2a68f885af  crypto/aes/asm/aes-ia64.S
+88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8  crypto/aes/asm/aes-mips.pl
+7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad  crypto/aes/asm/aes-parisc.pl
+f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b  crypto/aes/asm/aes-ppc.pl
+ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f  crypto/aes/asm/aes-s390x.pl
+01f60ddf86f97eae22559e4b5a79855296100a1ec04c527567ba5c52e4f64f9b  crypto/aes/asm/aes-sparcv9.pl
+2b3b9ac56bf54334d053857a24bdb08592151e8a7a60b89b8195846b7f8ee7b5  crypto/aes/asm/aes-x86_64.pl
+cb429f1e92cb7d8397497a149161b10f05420031ba7d501e8b0c79ab7faaeb57  crypto/aes/asm/aesfx-sparcv9.pl
+14359dc32b7f4e5c08227fb9ac8f9232c1287399463b233fec4a2ab0c19f68d1  crypto/aes/asm/aesni-mb-x86_64.pl
+2fe016e8098d1c959b6199ce98e91dfed9a3a543d6b068daf88d4c4c402701ec  crypto/aes/asm/aesni-sha1-x86_64.pl
+1d3acabadedb88d1327eeb76201ea9b3f4814f44898018ffae6c73e3f400b89b  crypto/aes/asm/aesni-sha256-x86_64.pl
+3f4a0cc23cd55f9f2603abfdc33b08323ad599cbf84e50d7c39db82723b54c4a  crypto/aes/asm/aesni-x86.pl
+c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93  crypto/aes/asm/aesni-x86_64.pl
+f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6  crypto/aes/asm/aesp8-ppc.pl
+0b0ff9898edbe069320979eadb0114cb37761416750d983520af7ae47bb0fb48  crypto/aes/asm/aest4-sparcv9.pl
+fbee40f89882019c0f03072f92fccd5cfc79bfebea2ff675909e731d0e71d622  crypto/aes/asm/aesv8-armx.pl
+d643cf9f1c5641c8b72d9d738233e246ada3d7cc663ed0185a963b1f6ca4a2c5  crypto/aes/asm/bsaes-armv7.pl
+88534cd35647eab07838cd005c04c8051236d4afca6df6f2b47e30b2a2e5c5a9  crypto/aes/asm/bsaes-x86_64.pl
+1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196  crypto/aes/asm/vpaes-armv8.pl
+c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4  crypto/aes/asm/vpaes-ppc.pl
+3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3  crypto/aes/asm/vpaes-x86.pl
+060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4  crypto/aes/asm/vpaes-x86_64.pl
+fdabbeafcb4b351a13ec92f04a4427ff94e51909d3773e02ff526b4d77ded8dc  crypto/asn1_dsa.c
+819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a  crypto/bn/asm/alpha-mont.pl
+0070595128b250b9ebdebe48ce53d2d27ca16ec4f7c6c8bd169ab2e4a913b2d1  crypto/bn/asm/armv4-gf2m.pl
+8c1c53a725b8a4f92b8a353bfeeb393be94198df41c912e3270f9e654417b250  crypto/bn/asm/armv4-mont.pl
+320a3feafffafc05a00a56202958abc258cff596c602604d6c878fa0ca3023d6  crypto/bn/asm/armv8-mont.pl
+cb4ad7b7461fcb8e2a0d52881158d0211b79544842d4eae36fc566869a2d62c8  crypto/bn/asm/bn-586.pl
+636da7e2a66272a81f9c99e90b36c6f132ad6236c739e8b9f2e7315f30b72edd  crypto/bn/asm/c64xplus-gf2m.pl
+c86664fb974362ee52a454c83c2c4b23fd5b7d64b3c9e23ef1e0dfd130a46ee5  crypto/bn/asm/co-586.pl
+199b9b100f194a2a128c14f2a71be5a04d50d069666d90ca5b69baee1318ccb7  crypto/bn/asm/ia64-mont.pl
+a511aafbf76647a0c83705d4491c898a5584d300aa449fa6166c8803372946eb  crypto/bn/asm/ia64.S
+687c5d6606fdfd0e242005972d15db74a9cbac2b8a9a54a56fcb1e99d3880ff3  crypto/bn/asm/mips-mont.pl
+eb240c1f72063048abe026ab7fab340361a329d5cd355276a25950be446cc091  crypto/bn/asm/mips.pl
+b27ec5181e387e812925bb26823b830f49d7a6e4971b6d11ea583f5632a1504b  crypto/bn/asm/parisc-mont.pl
+9973523b361db963eea4938a7a8a3adc692e1a4e1aec4fa1f1e57dc93da37921  crypto/bn/asm/ppc-mont.pl
+59cd27e1e10c4984b7fb684b27f491e7634473b1bcff197a07e0ca653124aa9a  crypto/bn/asm/ppc.pl
+a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f  crypto/bn/asm/ppc64-mont.pl
+231579e532443665020d4d522d9f11713d9c5d5c814b95b434b0f65452e16de4  crypto/bn/asm/rsaz-avx2.pl
+c9bd8679a5104affd9f3f0bcda726f823a1a53cac872e4a21a6f2370489dae08  crypto/bn/asm/rsaz-avx512.pl
+31e84dc905b13e38850071528d3abbfcaf8910bbc8b46f38d19c2b386a5f838e  crypto/bn/asm/rsaz-x86_64.pl
+30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf  crypto/bn/asm/s390x-gf2m.pl
+590388d69d7ac3a0e9af4014792f4f0fdb9552719e8fb48ebc7e5dfca2a491d4  crypto/bn/asm/s390x-mont.pl
+aa02597f3dc09cfbc190aedb75711859ba0f3efff87067ebfba1ec78ebee40d7  crypto/bn/asm/s390x.S
+458ecb209d5c2daf79b1d3abadc62e34809beed8be87a9c46f358850503045b8  crypto/bn/asm/sparct4-mont.pl
+ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101  crypto/bn/asm/sparcv8.S
+fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef  crypto/bn/asm/sparcv8plus.S
+62105f8f1eb54778b52923f6d24f41392d0ede8804d7fb587bda2bc1af302560  crypto/bn/asm/sparcv9-gf2m.pl
+115af57cbd6024fd88b6f56e656bdf44f8243ce4984d3f2ab8ecfad2af327db0  crypto/bn/asm/sparcv9-mont.pl
+96cc20651e5e9dc8d87047a739ad4863a2bf2afee868c3337684bcd2241b7462  crypto/bn/asm/sparcv9a-mont.pl
+d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb  crypto/bn/asm/via-mont.pl
+da709b73914f9d43a46c699b8ec68c67c52fe853a76f531bfccb542470d97ae0  crypto/bn/asm/vis3-mont.pl
+89278854f44d95be916516609ce6f79dcd346bab52574b9b6336a9952aa94bee  crypto/bn/asm/x86-gf2m.pl
+90d4ae234c08267adce9ed38d56e0edc223f7480cb9605f5d7399d0b3914c6be  crypto/bn/asm/x86-mont.pl
+66fca12f9829eac00ad86552307f084595835501a11971e68b4e319373afea3b  crypto/bn/asm/x86_64-gcc.c
+709ddee92e9222ee0ed27bfb90db556e85e2d302e4a9131afa25fdc14c4d858f  crypto/bn/asm/x86_64-gf2m.pl
+da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c  crypto/bn/asm/x86_64-mont.pl
+70efd46dc5f95312433dc6709ae33667897e6b132c57d7afff2dfd5adb836e86  crypto/bn/asm/x86_64-mont5.pl
+d95277a3d7635a1f6a2613ba954606ae3c4bb260d11c85612ae83a05a726d03c  crypto/bn/bn_add.c
+6baa367447c968066e25934b0d00d3525b78ba00f733a5597988e810941dff88  crypto/bn/bn_asm.c
+e263280dcd108a479b0ec60069ae7e74893135f6253bac4094279d2cf30557a8  crypto/bn/bn_blind.c
+7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6  crypto/bn/bn_const.c
+354b467799488fabfc15597b0b16cfde805826ba1b7ab6ba78ac2d1606337f1a  crypto/bn/bn_conv.c
+ac212b69f4958abaedae9a830fd5084a8e9e166b748b9f3cacfaa2dae77a5570  crypto/bn/bn_ctx.c
+55349393c0a3f73edfe8a8b9953bd13cbda6186dbeb097e71748885947f672ed  crypto/bn/bn_dh.c
+034baac767c911705235da9507e0b9d029ec3746c5469069a110ed899cf7ddff  crypto/bn/bn_div.c
+fb4104aa82438b5dda1592a7d41e8936356734801b26f864c22264615cb4df4d  crypto/bn/bn_exp.c
+4a0295e30ac91bfbfdcd3f2d0cbd5eaf4f5a44b4bba3135b137a692394a2f897  crypto/bn/bn_exp2.c
+ad162484e30b1961f8326ee1cb2c71b77ea55e8383c609d7d3ee210c01a3fbd8  crypto/bn/bn_gcd.c
+36314758440ce2ce20e22ff9b75f4689728c1c99cd51399a441c751502218074  crypto/bn/bn_gf2m.c
+a4087c6c57d38fa7db0c6f4e203a4c21af836cfb6cac10b4841ef3bbd724f67d  crypto/bn/bn_intern.c
+dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d  crypto/bn/bn_kron.c
+805da9886392dde1419c0a2e2cf202a10c21dcdca2d9b7a38ac3d47036dc0b36  crypto/bn/bn_lib.c
+07247dc2ccc55f3be525baed92fd20031bbaa80fd0bc56155e80ee0da3fc943d  crypto/bn/bn_mod.c
+80fb6afcf66958883d8ea06e63645c2b3eab0b8626a39fd7ea64d1c1768867c8  crypto/bn/bn_mont.c
+2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60  crypto/bn/bn_mpi.c
+02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e  crypto/bn/bn_mul.c
+0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1  crypto/bn/bn_nist.c
+b5ef389b9dd161d72d3e1c09ed8994112b6fe186294fd83139ed45729a7f5e64  crypto/bn/bn_prime.c
+27c2196707a7b08cf2f04ee1a79212754196eeae5af2fa5048adac3072616399  crypto/bn/bn_rand.c
+2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa  crypto/bn/bn_recp.c
+4e3d0ebda2d250887634ab491b398a71778431b3db4bc1eb329542f4bd0798cc  crypto/bn/bn_rsa_fips186_4.c
+9bbad44e0007a2a7f6caaa1a9c6a9d4e667afdac898b32598483ae336479cb72  crypto/bn/bn_shift.c
+da5479cd30898cf455f2844478f2bf3993a5bfb612937a437976d7987867ee6f  crypto/bn/bn_sqr.c
+8815f85240c3af08ef421f83569c70ba68cdc7ad2ea5e6ab8079b40cdc2e1357  crypto/bn/bn_sqrt.c
+0618c7368688ca73ffac5baecac36192c428c0fda4d1d473ef65ce64a0ffb75b  crypto/bn/bn_word.c
+ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05  crypto/bn/rsaz_exp.c
+135b85278d00b241eb2fc6714b3418e071618ec9dbbd2a6658a6291d71e7f393  crypto/bn/rsaz_exp_x2.c
+834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea  crypto/bsearch.c
+c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
+35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c  crypto/cmac/cmac.c
+7f530e7d0fc7953aa6b70749796d31c1a03aa34e79a7dfd8b625a786e44c6171  crypto/context.c
+0a27ead487bd4775cece449dab53ca5aa9d1997012c85b1dcd2178d3b851dd94  crypto/core_algorithm.c
+2185a7d136ee77725fc1b8a6b401bebceeeddc067eea0482e0ab2916ce550e78  crypto/core_fetch.c
+4ccc57e4bbd46b56c481a3e3c0c105ee27e82a87909637b75e605274e7f3cb44  crypto/core_namemap.c
+469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3  crypto/cpuid.c
+7c5237bdc26eca21d4ccb25f13569e217103fe21574157b813c2aecd05983472  crypto/cryptlib.c
+53529f4e0575dd83b45a53e852fcec512ada53dd6979268e473885f139b8e0b9  crypto/ctype.c
+8e61d79299003917ac409d129d291f0a63e4ed417811a8b21169b2b918355335  crypto/der_writer.c
+b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1  crypto/des/des_enc.c
+eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81  crypto/des/ecb3_enc.c
+cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69  crypto/des/fcrypt_b.c
+5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1  crypto/des/set_key.c
+47035cde6151da2aaabd614990d47de63550fed2561900559bd75305dd3856c8  crypto/dh/dh_backend.c
+3f4f990509263483f3c0a57c2d40809eb5680d57197370314f94bc79f0389bed  crypto/dh/dh_check.c
+e6aa1e0379f298dd4250a376f3854db5d919d8b9557f3935b764b4b8ccd24de9  crypto/dh/dh_gen.c
+ffe31cb7c0cd887d051867dfc37cce18a406c78c446f2a186d1f20247a5c914d  crypto/dh/dh_group_params.c
+6cbd1c6126feacd033e31412b3f38b1ef6909d44696864a2a63e86b8154fc1f4  crypto/dh/dh_kdf.c
+2081bc70acd44998e750fa0f128fee7eed7a0e8745b45297e447a2e9dc95382e  crypto/dh/dh_key.c
+ce4d65315a746e1a65d3d151eec1c7fd39a9ddf445f2677a413ca1a7ecee6d7b  crypto/dh/dh_lib.c
+7d13f96896d5ba05342ab6913ceff3c1d0bab84b2e8fef1efa21bb155d5089af  crypto/dsa/dsa_backend.c
+b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7  crypto/dsa/dsa_check.c
+655b5bbc0bc5994ff5f1a77e86a396c4f7dfc9a46a8d9ac0aa8075ff85342233  crypto/dsa/dsa_gen.c
+baa0b1c0a1f08975b2210926aeec7b98413f1d3467b490a3a0680496bd988cb0  crypto/dsa/dsa_key.c
+5f27ca73fc4c11fb7f88d4874de22e525ce5f5e41bdd10e035453333c5190712  crypto/dsa/dsa_lib.c
+fcbed2c442029ce1cdb2a3ea84aab9c70df7b43a65013edb30f7d3bc060e34c6  crypto/dsa/dsa_ossl.c
+b57b648524bc7dd98f8e2737f4e87b5578c7921df59b1df4a03a34e23e977e8a  crypto/dsa/dsa_sign.c
+53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1  crypto/dsa/dsa_vrf.c
+78ad06b88fcc8689a3a846b82f9ee01546e5734acd1bccf2494e523b71dc74d1  crypto/ec/asm/ecp_nistz256-armv4.pl
+4617351d2de4d0b2abfd358c58050cee00702d0b4c1acca09312ec870e351c7d  crypto/ec/asm/ecp_nistz256-armv8.pl
+3715ddd921425f3018741037f01455ed26a840ace08691a800708170a66cf4d2  crypto/ec/asm/ecp_nistz256-ppc64.pl
+7aeade641bf28d9cfdc43dc20da0378df5225377dcf52835c7e76aab64d3af77  crypto/ec/asm/ecp_nistz256-sparcv9.pl
+922725c4761cfa567af6ed9ecab04f2c7729ae2595f2fc0fa46dc67879dc87b0  crypto/ec/asm/ecp_nistz256-x86.pl
+ac327475c7ec828d11aa05628b4e3b81ec3b1400f30fe7bec01daf3cf71f2dc9  crypto/ec/asm/ecp_nistz256-x86_64.pl
+cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368  crypto/ec/asm/x25519-ppc64.pl
+ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732  crypto/ec/asm/x25519-x86_64.pl
+a33b6a29af8d9fcde009c17d0c2172a1212b111d7ad57def9ef23ab9c462072d  crypto/ec/curve25519.c
+2ab01341b36aecfd639d78609069229e51d3ebb1c678e8e9871b351d494bab8c  crypto/ec/curve448/arch_32/f_impl32.c
+f9ff1d9c68fee883fbb42978302d51404c2b5874cf3ba06b3e95cadd4b3e6bf5  crypto/ec/curve448/arch_64/f_impl64.c
+eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51  crypto/ec/curve448/curve448.c
+178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306  crypto/ec/curve448/curve448_tables.c
+a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f  crypto/ec/curve448/eddsa.c
+d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curve448/f_generic.c
+7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93  crypto/ec/curve448/scalar.c
+183589a8b496a07262821ce0bc49ffb35d0c4a6079d6845a9ce9cc360fda1d3d  crypto/ec/ec2_oct.c
+2488744af4b5ea50bcd1fb4419f2baf780b23b2077f11ebd16ff5cfeb3cb6820  crypto/ec/ec2_smpl.c
+fb58b7de435bd680a5d8c8ccee332e2bc6732fad714bb3ff672985b9c28bb6c7  crypto/ec/ec_asn1.c
+35a99d84388d7140084e565cbc0a7f57f1636d26e31fab342613d2c658b7cc7d  crypto/ec/ec_backend.c
+b54f29cafcc823b7ae1e3b7b52c4499c0d128a3c125bde5bcb245f6d441dcbee  crypto/ec/ec_check.c
+40d58e55ad3a54716b4c4d4c1c3730b07c07918f0ff3c5be965b4c5f47190b4b  crypto/ec/ec_curve.c
+8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
+06fa7c8f23374ab9c1006d6fd65ee95dac3a3fae036ea6f14399c1a5cc0c7d00  crypto/ec/ec_deprecated.c
+4802e8ff248ed63721e662ac03dd691824f1ef169af8d64001a57e99edec2133  crypto/ec/ec_key.c
+25ec40a6ac424eef88bceb5375b91a289b1b0f68c00513d7e1f3b656825e4560  crypto/ec/ec_kmeth.c
+6e88bdfe4e20583caf1c5748bccfec75815d7fc96c8c506410a8279e344be1a0  crypto/ec/ec_lib.c
+a2aeb54b55b5ccc52e2a9b6410df395a6f41e1cb277253a38e86252479e62ed6  crypto/ec/ec_mult.c
+129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166  crypto/ec/ec_oct.c
+ccbf1f7dcba81cb40c07619120e9c330e06e1e7c788ca8912f0f4b1d25bd3f7c  crypto/ec/ec_print.c
+4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73  crypto/ec/ecdh_kdf.c
+b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866  crypto/ec/ecdh_ossl.c
+49bf1a4dd3d53a5c0e4e05d71be0f6fcbeb5d013c70084ad8111e2d46b7e0f58  crypto/ec/ecdsa_ossl.c
+b6baa42b16e8df69a12e0ab101033100cddc808ec2682ba1574373e6ec86ae93  crypto/ec/ecdsa_sign.c
+f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35  crypto/ec/ecdsa_vrf.c
+c07f9f7cfb27ce2735cad06f16d3e5f270b79ac31a0f9b6e44945f2c040f6258  crypto/ec/ecp_mont.c
+f679269eec6f67ab7f859eca39cad7cc5ff2ba70e2f884eed9eadc9057c01272  crypto/ec/ecp_nist.c
+03f7a0e38ce53a90b388b5c3e6d33629ed650b9ad6f5f722e8993e045ef31e27  crypto/ec/ecp_nistz256.c
+3f1b74a2e0dc8ff1665cf780e0d7ff40ed7f4315fa94dcbbd0b9fc58d4fadac0  crypto/ec/ecp_oct.c
+fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_smpl.c
+a43d63e981bdd6c470832bd2eb83164ed1f668d95bc47fc8710f7ee18f43b860  crypto/ec/ecx_backend.c
+22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
+7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
+2aacf20d2b9ff0d11b0b4869c530685558ad8898da11391978322b606a0133ba  crypto/evp/cmeth_lib.c
+0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
+4b2cc019a6a924d277ebce6565b5110d32a12199f471ccfae6fbbd1bbdbe53cd  crypto/evp/digest.c
+87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
+7c00d1b38b18d0bd92be2b0577e44e9d4ebc6603689f77da7e7702a042b0a8e5  crypto/evp/evp_enc.c
+9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561  crypto/evp/evp_fetch.c
+22a08831e55565d9d52be80a6622b4d471340cf135b7247db77492e4fc3bd2b5  crypto/evp/evp_lib.c
+b628bc6fb92bb6fb27a05c368a03b933e7004cae17371cd996f4eacaf2144809  crypto/evp/evp_rand.c
+c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
+abd4c5f0521f2a422c5e7bb68023e5a6fb46958ceeb5f407d964ac7163043261  crypto/evp/exchange.c
+58d0d29f105ef3cd38b790644b608f58e08289c4c52597769144be96c3e9cd26  crypto/evp/kdf_lib.c
+3fdce072607e5060d91fd1ba3d70ae75a13590051072b6010be0ab62b00ddd6f  crypto/evp/kdf_meth.c
+9627b89aa6a27fa96116964cbbe377ae283c46445887e4e8c2a5183aeb102789  crypto/evp/kem.c
+2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670  crypto/evp/keymgmt_lib.c
+56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535  crypto/evp/keymgmt_meth.c
+39ae1143109929faf7c85e9fe6e01fac2d6a16a76a9ff597e03f83b5eea30b89  crypto/evp/m_sigver.c
+a661a25d70af7eb79d1dd76ea1595c370c266307e20ee2e60074216672286a71  crypto/evp/mac_lib.c
+5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
+bec9337e5c1ff13890285285570ee56f661bacac6ca49c6dec95dc55d713b435  crypto/evp/p_lib.c
+cdce204a7d27adfb1695a88907046c98df91daf2a8820efbdedc01a646e9f10d  crypto/evp/pmeth_check.c
+c2202e859552cf3bcdead90215c69ca339133b60d4878b7e5a601d4596d9eab6  crypto/evp/pmeth_gn.c
+8f572b1a89729282c835072fc578549ca648d64d7a1590b016f7e23139f861ec  crypto/evp/pmeth_lib.c
+9b1c860edb2e589fb9e90fd2c9c1f80d98258c97aacc8f298f760e1222f8eb9b  crypto/evp/signature.c
+e0a58ecf268c6bec531898d8fe6b148601b0bed8324fa8d5668de643c027606b  crypto/ex_data.c
+ae496cbb92b8664bb729997a241d12cc515a3944d66fe87b0c6e24f1011e061f  crypto/ffc/ffc_backend.c
+bb6d97150e6b03e684b044e396b60826b6ca47554e2c477e2c26479dcbaefd03  crypto/ffc/ffc_dh.c
+8390c3015b5bb7f65a5cde533390788e7e61e381823c58c2e7caf8e50ca63a3b  crypto/ffc/ffc_key_generate.c
+084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b  crypto/ffc/ffc_key_validate.c
+9c55a46ef9c08b8fa1b03b98f5424f44e411963578ae97488270dde393ea894f  crypto/ffc/ffc_params.c
+643b2798486dfdd70472590541407fa22714b73022f2666a297c09c94656b501  crypto/ffc/ffc_params_generate.c
+aff884b4b7e48bacce4312fa2a7f9f07e2c6a8d9698ebbdab91af0f0fb1384dd  crypto/ffc/ffc_params_validate.c
+84d8ae0141a79548ad65b31fe4673e8603930f942f21f3a7623e23f539799764  crypto/hmac/hmac.c
+1bede3da0f157d766132693f679cef49b02af2601406b04eecfab1fbd8d469bf  crypto/initthread.c
+c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
+b0662fd0dddbac0379be51cee8ccb0384d819f52780a5c7b0b3fcdde145fa7bf  crypto/md5/asm/md5-586.pl
+2a31a7f88d948192d6b7c10822c72cf40f215f32909014a2babc3955dafa1593  crypto/md5/asm/md5-sparcv9.pl
+33a402414b3f08e2325bbcb07edff42c553a4400da4ec89d583b29360a3483ed  crypto/md5/asm/md5-x86_64.pl
+6926a95504413b5b29b2fa89a6c8cec5406ae7044cefe28c577279c8bb56291b  crypto/md5/md5_dgst.c
+5d07872812807c385daea71df1d4569dcba03fabce646878f9f338947528fe1f  crypto/md5/md5_one.c
+8641fbe434f769a9d70981963870ceb4dcc3aadbe4f4fa2e7a8bf70e1c47fba0  crypto/md5/md5_sha1.c
+f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
+183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d  crypto/modes/asm/aes-gcm-armv8_64.pl
+1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0  crypto/modes/asm/aesni-gcm-x86_64.pl
+c2e874a8deb418b5d8c935b2e256370566a5150e040c9fa008cdb5b463c26904  crypto/modes/asm/ghash-alpha.pl
+6bc7d63569c73d7020ede481f2de05221ac92403c7cc11e7263ada7644f6aa9b  crypto/modes/asm/ghash-armv4.pl
+097975df63370de7ebea012d17de14fc1f361fb83acf03b432a99ae7d5bceb24  crypto/modes/asm/ghash-c64xplus.pl
+fdde3bc48b37790c6e0006014da71e7a831bbb4fdbfcda2d01dbe0ceb0ba88fa  crypto/modes/asm/ghash-ia64.pl
+e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4  crypto/modes/asm/ghash-parisc.pl
+6fb4332ac88113a20915ad4de1931ef88b0114b5379b16e1d967820e1229fbb0  crypto/modes/asm/ghash-s390x.pl
+fcab204033126699be826a850d098c6d84f44b377de66f15d303ebd31ee77397  crypto/modes/asm/ghash-sparcv9.pl
+26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2  crypto/modes/asm/ghash-x86.pl
+72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8  crypto/modes/asm/ghash-x86_64.pl
+a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9  crypto/modes/asm/ghashp8-ppc.pl
+0029b5beb1d4cd4c5ad47164c23f3e7c9d1eaff66ef54af025ee26795b11a1c7  crypto/modes/asm/ghashv8-armx.pl
+42f1e3c05b6407e127ec03c4855b53cc2a1964eeeeebb86c000e2ac6effa4d61  crypto/modes/cbc128.c
+ca33ab64e99814049ae47ccfe530c33db3d19d081eb4812354518366af923396  crypto/modes/ccm128.c
+a20ed2feea4ecfbb2d3dba9618ed39b2da296e521e49fd3cfb17b74be51bf916  crypto/modes/cfb128.c
+819a468b2caec10c0c82bcf25377c4ff45742e8c4f0328350a26af9b146eb8ac  crypto/modes/ctr128.c
+05ffb22b983de282dd924357a77f4e7156ada1936fbb77bc40694ca66317721c  crypto/modes/gcm128.c
+171218d5159e898c8f20e58e55d2c02bb04a9a9148d399c2670cf4181ed83c15  crypto/modes/ofb128.c
+d4c25a330c8865672cda59fcc3d537222439daeb2298515bdae71bb44cf8fb61  crypto/modes/wrap128.c
+608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2  crypto/modes/xts128.c
+ca8f63ee71797f51c2bf5629190897306b3308882feb3d64c982239f18e8b738  crypto/o_str.c
+5e3b9e03839582d4cf1e3f7f6fc661f2531bf99b189bdcf4654c56fee1d7ecf9  crypto/packet.c
+e30c9e30e4356621236136caf001ee60d51aac492a5bf0fb7f1022b973aec425  crypto/param_build.c
+c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb  crypto/param_build_set.c
+2be41081c49661d54fb294f8adcb3174403ff0fca599304dd604811642f66828  crypto/params.c
+1164175c2259bc104ec315d39a4f80fa67604f40e55036044d18ccf94da71a76  crypto/params_dup.c
+d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_from_text.c
+0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
+098d0722daac442b8b6a6fc0aa6c4a4c49f9329426c3e2db9ebf71fe32376e4c  crypto/property/defn_cache.c
+f0fe76d4f70ecdba0206ec68ef57758f4482575ccdd7d9d3354681f37f795d4a  crypto/property/property.c
+51bc907d992893f03f35774178d2c8dc98cf3cf9503ff839ee1561640e6b274a  crypto/property/property_parse.c
+4941717698573a86d589fbec5002471cb4011e9a1840111a3ddccecc861a3af5  crypto/property/property_string.c
+4bcf05e8736b64c9c4b4862513e48d788f8278681b6c9fef978788c3064a3f3d  crypto/provider_core.c
+dde1c2cd0cb5f4b9a76dc86d217926ceb3a92ba419a0c5cd1c215c9db445dd4e  crypto/provider_predefined.c
+707149c9fde50e1857bafbd0ca289062fd7d74db26f00399ba2243c56c89ef23  crypto/rand/rand_lib.c
+048affe680e74a225faa152ea703a9168de6d6074887ff5978c1878efaac3041  crypto/rand/rand_meth.c
+13604b9c58fff70249eca4399da00a61141ea38ac30feeff7ecbd84b65ee43e9  crypto/rsa/rsa_backend.c
+89085cbed306409d519ab9fba596dcbb5bcad02837855e35a64577acf33df79d  crypto/rsa/rsa_chk.c
+e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce  crypto/rsa/rsa_crpt.c
+fbeb40c9fa91fc05e667b7f00a21e1d8ee6b0dae55771485d9f813230a2b5a32  crypto/rsa/rsa_gen.c
+3d9f454620d0a5cccad93ef25e8c55151db3a44af2960a880f3e5622c9cea2b3  crypto/rsa/rsa_lib.c
+5a3052ced3dabebc6b9d53cf22aeaf13bd52e9fdb69d84c4f0ea79c1f5b3f8d7  crypto/rsa/rsa_mp_names.c
+5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5  crypto/rsa/rsa_none.c
+bd98b457bf8926e8277065faa12e240c93ad0589daf243e441b7301e8d455f6b  crypto/rsa/rsa_oaep.c
+cfa0e6689e68ff21cf261af48560b0a50e12c1960514d562c95f8fd5aa49a9d7  crypto/rsa/rsa_ossl.c
+c0f3c29c9ca213a04f3538514c85dd4186e07bb8dbefb3e16751218b97496ddb  crypto/rsa/rsa_pk1.c
+0c2e3fea08af73404d348293aa62652bc93feade424f3516e06e86ba64518236  crypto/rsa/rsa_pss.c
+bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170  crypto/rsa/rsa_schemes.c
+abfbd8a1bc7b5b7c20eda1cb0fddeca6e3f14201a5188778a36e456097eaf45b  crypto/rsa/rsa_sign.c
+47752d347d794fb0bdb659068c3f39094c5dee76081b92a553d4e6a69ededdea  crypto/rsa/rsa_sp800_56b_check.c
+14585ae4ac2902beea057bfc91111f5c523b28a5a53b558689697e666602f9f3  crypto/rsa/rsa_sp800_56b_gen.c
+1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc  crypto/rsa/rsa_x931.c
+4e9483f8cd8d78a7098ff014bb7fd3093f2032db88bf6dac753c7502dd70aeac  crypto/self_test_core.c
+05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31  crypto/sha/asm/keccak1600-armv4.pl
+ca3b2b654f9a8c4bc2fa2538c1f19d17acd4a6b9e0df6a4b81df04efa697e67e  crypto/sha/asm/keccak1600-armv8.pl
+ef575a7fb4956cc3be4ef10a6aeaa10702eadfc92c86167880690320ce942b26  crypto/sha/asm/keccak1600-avx2.pl
+f1dcf75789dfb0c5d7cd35988cb8046f60097bbaf1fbdab32a9269fa5492214c  crypto/sha/asm/keccak1600-avx512.pl
+63e547b100562d1142512d5b54e16efc276ecb6c743c27873dbcdd7cb917c828  crypto/sha/asm/keccak1600-avx512vl.pl
+33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034  crypto/sha/asm/keccak1600-c64x.pl
+09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a  crypto/sha/asm/keccak1600-mmx.pl
+ce4a58129e5ee3ac4c9dfec5ecc010440570ebf7bf869e3e9977f2121a64b27a  crypto/sha/asm/keccak1600-ppc64.pl
+a859fc8cb073b2d0012a93f3155a75fb6eb677441462b0de4f8cf8df1445e970  crypto/sha/asm/keccak1600-s390x.pl
+618dcd4891b4064d3b8aa6dcd74bea7ef55f4962a64957b05a05448f6e3e0f17  crypto/sha/asm/keccak1600-x86_64.pl
+831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d  crypto/sha/asm/keccak1600p8-ppc.pl
+75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007  crypto/sha/asm/sha1-586.pl
+c96e87d4f5311cd73bbdf499acc03418588be12426d878e157dd67e0099e0219  crypto/sha/asm/sha1-alpha.pl
+4ba6d1c7f12fe76bf39babea966f0a4b7f8769e0c0510cbfc2c46a65dd62d45c  crypto/sha/asm/sha1-armv4-large.pl
+efc69cb0d867b7fac6b3fa8985c343d1f984d552bc8e75bbbbace0adf9ee5f15  crypto/sha/asm/sha1-armv8.pl
+11d332b4e058e9fa418d6633316d2e9f9bf520a08b2d933e877bdf38b2edefcf  crypto/sha/asm/sha1-c64xplus.pl
+32ff0e701a7b8f25bcfe8477b20795de54f536527bd87d3ce694fd9aaae356d4  crypto/sha/asm/sha1-ia64.pl
+471c27efca685b2a82ad7fefe329ca54172df9f49b9785da6d706b913b75e693  crypto/sha/asm/sha1-mb-x86_64.pl
+0f5c63cf09e950d1b488935ab3b5562e3e9d5cd1a563fb88a41e3dae90a35e6d  crypto/sha/asm/sha1-mips.pl
+b5ffd7b6dbb04c05de7efa2945adb67ea845e7e61a3bf163a532f7b6acdf4267  crypto/sha/asm/sha1-parisc.pl
+482cd23ca6ec38d6f62b90c68f9f20643579c50f2c0fbb0dab1c10a0e35efe77  crypto/sha/asm/sha1-ppc.pl
+28cf69efd53d7a5a8c32e0f8db32c193f41b91faf44f5f59944334bc3f5aa337  crypto/sha/asm/sha1-s390x.pl
+2613188936687dfc93e3a6588c279d7113bb10d307fc690aec909c5a2b65bf18  crypto/sha/asm/sha1-sparcv9.pl
+24554e68b0e7b7db7b635ff149549015f623ca0bcd9ae90439586a2076f6ae80  crypto/sha/asm/sha1-sparcv9a.pl
+74d197cdd72400cabbff7e173f72c8976723081508b095dc995e8cd1abf3daa6  crypto/sha/asm/sha1-thumb.pl
+a59a86293e28f5600609dc8af2b39c5285580ae8636520990b000eeeb67bb889  crypto/sha/asm/sha1-x86_64.pl
+c099059ef107f548ea2c2bab64a4eb8c277070ce6d74c4d32bb9808dc19c5fa3  crypto/sha/asm/sha256-586.pl
+b9cee5c5a283f61f601d2dba68a7a76e7aba10bfafffc1a5c4987f9c0aa6f87d  crypto/sha/asm/sha256-armv4.pl
+93ddc97651ee3e779144a3c6b3e46a1bc4aa81e75cd7b9df068a2aef8743d25f  crypto/sha/asm/sha256-c64xplus.pl
+8be5c5d69733ecb16774aa8410b4bcb3623a9f060d2be103d8aa67bf6e4c5843  crypto/sha/asm/sha256-mb-x86_64.pl
+dd82e1311703abb019975fc7b61fb87d67e1ed916dddd065aced051e851114b9  crypto/sha/asm/sha512-586.pl
+8d84164f3cfd53290c0c14bb5655510b7a9238857866328c0604d64b4e76fe21  crypto/sha/asm/sha512-armv4.pl
+dadacb6d66b160913bffb4e1a6c3e5f7be6509b26e2c099701d8d3fdb92c1be0  crypto/sha/asm/sha512-armv8.pl
+6f548a088feae3b6faa179653ba449df9d3f5cda1e0561e5b5f120b32274d1eb  crypto/sha/asm/sha512-c64xplus.pl
+f999dbef1f95004b7dd926208dd942dc4106750de7a7ccfb70c6487e9916feac  crypto/sha/asm/sha512-ia64.pl
+fb06844e7c3b014a58dccc8ec6020c71843cfdc5be08288bc7d204f0a840c474  crypto/sha/asm/sha512-mips.pl
+11548f06d213947104a80898e000218ec0d6ff3f6913f6582de498476482ce9f  crypto/sha/asm/sha512-parisc.pl
+7c0c490ce6bb11a228853aecad5e164ce84e5bdabb8a6658ae7184782076c7d3  crypto/sha/asm/sha512-ppc.pl
+38e0455fd6a2b93a7a5385379ca92bc6526585ca1eb4af365fac4c78f7285c72  crypto/sha/asm/sha512-s390x.pl
+94fc64338a8b1642782f68c9e3f45813617daa42a7dcc9917fe4053b2d0a5c5c  crypto/sha/asm/sha512-sparcv9.pl
+f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699  crypto/sha/asm/sha512-x86_64.pl
+8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907  crypto/sha/asm/sha512p8-ppc.pl
+4d13c5020a92190d43721018c50776fd4df858fe92f3cce1d465ed98dfb142d1  crypto/sha/keccak1600.c
+306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb  crypto/sha/sha1dgst.c
+b40bd40b91a2ecdba63777758f84c5405a92e673636dba2cb83512c34aae3882  crypto/sha/sha256.c
+01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07  crypto/sha/sha3.c
+7598a626c55fb6505cc234cb438c78846756cde95c4400ca07bf9460b9bec834  crypto/sha/sha512.c
+86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7  crypto/sparse_array.c
+32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df  crypto/stack/stack.c
+7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8  crypto/threads_lib.c
+a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c  crypto/threads_none.c
+9ad1649f07fbe4475a91472d056ab5e355973a1d92998220a0d4489e3d857463  crypto/threads_pthread.c
+60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a  crypto/threads_win.c
+fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
+df47f11a262e8c68abd885f291083f1ae4e7de965c654704b8589543d71c34d2  providers/common/bio_prov.c
+c972a49b5b9100fb220c8693c2b83c6f20fcd9ca7c69dc5a7db15936999f19b0  providers/common/capabilities.c
+27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae  providers/common/der/der_dsa_key.c
+2529d253b3e45c33249461fdedb2c32b3c16a7a305fe4920f2a79e7b3f16ed3f  providers/common/der/der_dsa_sig.c
+b8f2f94daeaf20c636c90e386284c246cfded0c8275411fa02fe68b534520b95  providers/common/der/der_ec_key.c
+9104cd39dddd6e1a6e8f267656482131f4d0765e96fdced1f7344817a1c8ed7e  providers/common/der/der_ec_sig.c
+f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1  providers/common/der/der_ecx_key.c
+3ba47f32b30f5540a34b3a8df7a4fd966aab9abcbb2b643af75a83a9ccda1df0  providers/common/der/der_rsa_key.c
+a7becfc857365e64336a98bdb3565697caa4f6cc6692b298f56b530f5e2e0d81  providers/common/der/der_rsa_sig.c
+9c9572d26ec41df0418547352dbdef353ecf9a2a633889dc494084ee9fe6b1d3  providers/common/der/der_sm2_key.c
+390b2b6ba321bddc416688d4a51d9e04db7d84d4f398947d496d043e8fb22a01  providers/common/der/der_sm2_sig.c
+d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/common/digest_to_nid.c
+737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143  providers/common/provider_ctx.c
+fcbb0f2859f28ea1eb3922447bb96588d2097695f9ce23c3c64025bfbe9d2bad  providers/common/provider_err.c
+9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
+fee6720c5f6afe041103dfdbc9e4fef346c32afc0a1d34beb7a1d67d22f9e1e3  providers/common/provider_util.c
+494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3  providers/common/securitycheck.c
+eaa448a029b592c0bb947ba98b8888b059c487078be10b28d3c7cbe73cf5a8c7  providers/common/securitycheck_default.c
+50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
+fd92f958755683dda449a45f82ecdff342574a9536f6e8727decf5be9a5b747a  providers/fips/fipsprov.c
+c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
+fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
+08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
+60f1d5a19025784698cd67ac54fd9625f4be2149e85cb31d58aea516df22ee12  providers/implementations/asymciphers/sm2_enc.c
+4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a  providers/implementations/ciphers/cipher_aes.c
+5b7d6a1d0df42c082c3731a3d2a0fe2d0034874e0fbb2f4916efb72da4fe6b66  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+10f5bee481daad40609b04743de5ea364f4a2d25bba6d901213294dd966ae786  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+b9026b88005f2719f1836877b2baddadec97cb1d8e20eeaf012abffb6dfc004e  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+6d6bf36329af3b77f457898294be05fea3940a61cdaf0ed60cfb8d091a94186e  providers/implementations/ciphers/cipher_aes_ccm.c
+6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7  providers/implementations/ciphers/cipher_aes_ccm_hw.c
+e63b682f97b424167e4feb28e0103ad3c2859c57056284de2999236d07663eed  providers/implementations/ciphers/cipher_aes_cts.c
+e540092e34896a0f75622365a8d97473dfc7c3036ef6ef6f8ce343922ac03f56  providers/implementations/ciphers/cipher_aes_gcm.c
+9f2303e103b4eb8244bdf97a2bb71d8a76c9e9adf09195acc2e42af72fab3250  providers/implementations/ciphers/cipher_aes_gcm_hw.c
+33144c78ad050b2f9976946c67cbc593442d9a215c5f3d678ac56b504169fe18  providers/implementations/ciphers/cipher_aes_hw.c
+0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573  providers/implementations/ciphers/cipher_aes_ocb.c
+855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70  providers/implementations/ciphers/cipher_aes_ocb_hw.c
+d088dd386950df04b5ad5a68d529fa36b2fa6b808d7cc7da6de96cdd91ecb92f  providers/implementations/ciphers/cipher_aes_siv.c
+47edbfb9bca49df0d1e36b1bf06367ff31762545e7087bea159ad60e0f684a48  providers/implementations/ciphers/cipher_aes_siv_hw.c
+d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2  providers/implementations/ciphers/cipher_aes_wrp.c
+527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931  providers/implementations/ciphers/cipher_aes_xts.c
+83ffb01000f3620ab3251b42b2af98a80612b182968d2742a5d8480efcc22d43  providers/implementations/ciphers/cipher_aes_xts_fips.c
+f12bf83d8fffa833fed6d82d74709c7a0563ea0fe291988149d7c85bda8366e7  providers/implementations/ciphers/cipher_aes_xts_hw.c
+e292ec9b6e760b6bec12753a65f9a19bcc05afb6e56399c3561e63281bda4191  providers/implementations/ciphers/cipher_aria.c
+73a9c37bf73b32c98085deaec8a197cab8a6fcdc602593dbbb6b585dd2391bc3  providers/implementations/ciphers/cipher_aria_ccm.c
+1b9832f78203f3badf98f574cfee56c7b782709d68265237fe4c9479e6063172  providers/implementations/ciphers/cipher_aria_ccm_hw.c
+976c1ca4767e4442bb22ce055d756336e0693866e406ae62dd0dc1929ac43c14  providers/implementations/ciphers/cipher_aria_gcm.c
+d4ec3b09d49b7b5ac2941230a2c49b4ede55deeb284366ac26642a3ecbe64e5e  providers/implementations/ciphers/cipher_aria_gcm_hw.c
+cb6985bbec1a885e5fc51dd4df27bb2ef5c201abc88609fe26899fd5ed14e1fd  providers/implementations/ciphers/cipher_aria_hw.c
+8b4ddee713455a1cc8417d2dbe6c28f5a2c9c4d5497af44bc562814eb7fe7911  providers/implementations/ciphers/cipher_camellia.c
+755b686613b311e7d40403926284e0c91704f99b9fea91f5bae6c4c03fc20389  providers/implementations/ciphers/cipher_camellia_hw.c
+090f4035e6fa6566a3cd39301789d2cffa3853b1408326a7dd12f33c3fa12603  providers/implementations/ciphers/cipher_chacha20.c
+cb7839e081f1d86664f152f982062e81a0c365382a123edb08fb7b443398dfe6  providers/implementations/ciphers/cipher_chacha20_hw.c
+fd879ed73c85cb7900a6732eb06ee080c6a0d956cc514b2413dfcb850d831855  providers/implementations/ciphers/cipher_chacha20_poly1305.c
+23bd426356db5afa4df530ed1992777f1d8213c6740b0bdc39590dcd5c4de376  providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
+d3098f6ded4c6b6f6d4e1bf9f641c2bb6499bb76b386a3658527a35b484ce381  providers/implementations/ciphers/cipher_null.c
+4ae134ee0c4113670a7d09c9a5f5a289b1a4a9350bca74d7c2ef6c71d5a5e051  providers/implementations/ciphers/cipher_sm4.c
+61d2796a4dbf1f82dadf86219de5b762016d2e606f636b98b70f888227957c2d  providers/implementations/ciphers/cipher_sm4_hw.c
+06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5  providers/implementations/ciphers/cipher_tdes.c
+7b7172e7e5d646e07c1ac07036716c67d9a821de7c0dfd41f8243610215a61c4  providers/implementations/ciphers/cipher_tdes_common.c
+39be7651ea83263815cd48c649a54af56279879361fe91573800d84fbaf40bd9  providers/implementations/ciphers/cipher_tdes_default.c
+c3a9a1fca4416e4ecdeecc3e83cbd24ff3f3185f5c1fea8c5fb8346f3b0e9a67  providers/implementations/ciphers/cipher_tdes_default_hw.c
+50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25  providers/implementations/ciphers/cipher_tdes_hw.c
+9bf68e5921f780cb489e8e19a0fd02e5285cea67381b2f55367c65ad0e65ecc3  providers/implementations/ciphers/cipher_tdes_wrap.c
+b98c8a9eb256008fb335084531dd5422563651a5a2d4cbe97f62fba49254a954  providers/implementations/ciphers/cipher_tdes_wrap_hw.c
+db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/implementations/ciphers/ciphercommon.c
+697e9f2254574cc93f0737456d0f3a275946296466a179bb5d0fea607c7a92fa  providers/implementations/ciphers/ciphercommon_block.c
+4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2  providers/implementations/ciphers/ciphercommon_ccm.c
+8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e  providers/implementations/ciphers/ciphercommon_ccm_hw.c
+1a6377698528eb24943c7616b55e43305a98569497279df8c6e6e411ed009424  providers/implementations/ciphers/ciphercommon_gcm.c
+bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/implementations/ciphers/ciphercommon_gcm_hw.c
+23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693  providers/implementations/ciphers/ciphercommon_hw.c
+6b292cf7b2de5e7edb50ab4fedc4adcde2e17aeb30a7c5e4502a4c3994a446cf  providers/implementations/digests/blake2_prov.c
+0dd0cb9e70c5e339c8540aece6be4be1ee328fdc7d32d54e049ff708c981f2d4  providers/implementations/digests/blake2b_prov.c
+6e18c13f50a291de8a4241f8cb9b6b6b1200f3cc4eee0d8d7ffabf0f36daa652  providers/implementations/digests/blake2s_prov.c
+39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
+4e6dd0d5343117ee5b3b61326e14e2aad035ae4f2bb0a1cc4b4be708371a9fe3  providers/implementations/digests/md5_prov.c
+322887272619e335b3157128d772d4f7851eef7314ab65ce8b742c5ab8ac5d63  providers/implementations/digests/md5_sha1_prov.c
+80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057  providers/implementations/digests/sha2_prov.c
+de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/implementations/digests/sha3_prov.c
+320eb5deda82a3c052d0d0530fc27a66a402cbf3ddcf6640c5911d0e8d145e0c  providers/implementations/digests/sm3_prov.c
+e7660e887b3a98789b09645c7b8b3a0d94bef80837a30c750c1c3fd0c8de3d60  providers/implementations/encode_decode/decode_der2key.c
+130057ec5593166df25e0ece457e5623c218127d8b7714a7162604c22a420976  providers/implementations/encode_decode/decode_msblob2key.c
+4ab7936e2bda93aec2083fb3545d261bd3ffbee62657a0c7118bd5fc4f02b5e0  providers/implementations/encode_decode/decode_pem2der.c
+cebde4c1b7f333159daeec6ac014d3477bf4d3e25a3cccfb0bc7b55bdcf78498  providers/implementations/encode_decode/decode_pvk2key.c
+a4a2c4f7e1c86cb194040db19c801d749fac52ff3dd59e3759524226b772178e  providers/implementations/encode_decode/encode_key2any.c
+8fe61023c2d19a43b1aaacf617f2d6098a525216e91622549c1bfabb80256de0  providers/implementations/encode_decode/encode_key2blob.c
+1412482218e6aadd0cc1eaac3d4a2aaf57be43705e2b4d2ba926b5493e7e1b55  providers/implementations/encode_decode/encode_key2ms.c
+820e4501145f07e7f48d29e3124fdcdb834e7e6658fb2340a1f2d2ce373362a6  providers/implementations/encode_decode/encode_key2text.c
+ecc88a83dc108b869e8d8223d466d49b829364bea0dae602c05e2b999aa5a02c  providers/implementations/encode_decode/endecoder_common.c
+2d3adc404341e3a8a3c29adf732cb740dc4c4b0cde1c422cbeb352c4509320db  providers/implementations/exchange/dh_exch.c
+427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6  providers/implementations/exchange/ecdh_exch.c
+9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969  providers/implementations/exchange/ecx_exch.c
+06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513  providers/implementations/exchange/kdf_exch.c
+4f8049771ff0cb57944e1ffc9599a96023e36b424138e51b1466f9a133f03943  providers/implementations/kdfs/hkdf.c
+115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
+9625cab3ea0a1830838412d0ce6210c9a77eeebddb3cb1bee5198d90c33539ae  providers/implementations/kdfs/krb5kdf.c
+f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
+ce34beaa333d28a9c197ea60ed3dc37b319e3b96250941dd2fc0c944b76a6a51  providers/implementations/kdfs/pbkdf2_fips.c
+43fae0685aa32e34545704fccd1f0ec3357ef28cc817c03960d649044420b368  providers/implementations/kdfs/pkcs12kdf.c
+0994de1013c5b1a3007ce71150a28efdc791be96c8b8f7b6d25c8b593735f8f2  providers/implementations/kdfs/scrypt.c
+6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1  providers/implementations/kdfs/sshkdf.c
+eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/implementations/kdfs/sskdf.c
+3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a  providers/implementations/kdfs/tls1_prf.c
+f818a11f33dc1dd58f01b430c7d31ae51072b6713063885fc404eca397e4b9eb  providers/implementations/kdfs/x942kdf.c
+7d621555c4bd9dcdb324031c28f70d8d382ff0e5369ce1ade30180e8f525b2e8  providers/implementations/kem/rsa_kem.c
+9a75571e8454e85a33c0bae2a37231b7f29d9e9df20a513508091a8cac74f6a1  providers/implementations/keymgmt/dh_kmgmt.c
+36c27ca091024d87bd21edfd25916832cc8d4a021ad18e9d54ea6415bb49fbd5  providers/implementations/keymgmt/dsa_kmgmt.c
+181a08f93f84f0797e9672b78c1a0edab3624fee48fe3451367e7e42e5e0ba1c  providers/implementations/keymgmt/ec_kmgmt.c
+1a6b7e37229e81eae3981ab2e0b7669eb24aaa6487738c4b44a970da212560b6  providers/implementations/keymgmt/ecx_kmgmt.c
+053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
+8064f919328b95c8f97e208ae4e3304209dd2e8d725ab3337cfad3c8972d5a0a  providers/implementations/keymgmt/mac_legacy_kmgmt.c
+1ea71e863be437958d75eb849b28505a43e3dbc660588b4080d70e82a39d52b7  providers/implementations/keymgmt/rsa_kmgmt.c
+7d268a8d8179b35b6a9cb6b362976b3d861351c9ea076961f02a54ab37f3f5b0  providers/implementations/macs/blake2b_mac.c
+3d50f84587431277bfb7af241485b150e02f7b30750f9faa40dd6e98927e5592  providers/implementations/macs/blake2s_mac.c
+25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef  providers/implementations/macs/cmac_prov.c
+f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/implementations/macs/gmac_prov.c
+35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf  providers/implementations/macs/hmac_prov.c
+3201d82d1e17c22a80b26dedae627be10b6dc1af623d1fd0c3c923e0125a42e7  providers/implementations/macs/kmac_prov.c
+94d80682125b40ba694242fdfa978b802c6e70f2b0167215c9d689c0ccf5820f  providers/implementations/macs/poly1305_prov.c
+d594704aa3173afdb2b1e95253285cdb245a42078f9ca06b68aaeecb858b10fd  providers/implementations/macs/siphash_prov.c
+dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064  providers/implementations/rands/crngt.c
+bdabe11fe519f1852f3a3783b1e2c2fe4f51287ef6427d302308bf15a337026b  providers/implementations/rands/drbg.c
+a3caabf5fd73d52f4e40088ab4aee83e51348d0fd059609d1f5d8725baed6155  providers/implementations/rands/drbg_ctr.c
+c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
+531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
+8075edbf4957b625301c85331bb4737cbefd334ee51e146fa15c3dc40bdd4973  providers/implementations/rands/seed_src.c
+c440957b586c6dac6c0b695080f0f4147c81f3a269b2fb07a742e73b54b2fa64  providers/implementations/rands/seeding/rand_cpu_x86.c
+c1a6007e76d21279e0b4eafef970c94cefad48a1a0d609aa9c359b5418486b95  providers/implementations/rands/seeding/rand_tsc.c
+7cd4b532adf4eff8209c5eb7d7c1020840fc1728cb3179beb163639fc7aff285  providers/implementations/rands/seeding/rand_unix.c
+38a0be4c03ea3c0e4761173a44ed421e3ec4f5c5eafafd8861b84a28c48d75f2  providers/implementations/rands/seeding/rand_win.c
+888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16  providers/implementations/rands/test_rng.c
+a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/implementations/signature/dsa.c
+1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f  providers/implementations/signature/ecdsa.c
+8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa.c
+40430250137bf6afffb9ca5a1c810947246169d3835912d26089fe86f405956d  providers/implementations/signature/mac_legacy.c
+31073a0bbcd27e1594040a39abfc04ff0f07fad2f25762def753724d330fe8b1  providers/implementations/signature/rsa.c
+c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732  providers/implementations/signature/sm2sig.c
+c63cb744c26af304cf00006071d3ebd9325a4d65913b75a2bcb1d2e104c734fd  providers/implementations/storemgmt/file_store.c
+291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab  providers/implementations/storemgmt/file_store_der2obj.c
+04ea01e48b8fee822acb376ab8679b4c627b32ab75c137bf23ebb4fe2a1c0703  providers/prov_running.c
+53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
+0143753184c1bddf47af3bd5b5e0d788fc757dac4b77f291627fc25d46eba05c  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
new file mode 100644
index 0000000000..8fe83feaca
--- /dev/null
+++ b/providers/fips.checksum
@@ -0,0 +1 @@
+1106a14cf83a287e98bb7b7cde67aea32e75d523b4d568b2c5b352a3a17ee181  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
new file mode 100644
index 0000000000..79b532fe89
--- /dev/null
+++ b/providers/fips.module.sources
@@ -0,0 +1,467 @@
+crypto/aes/aes_cbc.c
+crypto/aes/aes_core.c
+crypto/aes/aes_ecb.c
+crypto/aes/aes_misc.c
+crypto/aes/asm/aes-586.pl
+crypto/aes/asm/aes-armv4.pl
+crypto/aes/asm/aes-c64xplus.pl
+crypto/aes/asm/aes-ia64.S
+crypto/aes/asm/aes-mips.pl
+crypto/aes/asm/aes-parisc.pl
+crypto/aes/asm/aes-ppc.pl
+crypto/aes/asm/aes-s390x.pl
+crypto/aes/asm/aes-sparcv9.pl
+crypto/aes/asm/aes-x86_64.pl
+crypto/aes/asm/aesfx-sparcv9.pl
+crypto/aes/asm/aesni-mb-x86_64.pl
+crypto/aes/asm/aesni-sha1-x86_64.pl
+crypto/aes/asm/aesni-sha256-x86_64.pl
+crypto/aes/asm/aesni-x86.pl
+crypto/aes/asm/aesni-x86_64.pl
+crypto/aes/asm/aesp8-ppc.pl
+crypto/aes/asm/aest4-sparcv9.pl
+crypto/aes/asm/aesv8-armx.pl
+crypto/aes/asm/bsaes-armv7.pl
+crypto/aes/asm/bsaes-x86_64.pl
+crypto/aes/asm/vpaes-armv8.pl
+crypto/aes/asm/vpaes-ppc.pl
+crypto/aes/asm/vpaes-x86.pl
+crypto/aes/asm/vpaes-x86_64.pl
+crypto/asn1_dsa.c
+crypto/bn/asm/alpha-mont.pl
+crypto/bn/asm/armv4-gf2m.pl
+crypto/bn/asm/armv4-mont.pl
+crypto/bn/asm/armv8-mont.pl
+crypto/bn/asm/bn-586.pl
+crypto/bn/asm/c64xplus-gf2m.pl
+crypto/bn/asm/co-586.pl
+crypto/bn/asm/ia64-mont.pl
+crypto/bn/asm/ia64.S
+crypto/bn/asm/mips-mont.pl
+crypto/bn/asm/mips.pl
+crypto/bn/asm/parisc-mont.pl
+crypto/bn/asm/ppc-mont.pl
+crypto/bn/asm/ppc.pl
+crypto/bn/asm/ppc64-mont.pl
+crypto/bn/asm/rsaz-avx2.pl
+crypto/bn/asm/rsaz-avx512.pl
+crypto/bn/asm/rsaz-x86_64.pl
+crypto/bn/asm/s390x-gf2m.pl
+crypto/bn/asm/s390x-mont.pl
+crypto/bn/asm/s390x.S
+crypto/bn/asm/sparct4-mont.pl
+crypto/bn/asm/sparcv8.S
+crypto/bn/asm/sparcv8plus.S
+crypto/bn/asm/sparcv9-gf2m.pl
+crypto/bn/asm/sparcv9-mont.pl
+crypto/bn/asm/sparcv9a-mont.pl
+crypto/bn/asm/via-mont.pl
+crypto/bn/asm/vis3-mont.pl
+crypto/bn/asm/x86-gf2m.pl
+crypto/bn/asm/x86-mont.pl
+crypto/bn/asm/x86_64-gcc.c
+crypto/bn/asm/x86_64-gf2m.pl
+crypto/bn/asm/x86_64-mont.pl
+crypto/bn/asm/x86_64-mont5.pl
+crypto/bn/bn_add.c
+crypto/bn/bn_asm.c
+crypto/bn/bn_blind.c
+crypto/bn/bn_const.c
+crypto/bn/bn_conv.c
+crypto/bn/bn_ctx.c
+crypto/bn/bn_dh.c
+crypto/bn/bn_div.c
+crypto/bn/bn_exp.c
+crypto/bn/bn_exp2.c
+crypto/bn/bn_gcd.c
+crypto/bn/bn_gf2m.c
+crypto/bn/bn_intern.c
+crypto/bn/bn_kron.c
+crypto/bn/bn_lib.c
+crypto/bn/bn_mod.c
+crypto/bn/bn_mont.c
+crypto/bn/bn_mpi.c
+crypto/bn/bn_mul.c
+crypto/bn/bn_nist.c
+crypto/bn/bn_prime.c
+crypto/bn/bn_rand.c
+crypto/bn/bn_recp.c
+crypto/bn/bn_rsa_fips186_4.c
+crypto/bn/bn_shift.c
+crypto/bn/bn_sqr.c
+crypto/bn/bn_sqrt.c
+crypto/bn/bn_word.c
+crypto/bn/rsaz_exp.c
+crypto/bn/rsaz_exp_x2.c
+crypto/bsearch.c
+crypto/buffer/buffer.c
+crypto/cmac/cmac.c
+crypto/context.c
+crypto/core_algorithm.c
+crypto/core_fetch.c
+crypto/core_namemap.c
+crypto/cpuid.c
+crypto/cryptlib.c
+crypto/ctype.c
+crypto/der_writer.c
+crypto/des/des_enc.c
+crypto/des/ecb3_enc.c
+crypto/des/fcrypt_b.c
+crypto/des/set_key.c
+crypto/dh/dh_backend.c
+crypto/dh/dh_check.c
+crypto/dh/dh_gen.c
+crypto/dh/dh_group_params.c
+crypto/dh/dh_kdf.c
+crypto/dh/dh_key.c
+crypto/dh/dh_lib.c
+crypto/dsa/dsa_backend.c
+crypto/dsa/dsa_check.c
+crypto/dsa/dsa_gen.c
+crypto/dsa/dsa_key.c
+crypto/dsa/dsa_lib.c
+crypto/dsa/dsa_ossl.c
+crypto/dsa/dsa_sign.c
+crypto/dsa/dsa_vrf.c
+crypto/ec/asm/ecp_nistz256-armv4.pl
+crypto/ec/asm/ecp_nistz256-armv8.pl
+crypto/ec/asm/ecp_nistz256-ppc64.pl
+crypto/ec/asm/ecp_nistz256-sparcv9.pl
+crypto/ec/asm/ecp_nistz256-x86.pl
+crypto/ec/asm/ecp_nistz256-x86_64.pl
+crypto/ec/asm/x25519-ppc64.pl
+crypto/ec/asm/x25519-x86_64.pl
+crypto/ec/curve25519.c
+crypto/ec/curve448/arch_32/f_impl32.c
+crypto/ec/curve448/arch_64/f_impl64.c
+crypto/ec/curve448/curve448.c
+crypto/ec/curve448/curve448_tables.c
+crypto/ec/curve448/eddsa.c
+crypto/ec/curve448/f_generic.c
+crypto/ec/curve448/scalar.c
+crypto/ec/ec2_oct.c
+crypto/ec/ec2_smpl.c
+crypto/ec/ec_asn1.c
+crypto/ec/ec_backend.c
+crypto/ec/ec_check.c
+crypto/ec/ec_curve.c
+crypto/ec/ec_cvt.c
+crypto/ec/ec_deprecated.c
+crypto/ec/ec_key.c
+crypto/ec/ec_kmeth.c
+crypto/ec/ec_lib.c
+crypto/ec/ec_mult.c
+crypto/ec/ec_oct.c
+crypto/ec/ec_print.c
+crypto/ec/ecdh_kdf.c
+crypto/ec/ecdh_ossl.c
+crypto/ec/ecdsa_ossl.c
+crypto/ec/ecdsa_sign.c
+crypto/ec/ecdsa_vrf.c
+crypto/ec/ecp_mont.c
+crypto/ec/ecp_nist.c
+crypto/ec/ecp_nistz256.c
+crypto/ec/ecp_oct.c
+crypto/ec/ecp_smpl.c
+crypto/ec/ecx_backend.c
+crypto/ec/ecx_key.c
+crypto/evp/asymcipher.c
+crypto/evp/cmeth_lib.c
+crypto/evp/dh_support.c
+crypto/evp/digest.c
+crypto/evp/ec_support.c
+crypto/evp/evp_enc.c
+crypto/evp/evp_fetch.c
+crypto/evp/evp_lib.c
+crypto/evp/evp_rand.c
+crypto/evp/evp_utils.c
+crypto/evp/exchange.c
+crypto/evp/kdf_lib.c
+crypto/evp/kdf_meth.c
+crypto/evp/kem.c
+crypto/evp/keymgmt_lib.c
+crypto/evp/keymgmt_meth.c
+crypto/evp/m_sigver.c
+crypto/evp/mac_lib.c
+crypto/evp/mac_meth.c
+crypto/evp/p_lib.c
+crypto/evp/pmeth_check.c
+crypto/evp/pmeth_gn.c
+crypto/evp/pmeth_lib.c
+crypto/evp/signature.c
+crypto/ex_data.c
+crypto/ffc/ffc_backend.c
+crypto/ffc/ffc_dh.c
+crypto/ffc/ffc_key_generate.c
+crypto/ffc/ffc_key_validate.c
+crypto/ffc/ffc_params.c
+crypto/ffc/ffc_params_generate.c
+crypto/ffc/ffc_params_validate.c
+crypto/hmac/hmac.c
+crypto/initthread.c
+crypto/lhash/lhash.c
+crypto/md5/asm/md5-586.pl
+crypto/md5/asm/md5-sparcv9.pl
+crypto/md5/asm/md5-x86_64.pl
+crypto/md5/md5_dgst.c
+crypto/md5/md5_one.c
+crypto/md5/md5_sha1.c
+crypto/mem_clr.c
+crypto/modes/asm/aes-gcm-armv8_64.pl
+crypto/modes/asm/aesni-gcm-x86_64.pl
+crypto/modes/asm/ghash-alpha.pl
+crypto/modes/asm/ghash-armv4.pl
+crypto/modes/asm/ghash-c64xplus.pl
+crypto/modes/asm/ghash-ia64.pl
+crypto/modes/asm/ghash-parisc.pl
+crypto/modes/asm/ghash-s390x.pl
+crypto/modes/asm/ghash-sparcv9.pl
+crypto/modes/asm/ghash-x86.pl
+crypto/modes/asm/ghash-x86_64.pl
+crypto/modes/asm/ghashp8-ppc.pl
+crypto/modes/asm/ghashv8-armx.pl
+crypto/modes/cbc128.c
+crypto/modes/ccm128.c
+crypto/modes/cfb128.c
+crypto/modes/ctr128.c
+crypto/modes/gcm128.c
+crypto/modes/ofb128.c
+crypto/modes/wrap128.c
+crypto/modes/xts128.c
+crypto/o_str.c
+crypto/packet.c
+crypto/param_build.c
+crypto/param_build_set.c
+crypto/params.c
+crypto/params_dup.c
+crypto/params_from_text.c
+crypto/passphrase.c
+crypto/property/defn_cache.c
+crypto/property/property.c
+crypto/property/property_parse.c
+crypto/property/property_string.c
+crypto/provider_core.c
+crypto/provider_predefined.c
+crypto/rand/rand_lib.c
+crypto/rand/rand_meth.c
+crypto/rsa/rsa_backend.c
+crypto/rsa/rsa_chk.c
+crypto/rsa/rsa_crpt.c
+crypto/rsa/rsa_gen.c
+crypto/rsa/rsa_lib.c
+crypto/rsa/rsa_mp_names.c
+crypto/rsa/rsa_none.c
+crypto/rsa/rsa_oaep.c
+crypto/rsa/rsa_ossl.c
+crypto/rsa/rsa_pk1.c
+crypto/rsa/rsa_pss.c
+crypto/rsa/rsa_schemes.c
+crypto/rsa/rsa_sign.c
+crypto/rsa/rsa_sp800_56b_check.c
+crypto/rsa/rsa_sp800_56b_gen.c
+crypto/rsa/rsa_x931.c
+crypto/self_test_core.c
+crypto/sha/asm/keccak1600-armv4.pl
+crypto/sha/asm/keccak1600-armv8.pl
+crypto/sha/asm/keccak1600-avx2.pl
+crypto/sha/asm/keccak1600-avx512.pl
+crypto/sha/asm/keccak1600-avx512vl.pl
+crypto/sha/asm/keccak1600-c64x.pl
+crypto/sha/asm/keccak1600-mmx.pl
+crypto/sha/asm/keccak1600-ppc64.pl
+crypto/sha/asm/keccak1600-s390x.pl
+crypto/sha/asm/keccak1600-x86_64.pl
+crypto/sha/asm/keccak1600p8-ppc.pl
+crypto/sha/asm/sha1-586.pl
+crypto/sha/asm/sha1-alpha.pl
+crypto/sha/asm/sha1-armv4-large.pl
+crypto/sha/asm/sha1-armv8.pl
+crypto/sha/asm/sha1-c64xplus.pl
+crypto/sha/asm/sha1-ia64.pl
+crypto/sha/asm/sha1-mb-x86_64.pl
+crypto/sha/asm/sha1-mips.pl
+crypto/sha/asm/sha1-parisc.pl
+crypto/sha/asm/sha1-ppc.pl
+crypto/sha/asm/sha1-s390x.pl
+crypto/sha/asm/sha1-sparcv9.pl
+crypto/sha/asm/sha1-sparcv9a.pl
+crypto/sha/asm/sha1-thumb.pl
+crypto/sha/asm/sha1-x86_64.pl
+crypto/sha/asm/sha256-586.pl
+crypto/sha/asm/sha256-armv4.pl
+crypto/sha/asm/sha256-c64xplus.pl
+crypto/sha/asm/sha256-mb-x86_64.pl
+crypto/sha/asm/sha512-586.pl
+crypto/sha/asm/sha512-armv4.pl
+crypto/sha/asm/sha512-armv8.pl
+crypto/sha/asm/sha512-c64xplus.pl
+crypto/sha/asm/sha512-ia64.pl
+crypto/sha/asm/sha512-mips.pl
+crypto/sha/asm/sha512-parisc.pl
+crypto/sha/asm/sha512-ppc.pl
+crypto/sha/asm/sha512-s390x.pl
+crypto/sha/asm/sha512-sparcv9.pl
+crypto/sha/asm/sha512-x86_64.pl
+crypto/sha/asm/sha512p8-ppc.pl
+crypto/sha/keccak1600.c
+crypto/sha/sha1dgst.c
+crypto/sha/sha256.c
+crypto/sha/sha3.c
+crypto/sha/sha512.c
+crypto/sparse_array.c
+crypto/stack/stack.c
+crypto/threads_lib.c
+crypto/threads_none.c
+crypto/threads_pthread.c
+crypto/threads_win.c
+crypto/x86_64cpuid.pl
+providers/common/bio_prov.c
+providers/common/capabilities.c
+providers/common/der/der_digests_gen.c.in
+providers/common/der/der_dsa_gen.c.in
+providers/common/der/der_dsa_key.c
+providers/common/der/der_dsa_sig.c
+providers/common/der/der_ec_gen.c.in
+providers/common/der/der_ec_key.c
+providers/common/der/der_ec_sig.c
+providers/common/der/der_ecx_gen.c.in
+providers/common/der/der_ecx_key.c
+providers/common/der/der_rsa_gen.c.in
+providers/common/der/der_rsa_key.c
+providers/common/der/der_rsa_sig.c
+providers/common/der/der_sm2_gen.c.in
+providers/common/der/der_sm2_key.c
+providers/common/der/der_sm2_sig.c
+providers/common/der/der_wrap_gen.c.in
+providers/common/digest_to_nid.c
+providers/common/provider_ctx.c
+providers/common/provider_err.c
+providers/common/provider_seeding.c
+providers/common/provider_util.c
+providers/common/securitycheck.c
+providers/common/securitycheck_default.c
+providers/common/securitycheck_fips.c
+providers/fips/fipsprov.c
+providers/fips/self_test.c
+providers/fips/self_test_kats.c
+providers/implementations/asymciphers/rsa_enc.c
+providers/implementations/asymciphers/sm2_enc.c
+providers/implementations/ciphers/cipher_aes.c
+providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+providers/implementations/ciphers/cipher_aes_ccm.c
+providers/implementations/ciphers/cipher_aes_ccm_hw.c
+providers/implementations/ciphers/cipher_aes_cts.c
+providers/implementations/ciphers/cipher_aes_gcm.c
+providers/implementations/ciphers/cipher_aes_gcm_hw.c
+providers/implementations/ciphers/cipher_aes_hw.c
+providers/implementations/ciphers/cipher_aes_ocb.c
+providers/implementations/ciphers/cipher_aes_ocb_hw.c
+providers/implementations/ciphers/cipher_aes_siv.c
+providers/implementations/ciphers/cipher_aes_siv_hw.c
+providers/implementations/ciphers/cipher_aes_wrp.c
+providers/implementations/ciphers/cipher_aes_xts.c
+providers/implementations/ciphers/cipher_aes_xts_fips.c
+providers/implementations/ciphers/cipher_aes_xts_hw.c
+providers/implementations/ciphers/cipher_aria.c
+providers/implementations/ciphers/cipher_aria_ccm.c
+providers/implementations/ciphers/cipher_aria_ccm_hw.c
+providers/implementations/ciphers/cipher_aria_gcm.c
+providers/implementations/ciphers/cipher_aria_gcm_hw.c
+providers/implementations/ciphers/cipher_aria_hw.c
+providers/implementations/ciphers/cipher_camellia.c
+providers/implementations/ciphers/cipher_camellia_hw.c
+providers/implementations/ciphers/cipher_chacha20.c
+providers/implementations/ciphers/cipher_chacha20_hw.c
+providers/implementations/ciphers/cipher_chacha20_poly1305.c
+providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
+providers/implementations/ciphers/cipher_null.c
+providers/implementations/ciphers/cipher_sm4.c
+providers/implementations/ciphers/cipher_sm4_hw.c
+providers/implementations/ciphers/cipher_tdes.c
+providers/implementations/ciphers/cipher_tdes_common.c
+providers/implementations/ciphers/cipher_tdes_default.c
+providers/implementations/ciphers/cipher_tdes_default_hw.c
+providers/implementations/ciphers/cipher_tdes_hw.c
+providers/implementations/ciphers/cipher_tdes_wrap.c
+providers/implementations/ciphers/cipher_tdes_wrap_hw.c
+providers/implementations/ciphers/ciphercommon.c
+providers/implementations/ciphers/ciphercommon_block.c
+providers/implementations/ciphers/ciphercommon_ccm.c
+providers/implementations/ciphers/ciphercommon_ccm_hw.c
+providers/implementations/ciphers/ciphercommon_gcm.c
+providers/implementations/ciphers/ciphercommon_gcm_hw.c
+providers/implementations/ciphers/ciphercommon_hw.c
+providers/implementations/digests/blake2_prov.c
+providers/implementations/digests/blake2b_prov.c
+providers/implementations/digests/blake2s_prov.c
+providers/implementations/digests/digestcommon.c
+providers/implementations/digests/md5_prov.c
+providers/implementations/digests/md5_sha1_prov.c
+providers/implementations/digests/sha2_prov.c
+providers/implementations/digests/sha3_prov.c
+providers/implementations/digests/sm3_prov.c
+providers/implementations/encode_decode/decode_der2key.c
+providers/implementations/encode_decode/decode_msblob2key.c
+providers/implementations/encode_decode/decode_pem2der.c
+providers/implementations/encode_decode/decode_pvk2key.c
+providers/implementations/encode_decode/encode_key2any.c
+providers/implementations/encode_decode/encode_key2blob.c
+providers/implementations/encode_decode/encode_key2ms.c
+providers/implementations/encode_decode/encode_key2text.c
+providers/implementations/encode_decode/endecoder_common.c
+providers/implementations/exchange/dh_exch.c
+providers/implementations/exchange/ecdh_exch.c
+providers/implementations/exchange/ecx_exch.c
+providers/implementations/exchange/kdf_exch.c
+providers/implementations/kdfs/hkdf.c
+providers/implementations/kdfs/kbkdf.c
+providers/implementations/kdfs/krb5kdf.c
+providers/implementations/kdfs/pbkdf2.c
+providers/implementations/kdfs/pbkdf2_fips.c
+providers/implementations/kdfs/pkcs12kdf.c
+providers/implementations/kdfs/scrypt.c
+providers/implementations/kdfs/sshkdf.c
+providers/implementations/kdfs/sskdf.c
+providers/implementations/kdfs/tls1_prf.c
+providers/implementations/kdfs/x942kdf.c
+providers/implementations/kem/rsa_kem.c
+providers/implementations/keymgmt/dh_kmgmt.c
+providers/implementations/keymgmt/dsa_kmgmt.c
+providers/implementations/keymgmt/ec_kmgmt.c
+providers/implementations/keymgmt/ecx_kmgmt.c
+providers/implementations/keymgmt/kdf_legacy_kmgmt.c
+providers/implementations/keymgmt/mac_legacy_kmgmt.c
+providers/implementations/keymgmt/rsa_kmgmt.c
+providers/implementations/macs/blake2b_mac.c
+providers/implementations/macs/blake2s_mac.c
+providers/implementations/macs/cmac_prov.c
+providers/implementations/macs/gmac_prov.c
+providers/implementations/macs/hmac_prov.c
+providers/implementations/macs/kmac_prov.c
+providers/implementations/macs/poly1305_prov.c
+providers/implementations/macs/siphash_prov.c
+providers/implementations/rands/crngt.c
+providers/implementations/rands/drbg.c
+providers/implementations/rands/drbg_ctr.c
+providers/implementations/rands/drbg_hash.c
+providers/implementations/rands/drbg_hmac.c
+providers/implementations/rands/seed_src.c
+providers/implementations/rands/seeding/rand_cpu_x86.c
+providers/implementations/rands/seeding/rand_tsc.c
+providers/implementations/rands/seeding/rand_unix.c
+providers/implementations/rands/seeding/rand_win.c
+providers/implementations/rands/test_rng.c
+providers/implementations/signature/dsa.c
+providers/implementations/signature/ecdsa.c
+providers/implementations/signature/eddsa.c
+providers/implementations/signature/mac_legacy.c
+providers/implementations/signature/rsa.c
+providers/implementations/signature/sm2sig.c
+providers/implementations/storemgmt/file_store.c
+providers/implementations/storemgmt/file_store_der2obj.c
+providers/prov_running.c
+ssl/record/tls_pad.c
+ssl/s3_cbc.c
+util/providers.num
diff --git a/util/c-compress-test.pl b/util/c-compress-test.pl
new file mode 100755
index 0000000000..8ea3e045bc
--- /dev/null
+++ b/util/c-compress-test.pl
@@ -0,0 +1,54 @@
+#! /usr/bin/env perl
+#
+# TEST c-compress-pl with a number of examples and what should happen to them
+
+use strict;
+use warnings;
+
+use File::Basename;
+
+my @pairs =
+    (
+     [ <<'_____'
+/* A hell of a program */
+#def\
+ine foo/* bar */ 3
+#define bar /* haha "A /* comment */ that should    /* remain" */
+#define  haha /* hoho */ "A /* comment */ that should /* remain" */
+
+int main() {
+    int x;
+    /* one lonely comment */
+}
+_____
+       , <<'_____'
+#define foo 3
+#define bar that should
+#define haha "A /* comment */ that should /* remain" */
+int main() {
+int x;
+}
+_____
+     ]
+    );
+
+my $here = dirname $0;
+my $c_compress = "$here/lang-compress.pl";
+
+use FileHandle;
+use IPC::Open2;
+use Text::Diff;
+foreach (@pairs) {
+    my $source = $_->[0];
+    my $expected = $_->[1];
+    my $pid = open2(\*Reader, \*Writer, "perl $c_compress 'C'");
+    print Writer $source;
+    close Writer;
+
+    local $/ = undef;             # slurp
+    my $got = <Reader>;
+
+    if ($got ne $expected) {
+        print "MISMATCH:\n", diff \$expected, \$got;
+    }
+}
diff --git a/util/fips-checksums.sh b/util/fips-checksums.sh
new file mode 100755
index 0000000000..99f34fbc8f
--- /dev/null
+++ b/util/fips-checksums.sh
@@ -0,0 +1,31 @@
+#! /bin/sh
+
+HERE=`dirname $0`
+
+for f in "$@"; do
+    # It's worth nothing that 'openssl sha256 -r' assumes that all input
+    # is binary.  This isn't quite true, and we know better, so we convert
+    # the '*stdin' marker to the filename preceded by a space.  See the
+    # sha1sum manual for a specification of the format.
+    case "$f" in
+        *.c | *.h )
+            cat "$f" \
+                | $HERE/lang-compress.pl 'C' \
+                | unifdef -DFIPS_MODE=1 \
+                | openssl sha256 -r \
+                | sed -e "s| \\*stdin|  $f|"
+            ;;
+        *.pl ) 
+            cat "$f" \
+                | $HERE/lang-compress.pl 'perl' \
+                | openssl sha256 -r \
+                | sed -e "s| \\*stdin|  $f|"
+            ;;
+        *.S ) 
+            cat "$f" \
+                | $HERE/lang-compress.pl 'S' \
+                | openssl sha256 -r \
+                | sed -e "s| \\*stdin|  $f|"
+            ;;
+    esac
+done
diff --git a/util/lang-compress.pl b/util/lang-compress.pl
new file mode 100755
index 0000000000..6898877587
--- /dev/null
+++ b/util/lang-compress.pl
@@ -0,0 +1,189 @@
+#! /usr/bin/env perl
+#
+# C source compressor.  This:
+#
+# - merges continuation lines
+# - removes comments (not in strings)
+# - removes empty lines (not in strings)
+
+use strict;
+use warnings;
+
+my $debug = defined $ENV{DEBUG};
+my $lang = shift @ARGV;
+
+# Slurp the file
+$/ = undef;
+$_ = <>;
+
+if ($lang eq 'C') {
+    # Merge continuation lines
+    s{\\\n}{}g;
+
+    # Regexp for things that should be preserved
+    my $preserved =
+        qr{
+              (?:
+                  "                 # String start
+                  (?: \\. | [^\"])* # Any character, including escaped ones
+                  "                 # String end
+              )
+
+          |                         # OR
+
+              (?:
+                  '                 # Character start (multi-chars supported)
+                  (?: \\. | [^\'])+ # Any character, including escaped ones
+                  '                 # String end
+              )
+        }x;
+
+    # Remove comments while preserving strings
+    s{
+         (?|                        # All things preserved end up in $1
+
+             /\*                    # C comment start
+             .*?                    # Contents up until
+             \*/                    # C comment end
+
+         |                          # OR
+
+             (                      # Grouping for the replacement
+                 $preserved
+             )
+
+         )
+    }{
+        if ($debug) {
+            print STDERR "DEBUG: '$&' => '$1'\n" if defined $1;
+            print STDERR "DEBUG: '$&' removed\n" unless defined $1;
+        }
+        defined $1 ? $1 : ""
+    }gsxe;
+
+    # Remove empty lines
+    s{
+         (?|                        # All things preserved end up in $1
+
+             (^|\n)(?:\s*(?:\n|$))+ # Empty lines, preserve one newline
+
+         |                          # OR
+
+             (                      # Grouping for the replacement
+                 $preserved
+             )
+
+         )
+    }{$1}gsx;
+
+    # Remove extra spaces
+    s{
+         (?|                        # All things preserved end up in $1
+
+             (\n)\h+                # Spaces at start of lines removed
+
+         |
+
+             \h+(\n)                # Spaces at end of lines removed
+
+         |
+
+             \h+                    # Other horizontal spaces replaced with one
+
+         |                          # OR
+
+             (                      # Grouping for the replacement
+                 $preserved
+             )
+
+         )
+    }{
+        if ($debug) {
+            print STDERR "DEBUG: '$&' => '$1'\n" if defined $1;
+            print STDERR "DEBUG: '$&' => ' '\n" unless defined $1;
+        }
+        defined $1 ? $1 : " "
+    }gsxe;
+} elsif ($lang eq 'S') {
+    # Because we use C++ style comments in our .S files, all we can do
+    # is to drop them
+    s{
+         ^([^\n]*?)//[^\n]*?$   # Any line with a // comment
+    }{
+        if ($debug) {
+            print STDERR "DEBUG: '$&' => '$1'\n" if defined $1;
+            print STDERR "DEBUG: '$&' removed\n" unless defined $1;
+        }
+        defined $1 ? $1 : ""
+    }mgsxe;
+
+    # Drop all empty lines
+    s{
+         (^|\n)(?:\s*(?:\n|$))+ # Empty lines, preserve one newline
+    }{$1}gsx;
+} elsif ($lang eq 'perl') {
+    # Merge continuation lines
+    s{\\\n}{}g;
+
+    # Regexp for things that should be preserved
+    my $preserved =
+        qr{
+              (?:
+                  <<["']?(\w+)["']? # HERE document start
+                  .*?               # Its contents
+                  ^\g{-1}$
+              )
+          |
+              (?:
+                  "                 # Double quoted string start
+                  (?: \\. | [^\"])* # Any character, including escaped ones
+                  "                 # Double quoted string end
+              )
+
+          |                         # OR
+
+              (?:
+                  '                 # Single quoted string start
+                  [^\']*            # Any character
+                  '                 # Single quoted string end
+              )
+        }msx;
+
+    # Remove comments while preserving strings
+    s{
+         (?|                        # All things preserved end up in $1
+
+             \#.*?(\n|$)            # Perl comments
+
+         |                          # OR
+
+             (                      # Grouping for the replacement
+                 $preserved
+             )
+
+         )
+    }{
+        if ($debug) {
+            print STDERR "DEBUG: '$&' => '$1'\n" if defined $1;
+            print STDERR "DEBUG: '$&' removed\n" unless defined $1;
+        }
+        defined $1 ? $1 : ""
+    }gsxe;
+
+    # Remove empty lines
+    s{
+         (?|                        # All things preserved end up in $1
+
+             (^|\n)(?:\s*(?:\n|$))+ # Empty lines, preserve one newline
+
+         |                          # OR
+
+             (                      # Grouping for the replacement
+                 $preserved
+             )
+
+         )
+    }{$1}gsx;
+}
+
+print;
diff --git a/util/perl/OpenSSL/Config/Query.pm b/util/perl/OpenSSL/Config/Query.pm
new file mode 100644
index 0000000000..22d6a459bd
--- /dev/null
+++ b/util/perl/OpenSSL/Config/Query.pm
@@ -0,0 +1,177 @@
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::Config::Query;
+
+use 5.10.0;
+use strict;
+use warnings;
+use Carp;
+
+=head1 NAME
+
+OpenSSL::Config::Query - Query OpenSSL configuration info
+
+=head1 SYNOPSIS
+
+    use OpenSSL::Config::Info;
+
+    my $query = OpenSSL::Config::Query->new(info => \%unified_info);
+
+    # Query for something that's expected to give a scalar back
+    my $variable = $query->method(... args ...);
+
+    # Query for something that's expected to give a list back
+    my @variable = $query->method(... args ...);
+
+=head1 DESCRIPTION
+
+The unified info structure, commonly known as the %unified_info table, has
+become quite complex, and a bit overwhelming to look through directly.  This
+module makes querying this structure simpler, through diverse methods.
+
+=head2 Constructor
+
+=over 4
+
+=item B<new> I<%options>
+
+Creates an instance of the B<OpenSSL::Config::Query> class.  It takes options
+in keyed pair form, i.e. a series of C<< key => value >> pairs.  Available
+options are:
+
+=over 4
+
+=item B<info> =E<gt> I<HASHREF>
+
+A reference to a unified information hash table, most commonly known as
+%unified_info.
+
+=item B<config> =E<gt> I<HASHREF>
+
+A reference to a config information hash table, most commonly known as
+%config.
+
+=back
+
+Example:
+
+    my $info = OpenSSL::Config::Info->new(info => \%unified_info);
+
+=back
+
+=cut
+
+sub new {
+    my $class = shift;
+    my %opts = @_;
+
+    my @messages = _check_accepted_options(\%opts,
+                                           info => 'HASH',
+                                           config => 'HASH');
+    croak $messages[0] if @messages;
+
+    # We make a shallow copy of the input structure.  We might make
+    # a different choice in the future...
+    my $instance = { info => $opts{info} // {},
+                     config => $opts{config} // {} };
+    bless $instance, $class;
+
+    return $instance;
+}
+
+=head2 Query methods
+
+=over 4
+
+=item B<get_sources> I<LIST>
+
+LIST is expected to be the collection of names of end products, such as
+programs, modules, libraries.
+
+The returned result is a hash table reference, with each key being one of
+these end product names, and its value being a reference to an array of
+source file names that constitutes everything that will or may become part
+of that end product.
+
+=cut
+
+sub get_sources {
+    my $self = shift;
+
+    my $result = {};
+    foreach (@_) {
+        my @sources = @{$self->{info}->{sources}->{$_} // []};
+        my @staticlibs =
+            grep { $_ =~ m|\.a$| } @{$self->{info}->{depends}->{$_} // []};
+
+        my %parts = ( %{$self->get_sources(@sources)},
+                      %{$self->get_sources(@staticlibs)} );
+        my @parts = map { @{$_} } values %parts;
+
+        my @generator =
+            ( ( $self->{info}->{generate}->{$_} // [] ) -> [0] // () );
+        my %generator_parts = %{$self->get_sources(@generator)};
+        # if there are any generator parts, we ignore it, because that means
+        # it's a compiled program and thus NOT part of the source that's
+        # queried.
+        @generator = () if %generator_parts;
+
+        my @partial_result =
+            ( ( map { @{$_} } values %parts ),
+              ( grep { !defined($parts{$_}) } @sources, @generator ) );
+
+        # Push conditionally, to avoid creating $result->{$_} with an empty
+        # value
+        push @{$result->{$_}}, @partial_result if @partial_result;
+    }
+
+    return $result;
+}
+
+=item B<get_config> I<LIST>
+
+LIST is expected to be the collection of names of configuration data, such
+as build_infos, sourcedir, ...
+
+The returned result is a hash table reference, with each key being one of
+these configuration data names, and its value being a reference to the value
+corresponding to that name.
+
+=cut
+
+sub get_config {
+    my $self = shift;
+
+    return { map { $_ => $self->{config}->{$_} } @_ };
+}
+
+########
+#
+#  Helper functions
+#
+
+sub _check_accepted_options {
+    my $opts = shift;           # HASH reference (hopefully)
+    my %conds = @_;             # key => type
+
+    my @messages;
+    my %optnames = map { $_ => 1 } keys %$opts;
+    foreach (keys %conds) {
+        delete $optnames{$_};
+    }
+    push @messages, "Unknown options: " . join(', ', sort keys %optnames)
+        if keys %optnames;
+    foreach (sort keys %conds) {
+        push @messages, "'$_' value not a $conds{$_} reference"
+            if (defined $conds{$_} && defined $opts->{$_}
+                && ref $opts->{$_} ne $conds{$_});
+    }
+    return @messages;
+}
+
+1;

From levitte at openssl.org  Tue May  4 09:41:09 2021
From: levitte at openssl.org (Richard Levitte)
Date: Tue, 04 May 2021 09:41:09 +0000
Subject: [openssl]  master update
Message-ID: <1620121269.182923.13733.nullmailer@dev.openssl.org>

The branch master has been updated
       via  5432d827ec2cffa2e75bf8dd0bc570288cba19f6 (commit)
       via  49ce00374030c74f527c9916bff7c2c7268f4318 (commit)
      from  f97bc7c4240ba370c323c0d753d9d97f7a7c89bf (commit)


- Log -----------------------------------------------------------------
commit 5432d827ec2cffa2e75bf8dd0bc570288cba19f6
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 3 08:48:17 2021 +0200

    APPS: Add passphrase handling in the "rsa" and "dsa" commands
    
    They completely ignored any passphrase related setting.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15119)

commit 49ce00374030c74f527c9916bff7c2c7268f4318
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 3 08:48:07 2021 +0200

    APPS: Set a default passphrase UI for the "ec" command
    
    Fixes #15114
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15119)

-----------------------------------------------------------------------

Summary of changes:
 apps/dsa.c | 14 ++++++++++++++
 apps/ec.c  |  3 +++
 apps/rsa.c | 14 ++++++++++++++
 3 files changed, 31 insertions(+)

diff --git a/apps/dsa.c b/apps/dsa.c
index 9ea1098514..9a7bf04adb 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -267,6 +267,20 @@ int dsa_main(int argc, char **argv)
         goto end;
     }
 
+    /* Passphrase setup */
+    if (enc != NULL)
+        OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+
+    /* Default passphrase prompter */
+    if (enc != NULL || outformat == FORMAT_PVK) {
+        OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL);
+        if (passout != NULL)
+            /* When passout given, override the passphrase prompter */
+            OSSL_ENCODER_CTX_set_passphrase(ectx,
+                                            (const unsigned char *)passout,
+                                            strlen(passout));
+    }
+
     /* PVK requires a bit more */
     if (outformat == FORMAT_PVK) {
         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
diff --git a/apps/ec.c b/apps/ec.c
index 5103838da0..f8f77dd492 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -267,7 +267,10 @@ int ec_main(int argc, char **argv)
                                              NULL);
         if (enc != NULL) {
             OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+            /* Default passphrase prompter */
+            OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL);
             if (passout != NULL)
+                /* When passout given, override the passphrase prompter */
                 OSSL_ENCODER_CTX_set_passphrase(ectx,
                                                 (const unsigned char *)passout,
                                                 strlen(passout));
diff --git a/apps/rsa.c b/apps/rsa.c
index fc1db506d7..47316757d5 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -335,6 +335,20 @@ int rsa_main(int argc, char **argv)
         goto end;
     }
 
+    /* Passphrase setup */
+    if (enc != NULL)
+        OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+
+    /* Default passphrase prompter */
+    if (enc != NULL || outformat == FORMAT_PVK) {
+        OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL);
+        if (passout != NULL)
+            /* When passout given, override the passphrase prompter */
+            OSSL_ENCODER_CTX_set_passphrase(ectx,
+                                            (const unsigned char *)passout,
+                                            strlen(passout));
+    }
+
     /* PVK is a bit special... */
     if (outformat == FORMAT_PVK) {
         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };

From pauli at openssl.org  Tue May  4 10:39:53 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 04 May 2021 10:39:53 +0000
Subject: [openssl]  master update
Message-ID: <1620124793.872944.32419.nullmailer@dev.openssl.org>

The branch master has been updated
       via  67cd43084cacb976ef79bbc23ccab048b06e5c1c (commit)
      from  5432d827ec2cffa2e75bf8dd0bc570288cba19f6 (commit)


- Log -----------------------------------------------------------------
commit 67cd43084cacb976ef79bbc23ccab048b06e5c1c
Author: Pauli <pauli at openssl.org>
Date:   Sat May 1 13:38:34 2021 +1000

    test: fix failure with FIPS and no-des configured.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15105)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/80-test_pkcs12.t | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
index b259c1a335..12189da3a3 100644
--- a/test/recipes/80-test_pkcs12.t
+++ b/test/recipes/80-test_pkcs12.t
@@ -96,8 +96,8 @@ SKIP: {
 }
 
 SKIP: {
-    skip "Skipping legacy PKCS#12 test because RC2 is disabled in this build", 1
-        if disabled("rc2") || disabled("legacy");
+    skip "Skipping legacy PKCS#12 test because the required algorithms are disabled", 1
+        if disabled("des") || disabled("rc2") || disabled("legacy");
     # Test reading legacy PKCS#12 file
     ok(run(app(["openssl", "pkcs12", "-export",
                 "-in", srctop_file(@path, "v3-certs-RC2.p12"),

From tomas at openssl.org  Tue May  4 10:58:28 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 04 May 2021 10:58:28 +0000
Subject: [openssl]  master update
Message-ID: <1620125908.564109.5361.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a0baa98b5c1f805a30539e43ef62e2a43979773f (commit)
      from  67cd43084cacb976ef79bbc23ccab048b06e5c1c (commit)


- Log -----------------------------------------------------------------
commit a0baa98b5c1f805a30539e43ef62e2a43979773f
Author: Petr Gotthard <petr.gotthard at centrum.cz>
Date:   Sun May 2 23:26:23 2021 +0200

    apps: Switch to X509_REQ_verify_ex
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15118)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/apps.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index bfea59bdc8..b87f271ee8 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2282,7 +2282,8 @@ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
     int rv = 0;
 
     if (do_x509_req_init(x, vfyopts) > 0)
-        rv = (X509_REQ_verify(x, pkey) > 0);
+        rv = (X509_REQ_verify_ex(x, pkey,
+                                 app_get0_libctx(), app_get0_propq()) > 0);
     return rv;
 }
 

From tomas at openssl.org  Tue May  4 11:00:10 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 04 May 2021 11:00:10 +0000
Subject: [openssl]  master update
Message-ID: <1620126010.898419.7087.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e3188bae04769242e62ae2fba96a0aca5b7ce605 (commit)
       via  9deb202e6a54aee76a09c3a12c320c4a4c39a19f (commit)
      from  a0baa98b5c1f805a30539e43ef62e2a43979773f (commit)


- Log -----------------------------------------------------------------
commit e3188bae04769242e62ae2fba96a0aca5b7ce605
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 3 10:53:08 2021 +0200

    Run coveralls daily and not exactly at midnight
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15121)

commit 9deb202e6a54aee76a09c3a12c320c4a4c39a19f
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 3 10:45:16 2021 +0200

    coveralls: Enable fips as it is disabled by default
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15121)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/coveralls.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml
index 370f372ad3..758ed9b581 100644
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -3,7 +3,7 @@ name: Coverage
 #Run once a week
 on:
   schedule:
-    - cron:  '0 0 * * SAT'
+    - cron:  '49 0 * * *'
 
 jobs:
   coverage:
@@ -14,7 +14,7 @@ jobs:
       run: |
         sudo apt-get -yq install lcov
     - name: config
-      run: CC=gcc ./config --debug --coverage no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
+      run: CC=gcc ./config --debug --coverage no-asm enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test

From matt at openssl.org  Tue May  4 11:02:16 2021
From: matt at openssl.org (Matt Caswell)
Date: Tue, 04 May 2021 11:02:16 +0000
Subject: [openssl]  master update
Message-ID: <1620126136.843555.10243.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f9548d21bae8667b71254d82478e0094a5a3982d (commit)
       via  93954ab050b395275a9d8b084ab4aa9e815ce119 (commit)
       via  b0ee1de9ab4fb8586934f3a8126432f06abf7115 (commit)
      from  e3188bae04769242e62ae2fba96a0aca5b7ce605 (commit)


- Log -----------------------------------------------------------------
commit f9548d21bae8667b71254d82478e0094a5a3982d
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Apr 28 15:23:16 2021 +0100

    Document the new core BIO public API support
    
    Fixes #14409
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15072)

commit 93954ab050b395275a9d8b084ab4aa9e815ce119
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Apr 28 13:57:43 2021 +0100

    Add a test for the public core bio API
    
    Check that reading/writing to a core bio via BIO_new_from_core_bio()
    works as expected.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15072)

commit b0ee1de9ab4fb8586934f3a8126432f06abf7115
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Apr 27 19:56:39 2021 +0100

    Create libcrypto support for BIO_new_from_core_bio()
    
    Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an
    internal only concept for our own providers. Since this is likely to be
    generally useful, we make it a part of the public API.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15072)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bio_lib.c                               |   8 +-
 crypto/bio/bio_local.h                             |   1 +
 crypto/bio/bss_core.c                              | 170 +++++++++++++++++++++
 crypto/bio/build.info                              |   2 +-
 crypto/context.c                                   |  16 ++
 doc/build.info                                     |   6 +
 doc/man3/BIO_new.pod                               |  24 ++-
 doc/man3/BIO_s_core.pod                            |  72 +++++++++
 doc/man3/OSSL_LIB_CTX.pod                          |  17 ++-
 include/internal/bio.h                             |   2 +
 include/internal/cryptlib.h                        |   7 +-
 include/openssl/bio.h.in                           |   6 +-
 include/openssl/crypto.h.in                        |   1 +
 test/bio_core_test.c                               | 107 +++++++++++++
 test/build.info                                    |   6 +-
 .../{04-test_bioprint.t => 04-test_bio_core.t}     |   2 +-
 util/libcrypto.num                                 |   4 +
 17 files changed, 430 insertions(+), 21 deletions(-)
 create mode 100644 crypto/bio/bss_core.c
 create mode 100644 doc/man3/BIO_s_core.pod
 create mode 100644 test/bio_core_test.c
 copy test/recipes/{04-test_bioprint.t => 04-test_bio_core.t} (88%)

diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 6d360b62ed..5cdd6d7cfd 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -68,7 +68,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
     return ret;
 }
 
-BIO *BIO_new(const BIO_METHOD *method)
+BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method)
 {
     BIO *bio = OPENSSL_zalloc(sizeof(*bio));
 
@@ -77,6 +77,7 @@ BIO *BIO_new(const BIO_METHOD *method)
         return NULL;
     }
 
+    bio->libctx = libctx;
     bio->method = method;
     bio->shutdown = 1;
     bio->references = 1;
@@ -107,6 +108,11 @@ err:
     return NULL;
 }
 
+BIO *BIO_new(const BIO_METHOD *method)
+{
+    return BIO_new_ex(NULL, method);
+}
+
 int BIO_free(BIO *a)
 {
     int ret;
diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h
index 30e56cba8d..3d9afe0760 100644
--- a/crypto/bio/bio_local.h
+++ b/crypto/bio/bio_local.h
@@ -113,6 +113,7 @@ typedef struct bio_f_buffer_ctx_struct {
 } BIO_F_BUFFER_CTX;
 
 struct bio_st {
+    OSSL_LIB_CTX *libctx;
     const BIO_METHOD *method;
     /* bio, mode, argp, argi, argl, ret */
     BIO_callback_fn callback;
diff --git a/crypto/bio/bss_core.c b/crypto/bio/bss_core.c
new file mode 100644
index 0000000000..2baabe614e
--- /dev/null
+++ b/crypto/bio/bss_core.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_dispatch.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+typedef struct {
+    OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex;
+    OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex;
+    OSSL_FUNC_BIO_gets_fn *c_bio_gets;
+    OSSL_FUNC_BIO_puts_fn *c_bio_puts;
+    OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl;
+} BIO_CORE_GLOBALS;
+
+static void bio_core_globals_free(void *vbcg)
+{
+    OPENSSL_free(vbcg);
+}
+
+static void *bio_core_globals_new(OSSL_LIB_CTX *ctx)
+{
+    return OPENSSL_zalloc(sizeof(BIO_CORE_GLOBALS));
+}
+
+static const OSSL_LIB_CTX_METHOD bio_core_globals_method = {
+    bio_core_globals_new,
+    bio_core_globals_free,
+};
+
+static ossl_inline BIO_CORE_GLOBALS *get_globals(OSSL_LIB_CTX *libctx)
+{
+    return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_BIO_CORE_INDEX,
+                                 &bio_core_globals_method);
+}
+
+static int bio_core_read_ex(BIO *bio, char *data, size_t data_len,
+                            size_t *bytes_read)
+{
+    BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
+
+    if (bcgbl->c_bio_read_ex == NULL)
+        return 0;
+    return bcgbl->c_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read);
+}
+
+static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len,
+                             size_t *written)
+{
+    BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
+
+    if (bcgbl->c_bio_write_ex == NULL)
+        return 0;
+    return bcgbl->c_bio_write_ex(BIO_get_data(bio), data, data_len, written);
+}
+
+static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
+
+    if (bcgbl->c_bio_ctrl == NULL)
+        return -1;
+    return bcgbl->c_bio_ctrl(BIO_get_data(bio), cmd, num, ptr);
+}
+
+static int bio_core_gets(BIO *bio, char *buf, int size)
+{
+    BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
+
+    if (bcgbl->c_bio_gets == NULL)
+        return -1;
+    return bcgbl->c_bio_gets(BIO_get_data(bio), buf, size);
+}
+
+static int bio_core_puts(BIO *bio, const char *str)
+{
+    BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx);
+
+    if (bcgbl->c_bio_puts == NULL)
+        return -1;
+    return bcgbl->c_bio_puts(BIO_get_data(bio), str);
+}
+
+static int bio_core_new(BIO *bio)
+{
+    BIO_set_init(bio, 1);
+
+    return 1;
+}
+
+static int bio_core_free(BIO *bio)
+{
+    BIO_set_init(bio, 0);
+
+    return 1;
+}
+
+static const BIO_METHOD corebiometh = {
+    BIO_TYPE_CORE_TO_PROV,
+    "BIO to Core filter",
+    bio_core_write_ex,
+    NULL,
+    bio_core_read_ex,
+    NULL,
+    bio_core_puts,
+    bio_core_gets,
+    bio_core_ctrl,
+    bio_core_new,
+    bio_core_free,
+    NULL,
+};
+
+const BIO_METHOD *BIO_s_core(void)
+{
+    return &corebiometh;
+}
+
+BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio)
+{
+    BIO *outbio;
+    BIO_CORE_GLOBALS *bcgbl = get_globals(libctx);
+
+    /* Check the library context has been initialised with the callbacks */
+    if (bcgbl->c_bio_write_ex == NULL && bcgbl->c_bio_read_ex == NULL)
+        return NULL;
+
+    if ((outbio = BIO_new_ex(libctx, BIO_s_core())) == NULL)
+        return NULL;
+
+    BIO_set_data(outbio, corebio);
+    return outbio;
+}
+
+int ossl_bio_init_core(OSSL_LIB_CTX *libctx, const OSSL_DISPATCH *fns)
+{
+    BIO_CORE_GLOBALS *bcgbl = get_globals(libctx);
+
+    for (; fns->function_id != 0; fns++) {
+        switch (fns->function_id) {
+        case OSSL_FUNC_BIO_READ_EX:
+            if (bcgbl->c_bio_read_ex == NULL)
+                bcgbl->c_bio_read_ex = OSSL_FUNC_BIO_read_ex(fns);
+            break;
+        case OSSL_FUNC_BIO_WRITE_EX:
+            if (bcgbl->c_bio_write_ex == NULL)
+                bcgbl->c_bio_write_ex = OSSL_FUNC_BIO_write_ex(fns);
+            break;
+        case OSSL_FUNC_BIO_GETS:
+            if (bcgbl->c_bio_gets == NULL)
+                bcgbl->c_bio_gets = OSSL_FUNC_BIO_gets(fns);
+            break;
+        case OSSL_FUNC_BIO_PUTS:
+            if (bcgbl->c_bio_puts == NULL)
+                bcgbl->c_bio_puts = OSSL_FUNC_BIO_puts(fns);
+            break;
+        case OSSL_FUNC_BIO_CTRL:
+            if (bcgbl->c_bio_ctrl == NULL)
+                bcgbl->c_bio_ctrl = OSSL_FUNC_BIO_ctrl(fns);
+            break;
+        }
+    }
+
+    return 1;
+}
diff --git a/crypto/bio/build.info b/crypto/bio/build.info
index 2bee64fc62..ba7e358c29 100644
--- a/crypto/bio/build.info
+++ b/crypto/bio/build.info
@@ -11,7 +11,7 @@ SOURCE[../../libcrypto]=\
 SOURCE[../../libcrypto]=\
         bss_null.c bss_mem.c bss_bio.c bss_fd.c bss_file.c \
         bss_sock.c bss_conn.c bss_acpt.c bss_dgram.c \
-        bss_log.c
+        bss_log.c bss_core.c
 
 # Filters
 SOURCE[../../libcrypto]=\
diff --git a/crypto/context.c b/crypto/context.c
index 39f96366e2..4ea949970a 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -12,6 +12,7 @@
 #include "internal/thread_once.h"
 #include "internal/property.h"
 #include "internal/core.h"
+#include "internal/bio.h"
 
 struct ossl_lib_ctx_onfree_list_st {
     ossl_lib_ctx_onfree_fn *fn;
@@ -184,6 +185,21 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_new(void)
 }
 
 #ifndef FIPS_MODULE
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_DISPATCH *in)
+{
+    OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
+
+    if (ctx == NULL)
+        return NULL;
+
+    if (!ossl_bio_init_core(ctx, in)) {
+        OSSL_LIB_CTX_free(ctx);
+        return NULL;
+    }
+
+    return ctx;
+}
+
 int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file)
 {
     return CONF_modules_load_file_ex(ctx, config_file, NULL, 0) > 0;
diff --git a/doc/build.info b/doc/build.info
index 738f10d5f1..8ee9ca10e3 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -630,6 +630,10 @@ DEPEND[html/man3/BIO_s_connect.html]=man3/BIO_s_connect.pod
 GENERATE[html/man3/BIO_s_connect.html]=man3/BIO_s_connect.pod
 DEPEND[man/man3/BIO_s_connect.3]=man3/BIO_s_connect.pod
 GENERATE[man/man3/BIO_s_connect.3]=man3/BIO_s_connect.pod
+DEPEND[html/man3/BIO_s_core.html]=man3/BIO_s_core.pod
+GENERATE[html/man3/BIO_s_core.html]=man3/BIO_s_core.pod
+DEPEND[man/man3/BIO_s_core.3]=man3/BIO_s_core.pod
+GENERATE[man/man3/BIO_s_core.3]=man3/BIO_s_core.pod
 DEPEND[html/man3/BIO_s_fd.html]=man3/BIO_s_fd.pod
 GENERATE[html/man3/BIO_s_fd.html]=man3/BIO_s_fd.pod
 DEPEND[man/man3/BIO_s_fd.3]=man3/BIO_s_fd.pod
@@ -2851,6 +2855,7 @@ html/man3/BIO_read.html \
 html/man3/BIO_s_accept.html \
 html/man3/BIO_s_bio.html \
 html/man3/BIO_s_connect.html \
+html/man3/BIO_s_core.html \
 html/man3/BIO_s_fd.html \
 html/man3/BIO_s_file.html \
 html/man3/BIO_s_mem.html \
@@ -3437,6 +3442,7 @@ man/man3/BIO_read.3 \
 man/man3/BIO_s_accept.3 \
 man/man3/BIO_s_bio.3 \
 man/man3/BIO_s_connect.3 \
+man/man3/BIO_s_core.3 \
 man/man3/BIO_s_fd.3 \
 man/man3/BIO_s_file.3 \
 man/man3/BIO_s_mem.3 \
diff --git a/doc/man3/BIO_new.pod b/doc/man3/BIO_new.pod
index d75e63bbec..5d14a8d6e1 100644
--- a/doc/man3/BIO_new.pod
+++ b/doc/man3/BIO_new.pod
@@ -2,22 +2,28 @@
 
 =head1 NAME
 
-BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all
+BIO_new_ex, BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all
 - BIO allocation and freeing functions
 
 =head1 SYNOPSIS
 
  #include <openssl/bio.h>
 
- BIO *  BIO_new(const BIO_METHOD *type);
- int    BIO_up_ref(BIO *a);
- int    BIO_free(BIO *a);
- void   BIO_vfree(BIO *a);
- void   BIO_free_all(BIO *a);
+ BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *type);
+ BIO *BIO_new(const BIO_METHOD *type);
+ int BIO_up_ref(BIO *a);
+ int BIO_free(BIO *a);
+ void BIO_vfree(BIO *a);
+ void BIO_free_all(BIO *a);
 
 =head1 DESCRIPTION
 
-The BIO_new() function returns a new BIO using method B<type>.
+The BIO_new_ex() function returns a new BIO using method B<type> associated with
+the library context I<libctx> (see OSSL_LIB_CTX(3)). The library context may be
+NULL to indicate the default library context.
+
+The BIO_new() is the same as BIO_new_ex() except the default library context is
+always used.
 
 BIO_up_ref() increments the reference count associated with the BIO object.
 
@@ -35,7 +41,7 @@ If B<a> is NULL nothing is done.
 
 =head1 RETURN VALUES
 
-BIO_new() returns a newly created BIO or NULL if the call fails.
+BIO_new_ex() and BIO_new() return a newly created BIO or NULL if the call fails.
 
 BIO_up_ref() and BIO_free() return 1 for success and 0 for failure.
 
@@ -53,6 +59,8 @@ on it other than the discarded return value.
 
 BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.
 
+BIO_new_ex() was added in OpenSSL 3.0.
+
 =head1 EXAMPLES
 
 Create a memory BIO:
diff --git a/doc/man3/BIO_s_core.pod b/doc/man3/BIO_s_core.pod
new file mode 100644
index 0000000000..fbcd0b5c9c
--- /dev/null
+++ b/doc/man3/BIO_s_core.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+BIO_s_core, BIO_new_from_core_bio - OSSL_CORE_BIO functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_s_core(void);
+
+ BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio);
+
+=head1 DESCRIPTION
+
+BIO_s_core() returns the core BIO method function.
+
+A core BIO is treated as source/sink BIO which communicates to some external
+BIO. This is primarily useful to provider authors. A number of calls from
+libcrypto into a provider supply an OSSL_CORE_BIO parameter. This represents
+a BIO within libcrypto, but cannot be used directly by a provider. Instead it
+should be wrapped using a BIO_s_core().
+
+Once a BIO is contructed based on BIO_s_core(), the associated OSSL_CORE_BIO
+object should be set on it using BIO_set_data(3). Note that the BIO will only
+operate correctly if it is associated with a library context constructed using
+OSSL_LIB_CTX_new_from_dispatch(3). To associate the BIO with a library context
+construct it using BIO_new_ex(3).
+
+BIO_new_from_core_bio() is a convenience function that constructs a new BIO
+based on BIO_s_core() and that is associated with the given library context. It
+then also sets the OSSL_CORE_BIO object on the BIO using BIO_set_data(3).
+
+=head1 RETURN VALUES
+
+BIO_s_core() return a core BIO B<BIO_METHOD> structure.
+
+BIO_new_from_core_bio() returns a BIO structure on success or NULL on failure.
+A failure will most commonly be because the library context was not constructed
+using OSSL_LIB_CTX_new_from_dispatch(3).
+
+=head1 HISTORY
+
+BIO_s_core() and BIO_new_from_core_bio() were added in OpenSSL 3.0.
+
+=head1 EXAMPLES
+
+Create a core BIO and write some data to it:
+
+ int some_function(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio) {
+     BIO *cbio = BIO_new_from_core_bio(libctx, corebio);
+
+     if (cbio == NULL)
+         return 0;
+
+     BIO_puts(cbio, "Hello World\n");
+
+     BIO_free(cbio);
+     return 1;
+ }
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/OSSL_LIB_CTX.pod b/doc/man3/OSSL_LIB_CTX.pod
index 5ba85cc485..9796c8575c 100644
--- a/doc/man3/OSSL_LIB_CTX.pod
+++ b/doc/man3/OSSL_LIB_CTX.pod
@@ -2,8 +2,9 @@
 
 =head1 NAME
 
-OSSL_LIB_CTX, OSSL_LIB_CTX_new, OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config,
-OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default
+OSSL_LIB_CTX, OSSL_LIB_CTX_new, OSSL_LIB_CTX_new_from_dispatch,
+OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config, OSSL_LIB_CTX_get0_global_default,
+OSSL_LIB_CTX_set0_default
 - OpenSSL library context
 
 =head1 SYNOPSIS
@@ -13,6 +14,7 @@ OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default
  typedef struct ossl_lib_ctx_st OSSL_LIB_CTX;
 
  OSSL_LIB_CTX *OSSL_LIB_CTX_new(void);
+ OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_DISPATCH *in);
  int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
  void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx);
  OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
@@ -32,6 +34,13 @@ See L<OPENSSL_thread_stop_ex(3)> for more information.
 
 OSSL_LIB_CTX_new() creates a new OpenSSL library context.
 
+OSSL_LIB_CTX_new_from_dispatch() creates a new OpenSSL library context
+initialised to use callbacks from the OSSL_DISPATCH structure. This is primarily
+useful for provider authors. The dispatch structure passed should be the same
+one as passed to a provider's OSSL_provider_init function in the I<in> argument.
+Some OpenSSL functions, such as L<BIO_new_from_core_bio(3)>, require the library
+context to be created in this way in order to work.
+
 OSSL_LIB_CTX_load_config() loads a configuration file using the given C<ctx>.
 This can be used to associate a library context with providers that are loaded
 from a configuration.
@@ -69,9 +78,7 @@ OSSL_LIB_CTX_free() doesn't return any value.
 
 =head1 HISTORY
 
-OSSL_LIB_CTX, OSSL_LIB_CTX_new(), OSSL_LIB_CTX_load_config(),
-OSSL_LIB_CTX_free(), OSSL_LIB_CTX_get0_global_default() and
-OSSL_LIB_CTX_set0_default() were added in OpenSSL 3.0.
+All of the functions described on this page were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/include/internal/bio.h b/include/internal/bio.h
index b905845a1a..2d36a7b980 100644
--- a/include/internal/bio.h
+++ b/include/internal/bio.h
@@ -86,4 +86,6 @@ int ossl_core_bio_up_ref(OSSL_CORE_BIO *cb);
 int ossl_core_bio_free(OSSL_CORE_BIO *cb);
 int ossl_core_bio_vprintf(OSSL_CORE_BIO *cb, const char *format, va_list args);
 
+int ossl_bio_init_core(OSSL_LIB_CTX *libctx, const OSSL_DISPATCH *fns);
+
 #endif
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index e7dd1f65b4..d583153b89 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -156,14 +156,15 @@ typedef struct ossl_ex_data_global_st {
 # define OSSL_LIB_CTX_RAND_CRNGT_INDEX               7
 # define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX     8
 # define OSSL_LIB_CTX_FIPS_PROV_INDEX                9
-# define OSSL_LIB_CTX_ENCODER_STORE_INDEX        10
-# define OSSL_LIB_CTX_DECODER_STORE_INDEX      11
+# define OSSL_LIB_CTX_ENCODER_STORE_INDEX           10
+# define OSSL_LIB_CTX_DECODER_STORE_INDEX           11
 # define OSSL_LIB_CTX_SELF_TEST_CB_INDEX            12
 # define OSSL_LIB_CTX_BIO_PROV_INDEX                13
 # define OSSL_LIB_CTX_GLOBAL_PROPERTIES             14
 # define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX      15
 # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX           16
-# define OSSL_LIB_CTX_MAX_INDEXES                   17
+# define OSSL_LIB_CTX_BIO_CORE_INDEX                17
+# define OSSL_LIB_CTX_MAX_INDEXES                   18
 
 typedef struct ossl_lib_ctx_method {
     void *(*new_func)(OSSL_LIB_CTX *ctx);
diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
index 336e386459..66ebfc5c7e 100644
--- a/include/openssl/bio.h.in
+++ b/include/openssl/bio.h.in
@@ -30,6 +30,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
 
 # include <openssl/crypto.h>
 # include <openssl/bioerr.h>
+# include <openssl/core.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -66,7 +67,7 @@ extern "C" {
 # ifndef OPENSSL_NO_SCTP
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
-# define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_FILTER)
+# define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_SOURCE_SINK)
 
 #define BIO_TYPE_START           128
 
@@ -590,9 +591,11 @@ int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
 
 const BIO_METHOD *BIO_s_file(void);
 BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio);
 # ifndef OPENSSL_NO_STDIO
 BIO *BIO_new_fp(FILE *stream, int close_flag);
 # endif
+BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method);
 BIO *BIO_new(const BIO_METHOD *type);
 int BIO_free(BIO *a);
 void BIO_set_data(BIO *a, void *ptr);
@@ -651,6 +654,7 @@ const BIO_METHOD *BIO_f_readbuffer(void);
 const BIO_METHOD *BIO_f_linebuffer(void);
 const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);
+const BIO_METHOD *BIO_s_core(void);
 # ifndef OPENSSL_NO_DGRAM
 const BIO_METHOD *BIO_s_datagram(void);
 int BIO_dgram_non_fatal_error(int error);
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
index ec6f94d985..e868172acc 100644
--- a/include/openssl/crypto.h.in
+++ b/include/openssl/crypto.h.in
@@ -517,6 +517,7 @@ CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
 int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
 
 OSSL_LIB_CTX *OSSL_LIB_CTX_new(void);
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_DISPATCH *in);
 int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
 void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
diff --git a/test/bio_core_test.c b/test/bio_core_test.c
new file mode 100644
index 0000000000..9ec8af9b8f
--- /dev/null
+++ b/test/bio_core_test.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/bio.h>
+#include "testutil.h"
+
+struct ossl_core_bio_st {
+    int dummy;
+    BIO *bio;
+};
+
+static int tst_bio_core_read_ex(OSSL_CORE_BIO *bio, char *data, size_t data_len,
+                                size_t *bytes_read)
+{
+    return BIO_read_ex(bio->bio, data, data_len, bytes_read);
+}
+
+static int tst_bio_core_write_ex(OSSL_CORE_BIO *bio, const char *data,
+                                 size_t data_len, size_t *written)
+{
+    return BIO_write_ex(bio->bio, data, data_len, written);
+}
+
+static int tst_bio_core_gets(OSSL_CORE_BIO *bio, char *buf, int size)
+{
+    return BIO_gets(bio->bio, buf, size);
+}
+
+static int tst_bio_core_puts(OSSL_CORE_BIO *bio, const char *str)
+{
+    return BIO_puts(bio->bio, str);
+}
+
+static long tst_bio_core_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr)
+{
+    return BIO_ctrl(bio->bio, cmd, num, ptr);
+}
+
+static const OSSL_DISPATCH biocbs[] = {
+    { OSSL_FUNC_BIO_READ_EX, (void (*)(void))tst_bio_core_read_ex },
+    { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))tst_bio_core_write_ex },
+    { OSSL_FUNC_BIO_GETS, (void (*)(void))tst_bio_core_gets },
+    { OSSL_FUNC_BIO_PUTS, (void (*)(void))tst_bio_core_puts },
+    { OSSL_FUNC_BIO_CTRL, (void (*)(void))tst_bio_core_ctrl },
+    { 0, NULL }
+};
+
+static int test_bio_core(void)
+{
+    BIO *cbio = NULL, *cbiobad = NULL;
+    OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(biocbs);
+    int testresult = 0;
+    OSSL_CORE_BIO corebio;
+    const char *msg = "Hello world";
+    char buf[80];
+
+    corebio.bio = BIO_new(BIO_s_mem());
+    if (!TEST_ptr(corebio.bio)
+            || !TEST_ptr(libctx)
+               /*
+                * Attempting to create a corebio in a libctx that was not
+                * created via OSSL_LIB_CTX_new_from_dispatch() should fail.
+                */
+            || !TEST_ptr_null((cbiobad = BIO_new_from_core_bio(NULL, &corebio)))
+            || !TEST_ptr((cbio = BIO_new_from_core_bio(libctx, &corebio))))
+        goto err;
+
+    if (!TEST_int_gt(BIO_puts(corebio.bio, msg), 0)
+               /* Test a ctrl via BIO_eof */
+            || !TEST_false(BIO_eof(cbio))
+            || !TEST_int_gt(BIO_gets(cbio, buf, sizeof(buf)), 0)
+            || !TEST_true(BIO_eof(cbio))
+            || !TEST_str_eq(buf, msg))
+        goto err;
+
+    buf[0] = '\0';
+    if (!TEST_int_gt(BIO_write(cbio, msg, strlen(msg) + 1), 0)
+            || !TEST_int_gt(BIO_read(cbio, buf, sizeof(buf)), 0)
+            || !TEST_str_eq(buf, msg))
+        goto err;
+
+    testresult = 1;
+ err:
+    BIO_free(cbiobad);
+    BIO_free(cbio);
+    BIO_free(corebio.bio);
+    OSSL_LIB_CTX_free(libctx);
+    return testresult;
+}
+
+int setup_tests(void)
+{
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+
+    ADD_TEST(test_bio_core);
+    return 1;
+}
diff --git a/test/build.info b/test/build.info
index 98b94801e1..2279b4e14d 100644
--- a/test/build.info
+++ b/test/build.info
@@ -44,7 +44,7 @@ IF[{- !$disabled{tests} -}]
           packettest asynctest secmemtest srptest memleaktest stack_test \
           dtlsv1listentest ct_test threadstest afalgtest d2i_test \
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
-          bio_callback_test bio_memleak_test param_build_test \
+          bio_callback_test bio_memleak_test bio_core_test param_build_test \
           bioprinttest sslapitest dtlstest sslcorrupttest \
           bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
           cipherbytes_test \
@@ -320,6 +320,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[bioprinttest]=../include ../apps/include
   DEPEND[bioprinttest]=../libcrypto libtestutil.a
 
+  SOURCE[bio_core_test]=bio_core_test.c
+  INCLUDE[bio_core_test]=../include ../apps/include
+  DEPEND[bio_core_test]=../libcrypto libtestutil.a
+
   SOURCE[params_api_test]=params_api_test.c
   INCLUDE[params_api_test]=../include ../apps/include
   DEPEND[params_api_test]=../libcrypto libtestutil.a
diff --git a/test/recipes/04-test_bioprint.t b/test/recipes/04-test_bio_core.t
similarity index 88%
copy from test/recipes/04-test_bioprint.t
copy to test/recipes/04-test_bio_core.t
index 4d5efc690d..0d8806b8ec 100644
--- a/test/recipes/04-test_bioprint.t
+++ b/test/recipes/04-test_bio_core.t
@@ -9,4 +9,4 @@
 
 use OpenSSL::Test::Simple;
 
-simple_test("test_bioprint", "bioprinttest");
+simple_test("test_bio_core", "bio_core_test");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index d8a8eca05f..835b06b20b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5395,3 +5395,7 @@ PKCS5_pbe_set0_algor_ex                 ?	3_0_0	EXIST::FUNCTION:
 PKCS5_pbe_set_ex                        ?	3_0_0	EXIST::FUNCTION:
 PKCS5_pbe2_set_iv_ex                    ?	3_0_0	EXIST::FUNCTION:
 PKCS5_pbkdf2_set_ex                     ?	3_0_0	EXIST::FUNCTION:
+BIO_new_from_core_bio                   ?	3_0_0	EXIST::FUNCTION:
+BIO_new_ex                              ?	3_0_0	EXIST::FUNCTION:
+BIO_s_core                              ?	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_new_from_dispatch          ?	3_0_0	EXIST::FUNCTION:

From tomas at openssl.org  Tue May  4 11:14:52 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 04 May 2021 11:14:52 +0000
Subject: [openssl]  master update
Message-ID: <1620126892.166681.5714.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bad0d6c789b28526d7becec046ab7c80280c2110 (commit)
      from  f9548d21bae8667b71254d82478e0094a5a3982d (commit)


- Log -----------------------------------------------------------------
commit bad0d6c789b28526d7becec046ab7c80280c2110
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 4 12:28:42 2021 +0200

    fips-checksums: The define for fips module is FIPS_MODULE
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15132)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips-sources.checksums | 160 +++++++++++++++++++--------------------
 providers/fips.checksum          |   2 +-
 util/fips-checksums.sh           |   2 +-
 3 files changed, 82 insertions(+), 82 deletions(-)

diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 50d19c5117..8c46849215 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -67,9 +67,9 @@ d95277a3d7635a1f6a2613ba954606ae3c4bb260d11c85612ae83a05a726d03c  crypto/bn/bn_a
 6baa367447c968066e25934b0d00d3525b78ba00f733a5597988e810941dff88  crypto/bn/bn_asm.c
 e263280dcd108a479b0ec60069ae7e74893135f6253bac4094279d2cf30557a8  crypto/bn/bn_blind.c
 7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6  crypto/bn/bn_const.c
-354b467799488fabfc15597b0b16cfde805826ba1b7ab6ba78ac2d1606337f1a  crypto/bn/bn_conv.c
-ac212b69f4958abaedae9a830fd5084a8e9e166b748b9f3cacfaa2dae77a5570  crypto/bn/bn_ctx.c
-55349393c0a3f73edfe8a8b9953bd13cbda6186dbeb097e71748885947f672ed  crypto/bn/bn_dh.c
+d66453ceb0a1be02a9cd2aef0ceec5943a2b9ec42e2fe66c13d03bb669389749  crypto/bn/bn_conv.c
+2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a  crypto/bn/bn_ctx.c
+d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16  crypto/bn/bn_dh.c
 034baac767c911705235da9507e0b9d029ec3746c5469069a110ed899cf7ddff  crypto/bn/bn_div.c
 fb4104aa82438b5dda1592a7d41e8936356734801b26f864c22264615cb4df4d  crypto/bn/bn_exp.c
 4a0295e30ac91bfbfdcd3f2d0cbd5eaf4f5a44b4bba3135b137a692394a2f897  crypto/bn/bn_exp2.c
@@ -83,8 +83,8 @@ dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d  crypto/bn/bn_k
 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60  crypto/bn/bn_mpi.c
 02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e  crypto/bn/bn_mul.c
 0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1  crypto/bn/bn_nist.c
-b5ef389b9dd161d72d3e1c09ed8994112b6fe186294fd83139ed45729a7f5e64  crypto/bn/bn_prime.c
-27c2196707a7b08cf2f04ee1a79212754196eeae5af2fa5048adac3072616399  crypto/bn/bn_rand.c
+2567f88812ba315eca454659a9d2eaeacc8d1753c9c19866ff00d2beed707636  crypto/bn/bn_prime.c
+cb27f0d2cc9d2d5f82b40378517e26fe2d9a5092f50fd26cdf648ae954190f2b  crypto/bn/bn_rand.c
 2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa  crypto/bn/bn_recp.c
 4e3d0ebda2d250887634ab491b398a71778431b3db4bc1eb329542f4bd0798cc  crypto/bn/bn_rsa_fips186_4.c
 9bbad44e0007a2a7f6caaa1a9c6a9d4e667afdac898b32598483ae336479cb72  crypto/bn/bn_shift.c
@@ -96,10 +96,10 @@ ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05  crypto/bn/rsaz
 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea  crypto/bsearch.c
 c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
 35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c  crypto/cmac/cmac.c
-7f530e7d0fc7953aa6b70749796d31c1a03aa34e79a7dfd8b625a786e44c6171  crypto/context.c
+f63058e3d3df38f44856f062b7e67d58681488dbe7f27d90979cc4afdfe4a395  crypto/context.c
 0a27ead487bd4775cece449dab53ca5aa9d1997012c85b1dcd2178d3b851dd94  crypto/core_algorithm.c
 2185a7d136ee77725fc1b8a6b401bebceeeddc067eea0482e0ab2916ce550e78  crypto/core_fetch.c
-4ccc57e4bbd46b56c481a3e3c0c105ee27e82a87909637b75e605274e7f3cb44  crypto/core_namemap.c
+66d5fa1814ec1c80c1635dad5d4311722d20890afe44133f958a4be4447b8252  crypto/core_namemap.c
 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3  crypto/cpuid.c
 7c5237bdc26eca21d4ccb25f13569e217103fe21574157b813c2aecd05983472  crypto/cryptlib.c
 53529f4e0575dd83b45a53e852fcec512ada53dd6979268e473885f139b8e0b9  crypto/ctype.c
@@ -108,19 +108,19 @@ b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1  crypto/des/des
 eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81  crypto/des/ecb3_enc.c
 cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69  crypto/des/fcrypt_b.c
 5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1  crypto/des/set_key.c
-47035cde6151da2aaabd614990d47de63550fed2561900559bd75305dd3856c8  crypto/dh/dh_backend.c
-3f4f990509263483f3c0a57c2d40809eb5680d57197370314f94bc79f0389bed  crypto/dh/dh_check.c
-e6aa1e0379f298dd4250a376f3854db5d919d8b9557f3935b764b4b8ccd24de9  crypto/dh/dh_gen.c
+25a73e1a14ffb43b39c6829aa51a22a43322fc5d9ec0fa47996ab85323fb074c  crypto/dh/dh_backend.c
+62f6652a60a8e20fc10a67cdcfd0de1c18f2ba7ad7ab4b2fb1c11b059755704c  crypto/dh/dh_check.c
+7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120  crypto/dh/dh_gen.c
 ffe31cb7c0cd887d051867dfc37cce18a406c78c446f2a186d1f20247a5c914d  crypto/dh/dh_group_params.c
-6cbd1c6126feacd033e31412b3f38b1ef6909d44696864a2a63e86b8154fc1f4  crypto/dh/dh_kdf.c
-2081bc70acd44998e750fa0f128fee7eed7a0e8745b45297e447a2e9dc95382e  crypto/dh/dh_key.c
-ce4d65315a746e1a65d3d151eec1c7fd39a9ddf445f2677a413ca1a7ecee6d7b  crypto/dh/dh_lib.c
-7d13f96896d5ba05342ab6913ceff3c1d0bab84b2e8fef1efa21bb155d5089af  crypto/dsa/dsa_backend.c
+c36310300c969a5096a67b5845f91b10acf1717cc2a192deaa8a2ff686796080  crypto/dh/dh_kdf.c
+959aef279023358d5bd4661f132ad809c7f62e4f7bea3d1f25006ff15e75e92b  crypto/dh/dh_key.c
+60c95e4ee43229d900317727df644347f41a065dd95e899d52696080bd6a988f  crypto/dh/dh_lib.c
+27d0ea795bb7f571ba37b7460eee63608b9089a95337491c0980b91135563e15  crypto/dsa/dsa_backend.c
 b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7  crypto/dsa/dsa_check.c
-655b5bbc0bc5994ff5f1a77e86a396c4f7dfc9a46a8d9ac0aa8075ff85342233  crypto/dsa/dsa_gen.c
-baa0b1c0a1f08975b2210926aeec7b98413f1d3467b490a3a0680496bd988cb0  crypto/dsa/dsa_key.c
-5f27ca73fc4c11fb7f88d4874de22e525ce5f5e41bdd10e035453333c5190712  crypto/dsa/dsa_lib.c
-fcbed2c442029ce1cdb2a3ea84aab9c70df7b43a65013edb30f7d3bc060e34c6  crypto/dsa/dsa_ossl.c
+ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58  crypto/dsa/dsa_gen.c
+48e489ffbd49633a879554c895f57083b48cd8704b21cd6af8ed1e2417ba57ca  crypto/dsa/dsa_key.c
+c6b05c784a18e7b9f2d8dfcca8e93eb445b02c9e9eaa64087e00fb44f233962e  crypto/dsa/dsa_lib.c
+f79b00636aeb1dbfa67f0d6fab3835b576f59957f476467cbfb8ead2469f6514  crypto/dsa/dsa_ossl.c
 b57b648524bc7dd98f8e2737f4e87b5578c7921df59b1df4a03a34e23e977e8a  crypto/dsa/dsa_sign.c
 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1  crypto/dsa/dsa_vrf.c
 78ad06b88fcc8689a3a846b82f9ee01546e5734acd1bccf2494e523b71dc74d1  crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -139,18 +139,18 @@ eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51  crypto/ec/curv
 a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f  crypto/ec/curve448/eddsa.c
 d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curve448/f_generic.c
 7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93  crypto/ec/curve448/scalar.c
-183589a8b496a07262821ce0bc49ffb35d0c4a6079d6845a9ce9cc360fda1d3d  crypto/ec/ec2_oct.c
-2488744af4b5ea50bcd1fb4419f2baf780b23b2077f11ebd16ff5cfeb3cb6820  crypto/ec/ec2_smpl.c
-fb58b7de435bd680a5d8c8ccee332e2bc6732fad714bb3ff672985b9c28bb6c7  crypto/ec/ec_asn1.c
-35a99d84388d7140084e565cbc0a7f57f1636d26e31fab342613d2c658b7cc7d  crypto/ec/ec_backend.c
-b54f29cafcc823b7ae1e3b7b52c4499c0d128a3c125bde5bcb245f6d441dcbee  crypto/ec/ec_check.c
-40d58e55ad3a54716b4c4d4c1c3730b07c07918f0ff3c5be965b4c5f47190b4b  crypto/ec/ec_curve.c
+ed003170c5eaaaa4a33f4ef37b43465f2ba7a5fa5fec2d7d17c1e0897ea818d7  crypto/ec/ec2_oct.c
+7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
+69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
+5083d893493e7aba1ce6c3b70d1ce164483b6b0e78afe8651e67f8d3b8c8ce6d  crypto/ec/ec_backend.c
+86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
+845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
 06fa7c8f23374ab9c1006d6fd65ee95dac3a3fae036ea6f14399c1a5cc0c7d00  crypto/ec/ec_deprecated.c
-4802e8ff248ed63721e662ac03dd691824f1ef169af8d64001a57e99edec2133  crypto/ec/ec_key.c
-25ec40a6ac424eef88bceb5375b91a289b1b0f68c00513d7e1f3b656825e4560  crypto/ec/ec_kmeth.c
-6e88bdfe4e20583caf1c5748bccfec75815d7fc96c8c506410a8279e344be1a0  crypto/ec/ec_lib.c
-a2aeb54b55b5ccc52e2a9b6410df395a6f41e1cb277253a38e86252479e62ed6  crypto/ec/ec_mult.c
+2103bb62699b1a0ca4e3f75bd1697d856a9afd7f0051d49e433cf69d62d53e2a  crypto/ec/ec_key.c
+7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68  crypto/ec/ec_kmeth.c
+90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908  crypto/ec/ec_lib.c
+58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0  crypto/ec/ec_mult.c
 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166  crypto/ec/ec_oct.c
 ccbf1f7dcba81cb40c07619120e9c330e06e1e7c788ca8912f0f4b1d25bd3f7c  crypto/ec/ec_print.c
 4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73  crypto/ec/ecdh_kdf.c
@@ -161,44 +161,44 @@ f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35  crypto/ec/ecds
 c07f9f7cfb27ce2735cad06f16d3e5f270b79ac31a0f9b6e44945f2c040f6258  crypto/ec/ecp_mont.c
 f679269eec6f67ab7f859eca39cad7cc5ff2ba70e2f884eed9eadc9057c01272  crypto/ec/ecp_nist.c
 03f7a0e38ce53a90b388b5c3e6d33629ed650b9ad6f5f722e8993e045ef31e27  crypto/ec/ecp_nistz256.c
-3f1b74a2e0dc8ff1665cf780e0d7ff40ed7f4315fa94dcbbd0b9fc58d4fadac0  crypto/ec/ecp_oct.c
+3f272e4a973b429d679f85c961dcf03f02d4ef62004d98849321d2fa6d7efaad  crypto/ec/ecp_oct.c
 fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_smpl.c
-a43d63e981bdd6c470832bd2eb83164ed1f668d95bc47fc8710f7ee18f43b860  crypto/ec/ecx_backend.c
+4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d  crypto/ec/ecx_backend.c
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
 2aacf20d2b9ff0d11b0b4869c530685558ad8898da11391978322b606a0133ba  crypto/evp/cmeth_lib.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
-4b2cc019a6a924d277ebce6565b5110d32a12199f471ccfae6fbbd1bbdbe53cd  crypto/evp/digest.c
+4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531  crypto/evp/digest.c
 87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
-7c00d1b38b18d0bd92be2b0577e44e9d4ebc6603689f77da7e7702a042b0a8e5  crypto/evp/evp_enc.c
+c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
 9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561  crypto/evp/evp_fetch.c
-22a08831e55565d9d52be80a6622b4d471340cf135b7247db77492e4fc3bd2b5  crypto/evp/evp_lib.c
-b628bc6fb92bb6fb27a05c368a03b933e7004cae17371cd996f4eacaf2144809  crypto/evp/evp_rand.c
+c1017021bfff5cd76ac66e08ece80c78cbb9551194a4560c84ad0ad75d46511f  crypto/evp/evp_lib.c
+af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
-abd4c5f0521f2a422c5e7bb68023e5a6fb46958ceeb5f407d964ac7163043261  crypto/evp/exchange.c
+896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a  crypto/evp/exchange.c
 58d0d29f105ef3cd38b790644b608f58e08289c4c52597769144be96c3e9cd26  crypto/evp/kdf_lib.c
 3fdce072607e5060d91fd1ba3d70ae75a13590051072b6010be0ab62b00ddd6f  crypto/evp/kdf_meth.c
 9627b89aa6a27fa96116964cbbe377ae283c46445887e4e8c2a5183aeb102789  crypto/evp/kem.c
 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670  crypto/evp/keymgmt_lib.c
 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535  crypto/evp/keymgmt_meth.c
-39ae1143109929faf7c85e9fe6e01fac2d6a16a76a9ff597e03f83b5eea30b89  crypto/evp/m_sigver.c
+9fd78bfd59378fc4a9f56ce474310d8d2851aa42862c694ee0e47b175e836c51  crypto/evp/m_sigver.c
 a661a25d70af7eb79d1dd76ea1595c370c266307e20ee2e60074216672286a71  crypto/evp/mac_lib.c
 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
-bec9337e5c1ff13890285285570ee56f661bacac6ca49c6dec95dc55d713b435  crypto/evp/p_lib.c
-cdce204a7d27adfb1695a88907046c98df91daf2a8820efbdedc01a646e9f10d  crypto/evp/pmeth_check.c
-c2202e859552cf3bcdead90215c69ca339133b60d4878b7e5a601d4596d9eab6  crypto/evp/pmeth_gn.c
-8f572b1a89729282c835072fc578549ca648d64d7a1590b016f7e23139f861ec  crypto/evp/pmeth_lib.c
-9b1c860edb2e589fb9e90fd2c9c1f80d98258c97aacc8f298f760e1222f8eb9b  crypto/evp/signature.c
+f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5  crypto/evp/p_lib.c
+b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pmeth_check.c
+d22e6f5041a894b7e8433c1be4c5f1bc5897453bcbdd66bbc8cbfba854f7fd74  crypto/evp/pmeth_gn.c
+12b8e891dc2f3a1cf8365d9fddd319343dc229d3e60149c51b5ae9df9b6b504d  crypto/evp/pmeth_lib.c
+52d8ea3b8b3ef52b58306b0fbd4557d682ba69a5384672ba7e1682c9a853f417  crypto/evp/signature.c
 e0a58ecf268c6bec531898d8fe6b148601b0bed8324fa8d5668de643c027606b  crypto/ex_data.c
 ae496cbb92b8664bb729997a241d12cc515a3944d66fe87b0c6e24f1011e061f  crypto/ffc/ffc_backend.c
-bb6d97150e6b03e684b044e396b60826b6ca47554e2c477e2c26479dcbaefd03  crypto/ffc/ffc_dh.c
+ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc_dh.c
 8390c3015b5bb7f65a5cde533390788e7e61e381823c58c2e7caf8e50ca63a3b  crypto/ffc/ffc_key_generate.c
 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b  crypto/ffc/ffc_key_validate.c
-9c55a46ef9c08b8fa1b03b98f5424f44e411963578ae97488270dde393ea894f  crypto/ffc/ffc_params.c
-643b2798486dfdd70472590541407fa22714b73022f2666a297c09c94656b501  crypto/ffc/ffc_params_generate.c
-aff884b4b7e48bacce4312fa2a7f9f07e2c6a8d9698ebbdab91af0f0fb1384dd  crypto/ffc/ffc_params_validate.c
+a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52  crypto/ffc/ffc_params.c
+887357f0422954f2ecb855d468ad2456a76372dc401301ba284c0fd8c6b5092e  crypto/ffc/ffc_params_generate.c
+73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
 84d8ae0141a79548ad65b31fe4673e8603930f942f21f3a7623e23f539799764  crypto/hmac/hmac.c
-1bede3da0f157d766132693f679cef49b02af2601406b04eecfab1fbd8d469bf  crypto/initthread.c
+7000ba81f54c1d516a536bc6e96ad3729e3b5b15740006c2e22f0b76606042d6  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
 b0662fd0dddbac0379be51cee8ccb0384d819f52780a5c7b0b3fcdde145fa7bf  crypto/md5/asm/md5-586.pl
 2a31a7f88d948192d6b7c10822c72cf40f215f32909014a2babc3955dafa1593  crypto/md5/asm/md5-sparcv9.pl
@@ -237,30 +237,30 @@ c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb  crypto/param_b
 d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_from_text.c
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 098d0722daac442b8b6a6fc0aa6c4a4c49f9329426c3e2db9ebf71fe32376e4c  crypto/property/defn_cache.c
-f0fe76d4f70ecdba0206ec68ef57758f4482575ccdd7d9d3354681f37f795d4a  crypto/property/property.c
+737b1c67d0ee94f084d4b53d06c9561e10b802ddd61cada41f4ca2b7a9f8b4d1  crypto/property/property.c
 51bc907d992893f03f35774178d2c8dc98cf3cf9503ff839ee1561640e6b274a  crypto/property/property_parse.c
 4941717698573a86d589fbec5002471cb4011e9a1840111a3ddccecc861a3af5  crypto/property/property_string.c
-4bcf05e8736b64c9c4b4862513e48d788f8278681b6c9fef978788c3064a3f3d  crypto/provider_core.c
-dde1c2cd0cb5f4b9a76dc86d217926ceb3a92ba419a0c5cd1c215c9db445dd4e  crypto/provider_predefined.c
-707149c9fde50e1857bafbd0ca289062fd7d74db26f00399ba2243c56c89ef23  crypto/rand/rand_lib.c
-048affe680e74a225faa152ea703a9168de6d6074887ff5978c1878efaac3041  crypto/rand/rand_meth.c
-13604b9c58fff70249eca4399da00a61141ea38ac30feeff7ecbd84b65ee43e9  crypto/rsa/rsa_backend.c
-89085cbed306409d519ab9fba596dcbb5bcad02837855e35a64577acf33df79d  crypto/rsa/rsa_chk.c
+b02ed771d70b1d2faf17bc3de261e8dfe67d847aa38fd65e1712491ea540d968  crypto/provider_core.c
+3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
+4fec006dc82d1bc5c03aa1b6d011b670bed67fad12b73823eb6767afc4f241f3  crypto/rand/rand_lib.c
+f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde  crypto/rand/rand_meth.c
+a6841319cb6e9970a3c3f8adb619086310e4b56d1f52448ef2e2caaeface4146  crypto/rsa/rsa_backend.c
+38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e  crypto/rsa/rsa_chk.c
 e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce  crypto/rsa/rsa_crpt.c
-fbeb40c9fa91fc05e667b7f00a21e1d8ee6b0dae55771485d9f813230a2b5a32  crypto/rsa/rsa_gen.c
-3d9f454620d0a5cccad93ef25e8c55151db3a44af2960a880f3e5622c9cea2b3  crypto/rsa/rsa_lib.c
-5a3052ced3dabebc6b9d53cf22aeaf13bd52e9fdb69d84c4f0ea79c1f5b3f8d7  crypto/rsa/rsa_mp_names.c
+f8d4b3f44e556eae4d1ec75c5cfd8442e8a509aafdd9fc2c8aea266a5391afba  crypto/rsa/rsa_gen.c
+bb2dc750739c26e0458f50544efc3c11a4e66b3f9d3002fa4a9515881b88781d  crypto/rsa/rsa_lib.c
+cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00  crypto/rsa/rsa_mp_names.c
 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5  crypto/rsa/rsa_none.c
-bd98b457bf8926e8277065faa12e240c93ad0589daf243e441b7301e8d455f6b  crypto/rsa/rsa_oaep.c
-cfa0e6689e68ff21cf261af48560b0a50e12c1960514d562c95f8fd5aa49a9d7  crypto/rsa/rsa_ossl.c
-c0f3c29c9ca213a04f3538514c85dd4186e07bb8dbefb3e16751218b97496ddb  crypto/rsa/rsa_pk1.c
+b27d572bde071d09ca58b31bab6a2635552d4464d44aa99cbc73b56fdc3f4399  crypto/rsa/rsa_oaep.c
+2ddaefe005e83081c5f7f1bdd4eb060d89e00bcb192be97e0d8bbd2806313c6e  crypto/rsa/rsa_ossl.c
+6182b0ee592e71bd91109d83807b448665053bf144b2e4a4f6eac45e55762979  crypto/rsa/rsa_pk1.c
 0c2e3fea08af73404d348293aa62652bc93feade424f3516e06e86ba64518236  crypto/rsa/rsa_pss.c
 bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170  crypto/rsa/rsa_schemes.c
-abfbd8a1bc7b5b7c20eda1cb0fddeca6e3f14201a5188778a36e456097eaf45b  crypto/rsa/rsa_sign.c
-47752d347d794fb0bdb659068c3f39094c5dee76081b92a553d4e6a69ededdea  crypto/rsa/rsa_sp800_56b_check.c
-14585ae4ac2902beea057bfc91111f5c523b28a5a53b558689697e666602f9f3  crypto/rsa/rsa_sp800_56b_gen.c
+de9161eecc7e99baa834d6f6e2baf96e291dd3da3586ddda396da77fcc3a94de  crypto/rsa/rsa_sign.c
+e8eb16af2cbfaf23731b96073750562938f168989d1460b7f522628d87e8e8a0  crypto/rsa/rsa_sp800_56b_check.c
+3b587f44bfa6315e0c21dab54be522aac1346f489f3b388105eb5b7f5e7a3ef6  crypto/rsa/rsa_sp800_56b_gen.c
 1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc  crypto/rsa/rsa_x931.c
-4e9483f8cd8d78a7098ff014bb7fd3093f2032db88bf6dac753c7502dd70aeac  crypto/self_test_core.c
+5fa59240ca885cbc0c1cd026934b226d44fc9c3fdf0c2e7e3a7bd7f4963ca2e5  crypto/self_test_core.c
 05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31  crypto/sha/asm/keccak1600-armv4.pl
 ca3b2b654f9a8c4bc2fa2538c1f19d17acd4a6b9e0df6a4b81df04efa697e67e  crypto/sha/asm/keccak1600-armv8.pl
 ef575a7fb4956cc3be4ef10a6aeaa10702eadfc92c86167880690320ce942b26  crypto/sha/asm/keccak1600-avx2.pl
@@ -312,25 +312,25 @@ b40bd40b91a2ecdba63777758f84c5405a92e673636dba2cb83512c34aae3882  crypto/sha/sha
 32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df  crypto/stack/stack.c
 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8  crypto/threads_lib.c
 a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c  crypto/threads_none.c
-9ad1649f07fbe4475a91472d056ab5e355973a1d92998220a0d4489e3d857463  crypto/threads_pthread.c
+5f5737f17902bf5b2ad0ebe22fec2831e4dbb61df1632d27c6360dccf330335b  crypto/threads_pthread.c
 60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a  crypto/threads_win.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
-df47f11a262e8c68abd885f291083f1ae4e7de965c654704b8589543d71c34d2  providers/common/bio_prov.c
-c972a49b5b9100fb220c8693c2b83c6f20fcd9ca7c69dc5a7db15936999f19b0  providers/common/capabilities.c
+c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13  providers/common/bio_prov.c
+9cf5f2b733755c0476141ccda0729e8c5e15fa7445d5168939b70867eac4482b  providers/common/capabilities.c
 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae  providers/common/der/der_dsa_key.c
 2529d253b3e45c33249461fdedb2c32b3c16a7a305fe4920f2a79e7b3f16ed3f  providers/common/der/der_dsa_sig.c
 b8f2f94daeaf20c636c90e386284c246cfded0c8275411fa02fe68b534520b95  providers/common/der/der_ec_key.c
 9104cd39dddd6e1a6e8f267656482131f4d0765e96fdced1f7344817a1c8ed7e  providers/common/der/der_ec_sig.c
 f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1  providers/common/der/der_ecx_key.c
 3ba47f32b30f5540a34b3a8df7a4fd966aab9abcbb2b643af75a83a9ccda1df0  providers/common/der/der_rsa_key.c
-a7becfc857365e64336a98bdb3565697caa4f6cc6692b298f56b530f5e2e0d81  providers/common/der/der_rsa_sig.c
+7e8d579986f53eaf1875d677e5cf4adfd4ccf79db0275368f6cac580ab6007ca  providers/common/der/der_rsa_sig.c
 9c9572d26ec41df0418547352dbdef353ecf9a2a633889dc494084ee9fe6b1d3  providers/common/der/der_sm2_key.c
 390b2b6ba321bddc416688d4a51d9e04db7d84d4f398947d496d043e8fb22a01  providers/common/der/der_sm2_sig.c
 d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/common/digest_to_nid.c
 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143  providers/common/provider_ctx.c
 fcbb0f2859f28ea1eb3922447bb96588d2097695f9ce23c3c64025bfbe9d2bad  providers/common/provider_err.c
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
-fee6720c5f6afe041103dfdbc9e4fef346c32afc0a1d34beb7a1d67d22f9e1e3  providers/common/provider_util.c
+eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3  providers/common/securitycheck.c
 eaa448a029b592c0bb947ba98b8888b059c487078be10b28d3c7cbe73cf5a8c7  providers/common/securitycheck_default.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
@@ -355,7 +355,7 @@ d088dd386950df04b5ad5a68d529fa36b2fa6b808d7cc7da6de96cdd91ecb92f  providers/impl
 47edbfb9bca49df0d1e36b1bf06367ff31762545e7087bea159ad60e0f684a48  providers/implementations/ciphers/cipher_aes_siv_hw.c
 d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2  providers/implementations/ciphers/cipher_aes_wrp.c
 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931  providers/implementations/ciphers/cipher_aes_xts.c
-83ffb01000f3620ab3251b42b2af98a80612b182968d2742a5d8480efcc22d43  providers/implementations/ciphers/cipher_aes_xts_fips.c
+281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da  providers/implementations/ciphers/cipher_aes_xts_fips.c
 f12bf83d8fffa833fed6d82d74709c7a0563ea0fe291988149d7c85bda8366e7  providers/implementations/ciphers/cipher_aes_xts_hw.c
 e292ec9b6e760b6bec12753a65f9a19bcc05afb6e56399c3561e63281bda4191  providers/implementations/ciphers/cipher_aria.c
 73a9c37bf73b32c98085deaec8a197cab8a6fcdc602593dbbb6b585dd2391bc3  providers/implementations/ciphers/cipher_aria_ccm.c
@@ -412,21 +412,21 @@ ecc88a83dc108b869e8d8223d466d49b829364bea0dae602c05e2b999aa5a02c  providers/impl
 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
 9625cab3ea0a1830838412d0ce6210c9a77eeebddb3cb1bee5198d90c33539ae  providers/implementations/kdfs/krb5kdf.c
 f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
-ce34beaa333d28a9c197ea60ed3dc37b319e3b96250941dd2fc0c944b76a6a51  providers/implementations/kdfs/pbkdf2_fips.c
+abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/implementations/kdfs/pbkdf2_fips.c
 43fae0685aa32e34545704fccd1f0ec3357ef28cc817c03960d649044420b368  providers/implementations/kdfs/pkcs12kdf.c
 0994de1013c5b1a3007ce71150a28efdc791be96c8b8f7b6d25c8b593735f8f2  providers/implementations/kdfs/scrypt.c
 6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1  providers/implementations/kdfs/sshkdf.c
 eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/implementations/kdfs/sskdf.c
 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a  providers/implementations/kdfs/tls1_prf.c
-f818a11f33dc1dd58f01b430c7d31ae51072b6713063885fc404eca397e4b9eb  providers/implementations/kdfs/x942kdf.c
+0eba0d205b1da2c298b1002abbedde0ee2c27d80d85044c478604be5b5c4222e  providers/implementations/kdfs/x942kdf.c
 7d621555c4bd9dcdb324031c28f70d8d382ff0e5369ce1ade30180e8f525b2e8  providers/implementations/kem/rsa_kem.c
-9a75571e8454e85a33c0bae2a37231b7f29d9e9df20a513508091a8cac74f6a1  providers/implementations/keymgmt/dh_kmgmt.c
-36c27ca091024d87bd21edfd25916832cc8d4a021ad18e9d54ea6415bb49fbd5  providers/implementations/keymgmt/dsa_kmgmt.c
-181a08f93f84f0797e9672b78c1a0edab3624fee48fe3451367e7e42e5e0ba1c  providers/implementations/keymgmt/ec_kmgmt.c
+6b60edb1ff512cb20d5727aa765efaaba54a151b9cefb819092da347e0d3d3f6  providers/implementations/keymgmt/dh_kmgmt.c
+6224f55f19d7f2794326357799cd61182a0b3ca6a9b29ced720ecb463d7469b3  providers/implementations/keymgmt/dsa_kmgmt.c
+a5b4ddffa137a52f6a0a0c0c28c618d9bff00af2ec49e51885fc7af116e04869  providers/implementations/keymgmt/ec_kmgmt.c
 1a6b7e37229e81eae3981ab2e0b7669eb24aaa6487738c4b44a970da212560b6  providers/implementations/keymgmt/ecx_kmgmt.c
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
-8064f919328b95c8f97e208ae4e3304209dd2e8d725ab3337cfad3c8972d5a0a  providers/implementations/keymgmt/mac_legacy_kmgmt.c
-1ea71e863be437958d75eb849b28505a43e3dbc660588b4080d70e82a39d52b7  providers/implementations/keymgmt/rsa_kmgmt.c
+21b259d6a9eb5e319106012179e04963fb9659ed85af37f5c9c8752ec2385dae  providers/implementations/keymgmt/mac_legacy_kmgmt.c
+c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87  providers/implementations/keymgmt/rsa_kmgmt.c
 7d268a8d8179b35b6a9cb6b362976b3d861351c9ea076961f02a54ab37f3f5b0  providers/implementations/macs/blake2b_mac.c
 3d50f84587431277bfb7af241485b150e02f7b30750f9faa40dd6e98927e5592  providers/implementations/macs/blake2s_mac.c
 25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef  providers/implementations/macs/cmac_prov.c
@@ -436,8 +436,8 @@ f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/impl
 94d80682125b40ba694242fdfa978b802c6e70f2b0167215c9d689c0ccf5820f  providers/implementations/macs/poly1305_prov.c
 d594704aa3173afdb2b1e95253285cdb245a42078f9ca06b68aaeecb858b10fd  providers/implementations/macs/siphash_prov.c
 dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064  providers/implementations/rands/crngt.c
-bdabe11fe519f1852f3a3783b1e2c2fe4f51287ef6427d302308bf15a337026b  providers/implementations/rands/drbg.c
-a3caabf5fd73d52f4e40088ab4aee83e51348d0fd059609d1f5d8725baed6155  providers/implementations/rands/drbg_ctr.c
+c7a811a8b2911ec76faf985145a445b81d19c57f5457dad203b39f1da48e6c1b  providers/implementations/rands/drbg.c
+3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed  providers/implementations/rands/drbg_ctr.c
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
 8075edbf4957b625301c85331bb4737cbefd334ee51e146fa15c3dc40bdd4973  providers/implementations/rands/seed_src.c
@@ -449,8 +449,8 @@ c1a6007e76d21279e0b4eafef970c94cefad48a1a0d609aa9c359b5418486b95  providers/impl
 a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/implementations/signature/dsa.c
 1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f  providers/implementations/signature/ecdsa.c
 8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa.c
-40430250137bf6afffb9ca5a1c810947246169d3835912d26089fe86f405956d  providers/implementations/signature/mac_legacy.c
-31073a0bbcd27e1594040a39abfc04ff0f07fad2f25762def753724d330fe8b1  providers/implementations/signature/rsa.c
+1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy.c
+25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa.c
 c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732  providers/implementations/signature/sm2sig.c
 c63cb744c26af304cf00006071d3ebd9325a4d65913b75a2bcb1d2e104c734fd  providers/implementations/storemgmt/file_store.c
 291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab  providers/implementations/storemgmt/file_store_der2obj.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 8fe83feaca..468c3c986e 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-1106a14cf83a287e98bb7b7cde67aea32e75d523b4d568b2c5b352a3a17ee181  providers/fips-sources.checksums
+16e17331a77aed06b6537cafdacd35df08fbc888c04eb7cca928a4a39d858642  providers/fips-sources.checksums
diff --git a/util/fips-checksums.sh b/util/fips-checksums.sh
index 99f34fbc8f..36e59bb708 100755
--- a/util/fips-checksums.sh
+++ b/util/fips-checksums.sh
@@ -11,7 +11,7 @@ for f in "$@"; do
         *.c | *.h )
             cat "$f" \
                 | $HERE/lang-compress.pl 'C' \
-                | unifdef -DFIPS_MODE=1 \
+                | unifdef -DFIPS_MODULE=1 \
                 | openssl sha256 -r \
                 | sed -e "s| \\*stdin|  $f|"
             ;;

From dev at ddvo.net  Tue May  4 16:15:34 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 04 May 2021 16:15:34 +0000
Subject: [openssl]  master update
Message-ID: <1620144934.260554.20659.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7031f5821c4380d9c1f60a92734c940fdedfb488 (commit)
      from  bad0d6c789b28526d7becec046ab7c80280c2110 (commit)


- Log -----------------------------------------------------------------
commit 7031f5821c4380d9c1f60a92734c940fdedfb488
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Apr 30 18:29:12 2021 +0200

    OCSP: Minor improvements of documentation and header file
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15103)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                    |  5 +++--
 doc/man3/OCSP_sendreq_new.pod | 13 ++++++++-----
 include/openssl/ocsp.h.in     |  8 ++++----
 util/other.syms               |  1 +
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 0abee0a0ac..0e7b09432b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -328,14 +328,15 @@ OpenSSL 3.0
 
  * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
    OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
-   OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
+   OCSP_REQ_CTX_i2d() and its special form OCSP_REQ_CTX_set1_req(),
+   OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
    OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length().  These
    were used to collect all necessary data to form a HTTP request, and to
    perform the HTTP transfer with that request.  With OpenSSL 3.0, the
    type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
    with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(),
    OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(),
-   OSSL_HTTP_REQ_CTX_set1_req(), OSSL_HTTP_REQ_CTX_nbio(),
+   OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(),
    OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and
    OSSL_HTTP_REQ_CTX_set_max_response_length().
 
diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod
index f01aadad6b..10c6131f86 100644
--- a/doc/man3/OCSP_sendreq_new.pod
+++ b/doc/man3/OCSP_sendreq_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+OCSP_REQ_CTX,
 OCSP_sendreq_new,
 OCSP_sendreq_nbio,
 OCSP_sendreq_bio,
@@ -27,13 +28,14 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
 
+ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
  int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req);
  int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx,
                               const char *name, const char *value);
- void OCSP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
+ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
  void OCSP_set_max_response_length(OCSP_REQ_CT *rctx,
                                    unsigned long len);
- int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req);
+ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
 
 =head1 DESCRIPTION
 
@@ -70,10 +72,11 @@ OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following:
 OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
 
  OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request",
-                            ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
+                            ASN1_ITEM_rptr(OCSP_REQUEST),
+                            (const ASN1_VALUE *)req)
 
-The other deprecated type and functions have been superseded by the
-following equivalents:
+The deprecated type and the remaining deprecated functions
+have been superseded by the following equivalents:
 B<OCSP_REQ_CTX> by L<OSSL_HTTP_REQ_CTX(3)>,
 OCSP_REQ_CTX_add1_header() by L<OSSL_HTTP_REQ_CTX_add1_header(3)>,
 OCSP_REQ_CTX_free() by L<OSSL_HTTP_REQ_CTX_free(3)>, and
diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in
index bf8bd7e676..83c8a175fe 100644
--- a/include/openssl/ocsp.h.in
+++ b/include/openssl/ocsp.h.in
@@ -186,8 +186,10 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
                                            NULL, NULL, path)
 #   define OCSP_REQ_CTX_add1_header(r, n, v) \
         OSSL_HTTP_REQ_CTX_add1_header(r, n, v)
-#   define OCSP_REQ_CTX_i2d(r, i, req) \
-        OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", i, req)
+#   define OCSP_REQ_CTX_i2d(r, it, req) \
+        OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req)
+#   define OCSP_REQ_CTX_set1_req(r, req) \
+        OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
 #   define OCSP_REQ_CTX_nbio(r) \
         OSSL_HTTP_REQ_CTX_nbio(r)
 #   define OCSP_REQ_CTX_nbio_d2i(r, p, i)        \
@@ -196,8 +198,6 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
         OSSL_HTTP_REQ_CTX_get0_mem_bio(r)
 #   define OCSP_set_max_response_length(r, l) \
         OSSL_HTTP_REQ_CTX_set_max_response_length(r, l)
-#   define OCSP_REQ_CTX_set1_req(r, req) \
-        OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
 #  endif
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
diff --git a/util/other.syms b/util/other.syms
index 54eeeb95cf..bd9f4d32a9 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -333,6 +333,7 @@ EVP_seed_cfb                            define
 EVP_sm4_cfb                             define
 OBJ_cleanup                             define deprecated 1.1.0
 OCSP_parse_url                          define
+OCSP_REQ_CTX                            datatype deprecated 3.0.0
 OCSP_REQ_CTX_add1_header                define deprecated 3.0.0
 OCSP_REQ_CTX_free                       define deprecated 3.0.0
 OCSP_REQ_CTX_i2d                        define deprecated 3.0.0

From dev at ddvo.net  Tue May  4 16:17:48 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 04 May 2021 16:17:48 +0000
Subject: [openssl]  master update
Message-ID: <1620145068.275056.21034.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 (commit)
       via  d9efb24de8765ddc921b8e304372e8e33d4d65f4 (commit)
       via  6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2 (commit)
       via  6e328484ab17f671134077962ce1aa392e512423 (commit)
      from  7031f5821c4380d9c1f60a92734c940fdedfb488 (commit)


- Log -----------------------------------------------------------------
commit 8b25b0eb991bf70123bedc4c4c4e0215dd8bd926
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Apr 26 14:55:18 2021 +0200

    BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15029)

commit d9efb24de8765ddc921b8e304372e8e33d4d65f4
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Apr 26 14:51:34 2021 +0200

    OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15029)

commit 6c3d101a62808b2f6ce92b338cc9a4ddd5bd67a2
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Apr 26 14:58:19 2021 +0200

    APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15029)

commit 6e328484ab17f671134077962ce1aa392e512423
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Apr 26 14:57:05 2021 +0200

    OSSL_STORE_expect(): Improve error handling and documentation
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15029)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/apps.c                    | 34 ++++++++++++++++------------------
 crypto/encode_decode/decoder_lib.c |  9 +++++----
 crypto/store/store_lib.c           |  7 ++++++-
 doc/man3/BIO_ctrl.pod              |  2 +-
 doc/man3/OSSL_STORE_expect.pod     | 10 ++++++----
 doc/man3/OSSL_STORE_open.pod       |  4 ++--
 6 files changed, 36 insertions(+), 30 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index b87f271ee8..81b543ec68 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -828,6 +828,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
     return ret;
 }
 
+/* Set type expectation, but clear it if objects of different types expected. */
+#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
 /*
  * Load those types of credentials for which the result pointer is not NULL.
  * Reads from stdio if uri is NULL and maybe_stdin is nonzero.
@@ -860,47 +862,41 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
         pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" :
         pcrls != NULL ? "CRLs" : NULL;
     int cnt_expectations = 0;
-    int expect = 0;
+    int expect = -1;
     /* TODO make use of the engine reference 'eng' when loading pkeys */
 
     if (ppkey != NULL) {
         *ppkey = NULL;
         cnt_expectations++;
-        expect = OSSL_STORE_INFO_PKEY;
+        SET_EXPECT(OSSL_STORE_INFO_PKEY);
     }
     if (ppubkey != NULL) {
         *ppubkey = NULL;
         cnt_expectations++;
-        expect = OSSL_STORE_INFO_PUBKEY;
+        SET_EXPECT(OSSL_STORE_INFO_PUBKEY);
     }
     if (pparams != NULL) {
         *pparams = NULL;
         cnt_expectations++;
-        expect = OSSL_STORE_INFO_PARAMS;
+        SET_EXPECT(OSSL_STORE_INFO_PARAMS);
     }
     if (pcert != NULL) {
         *pcert = NULL;
         cnt_expectations++;
-        expect = OSSL_STORE_INFO_CERT;
+        SET_EXPECT(OSSL_STORE_INFO_CERT);
     }
-    if (failed == NULL) {
-        BIO_printf(bio_err, "Internal error: nothing to load into from %s\n",
-                   uri != NULL ? uri : "<stdin>");
-        return 0;
-    }
-
     if (pcerts != NULL) {
         if (*pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) {
             BIO_printf(bio_err, "Out of memory loading");
             goto end;
         }
         cnt_expectations++;
-        expect = OSSL_STORE_INFO_CERT;
+        SET_EXPECT(OSSL_STORE_INFO_CERT);
     }
     if (pcrl != NULL) {
         *pcrl = NULL;
         cnt_expectations++;
-        expect = OSSL_STORE_INFO_CRL;
+        SET_EXPECT(OSSL_STORE_INFO_CRL);
     }
     if (pcrls != NULL) {
         if (*pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) {
@@ -908,7 +904,12 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
             goto end;
         }
         cnt_expectations++;
-        expect = OSSL_STORE_INFO_CRL;
+        SET_EXPECT(OSSL_STORE_INFO_CRL);
+    }
+    if (cnt_expectations == 0) {
+        BIO_printf(bio_err, "Internal error: nothing to load from %s\n",
+                   uri != NULL ? uri : "<stdin>");
+        return 0;
     }
 
     uidata.password = pass;
@@ -937,10 +938,7 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
         BIO_printf(bio_err, "Could not open file or uri for loading");
         goto end;
     }
-
-    if (cnt_expectations != 1)
-        expect = 0;
-    if (!OSSL_STORE_expect(ctx, expect))
+    if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
         goto end;
 
     failed = NULL;
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 45aeb39184..8a5082c441 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -79,10 +79,11 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
         const char *input_structure
             = ctx->input_structure != NULL ? ctx->input_structure : "";
 
-        ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED,
-                       "No supported for the data to decode.%s%s%s%s%s%s",
-                       spaces, input_type_label, input_type, comma,
-                       input_structure_label, input_structure);
+        if (BIO_eof(in) == 0 /* Prevent spurious decoding error */)
+            ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED,
+                           "Not supported for the data to decode.%s%s%s%s%s%s",
+                           spaces, input_type_label, input_type, comma,
+                           input_structure_label, input_structure);
         ok = 0;
     }
 
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 1a62d7f6ff..e7f5860604 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -241,6 +241,11 @@ int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
 {
     int ret = 1;
 
+    if (ctx == NULL
+            || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
+        ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
     if (ctx->loading) {
         ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
         return 0;
@@ -458,7 +463,7 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
     if (ctx->fetched_loader == NULL)
         ret = ctx->loader->eof(ctx->loader_ctx);
 #endif
-    return ret;
+    return ret != 0;
 }
 
 static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod
index 328382d7c9..b3108f83ef 100644
--- a/doc/man3/BIO_ctrl.pod
+++ b/doc/man3/BIO_ctrl.pod
@@ -92,7 +92,7 @@ for success and -1 for failure.
 
 BIO_flush() returns 1 for success and 0 or -1 for failure.
 
-BIO_eof() returns 1 if EOF has been reached 0 otherwise.
+BIO_eof() returns 1 if EOF has been reached, 0 if not, or -1 for failure.
 
 BIO_set_close() always returns 1.
 
diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod
index ac414e9701..8b79f35337 100644
--- a/doc/man3/OSSL_STORE_expect.pod
+++ b/doc/man3/OSSL_STORE_expect.pod
@@ -21,11 +21,13 @@ OSSL_STORE_find
 
 OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns
 by specifying a B<OSSL_STORE_INFO> type.
-For example, if C<file:/foo/bar/store.pem> contains several different objects
-and only the certificates are interesting, the application can simply say
+By default, no expectations on the types of objects to be loaded are made.
+I<expected_type> may be 0 to indicate explicitly that no expectation is made,
+or it may be any of the known object types (see
+L<OSSL_STORE_INFO(3)/SUPPORTED OBJECTS>) except for B<OSSL_STORE_INFO_NAME>.
+For example, if C<file:/foo/bar/store.pem> contains several objects of different
+type and only certificates are interesting, the application can simply say
 that it expects the type B<OSSL_STORE_INFO_CERT>.
-All known object types (see L<OSSL_STORE_INFO(3)/SUPPORTED OBJECTS>)
-except for B<OSSL_STORE_INFO_NAME> are supported.
 
 OSSL_STORE_find() helps applications specify a criterion for a more fine
 grained search of objects.
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 61571be490..3d6d03a990 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -143,8 +143,8 @@ on error or when end of data is reached.
 Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a
 returned NULL.
 
-OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise
-0.
+OSSL_STORE_eof() returns 1 if the end of data has been reached
+or an error occurred, 0 otherwise.
 
 OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call,
 otherwise 0.

From dev at ddvo.net  Tue May  4 16:26:37 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 04 May 2021 16:26:37 +0000
Subject: [openssl]  master update
Message-ID: <1620145597.636694.4729.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (commit)
      from  8b25b0eb991bf70123bedc4c4c4e0215dd8bd926 (commit)


- Log -----------------------------------------------------------------
commit 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 1 22:19:54 2021 +0200

    testutil/load.c: Add checks for file(name) == NULL
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15120)

-----------------------------------------------------------------------

Summary of changes:
 test/testutil/load.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/test/testutil/load.c b/test/testutil/load.c
index 9b188eb8a6..444fb8a78d 100644
--- a/test/testutil/load.c
+++ b/test/testutil/load.c
@@ -20,7 +20,7 @@ X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx)
     X509 *cert = NULL;
     BIO *bio = NULL;
 
-    if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
+    if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new(BIO_s_file())))
         return NULL;
     if (TEST_int_gt(BIO_read_filename(bio, file), 0)
             && TEST_ptr(cert = X509_new_ex(libctx, NULL)))
@@ -30,17 +30,14 @@ X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx)
     return cert;
 }
 
-STACK_OF(X509) *load_certs_pem(const char *filename)
+STACK_OF(X509) *load_certs_pem(const char *file)
 {
     STACK_OF(X509) *certs;
     BIO *bio;
     X509 *x;
 
-    bio = BIO_new_file(filename, "r");
-
-    if (bio == NULL) {
+    if (!TEST_ptr(file) || (bio = BIO_new_file(file, "r")) == NULL)
         return NULL;
-    }
 
     certs = sk_X509_new_null();
     if (certs == NULL) {
@@ -74,7 +71,7 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx)
     EVP_PKEY *key = NULL;
     BIO *bio = NULL;
 
-    if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
+    if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new(BIO_s_file())))
         return NULL;
     if (TEST_int_gt(BIO_read_filename(bio, file), 0))
         (void)TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL,

From dev at ddvo.net  Tue May  4 16:28:23 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 04 May 2021 16:28:23 +0000
Subject: [openssl]  master update
Message-ID: <1620145703.959464.6123.nullmailer@dev.openssl.org>

The branch master has been updated
       via  79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (commit)
      from  9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (commit)


- Log -----------------------------------------------------------------
commit 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Apr 30 18:36:00 2021 +0200

    HTTP client: Correct the use of optional proxy URL and its documentation
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15104)

-----------------------------------------------------------------------

Summary of changes:
 crypto/http/http_client.c       | 34 ++++++++++++++++++----------------
 crypto/http/http_lib.c          | 19 ++++++-------------
 doc/man1/openssl-cmp.pod.in     | 36 +++++++++++++++++++-----------------
 doc/man3/OSSL_HTTP_transfer.pod |  9 +++++----
 4 files changed, 48 insertions(+), 50 deletions(-)

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 9c2b593a2d..bf2e3b54c7 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -693,10 +693,11 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */
 static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */,
                          const char *server_port /* explicit server port */,
-                         const char *proxy /* optionally includes ":port" */)
+                         int use_ssl,
+                         const char *proxy /* optionally includes ":port" */,
+                         const char *proxy_port /* explicit proxy port */)
 {
-    const char *host = server, *host_end;
-    char host_name[100];
+    const char *host = server;
     const char *port = server_port;
     BIO *cbio;
 
@@ -705,20 +706,11 @@ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */,
 
     if (proxy != NULL) {
         host = proxy;
-        port = NULL;
+        port = proxy_port;
     }
 
-    host_end = strchr(host, '/');
-    if (host_end != NULL) {
-        size_t host_len = host_end - host;
-
-        if (host_len < sizeof(host_name)) {
-            /* chop trailing string starting with '/' */
-            strncpy(host_name, host, host_len);
-            host_name[host_len] = '\0';
-            host = host_name;
-        }
-    }
+    if (port == NULL && strchr(host, ':') == NULL)
+        port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
 
     cbio = BIO_new_connect(host /* optionally includes ":port" */);
     if (cbio == NULL)
@@ -854,6 +846,8 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
         cbio = bio;
     } else {
 #ifndef OPENSSL_NO_SOCK
+        char *proxy_host = NULL, *proxy_port = NULL;
+
         if (server == NULL) {
             ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
             return NULL;
@@ -863,7 +857,15 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
         if (port == NULL && strchr(server, ':') == NULL)
             port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
         proxy = ossl_http_adapt_proxy(proxy, no_proxy, server, use_ssl);
-        if ((cbio = HTTP_new_bio(server, port, proxy)) == NULL)
+        if (proxy != NULL
+            && !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */,
+                                    &proxy_host, &proxy_port, NULL /* num */,
+                                    NULL /* path */, NULL, NULL))
+            return NULL;
+        cbio = HTTP_new_bio(server, port, use_ssl, proxy_host, proxy_port);
+        OPENSSL_free(proxy_host);
+        OPENSSL_free(proxy_port);
+        if (cbio == NULL)
             return NULL;
 #else
         ERR_raise(ERR_LIB_HTTP, HTTP_R_SOCK_NOT_SUPPORTED);
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index a8697cca33..2aa0736ac5 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -113,7 +113,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
     /* remaining port spec handling is also done for the default values */
     /* make sure a decimal port number is given */
     if (!sscanf(port, "%u", &portnum) || portnum > 65535) {
-        ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER);
+        ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port);
         goto err;
     }
     for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++)
@@ -240,6 +240,7 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
     return 0;
 }
 
+/* Respect no_proxy, taking default value from environment variable(s) */
 int ossl_http_use_proxy(const char *no_proxy, const char *server)
 {
     size_t sl;
@@ -257,6 +258,7 @@ int ossl_http_use_proxy(const char *no_proxy, const char *server)
         no_proxy = getenv("no_proxy");
     if (no_proxy == NULL)
         no_proxy = getenv(OPENSSL_NO_PROXY);
+
     if (no_proxy != NULL)
         found = strstr(no_proxy, server);
     while (found != NULL
@@ -266,12 +268,10 @@ int ossl_http_use_proxy(const char *no_proxy, const char *server)
     return found == NULL;
 }
 
+/* Take default value from environment variable(s), respect no_proxy */
 const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl)
 {
-    const int http_len = strlen(OSSL_HTTP_PREFIX);
-    const int https_len = strlen(OSSL_HTTPS_PREFIX);
-
     /*
      * using environment variable names, both lowercase and uppercase variants,
      * compatible with other HTTP client implementations like wget, curl and git
@@ -281,16 +281,9 @@ const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
     if (proxy == NULL)
         proxy = getenv(use_ssl ? OPENSSL_HTTP_PROXY :
                        OPENSSL_HTTPS_PROXY);
-    if (proxy == NULL)
-        return NULL;
-
-    /* skip any leading "http://" or "https://" */
-    if (strncmp(proxy, OSSL_HTTP_PREFIX, http_len) == 0)
-        proxy += http_len;
-    else if (strncmp(proxy, OSSL_HTTPS_PREFIX, https_len) == 0)
-        proxy += https_len;
 
-    if (*proxy == '\0' || !ossl_http_use_proxy(no_proxy, server))
+    if (proxy == NULL || *proxy == '\0'
+            || !ossl_http_use_proxy(no_proxy, server))
         return NULL;
     return proxy;
 }
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 8700d6bdcf..f27443ca9c 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -260,7 +260,7 @@ if any, or else the current client key, if given.
 Pass phrase source for the key given with the B<-newkey> option.
 If not given here, the password will be prompted for if needed.
 
-For more information about the format of B<arg> see
+For more information about the format of I<arg> see
 L<openssl-passphrase-options(1)>.
 
 =item B<-subject> I<name>
@@ -441,9 +441,10 @@ Reason numbers defined in RFC 5280 are:
 
 =item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
 
-The IP address or DNS hostname and optionally port (defaulting to 80 or 443)
+The IP address or DNS hostname and optionally port
 of the CMP server to connect to using HTTP(S) transport.
-The scheme I<https> may be given only if the B<tls_used> option is used.
+The scheme C<https> may be given only if the B<-tls_used> option is used.
+In this case the default port is 443, else 80.
 The optional userinfo and fragment components are ignored.
 Any given query component is handled as part of the path component.
 If a path is included it provides the default value for the B<-path> option.
@@ -453,12 +454,13 @@ If a path is included it provides the default value for the B<-path> option.
 HTTP path at the CMP server (aka CMP alias) to use for POST requests.
 Defaults to any path given with B<-server>, else C<"/">.
 
-=item B<-proxy> I<[http[s]://][userinfo@]host[:port] [/path][?query][#fragment]>
+=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
 
-The HTTP(S) proxy server to use for reaching the CMP server unless B<no_proxy>
+The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy>
 applies, see below.
-The optional I<http://> or I<https://> prefix is ignored (note that TLS may be
-selected by B<tls_used>), as well as any path, userinfo, and query, and fragment
+The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
+the optional C<http://> or C<https://> prefix is ignored (note that TLS may be
+selected by B<-tls_used>), as well as any path, userinfo, and query, and fragment
 components.
 Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
 in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
@@ -635,7 +637,7 @@ and (as far as needed) for validating PBM-based protection of incoming messages.
 PBM stands for Password-Based Message Authentication Code.
 This takes precedence over the B<-cert> and B<-key> options.
 
-For more information about the format of B<arg> see
+For more information about the format of I<arg> see
 L<openssl-passphrase-options(1)>.
 
 =item B<-cert> I<filename>|I<uri>
@@ -684,7 +686,7 @@ Pass phrase source for the private key given with the B<-key> option.
 Also used for B<-cert> and B<-oldcert> in case it is an encrypted PKCS#12 file.
 If not given here, the password will be prompted for if needed.
 
-For more information about the format of B<arg> see
+For more information about the format of I<arg> see
 L<openssl-passphrase-options(1)>.
 
 =item B<-digest> I<name>
@@ -693,13 +695,13 @@ Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG
 and as the one-way function (OWF) in MSG_MAC_ALG.
 If applicable, this is used for message protection and
 Proof-of-Possession (POPO) signatures.
-To see the list of supported digests, use B<openssl list -digest-commands>.
+To see the list of supported digests, use C<openssl list -digest-commands>.
 Defaults to C<sha256>.
 
 =item B<-mac> I<name>
 
 Specifies the name of the MAC algorithm in MSG_MAC_ALG.
-To get the names of supported MAC algorithms use B<openssl list -mac-algorithms>
+To get the names of supported MAC algorithms use C<openssl list -mac-algorithms>
 and possibly combine such a name with the name of a supported digest algorithm,
 e.g., hmacWithSHA256.
 Defaults to C<hmac-sha1> as per RFC 4210.
@@ -742,7 +744,7 @@ B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>,
 B<-tls_extra>, and B<-tls_trusted> options.
 If not given here, the password will be prompted for if needed.
 
-For more information about the format of B<arg> see
+For more information about the format of I<arg> see
 L<openssl-passphrase-options(1)>.
 
 {- $OpenSSL::safe::opt_engine_item -}
@@ -800,11 +802,11 @@ Private key for the client's TLS certificate.
 
 =item B<-tls_keypass> I<arg>
 
-Pass phrase source for client's private TLS key B<tls_key>.
+Pass phrase source for client's private TLS key B<-tls_key>.
 Also used for B<-tls_cert> in case it is an encrypted PKCS#12 file.
 If not given here, the password will be prompted for if needed.
 
-For more information about the format of B<arg> see
+For more information about the format of I<arg> see
 L<openssl-passphrase-options(1)>.
 
 =item B<-tls_extra> I<filenames>|I<uris>
@@ -1061,7 +1063,7 @@ It can be viewed using, e.g.,
   openssl x509 -noout -text -in insta.cert.pem
 
 In case the network setup requires using an HTTP proxy it may be given as usual
-via the environment variable B<http_proxy> or via the B<proxy> option in the
+via the environment variable B<http_proxy> or via the B<-proxy> option in the
 configuration file or the CMP command-line argument B<-proxy>, for example
 
   -proxy http://192.168.1.1:8080
@@ -1108,7 +1110,7 @@ Many more options can be given in the configuration file
 and/or on the command line.
 For instance, the B<-reqexts> CLI option may refer to a section in the
 configuration file defining X.509 extensions to use in certificate requests,
-such as B<v3_req> in F<openssl/apps/openssl.cnf>:
+such as C<v3_req> in F<openssl/apps/openssl.cnf>:
 
   openssl cmp -section insta,cr -reqexts v3_req
 
@@ -1165,7 +1167,7 @@ For CMP client invocations, in particular for certificate enrollment,
 usually many parameters need to be set, which is tedious and error-prone to do
 on the command line.
 Therefore, the client offers the possibility to read
-options from sections of the OpenSSL config file, usually called B<openssl.cnf>.
+options from sections of the OpenSSL config file, usually called F<openssl.cnf>.
 The values found there can still be extended and even overridden by any
 subsequently loaded sections and on the command line.
 
diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod
index 7de213670d..d2ff8eeebc 100644
--- a/doc/man3/OSSL_HTTP_transfer.pod
+++ b/doc/man3/OSSL_HTTP_transfer.pod
@@ -104,14 +104,15 @@ I<bio> is used for writing the request, and I<rbio> for reading the response.
 As soon as the client has flushed I<bio> the server must be ready to provide
 a response or indicate a waiting condition via I<rbio>.
 
-The optional I<proxy> parameter can be used to set the address of the an
+If I<bio> is NULL the optional I<proxy> parameter can be used to set an
 HTTP(S) proxy to use (unless overridden by "no_proxy" settings).
 If TLS is not used this defaults to the environment variable C<http_proxy>
 if set, else C<HTTP_PROXY>.
 If I<use_ssl> != 0 it defaults to C<https_proxy> if set, else C<HTTPS_PROXY>.
-An empty proxy string specifies not to use a proxy.
-Else the format is C<[http[s]://]address[:port][/path]>,
-where any path given is ignored.
+An empty proxy string C<""> forbids using a proxy.
+Else the format is
+C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>,
+where any userinfo, path, query, and fragment given is ignored.
 The default proxy port number is 80, or 443 in case "https:" is given.
 The HTTP client functions connect via the given proxy unless the I<server>
 is found in the optional list I<no_proxy> of proxy hostnames (if not NULL;

From pauli at openssl.org  Tue May  4 23:29:31 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 04 May 2021 23:29:31 +0000
Subject: [openssl]  master update
Message-ID: <1620170971.385229.26395.nullmailer@dev.openssl.org>

The branch master has been updated
       via  355e1f041cde9f1b5e362f834cf4538204f53586 (commit)
      from  79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (commit)


- Log -----------------------------------------------------------------
commit 355e1f041cde9f1b5e362f834cf4538204f53586
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed Apr 28 18:08:00 2021 +0200

    DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
    
    Fixes #11165
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15073)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/OSSL_PARAM.pod | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod
index 593bb21ef1..98d75c9fa2 100644
--- a/doc/man3/OSSL_PARAM.pod
+++ b/doc/man3/OSSL_PARAM.pod
@@ -71,6 +71,12 @@ is NULL.  The usual full terminating template is:
 
 This can also be specified using L<OSSL_PARAM_END(3)>.
 
+=head2 Functional support
+
+Libcrypto offers a limited set of helper functions to handle
+B<OSSL_PARAM> items and arrays, please see L<OSSL_PARAM_get_int(3)>.
+Developers are free to extend or replace those as they see fit.
+
 =head2 B<OSSL_PARAM> fields
 
 =over 4

From pauli at openssl.org  Tue May  4 23:30:53 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 04 May 2021 23:30:53 +0000
Subject: [openssl]  master update
Message-ID: <1620171053.564621.29508.nullmailer@dev.openssl.org>

The branch master has been updated
       via  029875dc5ba28f18e3067c883fb53c9ae91d6954 (commit)
      from  355e1f041cde9f1b5e362f834cf4538204f53586 (commit)


- Log -----------------------------------------------------------------
commit 029875dc5ba28f18e3067c883fb53c9ae91d6954
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 3 15:45:31 2021 +0200

    Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
    
    The maximum (theoretical) block size of SHA3 is 200 bytes.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15125)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/hmac.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
index c5b4e670ac..c954b3767d 100644
--- a/include/openssl/hmac.h
+++ b/include/openssl/hmac.h
@@ -21,7 +21,7 @@
 # include <openssl/evp.h>
 
 # ifndef OPENSSL_NO_DEPRECATED_3_0
-#  define HMAC_MAX_MD_CBLOCK      128    /* Deprecated */
+#  define HMAC_MAX_MD_CBLOCK      200    /* Deprecated */
 # endif
 
 # ifdef  __cplusplus

From pauli at openssl.org  Wed May  5 01:39:29 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 05 May 2021 01:39:29 +0000
Subject: [tools]  master update
Message-ID: <1620178769.150568.19479.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e771ebd4a0e349d929dc2e6f7ad2af48978e772d (commit)
      from  fa7b4ef4e67bb944a40c83539b216c398426bfc1 (commit)


- Log -----------------------------------------------------------------
commit e771ebd4a0e349d929dc2e6f7ad2af48978e772d
Author: Pauli <pauli at openssl.org>
Date:   Tue May 4 18:14:32 2021 +1000

    run-checker: disable debug flag for builds
    
    It is more representative of reality.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/tools/pull/86)

-----------------------------------------------------------------------

Summary of changes:
 run-checker/run-checker.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index b59283c..dbb3da5 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -132,7 +132,7 @@ if run-hook prepare; then
         else
             builddir="$(echo $opt | sed -e 's|[ /]|_|g')"
         fi
-        if run-hook start "$builddir" "$opt" -d $warnopts $expandedopts; then
+        if run-hook start "$builddir" "$opt" $warnopts $expandedopts; then
             if (
                 set -e
 
@@ -143,7 +143,7 @@ if run-hook prepare; then
 
                 echo "Building with '$opt'"
                 log-eval \
-                    CC=$optcc ../openssl/config -d $warnopts $expandedopts \
+                    CC=$optcc ../openssl/config $warnopts $expandedopts \
                     >build.log 2>&1 || \
                     exit $?
 

From shane.lontis at oracle.com  Wed May  5 07:42:19 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Wed, 05 May 2021 07:42:19 +0000
Subject: [openssl]  master update
Message-ID: <1620200539.870131.2305.nullmailer@dev.openssl.org>

The branch master has been updated
       via  2b05439f8441a5483da65fd4208d82d9e007f448 (commit)
      from  029875dc5ba28f18e3067c883fb53c9ae91d6954 (commit)


- Log -----------------------------------------------------------------
commit 2b05439f8441a5483da65fd4208d82d9e007f448
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat May 1 14:49:25 2021 +1000

    Fix KMAC bounds checks.
    
    Setting an output length higher than 8191 was causing a buffer overflow.
    This was reported by Acumen (FIPS lab).
    
    The max output size has increased to ~2M and it now checks this during set_parameters.
    
    The encoder related functions now pass in the maximum size of the output buffer so they
    can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in
    order to calculate and check the length before encoding.
    
    Note that right_encode() is currently only used in one place but this
    may change if other algorithms are supported (such as TupleHash).
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15106)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt                          |  1 +
 include/openssl/proverr.h                       |  1 +
 providers/common/provider_err.c                 |  4 +-
 providers/fips-sources.checksums                |  4 +-
 providers/fips.checksum                         |  2 +-
 providers/implementations/macs/kmac_prov.c      | 85 +++++++++++++++----------
 test/recipes/30-test_evp_data/evpmac_common.txt |  8 +++
 7 files changed, 66 insertions(+), 39 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d3e29a5553..d964b9adc4 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -994,6 +994,7 @@ PROV_R_INVALID_KEY_LENGTH:105:invalid key length
 PROV_R_INVALID_MAC:151:invalid mac
 PROV_R_INVALID_MGF1_MD:167:invalid mgf1 md
 PROV_R_INVALID_MODE:125:invalid mode
+PROV_R_INVALID_OUTPUT_LENGTH:217:invalid output length
 PROV_R_INVALID_PADDING_MODE:168:invalid padding mode
 PROV_R_INVALID_PUBINFO:198:invalid pubinfo
 PROV_R_INVALID_SALT_LENGTH:112:invalid salt length
diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h
index 29301124ec..bdfdda2c93 100644
--- a/include/openssl/proverr.h
+++ b/include/openssl/proverr.h
@@ -66,6 +66,7 @@
 # define PROV_R_INVALID_MAC                               151
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
+# define PROV_R_INVALID_OUTPUT_LENGTH                     217
 # define PROV_R_INVALID_PADDING_MODE                      168
 # define PROV_R_INVALID_PUBINFO                           198
 # define PROV_R_INVALID_SALT_LENGTH                       112
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 8b5d0008f9..eff523b579 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -89,6 +89,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MAC), "invalid mac"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MGF1_MD), "invalid mgf1 md"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE), "invalid mode"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_OUTPUT_LENGTH),
+    "invalid output length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PADDING_MODE),
     "invalid padding mode"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PUBINFO), "invalid pubinfo"},
@@ -112,7 +114,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "key size too small"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_LENGTH_TOO_LARGE), "length too large"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISMATCHING_DOMAIN_PARAMETERS),
-    "mismatching shared parameters"},
+    "mismatching domain parameters"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CIPHER), "missing cipher"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONFIG_DATA),
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 8c46849215..a7ee231b15 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -328,7 +328,7 @@ f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1  providers/comm
 390b2b6ba321bddc416688d4a51d9e04db7d84d4f398947d496d043e8fb22a01  providers/common/der/der_sm2_sig.c
 d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/common/digest_to_nid.c
 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143  providers/common/provider_ctx.c
-fcbb0f2859f28ea1eb3922447bb96588d2097695f9ce23c3c64025bfbe9d2bad  providers/common/provider_err.c
+71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0  providers/common/provider_err.c
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3  providers/common/securitycheck.c
@@ -432,7 +432,7 @@ c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87  providers/impl
 25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef  providers/implementations/macs/cmac_prov.c
 f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/implementations/macs/gmac_prov.c
 35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf  providers/implementations/macs/hmac_prov.c
-3201d82d1e17c22a80b26dedae627be10b6dc1af623d1fd0c3c923e0125a42e7  providers/implementations/macs/kmac_prov.c
+e42823cce1d08d9cb6cb32cc6b913241573c2cbbd856ff77a331b0956ee5aa02  providers/implementations/macs/kmac_prov.c
 94d80682125b40ba694242fdfa978b802c6e70f2b0167215c9d689c0ccf5820f  providers/implementations/macs/poly1305_prov.c
 d594704aa3173afdb2b1e95253285cdb245a42078f9ca06b68aaeecb858b10fd  providers/implementations/macs/siphash_prov.c
 dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064  providers/implementations/rands/crngt.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 468c3c986e..ff7a1c2c78 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-16e17331a77aed06b6537cafdacd35df08fbc888c04eb7cca928a4a39d858642  providers/fips-sources.checksums
+b998b19b940b606688e4711014407c48c3fca4c58b2fdc60ac64c1cef94861c1  providers/fips-sources.checksums
diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index 111e0e8ba7..c95cf57ffb 100644
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -78,10 +78,14 @@ static OSSL_FUNC_mac_init_fn kmac_init;
 static OSSL_FUNC_mac_update_fn kmac_update;
 static OSSL_FUNC_mac_final_fn kmac_final;
 
-#define KMAC_MAX_BLOCKSIZE ((1600 - 128*2) / 8) /* 168 */
+#define KMAC_MAX_BLOCKSIZE ((1600 - 128 * 2) / 8) /* 168 */
 
-/* Length encoding will be  a 1 byte size + length in bits (2 bytes max) */
-#define KMAC_MAX_ENCODED_HEADER_LEN 3
+/*
+ * Length encoding will be  a 1 byte size + length in bits (3 bytes max)
+ * This gives a range of 0..0XFFFFFF bits = 2097151 bytes).
+ */
+#define KMAC_MAX_OUTPUT_LEN (0xFFFFFF / 8)
+#define KMAC_MAX_ENCODED_HEADER_LEN (1 + 3)
 
 /*
  * Restrict the maximum length of the customisation string.  This must not
@@ -92,12 +96,13 @@ static OSSL_FUNC_mac_final_fn kmac_final;
 /* Maximum size of encoded custom string */
 #define KMAC_MAX_CUSTOM_ENCODED (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_HEADER_LEN)
 
-/* Maximum key size in bytes = 2040 / 8 */
-#define KMAC_MAX_KEY 255
+/* Maximum key size in bytes = 256 (2048 bits) */
+#define KMAC_MAX_KEY 256
+#define KMAC_MIN_KEY 4
 
 /*
  * Maximum Encoded Key size will be padded to a multiple of the blocksize
- * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_LEN = 258
+ * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN = 256 + 4
  * Padded to a multiple of KMAC_MAX_BLOCKSIZE
  */
 #define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 2)
@@ -107,7 +112,6 @@ static const unsigned char kmac_string[] = {
     0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43
 };
 
-
 #define KMAC_FLAG_XOF_MODE          1
 
 struct kmac_data_st {
@@ -124,14 +128,16 @@ struct kmac_data_st {
     unsigned char custom[KMAC_MAX_CUSTOM_ENCODED];
 };
 
-static int encode_string(unsigned char *out, size_t *out_len,
+static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
                          const unsigned char *in, size_t in_len);
-static int right_encode(unsigned char *out, size_t *out_len, size_t bits);
+static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
+                        size_t bits);
 static int bytepad(unsigned char *out, size_t *out_len,
                    const unsigned char *in1, size_t in1_len,
                    const unsigned char *in2, size_t in2_len,
                    size_t w);
-static int kmac_bytepad_encode_key(unsigned char *out, size_t *out_len,
+static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
+                                   size_t *out_len,
                                    const unsigned char *in, size_t in_len,
                                    size_t w);
 
@@ -246,7 +252,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
     const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest);
     int w = EVP_MD_block_size(digest);
 
-    if (keylen < 4 || keylen > KMAC_MAX_KEY) {
+    if (keylen < KMAC_MIN_KEY || keylen > KMAC_MAX_KEY) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
         return 0;
     }
@@ -254,7 +260,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
         return 0;
     }
-    if (!kmac_bytepad_encode_key(kctx->key, &kctx->key_len,
+    if (!kmac_bytepad_encode_key(kctx->key, sizeof(kctx->key), &kctx->key_len,
                                  key, keylen, (size_t)w))
         return 0;
     return 1;
@@ -346,7 +352,7 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl,
     /* KMAC XOF mode sets the encoded length to 0 */
     lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8));
 
-    ok = right_encode(encoded_outlen, &len, lbits)
+    ok = right_encode(encoded_outlen, sizeof(encoded_outlen), &len, lbits)
         && EVP_DigestUpdate(ctx, encoded_outlen, len)
         && EVP_DigestFinalXOF(ctx, out, kctx->out_len);
     *outl = kctx->out_len;
@@ -406,9 +412,17 @@ static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params)
     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL
         && !OSSL_PARAM_get_int(p, &kctx->xof_mode))
         return 0;
-    if (((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL)
-        && !OSSL_PARAM_get_size_t(p, &kctx->out_len))
-        return 0;
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) {
+        size_t sz = 0;
+
+        if (!OSSL_PARAM_get_size_t(p, &sz))
+            return 0;
+        if (sz > KMAC_MAX_OUTPUT_LEN) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
+            return 0;
+        }
+        kctx->out_len = sz;
+    }
     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL
             && !kmac_setkey(kctx, p->data, p->data_size))
         return 0;
@@ -418,16 +432,14 @@ static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params)
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH);
             return 0;
         }
-        if (!encode_string(kctx->custom, &kctx->custom_len,
+        if (!encode_string(kctx->custom, sizeof(kctx->custom), &kctx->custom_len,
                            p->data, p->data_size))
             return 0;
     }
     return 1;
 }
 
-/*
- * Encoding/Padding Methods.
- */
+/* Encoding/Padding Methods. */
 
 /* Returns the number of bytes required to store 'bits' into a byte array */
 static unsigned int get_encode_size(size_t bits)
@@ -450,15 +462,14 @@ static unsigned int get_encode_size(size_t bits)
  * *out_len.
  *
  * e.g if bits = 32, out[2] = { 0x20, 0x01 }
- *
  */
-static int right_encode(unsigned char *out, size_t *out_len, size_t bits)
+static int right_encode(unsigned char *out, size_t out_max_len, size_t *out_len,
+                        size_t bits)
 {
     unsigned int len = get_encode_size(bits);
     int i;
 
-    /* The length is constrained to a single byte: 2040/8 = 255 */
-    if (len > 0xFF) {
+    if (len >= out_max_len) {
         ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
         return 0;
     }
@@ -483,17 +494,19 @@ static int right_encode(unsigned char *out, size_t *out_len, size_t bits)
  * e.g- in="KMAC" gives out[6] = { 0x01, 0x20, 0x4B, 0x4D, 0x41, 0x43 }
  *                                 len   bits    K     M     A     C
  */
-static int encode_string(unsigned char *out, size_t *out_len,
+static int encode_string(unsigned char *out, size_t out_max_len, size_t *out_len,
                          const unsigned char *in, size_t in_len)
 {
     if (in == NULL) {
         *out_len = 0;
     } else {
-        size_t i, bits, len;
+        size_t i, bits, len, sz;
 
         bits = 8 * in_len;
         len = get_encode_size(bits);
-        if (len > 0xFF) {
+        sz = 1 + len + in_len;
+
+        if (sz > out_max_len) {
             ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
             return 0;
         }
@@ -504,7 +517,7 @@ static int encode_string(unsigned char *out, size_t *out_len,
             bits >>= 8;
         }
         memcpy(out + len + 1, in, in_len);
-        *out_len = (1 + len + in_len);
+        *out_len = sz;
     }
     return 1;
 }
@@ -560,20 +573,22 @@ static int bytepad(unsigned char *out, size_t *out_len,
     return 1;
 }
 
-/*
- * Returns out = bytepad(encode_string(in), w)
- */
-static int kmac_bytepad_encode_key(unsigned char *out, size_t *out_len,
+/* Returns out = bytepad(encode_string(in), w) */
+static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
+                                   size_t *out_len,
                                    const unsigned char *in, size_t in_len,
                                    size_t w)
 {
     unsigned char tmp[KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN];
     size_t tmp_len;
 
-    if (!encode_string(tmp, &tmp_len, in, in_len))
+    if (!encode_string(tmp, sizeof(tmp), &tmp_len, in, in_len))
         return 0;
-
-    return bytepad(out, out_len, tmp, tmp_len, NULL, 0, w);
+    if (!bytepad(NULL, out_len, tmp, tmp_len, NULL, 0, w))
+        return 0;
+    if (!ossl_assert(*out_len <= out_max_len))
+        return 0;
+    return bytepad(out, NULL, tmp, tmp_len, NULL, 0, w);
 }
 
 const OSSL_DISPATCH ossl_kmac128_functions[] = {
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
index 411ce40bef..e2219ca12a 100644
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -407,3 +407,11 @@ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
 Custom = ":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::"
 Result = MAC_INIT_ERROR
 
+Title = KMAC output is too large
+
+MAC = KMAC256
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = "My Tagged Application"
+Ctrl = size:2097152
+Result = MAC_INIT_ERROR

From tomas at openssl.org  Wed May  5 07:47:15 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 05 May 2021 07:47:15 +0000
Subject: [openssl]  master update
Message-ID: <1620200835.675233.4456.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a485561b2efd17e3ff9a4df2013b636467dee59f (commit)
      from  2b05439f8441a5483da65fd4208d82d9e007f448 (commit)


- Log -----------------------------------------------------------------
commit a485561b2efd17e3ff9a4df2013b636467dee59f
Author: Rich Salz <rsalz at akamai.com>
Date:   Sun Feb 14 14:34:22 2021 -0500

    Fetch cipher-wrap after loading providers.
    
    Use official (first) names for wrapping algorithms.
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14182)

-----------------------------------------------------------------------

Summary of changes:
 apps/cms.c                                         | 21 +++++++--------------
 test/recipes/30-test_evp_data/evpciph_aes_wrap.txt | 11 ++++++++++-
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index ed349bda2d..88b70fc67f 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -215,9 +215,7 @@ const OPTIONS cms_options[] = {
     {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
     {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
     {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
-# ifndef OPENSSL_NO_DES
     {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
-# endif
     {"wrap", OPT_WRAP, 's', "Any wrap cipher to wrap key"},
 
     OPT_R_OPTIONS,
@@ -284,7 +282,7 @@ int cms_main(int argc, char **argv)
     X509_VERIFY_PARAM *vpm = NULL;
     char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
-    char *certsoutfile = NULL, *digestname = NULL;
+    char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
     int noCAfile = 0, noCApath = 0, noCAstore = 0;
     char *infile = NULL, *outfile = NULL, *rctfile = NULL;
     char *passinarg = NULL, *passin = NULL, *signerfile = NULL;
@@ -676,22 +674,13 @@ int cms_main(int argc, char **argv)
                 goto end;
             break;
         case OPT_3DES_WRAP:
-# ifndef OPENSSL_NO_DES
-            wrap_cipher = (EVP_CIPHER *)EVP_des_ede3_wrap();
-# endif
-            break;
         case OPT_AES128_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_128_wrap();
-            break;
         case OPT_AES192_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_192_wrap();
-            break;
         case OPT_AES256_WRAP:
-            wrap_cipher = (EVP_CIPHER *)EVP_aes_256_wrap();
+            wrapname = opt_flag() + 1;
             break;
         case OPT_WRAP:
-            if (!opt_cipher(opt_unknown(), &wrap_cipher))
-                goto end;
+            wrapname = opt_unknown();
             break;
         }
     }
@@ -706,6 +695,10 @@ int cms_main(int argc, char **argv)
         if (!opt_cipher(ciphername, &cipher))
             goto end;
     }
+    if (wrapname != NULL) {
+        if (!opt_cipher(wrapname, &wrap_cipher))
+            goto end;
+    }
 
     /* Remaining args are files to process. */
     argc = opt_num_rest();
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
index 080d13db72..2d42d7f539 100644
--- a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
@@ -6,6 +6,8 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
+# Cipher names id-aesXXX-wrap are to test aliases.
+
 # AES wrap tests from RFC3394
 Cipher = id-aes128-wrap
 Key = 000102030405060708090A0B0C0D0E0F
@@ -32,11 +34,18 @@ Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607
 Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
 
-Cipher = id-aes256-wrap
+# Testing strncasecmp
+Cipher = aes256-WRAP
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
 Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
 
+Cipher = ID-aes256-WRAP
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
+Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
+
+
 # Same as previous example but with invalid unwrap key: should be rejected
 # without returning any plaintext
 Cipher = id-aes256-wrap

From tomas at openssl.org  Wed May  5 07:52:13 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 05 May 2021 07:52:13 +0000
Subject: [openssl]  master update
Message-ID: <1620201133.508543.6401.nullmailer@dev.openssl.org>

The branch master has been updated
       via  97b59744f2ad91adf606e6f77e355e97413e7b2c (commit)
       via  eca4826a2931d249a46ca0f7629b6a6ebcd77f07 (commit)
       via  c774f4e50fa0dad63b47d103f3113e9a7dfff63e (commit)
       via  4f449d90ddf3f523c2fca7053e8437342738cef5 (commit)
      from  a485561b2efd17e3ff9a4df2013b636467dee59f (commit)


- Log -----------------------------------------------------------------
commit 97b59744f2ad91adf606e6f77e355e97413e7b2c
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Mar 2 13:20:38 2021 +0100

    cleanup where purpose is not needed in 25-test_verify.t
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14413)

commit eca4826a2931d249a46ca0f7629b6a6ebcd77f07
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Mar 2 15:14:24 2021 +0100

    test/certs/setup.sh: Fix two glitches
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14413)

commit c774f4e50fa0dad63b47d103f3113e9a7dfff63e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Mar 2 13:17:28 2021 +0100

    update test/certs/ee-pathlen.pem to contain SKID and AKID
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14413)

commit 4f449d90ddf3f523c2fca7053e8437342738cef5
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Mar 2 13:16:30 2021 +0100

    test/certs/setup.sh: structural cleanup
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14413)

-----------------------------------------------------------------------

Summary of changes:
 test/certs/cca-clientAuth.pem |   2 +-
 test/certs/ee-pathlen.pem     |  19 +++---
 test/certs/nca+anyEKU.pem     |  14 ++---
 test/certs/setup.sh           |  77 +++++++++++-------------
 test/recipes/25-test_verify.t | 134 +++++++++++++++++++++---------------------
 5 files changed, 119 insertions(+), 127 deletions(-)

diff --git a/test/certs/cca-clientAuth.pem b/test/certs/cca-clientAuth.pem
index 0f31101ff4..5e44dce787 100644
--- a/test/certs/cca-clientAuth.pem
+++ b/test/certs/cca-clientAuth.pem
@@ -15,5 +15,5 @@ YZYCppu6PTwp3UYgAFw6VN+2Hv6fWCwu2rsWLcqkJIJPkmjYATZJU2RkWrRpn23D
 SWwnam7i+uiJpot8uKhOCIQtrCtP+0Q8lG+6reWHpaNRU3Gcsrc+I98wyWhsx5jd
 fiLl1Cgb5G7Xz3Ff1ObdR6JdP4Wc9krj3Czbjv3oYFZ2p8LPgui+C7XDb4RBxGUu
 c4mETHtGSRoX6n25uEXvIia2KCcS44VfA6wYaZtO/Lq7FmJI0QwI8tsm7FG6ccj+
-y54iNhHRG7FCAXOLy2RBrEwQddq5MAwwCgYIKwYBBQUHAwI=
+y54iNhHRG7FCAXOLy2RBrEwQddq5MAygCgYIKwYBBQUHAwI=
 -----END TRUSTED CERTIFICATE-----
diff --git a/test/certs/ee-pathlen.pem b/test/certs/ee-pathlen.pem
index 0bcae1d7bd..b678a3a870 100644
--- a/test/certs/ee-pathlen.pem
+++ b/test/certs/ee-pathlen.pem
@@ -1,17 +1,18 @@
 -----BEGIN CERTIFICATE-----
-MIICszCCAZugAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
-Fw0yMDA0MDMwODA0MTVaGA8yMTIwMDQwNDA4MDQxNVowGTEXMBUGA1UEAwwOc2Vy
+MIIC8zCCAdugAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
+Fw0yMTAzMDIxMTU3NDlaGA8yMTIxMDMwMzExNTc0OVowGTEXMBUGA1UEAwwOc2Vy
 dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
 YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
 5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
 Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
 U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
 ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
-iIQPYf55NB9KiR+3AgMBAAGjEDAOMAwGA1UdEwQFMAMCAQAwDQYJKoZIhvcNAQEL
-BQADggEBAApOUnWWd09I0ts3xa1oK7eakc+fKTF4d7pbGznFNONaCR3KFRgnBVlG
-Bm8/oehrrQ28Ad3XPSug34DQQ5kM6JIuaddx50/n4Xkgj8/fgXVA0HXizOJ3QpKC
-IojLVajXlQHhpo72VUQuNOha0UxG9daYjS20iXRhanTm9rUz7qQZEugVQCiR0z/f
-9NgM7FU9UaSidzH3gZu/Ufc4Ggn6nZV7LM9sf4IUV+KszS1VpcK+9phAmsB6BaAi
-cFXvVXZjTNualQgPyPwOD8c+vVCIfIemfF5TZ6fyqpOjprWQAphwrTtfNDSmqRTz
-FRhDf+vJERQclgUtg37EgWGKtnNQeRY=
+iIQPYf55NB9KiR+3AgMBAAGjUDBOMAwGA1UdEwQFMAMCAQAwHQYDVR0OBBYEFOeb
+4iqtimw6y3ZR5Y4HmCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/
+H8leMA0GCSqGSIb3DQEBCwUAA4IBAQB2B+oEG+TZGSG4A2MTYF/Oa3if1bQQeWm6
+ysqitpvrfcGsFGGy6bHJgS2NHcmNuCqN6YBDJEMKoLSz+t4GDkmMghQ1HUpXZPzt
+A+Wzg3MTKvWbXeCJroVK/pq4kXWMJ5GihzVsgWHBYFDmzzcnDf/R1Y0XKOAld/vP
+ePVTDh1mAyjXHdUPsPi35GUny38+PyPRoyCN2399D35CJAGqyNNvTtygoS3ncjbe
+URXjfoDLQh4+y17aOPm8SAZQ4h5zyi6ioRuq+je1Cd+y2erhRyFzlvXDRlUlP9XA
+r4OtgpusNyeuAWGRx168TD8aOt+dcc9JiDqTnLpBCwQYI0Q3LASO
 -----END CERTIFICATE-----
diff --git a/test/certs/nca+anyEKU.pem b/test/certs/nca+anyEKU.pem
index b97a4559fa..3ebfede09c 100644
--- a/test/certs/nca+anyEKU.pem
+++ b/test/certs/nca+anyEKU.pem
@@ -1,6 +1,6 @@
 -----BEGIN TRUSTED CERTIFICATE-----
 MIIDDTCCAfWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
-IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD
+IENBMCAXDTIwMTIxMjIwMTcwNFoYDzIxMjAxMjEzMjAxNzA0WjANMQswCQYDVQQD
 DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd
 j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz
 n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W
@@ -10,10 +10,10 @@ ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9
 CLNNsUcCAwEAAaNxMG8wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G
 A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAkGA1UdEwQCMAAwEwYDVR0l
 BAwwCgYIKwYBBQUHAwEwDQYDVR0RBAYwBIICQ0EwDQYJKoZIhvcNAQELBQADggEB
-AL/aEy4Nk2W2UQNi/0h9MLkiq4J5IkjUocJp4grPUsdUJKu68GFYgWnJSBZjKMhs
-X390IUWrRJ8C7SJtyGOhbh2E6Zn7TveI77Mnw2CZpGhy+xieqTFmaIIWJgZVzaTT
-3hMhnXImn06k8eJiJiQQAHKr9XKDK9HIiESyBpujIW5hI7wrklkn0asl6DwiXcUw
-AuXqNffWpomWI4ZZceOJkr5dSFM9HyksQi4uzj0qYTDyDHJ6BLuGYWbUoB64pnKF
-wCn0cPOmbo866l0XqzJlxQYPvwOicAptX8jTjSpYsx5SLripS4KwyfxbGy5If8mT
-X4st+BN48+n9wHuDQJ97sBswDDAKBggrBgEFBQcDAQ==
+AGMZ+jXtPoEaGGj3vBOxw4Uf9h8G5PWIZOqV8EGdJkPVWSUJ7NM12vqTN8Lfv7UO
++gv1VJL02UO1UWrvDcid37XWBbVLwSjk963se+S8Xzd+I2FQY8+Yy4m5VN6m6Krc
+pZt64zsgYROre5yP3gWIvzNa8Ayk/1nmQX1ADAe2tQJeWHROFBim0K3FcjIrhqZ8
+3MUAVJ5Nt3THrVrt3ojIWBOatBJHv+Q2Ii52UZVKG5HMGogRuMjFQy/mwshcBQSz
+pxAWfqT2oVmP+K/iBGxikYjtrOOYNW8L8RwShU3j1dFulQZb2SLRRj8/eDBSV++6
+KsEzVayX0uF80Hohuxbq7OAwCDAGBgRVHSUA
 -----END TRUSTED CERTIFICATE-----
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 07b9007674..c4a6f28fc9 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -1,14 +1,13 @@
 #! /bin/bash
 
 # Primary root: root-cert
-# root cert variants: CA:false, key2, DN2
-# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU
-#
 ./mkcert.sh genroot "Root CA" root-key root-cert
+# root cert variants: CA:false, key2, DN2, expired
 ./mkcert.sh genss "Root CA" root-key root-nonca
 ./mkcert.sh genroot "Root CA" root-key2 root-cert2
 ./mkcert.sh genroot "Root Cert 2" root-key root-name2
-#
+DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired
+# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth,
 openssl x509 -in root-cert.pem -trustout \
     -addtrust serverAuth -out root+serverAuth.pem
 openssl x509 -in root-cert.pem -trustout \
@@ -17,16 +16,19 @@ openssl x509 -in root-cert.pem -trustout \
     -addtrust clientAuth -out root+clientAuth.pem
 openssl x509 -in root-cert.pem -trustout \
     -addreject clientAuth -out root-clientAuth.pem
-openssl x509 -in root-cert.pem -trustout \
-    -addreject anyExtendedKeyUsage -out root-anyEKU.pem
+# trust variants: +anyEKU -anyEKU
 openssl x509 -in root-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out root+anyEKU.pem
+openssl x509 -in root-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out root-anyEKU.pem
+# root-cert2 trust variants: +serverAuth -serverAuth +clientAuth
 openssl x509 -in root-cert2.pem -trustout \
     -addtrust serverAuth -out root2+serverAuth.pem
 openssl x509 -in root-cert2.pem -trustout \
     -addreject serverAuth -out root2-serverAuth.pem
 openssl x509 -in root-cert2.pem -trustout \
     -addtrust clientAuth -out root2+clientAuth.pem
+# root-nonca trust variants: +serverAuth +anyEKU
 openssl x509 -in root-nonca.pem -trustout \
     -addtrust serverAuth -out nroot+serverAuth.pem
 openssl x509 -in root-nonca.pem -trustout \
@@ -41,10 +43,8 @@ OPENSSL_KEYBITS=768 \
 ./mkcert.sh genroot "Root CA" root-key-768 root-cert-768
 
 # primary client-EKU root: croot-cert
-# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU
-#
 ./mkcert.sh genroot "Root CA" root-key croot-cert clientAuth
-#
+# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU
 openssl x509 -in croot-cert.pem -trustout \
     -addtrust serverAuth -out croot+serverAuth.pem
 openssl x509 -in croot-cert.pem -trustout \
@@ -53,16 +53,14 @@ openssl x509 -in croot-cert.pem -trustout \
     -addtrust clientAuth -out croot+clientAuth.pem
 openssl x509 -in croot-cert.pem -trustout \
     -addreject clientAuth -out croot-clientAuth.pem
-openssl x509 -in croot-cert.pem -trustout \
-    -addreject anyExtendedKeyUsage -out croot-anyEKU.pem
 openssl x509 -in croot-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out croot+anyEKU.pem
+openssl x509 -in croot-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out croot-anyEKU.pem
 
 # primary server-EKU root: sroot-cert
-# trust variants: +serverAuth -serverAuth +clientAuth +anyEKU -anyEKU
-#
 ./mkcert.sh genroot "Root CA" root-key sroot-cert serverAuth
-#
+# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU
 openssl x509 -in sroot-cert.pem -trustout \
     -addtrust serverAuth -out sroot+serverAuth.pem
 openssl x509 -in sroot-cert.pem -trustout \
@@ -71,24 +69,21 @@ openssl x509 -in sroot-cert.pem -trustout \
     -addtrust clientAuth -out sroot+clientAuth.pem
 openssl x509 -in sroot-cert.pem -trustout \
     -addreject clientAuth -out sroot-clientAuth.pem
-openssl x509 -in sroot-cert.pem -trustout \
-    -addreject anyExtendedKeyUsage -out sroot-anyEKU.pem
 openssl x509 -in sroot-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out sroot+anyEKU.pem
+openssl x509 -in sroot-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out sroot-anyEKU.pem
 
 # Primary intermediate ca: ca-cert
-# ca variants: CA:false, key2, DN2, issuer2, expired
-# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU
-#
 ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert
-DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired
+# ca variants: CA:false, key2, DN2, issuer2, expired
 ./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert
 ./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert
 ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert
 ./mkcert.sh genca "CA2" ca-key ca-name2 root-key root-cert
 ./mkcert.sh genca "CA" ca-key ca-root2 root-key2 root-cert2
 DAYS=-1 ./mkcert.sh genca "CA" ca-key ca-expired root-key root-cert
-#
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
 openssl x509 -in ca-cert.pem -trustout \
     -addtrust serverAuth -out ca+serverAuth.pem
 openssl x509 -in ca-cert.pem -trustout \
@@ -97,14 +92,16 @@ openssl x509 -in ca-cert.pem -trustout \
     -addtrust clientAuth -out ca+clientAuth.pem
 openssl x509 -in ca-cert.pem -trustout \
     -addreject clientAuth -out ca-clientAuth.pem
-openssl x509 -in ca-cert.pem -trustout \
-    -addreject anyExtendedKeyUsage -out ca-anyEKU.pem
+# trust variants: +anyEKU, -anyEKU
 openssl x509 -in ca-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out ca+anyEKU.pem
+openssl x509 -in ca-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out ca-anyEKU.pem
+# ca-nonca trust variants: +serverAuth, +anyEKU
 openssl x509 -in ca-nonca.pem -trustout \
     -addtrust serverAuth -out nca+serverAuth.pem
 openssl x509 -in ca-nonca.pem -trustout \
-    -addtrust serverAuth -out nca+anyEKU.pem
+    -addtrust anyExtendedKeyUsage -out nca+anyEKU.pem
 
 # Intermediate CA security variants:
 # MD5 issuer signature,
@@ -123,10 +120,8 @@ OPENSSL_KEYBITS=768 \
 ./mkcert.sh genca "CA" ca-key-ec-named ca-cert-ec-named root-key root-cert
 
 # client intermediate ca: cca-cert
-# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
-#
 ./mkcert.sh genca -p clientAuth "CA" ca-key cca-cert root-key root-cert
-#
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, +anyEKU, -anyEKU
 openssl x509 -in cca-cert.pem -trustout \
     -addtrust serverAuth -out cca+serverAuth.pem
 openssl x509 -in cca-cert.pem -trustout \
@@ -134,17 +129,15 @@ openssl x509 -in cca-cert.pem -trustout \
 openssl x509 -in cca-cert.pem -trustout \
     -addtrust clientAuth -out cca+clientAuth.pem
 openssl x509 -in cca-cert.pem -trustout \
-    -addtrust clientAuth -out cca-clientAuth.pem
-openssl x509 -in cca-cert.pem -trustout \
-    -addreject anyExtendedKeyUsage -out cca-anyEKU.pem
+    -addreject clientAuth -out cca-clientAuth.pem
 openssl x509 -in cca-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out cca+anyEKU.pem
+openssl x509 -in cca-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out cca-anyEKU.pem
 
 # server intermediate ca: sca-cert
-# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU
-#
 ./mkcert.sh genca -p serverAuth "CA" ca-key sca-cert root-key root-cert
-#
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, +anyEKU, -anyEKU
 openssl x509 -in sca-cert.pem -trustout \
     -addtrust serverAuth -out sca+serverAuth.pem
 openssl x509 -in sca-cert.pem -trustout \
@@ -153,24 +146,22 @@ openssl x509 -in sca-cert.pem -trustout \
     -addtrust clientAuth -out sca+clientAuth.pem
 openssl x509 -in sca-cert.pem -trustout \
     -addreject clientAuth -out sca-clientAuth.pem
-openssl x509 -in sca-cert.pem -trustout \
-    -addreject anyExtendedKeyUsage -out sca-anyEKU.pem
 openssl x509 -in sca-cert.pem -trustout \
     -addtrust anyExtendedKeyUsage -out sca+anyEKU.pem
+openssl x509 -in sca-cert.pem -trustout \
+    -addreject anyExtendedKeyUsage -out sca-anyEKU.pem
 
-# Primary leaf cert: ee-cert
-# ee variants: expired, issuer-key2, issuer-name2, bad-pathlen
-# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
-# purpose variants: client
-#
+# Primary leaf cert: ee-cert with default purpose: serverAuth
 ./mkcert.sh genee server.example ee-key ee-cert ca-key ca-cert
+# ee variants: expired, issuer-key2, issuer-name2, bad-pathlen
 ./mkcert.sh genee server.example ee-key ee-expired ca-key ca-cert -days -1
 ./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2
 ./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
-./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
 ./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \
-    -extfile <(echo "basicConstraints=CA:FALSE,pathlen:0") # bash needed here
-#
+    -extfile <(echo "basicConstraints=CA:false,pathlen:0") # bash needed here
+# purpose variants: clientAuth
+./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
+# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
 openssl x509 -in ee-cert.pem -trustout \
     -addtrust serverAuth -out ee+serverAuth.pem
 openssl x509 -in ee-cert.pem -trustout \
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 4b0cb40729..03a5e1fbdd 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -18,9 +18,10 @@ setup("test_verify");
 
 sub verify {
     my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
-    my @args = qw(openssl verify -auth_level 1 -purpose);
     my @path = qw(test certs);
-    push(@args, "$purpose", @opts);
+    my @args = qw(openssl verify -auth_level 1);
+    push(@args, "-purpose", $purpose) if $purpose ne "";
+    push(@args, @opts);
     for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) }
     for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
     push(@args, srctop_file(@path, "$cert.pem"));
@@ -47,11 +48,11 @@ ok(!verify("ee-cert", "sslserver", [qw(root-name2)], [qw(ca-cert)]),
 
 # Critical extensions
 
-ok(verify("ee-cert-noncrit-unknown-ext", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+ok(verify("ee-cert-noncrit-unknown-ext", "", ["root-cert"], ["ca-cert"]),
    "accept non-critical unknown extension");
-ok(!verify("ee-cert-crit-unknown-ext", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+ok(!verify("ee-cert-crit-unknown-ext", "", ["root-cert"], ["ca-cert"]),
    "reject critical unknown extension");
-ok(verify("ee-cert-ocsp-nocheck", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
+ok(verify("ee-cert-ocsp-nocheck", "", ["root-cert"], ["ca-cert"]),
    "accept critical OCSP No Check");
 
 # Explicit trust/purpose combinations
@@ -263,47 +264,47 @@ ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-c
    "failed proxy cert where last CN was added as a multivalue RDN component");
 
 # Security level tests
-ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
    "accept RSA 2048 chain at auth level 2");
-ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
+ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
    "reject RSA 2048 root at auth level 3");
-ok(verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"], "-auth_level", "0"),
+ok(verify("ee-cert", "", ["root-cert-768"], ["ca-cert-768i"], "-auth_level", "0"),
    "accept RSA 768 root at auth level 0");
-ok(!verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"]),
+ok(!verify("ee-cert", "", ["root-cert-768"], ["ca-cert-768i"]),
    "reject RSA 768 root at auth level 1");
-ok(verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"], "-auth_level", "0"),
+ok(verify("ee-cert-768i", "", ["root-cert"], ["ca-cert-768"], "-auth_level", "0"),
    "accept RSA 768 intermediate at auth level 0");
-ok(!verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"]),
+ok(!verify("ee-cert-768i", "", ["root-cert"], ["ca-cert-768"]),
    "reject RSA 768 intermediate at auth level 1");
-ok(verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
+ok(verify("ee-cert-768", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
    "accept RSA 768 leaf at auth level 0");
-ok(!verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"]),
+ok(!verify("ee-cert-768", "", ["root-cert"], ["ca-cert"]),
    "reject RSA 768 leaf at auth level 1");
 #
-ok(verify("ee-cert", "sslserver", ["root-cert-md5"], ["ca-cert"], "-auth_level", "2"),
+ok(verify("ee-cert", "", ["root-cert-md5"], ["ca-cert"], "-auth_level", "2"),
    "accept md5 self-signed TA at auth level 2");
-ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], "-auth_level", "2"),
+ok(verify("ee-cert", "", ["ca-cert-md5-any"], [], "-auth_level", "2"),
    "accept md5 intermediate TA at auth level 2");
-ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"], "-auth_level", "0"),
+ok(verify("ee-cert", "", ["root-cert"], ["ca-cert-md5"], "-auth_level", "0"),
    "accept md5 intermediate at auth level 0");
-ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"]),
+ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert-md5"]),
    "reject md5 intermediate at auth level 1");
-ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
+ok(verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
    "accept md5 leaf at auth level 0");
-ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]),
+ok(!verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"]),
    "reject md5 leaf at auth level 1");
 
 # Explicit vs named curve tests
 SKIP: {
     skip "EC is not supported by this OpenSSL build", 3
         if disabled("ec");
-    ok(!verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
+    ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
                ["ca-cert-ec-named"]),
         "reject explicit curve leaf with named curve intermediate");
-    ok(!verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
+    ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
                ["ca-cert-ec-explicit"]),
         "reject named curve leaf with explicit curve intermediate");
-    ok(verify("ee-cert-ec-named-named", "sslserver", ["root-cert"],
+    ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
               ["ca-cert-ec-named"]),
         "accept named curve leaf with named curve intermediate");
 }
@@ -312,129 +313,128 @@ SKIP: {
 # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
 # chain, depth = 1 is sufficient, but depth == 0 is not.
 #
-ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "2"),
+ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "2"),
    "accept chain with verify_depth 2");
-ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "1"),
+ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "1"),
    "accept chain with verify_depth 1");
-ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "0"),
-   "accept chain with verify_depth 0");
-ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], "-verify_depth", "0"),
+ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "0"),
+   "reject chain with verify_depth 0");
+ok(verify("ee-cert", "", ["ca-cert-md5-any"], [], "-verify_depth", "0"),
    "accept md5 intermediate TA with verify_depth 0");
 
 # Name Constraints tests.
 
-ok(verify("alt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(verify("alt1-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints everything permitted");
 
-ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
+ok(verify("alt2-cert", "", ["root-cert"], ["ncca2-cert"], ),
    "Name Constraints nothing excluded");
 
-ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
+ok(verify("alt3-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
    "Name Constraints nested test all permitted");
 
-ok(verify("goodcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(verify("goodcn1-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints CNs permitted");
 
-ok(!verify("badcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(!verify("badcn1-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints CNs not permitted");
 
-ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(!verify("badalt1-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints hostname not permitted");
 
-ok(!verify("badalt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
+ok(!verify("badalt2-cert", "", ["root-cert"], ["ncca2-cert"], ),
    "Name Constraints hostname excluded");
 
-ok(!verify("badalt3-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(!verify("badalt3-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints email address not permitted");
 
-ok(!verify("badalt4-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(!verify("badalt4-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints subject email address not permitted");
 
-ok(!verify("badalt5-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(!verify("badalt5-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints IP address not permitted");
 
-ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(!verify("badalt6-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints CN hostname not permitted");
 
-ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ok(!verify("badalt7-cert", "", ["root-cert"], ["ncca1-cert"], ),
    "Name Constraints CN BMPSTRING hostname not permitted");
 
-ok(!verify("badalt8-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
+ok(!verify("badalt8-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
    "Name constraints nested DNS name not permitted 1");
 
-ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
+ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
    "Name constraints nested DNS name not permitted 2");
 
-ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
+ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
    "Name constraints nested DNS name excluded");
 
-ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
+ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
     "Accept PSS signature using SHA1 at auth level 0");
 
-ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
     "CA with PSS signature using SHA256");
 
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
+ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
     "Reject PSS signature using SHA1 and auth level 1");
 
-ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
     "PSS signature using SHA256 and auth level 2");
 
-ok(verify("ee-pss-cert", "sslserver", ["root-cert"], ["ca-pss-cert"], ),
+ok(verify("ee-pss-cert", "", ["root-cert"], ["ca-pss-cert"], ),
     "CA PSS signature");
-ok(!verify("ee-pss-wrong1.5-cert", "sslserver", ["root-cert"], ["ca-pss-cert"], ),
+ok(!verify("ee-pss-wrong1.5-cert", "", ["root-cert"], ["ca-pss-cert"], ),
     "CA producing regular PKCS#1 v1.5 signature with PSA-PSS key");
 
-ok(!verify("many-names1", "sslserver", ["many-constraints"], ["many-constraints"], ),
+ok(!verify("many-names1", "", ["many-constraints"], ["many-constraints"], ),
     "Too many names and constraints to check (1)");
-ok(!verify("many-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),
+ok(!verify("many-names2", "", ["many-constraints"], ["many-constraints"], ),
     "Too many names and constraints to check (2)");
-ok(!verify("many-names3", "sslserver", ["many-constraints"], ["many-constraints"], ),
+ok(!verify("many-names3", "", ["many-constraints"], ["many-constraints"], ),
     "Too many names and constraints to check (3)");
 
-ok(verify("some-names1", "sslserver", ["many-constraints"], ["many-constraints"], ),
+ok(verify("some-names1", "", ["many-constraints"], ["many-constraints"], ),
     "Not too many names and constraints to check (1)");
-ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),
+ok(verify("some-names2", "", ["many-constraints"], ["many-constraints"], ),
     "Not too many names and constraints to check (2)");
-ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),
+ok(verify("some-names2", "", ["many-constraints"], ["many-constraints"], ),
     "Not too many names and constraints to check (3)");
-ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
+ok(verify("root-cert-rsa2", "", ["root-cert-rsa2"], [], "-check_ss_sig"),
     "Public Key Algorithm rsa instead of rsaEncryption");
 
-    ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []),
-       "accept trusted self-signed EE cert excluding key usage keyCertSign");
+ok(verify("ee-self-signed", "", ["ee-self-signed"], []),
+   "accept trusted self-signed EE cert excluding key usage keyCertSign");
 
 SKIP: {
     skip "Ed25519 is not supported by this OpenSSL build", 6
 	      if disabled("ec");
 
     # ED25519 certificate from draft-ietf-curdle-pkix-04
-    ok(verify("ee-ed25519", "sslserver", ["root-ed25519"], []),
+    ok(verify("ee-ed25519", "", ["root-ed25519"], []),
        "accept X25519 EE cert issued by trusted Ed25519 self-signed CA cert");
 
-    ok(!verify("ee-ed25519", "sslserver", ["root-ed25519"], [], "-x509_strict"),
+    ok(!verify("ee-ed25519", "", ["root-ed25519"], [], "-x509_strict"),
        "reject X25519 EE cert in strict mode since AKID is missing");
 
-    ok(!verify("root-ed25519", "sslserver", ["ee-ed25519"], []),
+    ok(!verify("root-ed25519", "", ["ee-ed25519"], []),
        "fail Ed25519 CA and EE certs swapped");
 
-    ok(verify("root-ed25519", "sslserver", ["root-ed25519"], []),
+    ok(verify("root-ed25519", "", ["root-ed25519"], []),
        "accept trusted Ed25519 self-signed CA cert");
 
-    ok(!verify("ee-ed25519", "sslserver", ["ee-ed25519"], []),
+    ok(!verify("ee-ed25519", "", ["ee-ed25519"], []),
        "fail trusted Ed25519-signed self-issued X25519 cert");
 
-    ok(verify("ee-ed25519", "sslserver", ["ee-ed25519"], [], "-partial_chain"),
+    ok(verify("ee-ed25519", "", ["ee-ed25519"], [], "-partial_chain"),
        "accept last-resort direct leaf match Ed25519-signed self-issued cert");
 
 }
 
 SKIP: {
-    skip "SM2 is not supported by this OpenSSL build", 2
-	      if disabled("sm2");
+    skip "SM2 is not supported by this OpenSSL build", 2 if disabled("sm2");
 
-   ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "distid:1234567812345678"),
+   ok_nofips(verify("sm2", "", ["sm2-ca-cert"], [], "-vfyopt", "distid:1234567812345678"),
        "SM2 ID test");
-   ok_nofips(verify("sm2", "any", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"),
+   ok_nofips(verify("sm2", "", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"),
        "SM2 hex ID test");
 }

From pauli at openssl.org  Wed May  5 08:10:43 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 05 May 2021 08:10:43 +0000
Subject: [openssl]  master update
Message-ID: <1620202243.251842.11847.nullmailer@dev.openssl.org>

The branch master has been updated
       via  1127754e4877b2a4bd53112de115041d1952fa12 (commit)
      from  97b59744f2ad91adf606e6f77e355e97413e7b2c (commit)


- Log -----------------------------------------------------------------
commit 1127754e4877b2a4bd53112de115041d1952fa12
Author: Rich Salz <rsalz at akamai.com>
Date:   Mon Apr 26 17:27:32 2021 -0400

    Note that dhparam does support X9.42
    
    Fix other wording, too.
    
    Fixes: #13151
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15038)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/openssl-dhparam.pod.in | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in
index eee69a69de..7bbd04ba5d 100644
--- a/doc/man1/openssl-dhparam.pod.in
+++ b/doc/man1/openssl-dhparam.pod.in
@@ -30,6 +30,10 @@ B<openssl dhparam>
 
 This command is used to manipulate DH parameter files.
 
+See L<openssl-genpkey(1)/EXAMPLES> for examples on how to generate
+a key using a named safe prime group without generating intermediate
+parameters.
+
 =head1 OPTIONS
 
 =over 4
@@ -109,20 +113,12 @@ This option prints out the DH parameters in human readable form.
 This command replaces the B<dh> and B<gendh> commands of previous
 releases.
 
-OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
-DH.
-
-This command manipulates DH parameters not keys.
-
-=head1 BUGS
-
-There should be a way to generate and manipulate DH keys.
-
 =head1 SEE ALSO
 
 L<openssl(1)>,
 L<openssl-pkeyparam(1)>,
-L<openssl-dsaparam(1)>
+L<openssl-dsaparam(1)>,
+L<openssl-genpkey(1)>.
 
 =head1 HISTORY
 

From matt at openssl.org  Wed May  5 09:56:41 2021
From: matt at openssl.org (Matt Caswell)
Date: Wed, 05 May 2021 09:56:41 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1620208601.433591.22276.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  9f85ab647c8c9f47a1523f99facdf15fc34797a0 (commit)
      from  4b1be3c8868cf0b26a031f68ffebc34248e1836c (commit)


- Log -----------------------------------------------------------------
commit 9f85ab647c8c9f47a1523f99facdf15fc34797a0
Author: Fred Hornsey <fred at hornsey.us>
Date:   Tue Nov 17 22:20:43 2020 -0600

    Support for Android NDK r22
    
    This is a backport of #13434, Fixes #13685.
    
    I think builds using standalone toolchain are fine so I left them alone,
    but `Configure` will fail if using the NDK directly because the
    `platforms` and `sysroot` directories were removed.
    
    If `sysroot` is missing, omit the `--sysroot` and `-gcc-toolchain`
    arguments and use the triplet form clang command.
    
    Also since `platforms` was being used for the default API level, use
    `meta/platforms.json` instead if needed.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13694)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/15-android.conf | 84 ++++++++++++++++++++++++++----------------
 1 file changed, 52 insertions(+), 32 deletions(-)

diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
index 4616394f8c..fd5cd3f478 100644
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -29,18 +29,18 @@
                 $ndk = $ENV{$ndk_var};
                 last if defined $ndk;
             }
-            die "\$ANDROID_NDK_HOME is not defined"  if (!$ndk);
-            if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
-                # $ndk/platforms is traditional "all-inclusive" NDK, while
-                # $ndk/AndroidVersion.txt is so-called standalone toolchain
-                # tailored for specific target down to API level.
+            die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
+            my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
+            my $ndk_src_props = "$ndk/source.properties";
+            my $is_ndk = -f $ndk_src_props;
+            if ($is_ndk == $is_standalone_toolchain) {
                 die "\$ANDROID_NDK_HOME=$ndk is invalid";
             }
             $ndk = canonpath($ndk);
 
             my $ndkver = undef;
 
-            if (open my $fh, "<$ndk/source.properties") {
+            if (open my $fh, "<$ndk_src_props") {
                 local $_;
                 while(<$fh>) {
                     if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
@@ -59,7 +59,7 @@
             if ($sysroot = $ENV{CROSS_SYSROOT}) {
                 $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
                 ($api, $arch) = ($1, $2);
-            } elsif (-f "$ndk/AndroidVersion.txt") {
+            } elsif ($is_standalone_toolchain) {
                 $sysroot = "$ndk/sysroot";
             } else {
                 $api = "*";
@@ -72,17 +72,31 @@
                     }
                 }
 
-                # list available platforms (numerically)
-                my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
-                                       $b =~ m/-([0-9]+)$/; $aa <=> $1;
-                                     } glob("$ndk/platforms/android-$api");
-                die "no $ndk/platforms/android-$api" if ($#platforms < 0);
+                if (-d "$ndk/platforms") {
+                    # list available platforms (numerically)
+                    my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
+                                           $b =~ m/-([0-9]+)$/; $aa <=> $1;
+                                         } glob("$ndk/platforms/android-$api");
+                    die "no $ndk/platforms/android-$api" if ($#platforms < 0);
 
-                $sysroot = "@platforms[$#platforms]/arch-$arch";
-                $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
-                $api = $1;
+                    $sysroot = "@platforms[$#platforms]/arch-$arch";
+                    $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
+                    $api = $1;
+                } elsif ($api eq "*") {
+                    # r22 Removed platforms dir, use this JSON file
+                    my $path = "$ndk/meta/platforms.json";
+                    open my $fh, $path or die "Could not open '$path' $!";
+                    while (<$fh>) {
+                        if (/"max": (\d+),/) {
+                            $api = $1;
+                            last;
+                        }
+                    }
+                    close $fh;
+                }
+                die "Could not get default API Level" if ($api eq "*");
             }
-            die "no sysroot=$sysroot"   if (!-d $sysroot);
+            die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
 
             my $triarch = $triplet{$arch};
             my $cflags;
@@ -95,17 +109,21 @@
                 my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
                 (my $tridefault = $triarch) =~ s/^arm-/$arm-/;
                 (my $tritools   = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
-                $cflags .= " -target $tridefault "
-                        .  "-gcc-toolchain \$($ndk_var)/toolchains"
-                        .  "/$tritools-4.9/prebuilt/$host";
-                $user{CC} = "clang" if ($user{CC} !~ m|clang|);
+                if (length $sysroot) {
+                    $cflags .= " -target $tridefault "
+                            .  "-gcc-toolchain \$($ndk_var)/toolchains"
+                            .  "/$tritools-4.9/prebuilt/$host";
+                    $user{CC} = "clang" if ($user{CC} !~ m|clang|);
+                } else {
+                    $user{CC} = "$tridefault$api-clang";
+                }
                 $user{CROSS_COMPILE} = undef;
                 if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
                     $user{AR} = "llvm-ar";
                     $user{ARFLAGS} = [ "rs" ];
                     $user{RANLIB} = ":";
                 }
-            } elsif (-f "$ndk/AndroidVersion.txt") {    #"standalone toolchain"
+            } elsif ($is_standalone_toolchain) {
                 my $cc = $user{CC} // "clang";
                 # One can probably argue that both clang and gcc should be
                 # probed, but support for "standalone toolchain" was added
@@ -127,19 +145,21 @@
                 $user{CROSS_COMPILE} = "$triarch-";
             }
 
-            if (!-d "$sysroot/usr/include") {
-                my $incroot = "$ndk/sysroot/usr/include";
-                die "no $incroot"          if (!-d $incroot);
-                die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
-                $incroot =~ s|^$ndk/||;
-                $cppflags  = "-D__ANDROID_API__=$api";
-                $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
-                $cppflags .= " -isystem \$($ndk_var)/$incroot";
+            if (length $sysroot) {
+                if (!-d "$sysroot/usr/include") {
+                    my $incroot = "$ndk/sysroot/usr/include";
+                    die "no $incroot"          if (!-d $incroot);
+                    die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
+                    $incroot =~ s|^$ndk/||;
+                    $cppflags  = "-D__ANDROID_API__=$api";
+                    $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
+                    $cppflags .= " -isystem \$($ndk_var)/$incroot";
+                }
+                $sysroot =~ s|^$ndk/||;
+                $sysroot = " --sysroot=\$($ndk_var)/$sysroot";
             }
-
-            $sysroot =~ s|^$ndk/||;
             $android_ndk = {
-                cflags   => "$cflags --sysroot=\$($ndk_var)/$sysroot",
+                cflags   => $cflags . $sysroot,
                 cppflags => $cppflags,
                 bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
                                             : "BN_LLONG",

From tomas at openssl.org  Wed May  5 11:11:52 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 05 May 2021 11:11:52 +0000
Subject: [openssl]  master update
Message-ID: <1620213112.312912.7174.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f7050588bc76901e0a147c158e64ac3140dc8bfd (commit)
       via  3fb985fd04611082bbfc3622a078e8c5e5edb378 (commit)
      from  1127754e4877b2a4bd53112de115041d1952fa12 (commit)


- Log -----------------------------------------------------------------
commit f7050588bc76901e0a147c158e64ac3140dc8bfd
Author: Rich Salz <rsalz at akamai.com>
Date:   Fri Apr 30 12:18:00 2021 -0400

    Add .includedir pragma
    
    Also add a negative test, and fix typo's.
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15090)

commit 3fb985fd04611082bbfc3622a078e8c5e5edb378
Author: Rich Salz <rsalz at akamai.com>
Date:   Thu Apr 29 16:22:30 2021 -0400

    Allow absolute paths to be set
    
    It was a mistake to allow relative paths for include files (just
    like root shouldn't have "." in its PATH), but we probably can't
    change it now. Add a new pragma "abspath" that someone can put
    in the system-wide config file to require absolute paths.
    
    Also update the config documentation to better explain how file
    inclusion works.
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15090)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                    |  5 +++
 crypto/conf/conf_api.c                        |  1 +
 crypto/conf/conf_def.c                        | 46 ++++++++++++++++++++++-----
 crypto/conf/conf_err.c                        |  3 +-
 crypto/err/openssl.txt                        |  1 +
 doc/man5/config.pod                           | 44 ++++++++++++++-----------
 include/crypto/conferr.h                      |  2 +-
 include/openssl/conf.h.in                     |  4 ++-
 include/openssl/conferr.h                     |  1 +
 test/recipes/90-test_includes.t               |  3 +-
 test/recipes/90-test_includes_data/incdir.cnf |  6 ++++
 11 files changed, 85 insertions(+), 31 deletions(-)
 create mode 100644 test/recipes/90-test_includes_data/incdir.cnf

diff --git a/CHANGES.md b/CHANGES.md
index 0e7b09432b..7b6c7c5ffb 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,11 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Add "abspath" and "includedir" pragma's to config files, to prevent,
+   or modify relative pathname inclusion.
+
+   * Rich Salz *
+
  * OpenSSL includes a cryptographic module that is intended to be FIPS 140-2
    validated. The module is implemented as an OpenSSL provider, the so-called
    FIPS provider. A list of all changes related to the FIPS provider would go
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index c2c461d832..41a09c42bc 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -146,6 +146,7 @@ void _CONF_free_data(CONF *conf)
      * with
      */
 
+    OPENSSL_free(conf->includedir);
     lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
     lh_CONF_VALUE_free(conf->data);
 }
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index bfb718753b..ea6b5bf244 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -188,6 +188,23 @@ static int def_load(CONF *conf, const char *name, long *line)
     return ret;
 }
 
+
+/* Parse a boolean value and fill in *flag. Return 0 on error. */
+static int parsebool(const char *pval, int *flag)
+{
+    if (strcasecmp(pval, "on") == 0
+            || strcasecmp(pval, "true") == 0) {
+        *flag = 1;
+    } else if (strcasecmp(pval, "off") == 0
+            || strcasecmp(pval, "false") == 0) {
+        *flag = 0;
+    } else {
+        ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);
+        return 0;
+    }
+    return 1;
+}
+
 static int def_load_bio(CONF *conf, BIO *in, long *line)
 {
 /* The macro BUFSIZE conflicts with a system macro in VxWorks */
@@ -397,19 +414,22 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                  * Known pragmas:
                  *
                  * dollarid     takes "on", "true or "off", "false"
+                 * abspath      takes "on", "true or "off", "false"
+                 * includedir   directory prefix
                  */
                 if (strcmp(p, "dollarid") == 0) {
-                    if (strcmp(pval, "on") == 0
-                        || strcmp(pval, "true") == 0) {
-                        conf->flag_dollarid = 1;
-                    } else if (strcmp(pval, "off") == 0
-                               || strcmp(pval, "false") == 0) {
-                        conf->flag_dollarid = 0;
-                    } else {
-                        ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);
+                    if (!parsebool(pval, &conf->flag_dollarid))
+                        goto err;
+                } else if (strcmp(p, "abspath") == 0) {
+                    if (!parsebool(pval, &conf->flag_abspath))
+                        goto err;
+                } else if (strcmp(p, "includedir") == 0) {
+                    if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) {
+                        ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
                         goto err;
                     }
                 }
+
                 /*
                  * We *ignore* any unknown pragma.
                  */
@@ -421,6 +441,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
                 char *include_path = NULL;
 
+                if (include_dir == NULL)
+                    include_dir = conf->includedir;
+
                 if (*p == '=') {
                     p++;
                     p = eat_ws(conf, p);
@@ -448,6 +471,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                     include_path = include;
                 }
 
+                if (conf->flag_abspath
+                        && !ossl_is_absolute_path(include_path)) {
+                    ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH);
+                    goto err;
+                }
+
                 /* get the BIO of the included file */
 #ifndef OPENSSL_NO_POSIX_IO
                 next = process_include(include_path, &dirctx, &dirpath);
@@ -527,6 +556,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
      */
     sk_BIO_free(biosk);
     return 1;
+
  err:
     BUF_MEM_free(buff);
     OPENSSL_free(section);
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
index 417ae58efb..a06f55b104 100644
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,6 +41,7 @@ static const ERR_STRING_DATA CONF_str_reasons[] = {
     "openssl conf references missing section"},
     {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
     "recursive directory include"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"},
     {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
     "ssl command section empty"},
     {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d964b9adc4..1e51d23219 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -393,6 +393,7 @@ CONF_R_NUMBER_TOO_LARGE:121:number too large
 CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION:124:\
 	openssl conf references missing section
 CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include
+CONF_R_RELATIVE_PATH:125:relative path
 CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
 CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found
 CONF_R_SSL_SECTION_EMPTY:119:ssl section empty
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 39da6dcb74..ad7d7e1e01 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -47,11 +47,21 @@ inside the B<pathname> are B<ignored>.  Similarly, if a file is opened
 while scanning a directory, and that file has an B<.include> directive
 that specifies a directory, that is also ignored.
 
-As a general rule, the B<pathname> should be an absolute path.  Relative
-paths are evaluated based on the current working directory, so unless the
-file with the B<.include> directive is application-specific, the inclusion
-will not work as expected.  The environment variable B<OPENSSL_CONF_INCLUDE>,
-if it exists, will be prepended to all B<.include> B<pathname>'s.
+As a general rule, the B<pathname> should be an absolute path; this can
+be enforced with the B<abspath> and B<includedir> pragmas, described below.
+The environment variable B<OPENSSL_CONF_INCLUDE>, if it exists,
+is prepended to all relative pathnames.
+If the pathname is still relative, it is interpreted based on the
+current working directory.
+
+To require all file inclusions to name absolute paths, use the following
+directive:
+
+ .pragma [=] abspath:value
+
+The default behavior, where the B<value> is B<false> or B<off>, is to allow
+relative paths. To require all B<.include> pathnames to be absolute paths,
+use a B<value> of B<true> or B<on>.
 
 In these files, the dollar sign, B<$>, is used to reference a variable, as
 described below.  On some platforms, however, it is common to treat B<$>
@@ -60,22 +70,18 @@ done with the following directive:
 
  .pragma [=] dollarid:value
 
-Where B<value> is one of the following:
-
-=over 4
-
-=item B<off> or B<false>
-
-This is the default behavior. For example, C<foo$bar> is interpreted as
-C<foo> followed by the expansion of the variable C<bar>.
-
-=item B<on> or B<true>
-
-This specifies that dollar signs are part of the symbol name and
+The default behavior, where the B<value> is B<false> or B<off>, is to treat
+the dollarsign as indicating a variable name; C<foo$bar> is interpreted as
+C<foo> followed by the expansion of the variable C<bar>. If B<value> is
+B<true> or B<on>, then C<foo$bar> is a single seven-character name nad
 variable expansions must be specified using braces or parentheses.
-For example, C<foo$bar> is treated as a single seven-character name.
 
-=back
+ .pragma [=] includedir:value
+
+If a relative pathname is specified in the B<.include> directive, and
+the B<OPENSSL_CONF_INCLUDE> environment variable doesn't exist, then
+the value of the B<includedir> pragma, if it exists, is prepended to the
+pathname.
 
 =head2 Settings
 
diff --git a/include/crypto/conferr.h b/include/crypto/conferr.h
index 48e689191a..0e7a02a1e0 100644
--- a/include/crypto/conferr.h
+++ b/include/crypto/conferr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/conf.h.in b/include/openssl/conf.h.in
index b82a915626..ee7cbb00e4 100644
--- a/include/openssl/conf.h.in
+++ b/include/openssl/conf.h.in
@@ -119,7 +119,9 @@ struct conf_st {
     CONF_METHOD *meth;
     void *meth_data;
     LHASH_OF(CONF_VALUE) *data;
-    unsigned int flag_dollarid:1;
+    int flag_dollarid;
+    int flag_abspath;
+    char *includedir;
     OSSL_LIB_CTX *libctx;
 };
 
diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h
index bf5961e72a..496e2e1efd 100644
--- a/include/openssl/conferr.h
+++ b/include/openssl/conferr.h
@@ -38,6 +38,7 @@
 # define CONF_R_NUMBER_TOO_LARGE                          121
 # define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION   124
 # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE               111
+# define CONF_R_RELATIVE_PATH                             125
 # define CONF_R_SSL_COMMAND_SECTION_EMPTY                 117
 # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND             118
 # define CONF_R_SSL_SECTION_EMPTY                         119
diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t
index add3813a64..13c5c84202 100644
--- a/test/recipes/90-test_includes.t
+++ b/test/recipes/90-test_includes.t
@@ -13,7 +13,7 @@ plan skip_all => "test_includes doesn't work without posix-io"
 delete $ENV{OPENSSL_CONF_INCLUDE};
 
 plan tests =>                   # The number of tests being performed
-    5
+    6
     + ($^O eq "VMS" ? 2 : 0);
 
 ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes");
@@ -27,3 +27,4 @@ if ($^O eq "VMS") {
        "test file includes, VMS syntax");
 }
 ok(run(test(["conf_include_test", "-f", data_file("includes-broken.cnf")])), "test broken includes");
+ok(run(test(["conf_include_test",  "-f", data_file("incdir.cnf")])), "test includedir");
diff --git a/test/recipes/90-test_includes_data/incdir.cnf b/test/recipes/90-test_includes_data/incdir.cnf
new file mode 100644
index 0000000000..0d882eddcf
--- /dev/null
+++ b/test/recipes/90-test_includes_data/incdir.cnf
@@ -0,0 +1,6 @@
+#
+# Set includedir and expect to fail
+#
+.pragma includedir:/
+
+.include includes.cnf

From pauli at openssl.org  Wed May  5 12:12:37 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 05 May 2021 12:12:37 +0000
Subject: [openssl]  master update
Message-ID: <1620216757.567884.12517.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b039c87a4ca3dd4e4ebbea4a5d1fd3821497f900 (commit)
       via  6a38b09a7fa6eaac6bcbe567382fbe7d3d719503 (commit)
       via  f14a2c9d7ac79afb36cacbf910a6363c7abc3135 (commit)
       via  a59c69724d7cbc3a4ec9f7774da9da83871ea944 (commit)
      from  f7050588bc76901e0a147c158e64ac3140dc8bfd (commit)


- Log -----------------------------------------------------------------
commit b039c87a4ca3dd4e4ebbea4a5d1fd3821497f900
Author: Pauli <pauli at openssl.org>
Date:   Wed Apr 28 12:58:35 2021 +1000

    mac: add EVP_MAC_finalXOF() function
    
    Fixes #14140
    Fixes #13232
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15061)

commit 6a38b09a7fa6eaac6bcbe567382fbe7d3d719503
Author: Pauli <pauli at openssl.org>
Date:   Wed Apr 28 12:58:08 2021 +1000

    mac: allow XOF MACs to be specified either via control or via the dedicated function
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15061)

commit f14a2c9d7ac79afb36cacbf910a6363c7abc3135
Author: Pauli <pauli at openssl.org>
Date:   Thu Apr 29 11:08:42 2021 +1000

    mac: update life-cycle description and diagrams to include finalXOF
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15061)

commit a59c69724d7cbc3a4ec9f7774da9da83871ea944
Author: Pauli <pauli at openssl.org>
Date:   Wed Apr 28 13:01:22 2021 +1000

    doc: document EVP_MAC_finalXOF()
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15061)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt                          |   1 +
 crypto/evp/evp_err.c                            |   5 ++-
 crypto/evp/mac_lib.c                            |  49 +++++++++++++++++---
 doc/life-cycles/lifecycles.ods                  | Bin 16717 -> 16752 bytes
 doc/life-cycles/mac.dot                         |   6 ++-
 doc/man3/EVP_MAC.pod                            |  10 +++--
 doc/man7/life_cycle-mac.pod                     |  14 ++++--
 doc/man7/mac.png                                | Bin 50554 -> 56417 bytes
 include/openssl/evp.h                           |   1 +
 include/openssl/evperr.h                        |   3 +-
 test/evp_test.c                                 |  50 +++++++++++++++------
 test/recipes/30-test_evp_data/evpmac_common.txt |  57 +++++++++++++++++++++++-
 util/libcrypto.num                              |   1 +
 13 files changed, 164 insertions(+), 33 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1e51d23219..728356148f 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -727,6 +727,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
 EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
 EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
 EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
+EVP_R_SETTING_XOF_FAILED:227:setting xof failed
 EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure
 EVP_R_TOO_MANY_RECORDS:183:too many records
 EVP_R_UNABLE_TO_ENABLE_LOCKING:212:unable to enable locking
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 7fa3fbf400..ad95f5ef02 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -133,10 +133,10 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NULL_MAC_PKEY_CTX), "null mac pkey ctx"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED),
     "only oneshot supported"},
-    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
-    "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_INITIALIZED),
     "operation not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
     "output would overflow"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE),
@@ -151,6 +151,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
     "private key encode error"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE),
     "set default property failure"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records"},
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 3d60905a9e..6f97de94de 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -116,21 +116,56 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen)
     return ctx->meth->update(ctx->data, data, datalen);
 }
 
-int EVP_MAC_final(EVP_MAC_CTX *ctx,
-                  unsigned char *out, size_t *outl, size_t outsize)
+static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
+                         unsigned char *out, size_t *outl, size_t outsize)
 {
     size_t l;
-    int res = 1;
+    int res;
+    OSSL_PARAM params[2];
+
+    if (ctx == NULL || ctx->meth == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
+        return 0;
+    }
+    if (ctx->meth->final == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+        return 0;
+    }
 
-    if (out != NULL)
-        res = ctx->meth->final(ctx->data, out, &l, outsize);
-    else
-        l = EVP_MAC_CTX_get_mac_size(ctx);
+    if (out == NULL) {
+        if (outl == NULL) {
+            ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+            return 0;
+        }
+        *outl = EVP_MAC_CTX_get_mac_size(ctx);
+        return 1;
+    }
+    if (xof) {
+        params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof);
+        params[1] = OSSL_PARAM_construct_end();
+
+        if (EVP_MAC_CTX_set_params(ctx, params) <= 0) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_SETTING_XOF_FAILED);
+            return 0;
+        }
+    }
+    res = ctx->meth->final(ctx->data, out, &l, outsize);
     if (outl != NULL)
         *outl = l;
     return res;
 }
 
+int EVP_MAC_final(EVP_MAC_CTX *ctx,
+                  unsigned char *out, size_t *outl, size_t outsize)
+{
+    return evp_mac_final(ctx, 0, out, outl, outsize);
+}
+
+int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize)
+{
+    return evp_mac_final(ctx, 1, out, NULL, outsize);
+}
+
 /*
  * The {get,set}_params functions return 1 if there is no corresponding
  * function in the implementation.  This is the same as if there was one,
diff --git a/doc/life-cycles/lifecycles.ods b/doc/life-cycles/lifecycles.ods
index b8f198a8e5..f80a76e622 100644
Binary files a/doc/life-cycles/lifecycles.ods and b/doc/life-cycles/lifecycles.ods differ
diff --git a/doc/life-cycles/mac.dot b/doc/life-cycles/mac.dot
index c52701742c..799d90e7d3 100644
--- a/doc/life-cycles/mac.dot
+++ b/doc/life-cycles/mac.dot
@@ -11,9 +11,11 @@ digraph mac {
     initialised -> updated [label="EVP_MAC_update"];
     updated -> updated [label="EVP_MAC_update"];
     updated -> finaled [label="EVP_MAC_final"];
+    updated -> finaled [label="EVP_MAC_finalXOF",
+                        fontcolor="#808080", color="#808080"];
     /* Once this works it should go back in:
-    updated -> finaled [label="EVP_MAC_final_XOF", style=dashed];
-    finaled -> finaled [label="EVP_MAC_final_XOF", style=dashed];
+    finaled -> finaled [label="EVP_MAC_final_XOF",
+                        fontcolor="#808080", color="#808080"];
     */
     finaled -> end [label="EVP_MAC_CTX_free"];
     updated -> initialised [label="EVP_MAC_init", style=dashed,
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index b6b5430a35..27930eb89a 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -8,7 +8,7 @@ EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params,
 EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
 EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
 EVP_MAC_CTX_get_mac_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final,
-EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
+EVP_MAC_finalXOF, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
 EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params,
 EVP_MAC_do_all_provided - EVP MAC routines
 
@@ -46,6 +46,7 @@ EVP_MAC_do_all_provided - EVP MAC routines
  int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
  int EVP_MAC_final(EVP_MAC_CTX *ctx,
                    unsigned char *out, size_t *outl, size_t outsize);
+ int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize);
 
  const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
  const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac);
@@ -140,6 +141,9 @@ dynamically, simply call with I<out> being NULL and I<outl>
 pointing at a valid location, then allocate space and make a second
 call with I<out> pointing at the allocated space.
 
+EVP_MAC_finalXOF() does the final computation for an XOF based MAC and stores
+the result in the memory pointed at by I<out> of size I<outsize>.
+
 EVP_MAC_get_params() retrieves details about the implementation
 I<mac>.
 The set of parameters given with I<params> determine exactly what
@@ -347,8 +351,8 @@ EVP_MAC_CTX_free() returns nothing at all.
 EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on
 success, 0 on error.
 
-EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0
-on error.
+EVP_MAC_init(), EVP_MAC_update(), EVP_MAC_final() and  EVP_MAC_finalXOF()
+return 1 on success, 0 on error.
 
 EVP_MAC_CTX_get_mac_size() returns the expected output size, or 0 if it isn't set.
 If it isn't set, a call to EVP_MAC_init() should get it set.
diff --git a/doc/man7/life_cycle-mac.pod b/doc/man7/life_cycle-mac.pod
index 0e7590740d..17be432ab0 100644
--- a/doc/man7/life_cycle-mac.pod
+++ b/doc/man7/life_cycle-mac.pod
@@ -68,9 +68,9 @@ The usual life-cycle of a MAC is illustrated:
  EVP_MAC_init |  +-------------------+  |
               |  |      updated      | -+
               |  +-------------------+
-              |    |
-              |    | EVP_MAC_final
-              |    v
+              |    |               |
+              |    | EVP_MAC_final | EVP_MAC_finalXOF
+              |    v               v
               |  +-------------------+
               +- |      finaled      |
                  +-------------------+
@@ -98,6 +98,7 @@ This is the canonical list.
  EVP_MAC_init                         initialised initialised initialised initialised
  EVP_MAC_update                                     updated     updated
  EVP_MAC_final                                                  finaled
+ EVP_MAC_finalXOF                                               finaled
  EVP_MAC_CTX_free                freed   freed       freed       freed       freed
  EVP_MAC_CTX_get_params                  newed    initialised   updated
  EVP_MAC_CTX_set_params                  newed    initialised   updated
@@ -146,6 +147,13 @@ This is the canonical list.
     <td style="border:1px solid" align="center">finaled</td>
     <td style="border:1px solid" align="center"></td>
     <td style="border:1px solid" align="center"></td></tr>
+<tr><th style="border:1px solid" align="left">EVP_MAC_finalXOF</th>
+    <td style="border:1px solid" align="center"></td>
+    <td style="border:1px solid" align="center"></td>
+    <td style="border:1px solid" align="center"></td>
+    <td style="border:1px solid" align="center">finaled</td>
+    <td style="border:1px solid" align="center"></td>
+    <td style="border:1px solid" align="center"></td></tr>
 <tr><th style="border:1px solid" align="left">EVP_MAC_CTX_free</th>
     <td style="border:1px solid" align="center">freed</td>
     <td style="border:1px solid" align="center">freed</td>
diff --git a/doc/man7/mac.png b/doc/man7/mac.png
index 1c486e1ba4..620f50a6f3 100644
Binary files a/doc/man7/mac.png and b/doc/man7/mac.png differ
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index f527de4d4c..91b84ebf6f 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1181,6 +1181,7 @@ int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
 int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
 int EVP_MAC_final(EVP_MAC_CTX *ctx,
                   unsigned char *out, size_t *outl, size_t outsize);
+int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize);
 const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
 const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac);
 const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac);
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index b2e08b14b6..ffa8bacd5b 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -95,8 +95,8 @@
 # define EVP_R_NO_OPERATION_SET                           149
 # define EVP_R_NULL_MAC_PKEY_CTX                          208
 # define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
-# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OPERATION_NOT_INITIALIZED                  151
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
 # define EVP_R_OUTPUT_WOULD_OVERFLOW                      202
 # define EVP_R_PARAMETER_TOO_LARGE                        187
 # define EVP_R_PARTIALLY_OVERLAPPING                      162
@@ -105,6 +105,7 @@
 # define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
 # define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_SETTING_XOF_FAILED                         227
 # define EVP_R_SET_DEFAULT_PROPERTY_FAILURE               209
 # define EVP_R_TOO_MANY_RECORDS                           183
 # define EVP_R_UNABLE_TO_ENABLE_LOCKING                   212
diff --git a/test/evp_test.c b/test/evp_test.c
index 79ca676c87..abb0485459 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1029,6 +1029,8 @@ typedef struct mac_data_st {
     /* MAC salt (blake2) */
     unsigned char *salt;
     size_t salt_len;
+    /* XOF mode? */
+    int xof;
     /* Collection of controls */
     STACK_OF(OPENSSL_STRING) *controls;
 } MAC_DATA;
@@ -1123,6 +1125,8 @@ static int mac_test_parse(EVP_TEST *t,
         return parse_bin(value, &mdata->input, &mdata->input_len);
     if (strcmp(keyword, "Output") == 0)
         return parse_bin(value, &mdata->output, &mdata->output_len);
+    if (strcmp(keyword, "XOF") == 0)
+        return mdata->xof = 1;
     if (strcmp(keyword, "Ctrl") == 0)
         return sk_OPENSSL_STRING_push(mdata->controls,
                                       OPENSSL_strdup(value)) != 0;
@@ -1164,6 +1168,10 @@ static int mac_test_run_pkey(EVP_TEST *t)
     size_t got_len;
     int i;
 
+    /* We don't do XOF mode via PKEY */
+    if (expected->xof)
+        return 1;
+
     if (expected->alg == NULL)
         TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
     else
@@ -1360,20 +1368,34 @@ static int mac_test_run_mac(EVP_TEST *t)
         t->err = "MAC_UPDATE_ERROR";
         goto err;
     }
-    if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
-        t->err = "MAC_FINAL_LENGTH_ERROR";
-        goto err;
-    }
-    if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
-        t->err = "TEST_FAILURE";
-        goto err;
-    }
-    if (!EVP_MAC_final(ctx, got, &got_len, got_len)
-        || !memory_err_compare(t, "TEST_MAC_ERR",
-                               expected->output, expected->output_len,
-                               got, got_len)) {
-        t->err = "TEST_MAC_ERR";
-        goto err;
+    if (expected->xof) {
+        if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
+            t->err = "TEST_FAILURE";
+            goto err;
+        }
+        if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
+            || !memory_err_compare(t, "TEST_MAC_ERR",
+                                   expected->output, expected->output_len,
+                                   got, expected->output_len)) {
+            t->err = "MAC_FINAL_ERROR";
+            goto err;
+        }
+    } else {
+        if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
+            t->err = "MAC_FINAL_LENGTH_ERROR";
+            goto err;
+        }
+        if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
+            t->err = "TEST_FAILURE";
+            goto err;
+        }
+        if (!EVP_MAC_final(ctx, got, &got_len, got_len)
+            || !memory_err_compare(t, "TEST_MAC_ERR",
+                                   expected->output, expected->output_len,
+                                   got, got_len)) {
+            t->err = "TEST_MAC_ERR";
+            goto err;
+        }
     }
     t->err = NULL;
  err:
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
index e2219ca12a..0229659807 100644
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -346,6 +346,61 @@ Ctrl = size:64
 
 Title = KMAC XOF Tests (From NIST)
 
+MAC = KMAC128
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 00010203
+Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
+XOF = 1
+
+MAC = KMAC128
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 00010203
+Custom = "My Tagged Application"
+Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
+XOF = 1
+
+MAC = KMAC128
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = "My Tagged Application"
+Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+XOF = 1
+Ctrl = size:32
+
+MAC = KMAC256
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 00010203
+Custom = "My Tagged Application"
+Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
+XOF = 1
+
+MAC = KMAC256
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = ""
+Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
+XOF = 1
+
+MAC = KMAC256
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = "My Tagged Application"
+Output = D5BE731C954ED7732846BB59DBE3A8E30F83E77A4BFF4459F2F1C2B4ECEBB8CE67BA01C62E8AB8578D2D499BD1BB276768781190020A306A97DE281DCC30305D
+Ctrl = size:64
+XOF = 1
+
+Title = KMAC long customisation string (from NIST ACVP)
+
+MAC = KMAC256
+Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
+Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
+Custom = "]J&/.?L/c&}p(b!X|?>i7!]CAH6P at 1<R'6|uOu2Vu^kCM!$ Een^pn&Zlale){mQhKjqe,)'-fsX6:u at D6+ZA^b70A)n)LMxo:Y!62;:[hP*yLERjL at rq30+iRaD#9|"
+Output = 4057EFD76A63049418AFC54559589821322B6029808A3BCAE4D49E961F909F5F667ACAD56BBCFB8033DCB4CC10AF1B53F014B8
+Ctrl = size:51
+XOF = 1
+
+Title = KMAC XOF Tests via ctrl (From NIST)
+
 MAC = KMAC128
 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
 Input = 00010203
@@ -389,7 +444,7 @@ Output = D5BE731C954ED7732846BB59DBE3A8E30F83E77A4BFF4459F2F1C2B4ECEBB8CE67BA01C
 Ctrl = size:64
 Ctrl = xof:1
 
-Title = KMAC long customisation string (from NIST ACVP)
+Title = KMAC long customisation string via ctrl (from NIST ACVP)
 
 MAC = KMAC256
 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 835b06b20b..da5936f1ab 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4413,6 +4413,7 @@ EVP_MAC_CTX_get_mac_size                ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_init                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_final                           ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_finalXOF                        ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_supports_digest_nid            ?	3_0_0	EXIST::FUNCTION:
 SRP_VBASE_add0_user                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SRP_user_pwd_new                        ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP

From tomas at openssl.org  Wed May  5 15:05:14 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 05 May 2021 15:05:14 +0000
Subject: [openssl]  master update
Message-ID: <1620227114.727832.10365.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8369592d35da7d321b8d2f4b5591acd72481111a (commit)
      from  b039c87a4ca3dd4e4ebbea4a5d1fd3821497f900 (commit)


- Log -----------------------------------------------------------------
commit 8369592d35da7d321b8d2f4b5591acd72481111a
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 4 16:53:42 2021 +0200

    Fix missing symbols in no-cms and no-ts build
    
    Fixes #15137
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15138)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ess/build.info | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/crypto/ess/build.info b/crypto/ess/build.info
index 3570633d73..f25c1271fb 100644
--- a/crypto/ess/build.info
+++ b/crypto/ess/build.info
@@ -1,9 +1,3 @@
 LIBS=../../libcrypto
 
-# compile ess_lib.c when cms or ts are enabled
-IF[{- !$disabled{'cms'} or !$disabled{'ts'} -}]
-  SOURCE[../../libcrypto]= ess_lib.c
-ENDIF
-
-SOURCE[../../libcrypto]= ess_asn1.c ess_err.c 
-
+SOURCE[../../libcrypto]= ess_asn1.c ess_err.c ess_lib.c

From kaduk at mit.edu  Wed May  5 16:03:25 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Wed, 05 May 2021 16:03:25 +0000
Subject: [openssl]  master update
Message-ID: <1620230605.272551.26289.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d (commit)
       via  cbbbc8fce41cc162c75d1e5bd1053b6085cb3b47 (commit)
       via  72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3 (commit)
      from  8369592d35da7d321b8d2f4b5591acd72481111a (commit)


- Log -----------------------------------------------------------------
commit 6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon May 3 13:23:53 2021 -0700

    adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
    
    The "bad DTLS" tests run into trouble due to the special behavior
    for that "bad" version, and the SSL record tests need to set the
    -legacy_server_connect flag to allow an SSLv2 ClientHello to work
    against any TLS server (since SSLv2 ClientHello messages cannot
    carry extensions as would be needed in order to negotiate the use
    of the renegitiation_info extension).
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15127)

commit cbbbc8fce41cc162c75d1e5bd1053b6085cb3b47
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon May 3 13:43:55 2021 -0700

    Correct ssl_conf logic for "legacy_server_connect"
    
    This option is only useful for the client, but it was previously
    marked as only being applicable for servers.
    
    Correct the entry to properly mark it as client-only, and update the
    s_server/s_client manuals accordingly.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15127)

commit 72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon May 3 12:16:19 2021 -0700

    Enforce secure renegotiation support by default
    
    Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
    SSL_CTX_new(), to allow connections to legacy servers that did not
    implement RFC 5746.
    
    It has been more than a decade since RFC 5746 was published, so
    there has been plenty of time for implmentation support to roll out.
    
    Change the default behavior to be to require peers to support
    secure renegotiation.  Existing applications that already cleared
    SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as
    re-clearing the flag is just a little bit of redundant work.
    The old behavior is still available by explicitly setting the flag
    in the application.
    
    Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for
    similar reasons.
    
    Document the behavior change in CHANGES.md, and update the
    SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change
    in default behavior.
    
    Fixes: 14848
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15127)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                        |  8 ++++++++
 doc/man1/openssl-s_client.pod.in  |  1 +
 doc/man1/openssl-s_server.pod.in  |  1 -
 doc/man3/SSL_CONF_cmd.pod         |  1 -
 doc/man3/SSL_CTX_set_options.pod  | 19 ++++++-------------
 include/openssl/ssl.h.in          |  1 -
 ssl/ssl_conf.c                    |  2 +-
 ssl/ssl_lib.c                     |  5 -----
 test/bad_dtls_test.c              |  2 ++
 test/recipes/70-test_sslrecords.t |  2 +-
 10 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 7b6c7c5ffb..6e89f9814c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -82,6 +82,14 @@ OpenSSL 3.0
 
    *Boris Pismenny, John Baldwin and Andrew Gallatin*
 
+ * Support for RFC 5746 secure renegotiation is now required by default for
+   SSL or TLS connections to succeed.  Applications that require the ability
+   to connect to legacy peers will need to explicitly set
+   SSL_OP_LEGACY_SERVER_CONNECT.  Accordingly, SSL_OP_LEGACY_SERVER_CONNECT
+   is no longer set as part of SSL_OP_ALL.
+
+   *Benjamin Kaduk*
+
  * The signature of the `copy` functional parameter of the
    EVP_PKEY_meth_set_copy() function has changed so its `src` argument is
    now `const EVP_PKEY_CTX *` instead of `EVP_PKEY_CTX *`. Similarly
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 6d6ba81384..e11df7a9ae 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -83,6 +83,7 @@ B<openssl> B<s_client>
 [B<-comp>]
 [B<-no_comp>]
 [B<-brief>]
+[B<-legacy_server_connect>]
 [B<-allow_no_dhe_kex>]
 [B<-sigalgs> I<sigalglist>]
 [B<-curves> I<curvelist>]
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 243ab8b3e0..fa4190a869 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -94,7 +94,6 @@ B<openssl> B<s_server>
 [B<-serverpref>]
 [B<-legacy_renegotiation>]
 [B<-no_renegotiation>]
-[B<-legacy_server_connect>]
 [B<-no_resumption_on_reneg>]
 [B<-no_legacy_server_connect>]
 [B<-allow_no_dhe_kex>]
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 125164e4c8..8da8f7f060 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -76,7 +76,6 @@ set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
 
 permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
 clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
-Set by default.
 
 =item B<-prioritize_chacha>
 
diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index 1bc5894127..e84aaac8a8 100644
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -88,8 +88,7 @@ implementations.
 
 =item SSL_OP_ALL
 
-All of the above bug workarounds plus B<SSL_OP_LEGACY_SERVER_CONNECT> as
-mentioned below.
+All of the above bug workarounds.
 
 =back
 
@@ -193,8 +192,7 @@ servers. See the B<SECURE RENEGOTIATION> section for more details.
 =item SSL_OP_LEGACY_SERVER_CONNECT
 
 Allow legacy insecure renegotiation between OpenSSL and unpatched servers
-B<only>: this option is currently set by default. See the
-B<SECURE RENEGOTIATION> section for more details.
+B<only>. See the B<SECURE RENEGOTIATION> section for more details.
 
 =item SSL_OP_NO_ENCRYPT_THEN_MAC
 
@@ -378,15 +376,10 @@ and renegotiation between patched OpenSSL clients and unpatched servers
 succeeds. If neither option is set then initial connections to unpatched
 servers will fail.
 
-The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
-though it has security implications: otherwise it would be impossible to
-connect to unpatched servers (i.e. all of them initially) and this is clearly
-not acceptable. Renegotiation is permitted because this does not add any
-additional security issues: during an attack clients do not see any
-renegotiations anyway.
-
-As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
-B<not> be set by default in a future version of OpenSSL.
+Setting the option B<SSL_OP_LEGACY_SERVER_CONNECT> has security implications;
+clients that are willing to connect to servers that do not implement
+RFC 5746 secure renegotiation are subject to attacks such as
+CVE-2009-3555.
 
 OpenSSL client applications wishing to ensure they can connect to unpatched
 servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index d607d8d02f..d03fff6be5 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -425,7 +425,6 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
  */
 # define SSL_OP_ALL        (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\
                             SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\
-                            SSL_OP_LEGACY_SERVER_CONNECT|\
                             SSL_OP_TLSEXT_PADDING|\
                             SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
 
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 4e71a9cf64..1f288b5e06 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -684,7 +684,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_SWITCH("no_ticket", 0),
     SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
     SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
-    SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_CLIENT),
     SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
     SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
     SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 27a5ec4581..c9b49279c5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3310,11 +3310,6 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
     }
 # endif
 #endif
-    /*
-     * Default is to connect to non-RI servers. When RI is more widely
-     * deployed might change this.
-     */
-    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
     /*
      * Disable compression by default to prevent CRIME. Applications can
      * re-enable compression by configuring
diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index 48cf45bae6..a67db1737e 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -494,6 +494,8 @@ static int test_bad_dtls(void)
     if (!TEST_ptr(ctx)
             || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER))
             || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER))
+            || !TEST_true(SSL_CTX_set_options(ctx,
+                                              SSL_OP_LEGACY_SERVER_CONNECT))
             || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA")))
         goto end;
 
diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index 729a41856d..318c9235b0 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -96,7 +96,7 @@ my $sslv2testtype = TLSV1_2_IN_SSLV2;
 $proxy->clear();
 $proxy->filter(\&add_sslv2_filter);
 $proxy->serverflags("-tls1_2");
-$proxy->clientflags("-no_tls1_3");
+$proxy->clientflags("-no_tls1_3 -legacy_renegotiation");
 $proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
 $proxy->start();
 ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");

From dev at ddvo.net  Wed May  5 18:49:00 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Wed, 05 May 2021 18:49:00 +0000
Subject: [openssl]  master update
Message-ID: <1620240540.589732.9522.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b0f960189b8696f878b163d7123afdb99dfdb738 (commit)
       via  284076982de7529585c4c13a663203588bff8b12 (commit)
      from  6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d (commit)


- Log -----------------------------------------------------------------
commit b0f960189b8696f878b163d7123afdb99dfdb738
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 1 15:29:00 2021 +0200

    APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15111)

commit 284076982de7529585c4c13a663203588bff8b12
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 1 14:35:21 2021 +0200

    APPS: Slightly extend and improve documentation of the opt_ API
    
    Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15111)

-----------------------------------------------------------------------

Summary of changes:
 apps/asn1pars.c               |  2 +-
 apps/ca.c                     |  2 +-
 apps/ciphers.c                |  2 +-
 apps/cmp.c                    |  6 +--
 apps/cms.c                    |  2 +-
 apps/crl.c                    |  2 +-
 apps/crl2p7.c                 |  2 +-
 apps/dgst.c                   |  3 +-
 apps/dhparam.c                |  2 +-
 apps/dsa.c                    |  2 +-
 apps/dsaparam.c               |  2 +-
 apps/ec.c                     |  2 +-
 apps/ecparam.c                |  2 +-
 apps/enc.c                    |  2 +-
 apps/engine.c                 |  2 +-
 apps/fipsinstall.c            |  2 +-
 apps/gendsa.c                 |  2 +-
 apps/genpkey.c                |  2 +-
 apps/genrsa.c                 |  2 +-
 apps/include/opt.h            | 54 ++++++++++++-----------
 apps/info.c                   |  2 +-
 apps/kdf.c                    |  2 +-
 apps/lib/apps.c               |  1 +
 apps/lib/opt.c                | 29 +++++--------
 apps/list.c                   |  3 +-
 apps/mac.c                    |  2 +-
 apps/nseq.c                   |  2 +-
 apps/ocsp.c                   |  2 +-
 apps/passwd.c                 |  2 +-
 apps/pkcs12.c                 |  2 +-
 apps/pkcs7.c                  |  2 +-
 apps/pkcs8.c                  |  2 +-
 apps/pkey.c                   |  2 +-
 apps/pkeyparam.c              |  2 +-
 apps/pkeyutl.c                |  2 +-
 apps/prime.c                  |  2 +-
 apps/rand.c                   |  2 +-
 apps/rehash.c                 |  2 +-
 apps/req.c                    |  2 +-
 apps/rsa.c                    |  2 +-
 apps/rsautl.c                 |  2 +-
 apps/s_client.c               |  2 +-
 apps/s_server.c               |  3 +-
 apps/s_time.c                 |  2 +-
 apps/sess_id.c                |  2 +-
 apps/smime.c                  |  2 +-
 apps/speed.c                  |  2 +-
 apps/spkac.c                  |  2 +-
 apps/srp.c                    |  2 +-
 apps/storeutl.c               |  3 +-
 apps/ts.c                     |  2 +-
 apps/verify.c                 |  2 +-
 apps/version.c                |  2 +-
 apps/x509.c                   |  4 +-
 doc/internal/man3/OPTIONS.pod | 99 +++++++++++++++++++++++++++----------------
 test/ecstresstest.c           |  4 +-
 56 files changed, 165 insertions(+), 134 deletions(-)

diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 798e8d1668..95a21a04f4 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -19,7 +19,7 @@
 #include <openssl/asn1t.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
     OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
     OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
diff --git a/apps/ca.c b/apps/ca.c
index 4f125b22a9..9dd46e4f5c 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -143,7 +143,7 @@ static int preserve = 0;
 static int msie_hack = 0;
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
     OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE,
     OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN,
diff --git a/apps/ciphers.c b/apps/ciphers.c
index dd70f0c632..6e4fedd9a7 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -17,7 +17,7 @@
 #include "s_apps.h"
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_STDNAME,
     OPT_CONVERT,
     OPT_SSL3,
diff --git a/apps/cmp.c b/apps/cmp.c
index 51dd971162..fdd0043311 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -188,7 +188,7 @@ static int opt_accept_raverified = 0;
 static X509_VERIFY_PARAM *vpm = NULL;
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_CONFIG, OPT_SECTION, OPT_VERBOSITY,
 
     OPT_CMD, OPT_INFOTYPE, OPT_GENINFO,
@@ -2188,10 +2188,10 @@ static char *opt_str(void)
 
     if (arg[0] == '\0') {
         CMP_warn1("%s option argument is empty string, resetting option",
-                  opt_name());
+                  opt_flag());
         arg = NULL;
     } else if (arg[0] == '-') {
-        CMP_warn1("%s option argument starts with hyphen", opt_name());
+        CMP_warn1("%s option argument starts with hyphen", opt_flag());
     }
     return arg;
 }
diff --git a/apps/cms.c b/apps/cms.c
index 88b70fc67f..e512f1d3e8 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -61,7 +61,7 @@ struct cms_key_param_st {
 };
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
     OPT_DECRYPT, OPT_SIGN, OPT_CADES, OPT_SIGN_RECEIPT, OPT_RESIGN,
     OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
diff --git a/apps/crl.c b/apps/crl.c
index 8a0dc3605d..8f1babde6f 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -19,7 +19,7 @@
 #include <openssl/pem.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
     OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
     OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 42c18555bb..fe59e65427 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -22,7 +22,7 @@
 static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/dgst.c b/apps/dgst.c
index 13a4e0773b..fcc7fc8679 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -36,7 +36,8 @@ struct doall_dgst_digests {
 };
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
+    OPT_COMMON,
+    OPT_LIST,
     OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
     OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
     OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
diff --git a/apps/dhparam.c b/apps/dhparam.c
index b43935eb7f..5bb4b7f04a 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -34,7 +34,7 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh);
 static int gendh_cb(EVP_PKEY_CTX *ctx);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
     OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
     OPT_DSAPARAM, OPT_2, OPT_3, OPT_5,
diff --git a/apps/dsa.c b/apps/dsa.c
index 9a7bf04adb..c00673a8ac 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -33,7 +33,7 @@
 #endif
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
     /* Do not change the order here; see case statements below */
     OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index a38dceb255..c78d28ecb1 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -27,7 +27,7 @@ static int verbose = 0;
 static int gendsa_cb(EVP_PKEY_CTX *ctx);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
     OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE,
     OPT_R_ENUM, OPT_PROV_ENUM
diff --git a/apps/ec.c b/apps/ec.c
index f8f77dd492..379c6b6132 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -22,7 +22,7 @@
 #include "ec_common.h"
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
     OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
     OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
diff --git a/apps/ecparam.c b/apps/ecparam.c
index c99b8cc909..e9e36d1d8b 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -22,7 +22,7 @@
 #include "ec_common.h"
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
     OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
     OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED,
diff --git a/apps/enc.c b/apps/enc.c
index 217526f450..4339ba4114 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -39,7 +39,7 @@ struct doall_enc_ciphers {
 };
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_LIST,
     OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
     OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
diff --git a/apps/engine.c b/apps/engine.c
index b494a79447..b132bb7608 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -23,7 +23,7 @@
 #include <openssl/store.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
     OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
 } OPTION_CHOICE;
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 651df6250f..6a104e60aa 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -33,7 +33,7 @@ static int self_test_log = 1;
 static int quiet = 0;
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_IN, OPT_OUT, OPT_MODULE,
     OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY,
     OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG,
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 38d7b4a3eb..6d1c91d230 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -23,7 +23,7 @@
 #include <openssl/pem.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE,
     OPT_R_ENUM, OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 746cd5902f..f10390e1ba 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -20,7 +20,7 @@ static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
 static int genpkey_cb(EVP_PKEY_CTX *ctx);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
     OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
     OPT_CONFIG,
diff --git a/apps/genrsa.c b/apps/genrsa.c
index e5118d4902..0e84687b32 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -32,7 +32,7 @@ static int verbose = 0;
 static int genrsa_cb(EVP_PKEY_CTX *ctx);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
 #ifndef OPENSSL_NO_DEPRECATED_3_0
     OPT_3,
 #endif
diff --git a/apps/include/opt.h b/apps/include/opt.h
index f22e9af05e..c6ec09f882 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -14,6 +14,8 @@
 #include <openssl/types.h>
 #include <stdarg.h>
 
+#define OPT_COMMON OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
+
 /*
  * Common verification options.
  */
@@ -342,46 +344,50 @@ typedef struct string_int_pair_st {
 #define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" }
 
 const char *opt_path_end(const char *filename);
+char *opt_init(int ac, char **av, const OPTIONS * o);
 char *opt_progname(const char *argv0);
-char *opt_appname(const char *arg0);
+char *opt_appname(const char *argv0);
 char *opt_getprog(void);
-char *opt_init(int ac, char **av, const OPTIONS * o);
-int opt_next(void);
+void opt_help(const OPTIONS * list);
+
 void opt_begin(void);
-int opt_format(const char *s, unsigned long flags, int *result);
+int opt_next(void);
+char *opt_flag(void);
+char *opt_arg(void);
+char *opt_unknown(void);
+int opt_cipher(const char *name, EVP_CIPHER **cipherp);
+int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
+int opt_md(const char *name, EVP_MD **mdp);
+int opt_md_silent(const char *name, EVP_MD **mdp);
+
 int opt_int(const char *arg, int *result);
 int opt_int_arg(void);
-int opt_ulong(const char *arg, unsigned long *result);
 int opt_long(const char *arg, long *result);
+int opt_ulong(const char *arg, unsigned long *result);
 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
     defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
     !defined(OPENSSL_NO_INTTYPES_H)
-int opt_imax(const char *arg, intmax_t *result);
-int opt_umax(const char *arg, uintmax_t *result);
+int opt_intmax(const char *arg, intmax_t *result);
+int opt_uintmax(const char *arg, uintmax_t *result);
 #else
-# define opt_imax opt_long
-# define opt_umax opt_ulong
+# define opt_intmax opt_long
+# define opt_uintmax opt_ulong
 # define intmax_t long
 # define uintmax_t unsigned long
 #endif
-int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+
+int opt_isdir(const char *name);
+int opt_format(const char *s, unsigned long flags, int *result);
+void print_format_error(int format, unsigned long flags);
+int opt_printf_stderr(const char *fmt, ...);
 int opt_string(const char *name, const char **options);
-int opt_cipher(const char *name, EVP_CIPHER **cipherp);
-int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
-int opt_md(const char *name, EVP_MD **mdp);
-int opt_md_silent(const char *name, EVP_MD **mdp);
-char *opt_name(void);
-char *opt_arg(void);
-char *opt_flag(void);
-char *opt_unknown(void);
-char **opt_rest(void);
-int opt_num_rest(void);
+int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+
 int opt_verify(int i, X509_VERIFY_PARAM *vpm);
 int opt_rand(int i);
 int opt_provider(int i);
-void opt_help(const OPTIONS * list);
-void print_format_error(int format, unsigned long flags);
-int opt_isdir(const char *name);
-int opt_printf_stderr(const char *fmt, ...);
+
+char **opt_rest(void);
+int opt_num_rest(void);
 
 #endif /* OSSL_APPS_OPT_H */
diff --git a/apps/info.c b/apps/info.c
index 5099853494..e432be46d5 100644
--- a/apps/info.c
+++ b/apps/info.c
@@ -12,7 +12,7 @@
 #include "progs.h"
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP,
     OPT_LISTSEP, OPT_SEEDS, OPT_CPUSETTINGS
 } OPTION_CHOICE;
diff --git a/apps/kdf.c b/apps/kdf.c
index c036a1bf47..b3865d9e87 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -18,7 +18,7 @@
 #include <openssl/params.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 81b543ec68..bfd938b555 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -3152,6 +3152,7 @@ void make_uppercase(char *string)
         string[i] = toupper((unsigned char)string[i]);
 }
 
+/* This function is defined here due to visibility of bio_err */
 int opt_printf_stderr(const char *fmt, ...)
 {
     va_list ap;
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index a6b6f7ce4f..4b75b46681 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -36,7 +36,6 @@ const char OPT_PARAM_STR[] = "-P";
 static char **argv;
 static int argc;
 static int opt_index;
-static char *param_name;
 static char *arg;
 static char *flag;
 static char *dunno;
@@ -142,12 +141,12 @@ char *opt_progname(const char *argv0)
 }
 #endif
 
-char *opt_appname(const char *arg0)
+char *opt_appname(const char *argv0)
 {
     size_t len = strlen(prog);
 
-    if (arg0 != NULL)
-        BIO_snprintf(prog + len, sizeof(prog) - len - 1, " %s", arg0);
+    if (argv0 != NULL)
+        BIO_snprintf(prog + len, sizeof(prog) - len - 1, " %s", argv0);
     return prog;
 }
 
@@ -456,7 +455,7 @@ int opt_int(const char *value, int *result)
     return 1;
 }
 
-/* Parse and return a natural number, assuming range has been checked before. */
+/* Parse and return an integer, assuming range has been checked before. */
 int opt_int_arg(void)
 {
     int result = -1;
@@ -515,7 +514,7 @@ int opt_long(const char *value, long *result)
     !defined(OPENSSL_NO_INTTYPES_H)
 
 /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
-int opt_imax(const char *value, intmax_t *result)
+int opt_intmax(const char *value, intmax_t *result)
 {
     int oerrno = errno;
     intmax_t m;
@@ -537,7 +536,7 @@ int opt_imax(const char *value, intmax_t *result)
 }
 
 /* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
-int opt_umax(const char *value, uintmax_t *result)
+int opt_uintmax(const char *value, uintmax_t *result)
 {
     int oerrno = errno;
     uintmax_t m;
@@ -654,7 +653,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
             X509_VERIFY_PARAM_set_auth_level(vpm, i);
         break;
     case OPT_V_ATTIME:
-        if (!opt_imax(opt_arg(), &t))
+        if (!opt_intmax(opt_arg(), &t))
             return 0;
         if (t != (time_t)t) {
             opt_printf_stderr("%s: epoch time out of range %s\n",
@@ -768,7 +767,7 @@ int opt_next(void)
 
     /* Look at current arg; at end of the list? */
     arg = NULL;
-    p = param_name = argv[opt_index];
+    p = argv[opt_index];
     if (p == NULL)
         return 0;
 
@@ -850,11 +849,11 @@ int opt_next(void)
             }
             break;
         case 'M':
-            if (!opt_imax(arg, &imval))
+            if (!opt_intmax(arg, &imval))
                 return -1;
             break;
         case 'U':
-            if (!opt_umax(arg, &umval))
+            if (!opt_uintmax(arg, &umval))
                 return -1;
             break;
         case 'l':
@@ -891,19 +890,13 @@ int opt_next(void)
     return -1;
 }
 
-/* Return the name of the most recent flag parameter. */
-char *opt_name(void)
-{
-    return param_name;
-}
-
 /* Return the most recent flag parameter. */
 char *opt_arg(void)
 {
     return arg;
 }
 
-/* Return the most recent flag. */
+/* Return the most recent flag (option name including the preceding '-'). */
 char *opt_flag(void)
 {
     return flag;
diff --git a/apps/list.c b/apps/list.c
index af6ae3f1a0..a8646addb1 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1374,7 +1374,8 @@ static void list_disabled(void)
 
 /* Unified enum for help and list commands. */
 typedef enum HELPLIST_CHOICE {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE, OPT_VERBOSE,
+    OPT_COMMON,
+    OPT_ONE, OPT_VERBOSE,
     OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS,
     OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
     OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED,
diff --git a/apps/mac.c b/apps/mac.c
index 8f8dcde318..c722be3102 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -20,7 +20,7 @@
 #define BUFSIZE 1024*8
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/nseq.c b/apps/nseq.c
index 706ca58f65..8848e895ae 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -15,7 +15,7 @@
 #include <openssl/err.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_TOSEQ, OPT_IN, OPT_OUT,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 35a328bc69..d59cd1eb59 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -85,7 +85,7 @@ static int index_changed(CA_DB *);
 #endif
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT,
     OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE,
     OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS,
diff --git a/apps/passwd.c b/apps/passwd.c
index 1203b7443e..65cbd9e493 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -50,7 +50,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
                      int reverse, size_t pw_maxlen, passwd_modes mode);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_IN,
     OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
     OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index c2508163f0..90550b1f44 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -55,7 +55,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk);
 static int set_pbe(int *ppbe, const char *str);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
     OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
 #ifndef OPENSSL_NO_DES
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index fea9eadf65..ba11e8151a 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -21,7 +21,7 @@
 #include <openssl/pem.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
     OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE,
     OPT_PROV_ENUM
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 1c4dd1220b..d7cb2d6672 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -18,7 +18,7 @@
 #include <openssl/pkcs12.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
     OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
 #ifndef OPENSSL_NO_SCRYPT
diff --git a/apps/pkey.c b/apps/pkey.c
index 0587aacc30..d7e32b6e58 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -18,7 +18,7 @@
 #include <openssl/core_names.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
     OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
     OPT_TEXT, OPT_NOOUT, OPT_CIPHER, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK,
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
index 8b4ac1d222..45647341ce 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -17,7 +17,7 @@
 #include <openssl/evp.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
     OPT_ENGINE, OPT_CHECK,
     OPT_PROV_ENUM
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index a9571b5f63..3a26ec5ca7 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -40,7 +40,7 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
                         unsigned char **out, size_t *poutlen);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
     OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
     OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
diff --git a/apps/prime.c b/apps/prime.c
index 1879d14111..20b26cddad 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -14,7 +14,7 @@
 #include <openssl/bn.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/rand.c b/apps/rand.c
index 24f8c64d43..cbf495d5bc 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -19,7 +19,7 @@
 #include <openssl/rand.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
     OPT_R_ENUM, OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/rehash.c b/apps/rehash.c
index 36e8e0fda2..65ccacc0a8 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -466,7 +466,7 @@ static int do_dir(const char *dirname, enum Hash h)
 }
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
diff --git a/apps/req.c b/apps/req.c
index 5408dc7505..6817a8bd54 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -79,7 +79,7 @@ static CONF *addext_conf = NULL;
 static int batch = 0;
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
     OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
     OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY,
diff --git a/apps/rsa.c b/apps/rsa.c
index 47316757d5..0ff6cf3266 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -37,7 +37,7 @@
 #endif
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
     OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
     OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 57a3f8b4fc..a8911ff206 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -26,7 +26,7 @@
 #define KEY_CERT        3
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
     OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931,
     OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
diff --git a/apps/s_client.c b/apps/s_client.c
index dfc38b6659..3c62739698 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -429,7 +429,7 @@ static int tlsa_import_rrset(SSL *con, STACK_OF(OPENSSL_STRING) *rrset)
 }
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX,
     OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT,
     OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
diff --git a/apps/s_server.c b/apps/s_server.c
index 9ffd499a0a..6adee7ec6d 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -672,7 +672,8 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
 }
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
+    OPT_COMMON,
+    OPT_ENGINE,
     OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
     OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
     OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
diff --git a/apps/s_time.c b/apps/s_time.c
index bda61176e3..8c43db952e 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -43,7 +43,7 @@ static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
 static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
     OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
     OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
diff --git a/apps/sess_id.c b/apps/sess_id.c
index de25cea156..a1e5415cc4 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -19,7 +19,7 @@
 #include <openssl/ssl.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
     OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT
 } OPTION_CHOICE;
diff --git a/apps/smime.c b/apps/smime.c
index ed12b92193..011dc99c4b 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -33,7 +33,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
 #define SMIME_RESIGN    (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
     OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
     OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
diff --git a/apps/speed.c b/apps/speed.c
index 5363b0d7f8..0892b60369 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -207,7 +207,7 @@ static int opt_found(const char *name, unsigned int *result,
     opt_found(value, result, pairs, OSSL_NELEM(pairs))
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
     OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
     OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
diff --git a/apps/spkac.c b/apps/spkac.c
index cfbbc41e18..9c12504b90 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -21,7 +21,7 @@
 #include <openssl/pem.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
     OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
     OPT_SPKSECT, OPT_KEYFORM,
diff --git a/apps/srp.c b/apps/srp.c
index af62e7e200..aad08fb229 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -190,7 +190,7 @@ static char *srp_create_user(char *user, char **srp_verifier,
 }
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
     OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
     OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM, OPT_PROV_ENUM
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 7fec56c9ea..3e7ab32b7a 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -22,7 +22,8 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
                    const char *prog, OSSL_LIB_CTX *libctx);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN,
+    OPT_COMMON,
+    OPT_ENGINE, OPT_OUT, OPT_PASSIN,
     OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE,
     OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS,
     OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL,
diff --git a/apps/ts.c b/apps/ts.c
index ad6a3d382b..db5ecb32c2 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -77,7 +77,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
 static int verify_cb(int ok, X509_STORE_CTX *ctx);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
     OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
     OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
diff --git a/apps/verify.c b/apps/verify.c
index 718174a83d..d66f137258 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -26,7 +26,7 @@ static int check(X509_STORE *ctx, const char *file,
 static int v_verbose = 0, vflags = 0;
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
     OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
     OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
diff --git a/apps/version.c b/apps/version.c
index cb00f55d89..b4cc2e04a1 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -17,7 +17,7 @@
 #include <openssl/bn.h>
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C
 } OPTION_CHOICE;
 
diff --git a/apps/x509.c b/apps/x509.c
index 50453c4b7c..a9c5d41096 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -39,7 +39,7 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
 static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names);
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMMON,
     OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
     OPT_CAKEYFORM, OPT_VFYOPT, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE,
     OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_KEY, OPT_SIGNKEY, OPT_CA, OPT_CAKEY,
@@ -544,7 +544,7 @@ int x509_main(int argc, char **argv)
             checkend = 1;
             {
                 intmax_t temp = 0;
-                if (!opt_imax(opt_arg(), &temp))
+                if (!opt_intmax(opt_arg(), &temp))
                     goto opthelp;
                 checkoffset = (time_t)temp;
                 if ((intmax_t)checkoffset != temp) {
diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod
index 3c0fcdaf80..29151b3761 100644
--- a/doc/internal/man3/OPTIONS.pod
+++ b/doc/internal/man3/OPTIONS.pod
@@ -2,11 +2,12 @@
 
 =head1 NAME
 
-OPTIONS, OPT_PAIR,
-opt_progname, opt_appname, opt_getprog, opt_init, opt_format,
-opt_int, opt_long, opt_imax, opt_umax, opt_ulong, opt_pair,
-opt_string, opt_cipher, opt_md, opt_next, opt_arg, opt_flag, opt_unknown,
-opt_num_rest, opt_rest, opt_help, opt_isdir
+OPTIONS, OPT_PAIR, OPT_COMMON, OPT_ERR, OPT_EOF, OPT_HELP,
+opt_init, opt_progname, opt_appname, opt_getprog, opt_help,
+opt_begin, opt_next, opt_flag, opt_arg, opt_unknown, opt_cipher, opt_md,
+opt_int, opt_int_arg, opt_long, opt_ulong, opt_intmax, opt_uintmax,
+opt_format, opt_isdir, opt_string, opt_pair,
+opt_num_rest, opt_rest
 - Option parsing for commands and tests
 
 =head1 SYNOPSIS
@@ -15,29 +16,34 @@ opt_num_rest, opt_rest, opt_help, opt_isdir
 
  typedef struct { ... }  OPTIONS;
  typedef struct { ... } OPT_PAIR;
+ #define OPT_COMMON
+ #define OPT_ERR
+ #define OPT_EOF
+ #define OPT_HELP
 
+ char *opt_init(int argc, char **argv, const OPTIONS *o);
  char *opt_progname(const char *argv0);
- char *opt_appname(const char *arg0);
+ char *opt_appname(const char *argv0);
  char *opt_getprog(void);
- char *opt_init(int argc, char **argv, const OPTIONS *o);
+ void opt_help(const OPTIONS *list);
 
+ void opt_begin(void);
  int opt_next(void);
- void opt_help(const OPTIONS *list);
- char *opt_arg(void);
  char *opt_flag(void);
+ char *opt_arg(void);
  char *opt_unknown(void);
  int opt_cipher(const char *name, EVP_CIPHER **cipherp);
  int opt_md(const char *name, EVP_MD **mdp);
 
  int opt_int(const char *value, int *result);
+ int opt_int_arg(void);
  int opt_long(const char *value, long *result);
- int opt_imax(const char *value, intmax_t *result);
- int opt_umax(const char *value, uintmax_t *result);
  int opt_ulong(const char *value, unsigned long *result);
-
- int opt_isdir(const char *name);
+ int opt_intmax(const char *value, intmax_t *result);
+ int opt_uintmax(const char *value, uintmax_t *result);
 
  int opt_format(const char *s, unsigned long flags, int *result);
+ int opt_isdir(const char *name);
  int opt_string(const char *name, const char **options);
  int opt_pair(const char *name, const OPT_PAIR* pairs, int *result);
 
@@ -65,14 +71,15 @@ Each program should define, near the main() routine, an enumeration
 that is the set of options the program accepts. For example:
 
     typedef enum OPTION_choice {
-        OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+        OPT_COMMON,
         OPT_YES, OPT_NAME, OPT_COUNT, OPT_OFILE,
         ...
     } OPTION_CHOICE;
 
-The first two lines must appear exactly as shown. In addition to
-defining symbolic names for the constants that opt_next() returns,
-it also helps guarantee that every command has a C<-help> option.
+The first two lines must appear exactly as shown.
+OPT_COMMON is a macro that expands to C<OPT_ERR = -1, OPT_EOF = 0, OPT_HELP>.
+In addition to defining symbolic names for the constants that opt_next()
+returns, it also helps guarantee that every command has a C<-help> option.
 The third line is a sample
 set of flags, and the closing C<typedef> name is used for error-checking
 as discussed below.
@@ -184,19 +191,30 @@ the help string:
 
 =head2 Functions
 
-The opt_init() function takes the "argc, argv" arguments given to main() and
-a pointer to the list of options. It returns the simple program
+The opt_init() function takes the I<argc> and I<argv> arguments given to main()
+and a pointer I<o> to the list of options. It returns the simple program
 name, as defined by opt_progname().
 
-The opt_progname() function takes the full pathname, C<argv[0]>, and returns
+The opt_progname() function takes the full pathname C<argv[0]> in its I<arg0>
+parameter and returns
 the simple short name of the executable, to be used for error messages and
-the like.  The opt_appname() functions takes the "application" name (such
+the like.
+
+The opt_appname() function takes in its I<argv0> parameter
+the "application" name (such
 as the specific command from L<openssl(1)> and appends it to the program
-name. This function should only be called once.  Once set, opt_getprog()
-also returns the value.
+name. This function should only be called once.
+
+The opt_getprog() function returns the value set by opt_appname().
+
+The opt_help() function takes a list of option definitions and prints a
+nicely-formatted output.
+
+The opt_begin() function, which is called automatically by opt_init(),
+can be used to reset the option parsing loop.
 
-Once opt_init() has been called, opt_next() can be called in a loop to
-fetch each option in turn. It returns -1, or OPT_EOF when the
+The opt_next() function is called, once opt_init() has been called,
+in a loop to fetch each option in turn. It returns -1, or B<OPT_EOF> when the
 end of arguments has been reached. This is typically done like this:
 
     prog = opt_init(argc, argv, my_options);
@@ -214,13 +232,14 @@ end of arguments has been reached. This is typically done like this:
         }
     }
 
-The opt_help() function takes a list of option definitions and prints a
-nicely-formatted output.
+Within the option parsing loop, the following functions may be called.
+
+The opt_flag() function returns the most recent option name
+including the preceding C<->.
 
-Within the option parsing loop, opt_flag() returns the option,
-without any leading hyphens. The opt_arg() function returns
-the option's value, if there is one.
+The opt_arg() function returns the option's argument value, if there is one.
 
+The opt_unknown() function returns the unknown option.
 In an option list, there can be at most one option with the empty string.
 This is a "wildcard" or "unknown" option. For example, it allows an
 option to be be taken as digest algorithm, like C<-sha1>. The
@@ -229,7 +248,7 @@ the cipher into I<cipherp>.  The function opt_md() does the same
 thing for message digest.
 
 There are a several useful functions for parsing numbers.  These are
-opt_int(), opt_long(), opt_ulong(), opt_imax(), and opt_umax().  They all
+opt_int(), opt_long(), opt_ulong(), opt_intmax(), and opt_uintmax().  They all
 take C<0x> to mean hexadecimal and C<0> to mean octal, and will do the
 necessary range-checking. They return 1 if successful and fill in the
 C<result> pointer with the value, or 0 on error. Note that opt_next()
@@ -237,11 +256,16 @@ will also do range-check on the argument if the appropriate B<valtype>
 field is specified for the option. This means that error-checking inside
 the C<switch> C<case> can often be elided.
 
-The opt_isdir() function returns 1 if the specified I<name> is
-a directory, or 0 if not. The opt_format() function takes a string value,
+The opt_int_arg() function is a convenience abbreviation to opt_int().
+It parses and returns an integer, assuming its range has been checked before.
+
+The opt_format() function takes a string value,
 such as used with the B<-informat> or similar option, and fills
 the value from the constants in F<fmt.h> file.
 
+The opt_isdir() function returns 1 if the specified I<name> is
+a directory, or 0 if not.
+
 The opt_string() function checks that I<name> appears in the
 NULL-terminated array of strings. It returns 1 if found,
 or prints a diagnostic and returns 0 if not.
@@ -251,10 +275,13 @@ has a text name and an integer. The specified I<name> is
 found on the list, it puts the index in I<*result>, and returns
 1. If not found, it returns 0.
 
-After processing all the options, the opt_num_rest() returns what is
-left, and opt_rest() returns a pointer to the first non-option.
+The following functions can be used after processing all the options.
+
+The opt_num_rest() function returns what is left.
+
+The opt_rest() function returns a pointer to the first non-option.
 If there were no parameters, it will point to the NULL that is
-at the end of the standard B<argv> array.
+at the end of the standard I<argv> array.
 
 =head2 Common Options
 
diff --git a/test/ecstresstest.c b/test/ecstresstest.c
index 5a831e338a..f6adc4235e 100644
--- a/test/ecstresstest.c
+++ b/test/ecstresstest.c
@@ -127,7 +127,7 @@ int setup_tests(void)
 {
     OPTION_CHOICE o;
 
-    if (!opt_imax(NUM_REPEATS, &num_repeats)) {
+    if (!opt_intmax(NUM_REPEATS, &num_repeats)) {
         TEST_error("Cannot parse " NUM_REPEATS);
         return 0;
     }
@@ -135,7 +135,7 @@ int setup_tests(void)
     while ((o = opt_next()) != OPT_EOF) {
         switch (o) {
         case OPT_NUM_REPEATS:
-            if (!opt_imax(opt_arg(), &num_repeats)
+            if (!opt_intmax(opt_arg(), &num_repeats)
                     || num_repeats < 0)
                 return 0;
             print_mode = 1;

From dev at ddvo.net  Wed May  5 18:50:38 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Wed, 05 May 2021 18:50:38 +0000
Subject: [openssl]  master update
Message-ID: <1620240638.120358.12441.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a07b0bfb99169d23d2801b8aee210d98a0d12cac (commit)
      from  b0f960189b8696f878b163d7123afdb99dfdb738 (commit)


- Log -----------------------------------------------------------------
commit a07b0bfb99169d23d2801b8aee210d98a0d12cac
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 4 08:05:44 2021 +0200

    Deprecate X509{,_CRL}_http_nbio() and simplify their definition
    
    This is done by making use of OCSP_REQ_CTX_nbio_d2i().
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15131)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                  |  5 +++++
 doc/man3/X509_load_http.pod |  5 +++++
 include/openssl/x509.h.in   | 13 +++++++------
 util/other.syms             |  4 ++--
 4 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 6e89f9814c..5c696ff65a 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -355,6 +355,11 @@ OpenSSL 3.0
 
    *Rich Salz and Richard Levitte*
 
+ * Deprecated `X509_http_nbio()` and `X509_CRL_http_nbio()`,
+   which are superseded by `X509_load_http()` and `X509_CRL_load_http()`.
+
+   *David von Oheimb*
+
  * Deprecated `OCSP_parse_url()`, which is replaced with `OSSL_HTTP_parse_url`.
 
    *David von Oheimb*
diff --git a/doc/man3/X509_load_http.pod b/doc/man3/X509_load_http.pod
index a890f31ad8..9e54d31c42 100644
--- a/doc/man3/X509_load_http.pod
+++ b/doc/man3/X509_load_http.pod
@@ -15,6 +15,10 @@ X509_CRL_http_nbio
  X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
  X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  #define X509_http_nbio(rctx, pcert)
  #define X509_CRL_http_nbio(rctx, pcrl)
 
@@ -50,6 +54,7 @@ L<OSSL_HTTP_get_asn1(3)>
 =head1 HISTORY
 
 X509_load_http() and X509_CRL_load_http() were added in OpenSSL 3.0.
+X509_http_nbio() and X509_CRL_http_nbio() were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 1726ecf4dc..4877fb21f9 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -403,13 +403,14 @@ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
                      unsigned char *md, unsigned int *len);
 
 X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
-# define X509_http_nbio(rctx, pcert)                                    \
-    ((*(pcert) =                                                        \
-      OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509))) != NULL)
 X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
-# define X509_CRL_http_nbio(rctx, pcrl)                                 \
-    ((*(pcrl) =                                                         \
-      OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509_CRL))) != NULL)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  include <openssl/ocsp.h> /* OCSP_REQ_CTX_nbio_d2i */
+#  define X509_http_nbio(rctx, pcert) \
+      OCSP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509))
+#  define X509_CRL_http_nbio(rctx, pcrl) \
+      OCSP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL))
+# endif
 
 # ifndef OPENSSL_NO_STDIO
 X509 *d2i_X509_fp(FILE *fp, X509 **x509);
diff --git a/util/other.syms b/util/other.syms
index bd9f4d32a9..3f36f53076 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -589,8 +589,8 @@ SSLv23_client_method                    define
 SSLv23_method                           define
 SSLv23_server_method                    define
 TLS_DEFAULT_CIPHERSUITES                define deprecated 3.0.0
-X509_CRL_http_nbio                      define
-X509_http_nbio                          define
+X509_CRL_http_nbio                      define deprecated 3.0.0
+X509_http_nbio                          define deprecated 3.0.0
 X509_LOOKUP_add_dir                     define
 X509_LOOKUP_add_store                   define
 X509_LOOKUP_add_store_ex                define

From no-reply at appveyor.com  Wed May  5 20:25:36 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 05 May 2021 20:25:36 +0000
Subject: Build failed: openssl master.41947
Message-ID: <20210505202536.1.9CE00C4F3EBA3BF1@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210505/55ae9fde/attachment.html>

From no-reply at appveyor.com  Wed May  5 23:28:33 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 05 May 2021 23:28:33 +0000
Subject: Build completed: openssl master.41948
Message-ID: <20210505232833.1.DB72D3659B6A2A4E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210505/3b8104c6/attachment.html>

From pauli at openssl.org  Wed May  5 23:55:23 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 05 May 2021 23:55:23 +0000
Subject: [openssl]  master update
Message-ID: <1620258923.766459.7911.nullmailer@dev.openssl.org>

The branch master has been updated
       via  08a337fac6d56a3b9419f4fbf9a19af958c9c2a1 (commit)
      from  a07b0bfb99169d23d2801b8aee210d98a0d12cac (commit)


- Log -----------------------------------------------------------------
commit 08a337fac6d56a3b9419f4fbf9a19af958c9c2a1
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 4 12:05:54 2021 -0400

    Remove all trace of FIPS_mode functions
    
    Removed error codes, and the mention of the functions.
    This removal is already documented in the CHANGES doc.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15140)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cpt_err.c                   | 2 --
 crypto/err/openssl.txt             | 6 ------
 crypto/evp/evp_cnf.c               | 6 +++---
 crypto/evp/evp_err.c               | 5 -----
 include/openssl/cryptoerr.h        | 1 -
 include/openssl/cryptoerr_legacy.h | 1 -
 include/openssl/evperr.h           | 3 ---
 include/openssl/sslerr.h           | 1 -
 ssl/ssl_err.c                      | 2 --
 util/libcrypto.num                 | 2 --
 util/missingcrypto.txt             | 2 --
 11 files changed, 3 insertions(+), 28 deletions(-)

diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index 65fb429c58..bad3ca3cee 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -19,8 +19,6 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
     "bad algorithm name"},
     {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_CONFLICTING_NAMES),
     "conflicting names"},
-    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),
-    "fips mode not supported"},
     {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_HEX_STRING_TOO_SHORT),
     "hex string too short"},
     {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT),
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 728356148f..1391c00a17 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -427,7 +427,6 @@ CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO:115:\
 CRMF_R_UNSUPPORTED_POPO_METHOD:116:unsupported popo method
 CRYPTO_R_BAD_ALGORITHM_NAME:117:bad algorithm name
 CRYPTO_R_CONFLICTING_NAMES:118:conflicting names
-CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported
 CRYPTO_R_HEX_STRING_TOO_SHORT:121:hex string too short
 CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit
 CRYPTO_R_INSUFFICIENT_DATA_SPACE:106:insufficient data space
@@ -664,7 +663,6 @@ EVP_R_DEFAULT_QUERY_PARSE_ERROR:210:default query parse error
 EVP_R_DIFFERENT_KEY_TYPES:101:different key types
 EVP_R_DIFFERENT_PARAMETERS:153:different parameters
 EVP_R_ERROR_LOADING_SECTION:165:error loading section
-EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
 EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
 EVP_R_EXPECTING_AN_RSA_KEY:127:expecting an rsa key
 EVP_R_EXPECTING_A_DH_KEY:128:expecting a dh key
@@ -674,7 +672,6 @@ EVP_R_EXPECTING_A_EC_KEY:142:expecting an ec key
 EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key
 EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key
 EVP_R_FINAL_ERROR:188:final error
-EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported
 EVP_R_GENERATE_ERROR:214:generate error
 EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed
 EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters
@@ -684,7 +681,6 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error
 EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized
 EVP_R_INVALID_CUSTOM_LENGTH:185:invalid custom length
 EVP_R_INVALID_DIGEST:152:invalid digest
-EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
 EVP_R_INVALID_IV_LENGTH:194:invalid iv length
 EVP_R_INVALID_KEY:163:invalid key
 EVP_R_INVALID_KEY_LENGTH:130:invalid key length
@@ -1226,8 +1222,6 @@ SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
 SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
 	attempt to reuse session in different context
-SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE:143:\
-	at least TLS 1.0 needed in FIPS mode
 SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\
 	at least (D)TLS 1.2 needed in Suite B mode
 SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 7c2301d26c..aee79712cd 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -38,10 +38,10 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
         if (strcmp(oval->name, "fips_mode") == 0) {
             int m;
 
-            if (!X509V3_get_value_bool(oval, &m)) {
-                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_FIPS_MODE);
+            /* Detailed error already reported. */
+            if (!X509V3_get_value_bool(oval, &m))
                 return 0;
-            }
+
             /*
              * fips_mode is deprecated and should not be used in new
              * configurations.
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index ad95f5ef02..cd36b09fb5 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -55,8 +55,6 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     "different parameters"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
     "error loading section"},
-    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
-    "error setting fips mode"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY),
     "expecting an hmac key"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY),
@@ -72,8 +70,6 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY),
     "expecting a siphash key"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error"},
-    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED),
-    "fips mode not supported"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GENERATE_ERROR), "generate error"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
@@ -88,7 +84,6 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_CUSTOM_LENGTH),
     "invalid custom length"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
-    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
index 8db3064ce2..6799668089 100644
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h
@@ -23,7 +23,6 @@
  */
 # define CRYPTO_R_BAD_ALGORITHM_NAME                      117
 # define CRYPTO_R_CONFLICTING_NAMES                       118
-# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
 # define CRYPTO_R_HEX_STRING_TOO_SHORT                    121
 # define CRYPTO_R_ILLEGAL_HEX_DIGIT                       102
 # define CRYPTO_R_INSUFFICIENT_DATA_SPACE                 106
diff --git a/include/openssl/cryptoerr_legacy.h b/include/openssl/cryptoerr_legacy.h
index 6b78c5624c..ccab33a5d4 100644
--- a/include/openssl/cryptoerr_legacy.h
+++ b/include/openssl/cryptoerr_legacy.h
@@ -463,7 +463,6 @@ OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void);
 #  define CRYPTO_F_CRYPTO_OCB128_COPY_CTX                  0
 #  define CRYPTO_F_CRYPTO_OCB128_INIT                      0
 #  define CRYPTO_F_CRYPTO_SET_EX_DATA                      0
-#  define CRYPTO_F_FIPS_MODE_SET                           0
 #  define CRYPTO_F_GET_AND_LOCK                            0
 #  define CRYPTO_F_OPENSSL_ATEXIT                          0
 #  define CRYPTO_F_OPENSSL_BUF2HEXSTR                      0
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index ffa8bacd5b..a5053f6cd2 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -44,7 +44,6 @@
 # define EVP_R_DIFFERENT_KEY_TYPES                        101
 # define EVP_R_DIFFERENT_PARAMETERS                       153
 # define EVP_R_ERROR_LOADING_SECTION                      165
-# define EVP_R_ERROR_SETTING_FIPS_MODE                    166
 # define EVP_R_EXPECTING_AN_HMAC_KEY                      174
 # define EVP_R_EXPECTING_AN_RSA_KEY                       127
 # define EVP_R_EXPECTING_A_DH_KEY                         128
@@ -54,7 +53,6 @@
 # define EVP_R_EXPECTING_A_POLY1305_KEY                   164
 # define EVP_R_EXPECTING_A_SIPHASH_KEY                    175
 # define EVP_R_FINAL_ERROR                                188
-# define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
 # define EVP_R_GENERATE_ERROR                             214
 # define EVP_R_GET_RAW_KEY_FAILED                         182
 # define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
@@ -64,7 +62,6 @@
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
 # define EVP_R_INVALID_CUSTOM_LENGTH                      185
 # define EVP_R_INVALID_DIGEST                             152
-# define EVP_R_INVALID_FIPS_MODE                          168
 # define EVP_R_INVALID_IV_LENGTH                          194
 # define EVP_R_INVALID_KEY                                163
 # define EVP_R_INVALID_KEY_LENGTH                         130
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 30d843cf2d..87aa4f0d00 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -24,7 +24,6 @@
 # define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        291
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
 # define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
 # define SSL_R_BAD_CIPHER                                 186
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 347b263d69..c15a24f65f 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -21,8 +21,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "app data in handshake"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
     "attempt to reuse session in different context"},
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE),
-    "at least TLS 1.0 needed in FIPS mode"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
     "at least (D)TLS 1.2 needed in Suite B mode"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC),
diff --git a/util/libcrypto.num b/util/libcrypto.num
index da5936f1ab..13ec6e26f7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -490,7 +490,6 @@ X509_CRL_print                          499	3_0_0	EXIST::FUNCTION:
 WHIRLPOOL_Update                        500	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,WHIRLPOOL
 DSA_get_ex_data                         501	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
 BN_copy                                 502	3_0_0	EXIST::FUNCTION:
-FIPS_mode_set                           503	3_0_0	NOEXIST::FUNCTION:
 X509_VERIFY_PARAM_add0_policy           504	3_0_0	EXIST::FUNCTION:
 PKCS7_cert_from_signer_info             505	3_0_0	EXIST::FUNCTION:
 X509_TRUST_get_trust                    506	3_0_0	EXIST::FUNCTION:
@@ -2534,7 +2533,6 @@ OPENSSL_strnlen                         2587	3_0_0	EXIST::FUNCTION:
 IDEA_ecb_encrypt                        2588	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 ASN1_STRING_set_default_mask            2589	3_0_0	EXIST::FUNCTION:
 TS_VERIFY_CTX_add_flags                 2590	3_0_0	EXIST::FUNCTION:TS
-FIPS_mode                               2591	3_0_0	NOEXIST::FUNCTION:
 d2i_ASN1_UNIVERSALSTRING                2592	3_0_0	EXIST::FUNCTION:
 NAME_CONSTRAINTS_free                   2593	3_0_0	EXIST::FUNCTION:
 EC_GROUP_get_order                      2594	3_0_0	EXIST::FUNCTION:EC
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index efd3c7516a..cb5a9eaa6f 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -685,8 +685,6 @@ EVP_read_pw_string_min(3)
 EVP_set_pw_prompt(3)
 EVP_str2ctrl(3)
 EXTENDED_KEY_USAGE_it(3)
-FIPS_mode(3)
-FIPS_mode_set(3)
 GENERAL_NAMES_it(3)
 GENERAL_NAME_cmp(3)
 GENERAL_NAME_get0_otherName(3)

From pauli at openssl.org  Thu May  6 00:52:01 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 06 May 2021 00:52:01 +0000
Subject: [tools]  master update
Message-ID: <1620262321.807605.28594.nullmailer@dev.openssl.org>

The branch master has been updated
       via  ca5cf74927c857e135ec53640b2dcf58740da56e (commit)
      from  e771ebd4a0e349d929dc2e6f7ad2af48978e772d (commit)


- Log -----------------------------------------------------------------
commit ca5cf74927c857e135ec53640b2dcf58740da56e
Author: Pauli <pauli at openssl.org>
Date:   Sat May 1 13:47:11 2021 +1000

    run-checker: add more builds with FIPS enabled and other disabled.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/tools/pull/85)

-----------------------------------------------------------------------

Summary of changes:
 run-checker/run-checker.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index dbb3da5..699f30f 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -46,7 +46,10 @@ no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
 no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch no-autoload-config
 'no-buildtest-c++' no-bulk no-cmp no-ktls no-module no-padlockeng
 no-pinshared no-secure-memory no-siv no-uplink enable-acvp-tests enable-fips
-'enable-fips no-fips-securitychecks'
+'enable-fips no-fips-securitychecks' 'enable-fips enable-acvp-tests'
+'enable-fips no-tls' 'enable-fips no-tls1_1' 'enable-fips no-tls1'
+'enable-fips no-ssl3-method' 'enable-fips no-tls1-method'
+'enable-fips no-tls1_1-method' 'enable-fips no-tls1_3'
 )
 
 run-hook () {

From pauli at openssl.org  Thu May  6 01:01:55 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 06 May 2021 01:01:55 +0000
Subject: [openssl]  master update
Message-ID: <1620262915.839104.32250.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a35536b52d91d02cbfeef22d1373a92252d19d62 (commit)
      from  08a337fac6d56a3b9419f4fbf9a19af958c9c2a1 (commit)


- Log -----------------------------------------------------------------
commit a35536b52d91d02cbfeef22d1373a92252d19d62
Author: Pauli <pauli at openssl.org>
Date:   Tue May 4 08:23:10 2021 +1000

    coverity: fix 1478169: dereference after NULL check
    
    The code path shouldn't occur in our code but could in an application.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15128)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pkcs12/p12_p8e.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index ac2c7ef537..5351e11d34 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -22,13 +22,21 @@ X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher,
     X509_SIG *p8 = NULL;
     X509_ALGOR *pbe;
 
-    if (pbe_nid == -1)
+    if (pbe_nid == -1) {
+        if (cipher == NULL) {
+            ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+            return NULL;
+        }
         pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1,
                                    libctx);
-    else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+    } else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
+        if (cipher == NULL) {
+            ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+            return NULL;
+        }
         pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, pbe_nid,
                                    libctx);
-    else {
+    } else {
         ERR_clear_error();
         pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx);
     }

From openssl at openssl.org  Thu May  6 01:10:14 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 06 May 2021 01:10:14 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-asm
Message-ID: <1620263414.993107.70424.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm

Commit log since last time:

a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

Build log ended with (last 100 lines):

make[1]: Leaving directory '/home/openssl/run-checker/no-asm'
make[1]: Entering directory '/home/openssl/run-checker/no-asm'
( SRCTOP=../openssl \
  BLDTOP=. \
  PERL="/usr/bin/perl" \
  FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813" \
  EXE_EXT= \
  /usr/bin/perl ../openssl/test/run_tests.pl  )
01-test_abort.t .................... ok
01-test_fipsmodule_cnf.t ........... skipped: Test only supported in a fips build
01-test_sanity.t ................... ok
01-test_symbol_presence.t .......... ok
01-test_test.t ..................... ok
02-test_errstr.t ................... ok
02-test_internal_context.t ......... ok
02-test_internal_ctype.t ........... ok
02-test_internal_keymgmt.t ......... ok
02-test_internal_provider.t ........ ok
02-test_lhash.t .................... ok
02-test_ordinals.t ................. ok
02-test_sparse_array.t ............. ok
02-test_stack.t .................... ok
03-test_exdata.t ................... ok
03-test_fipsinstall.t .............. skipped: Test only supported in a fips build
03-test_internal_asn1.t ............ ok
03-test_internal_asn1_dsa.t ........ ok
03-test_internal_bn.t .............. ok
03-test_internal_chacha.t .......... ok
03-test_internal_curve448.t ........ ok
03-test_internal_ec.t .............. ok
03-test_internal_ffc.t ............. ok
03-test_internal_mdc2.t ............ ok
03-test_internal_modes.t ........... ok
03-test_internal_namemap.t ......... ok
03-test_internal_poly1305.t ........ ok
03-test_internal_rsa_sp800_56b.t ... ok
03-test_internal_siphash.t ......... ok
03-test_internal_sm2.t ............. ok
03-test_internal_sm4.t ............. ok
03-test_internal_ssl_cert_table.t .. ok
03-test_internal_x509.t ............ ok
03-test_params_api.t ............... ok
03-test_property.t ................. ok
03-test_ui.t ....................... ok
04-test_asn1_decode.t .............. ok
04-test_asn1_encode.t .............. ok
04-test_asn1_string_table.t ........ ok
04-test_bio_callback.t ............. ok
04-test_bio_core.t ................. ok
04-test_bioprint.t ................. ok
04-test_conf.t ..................... ok
04-test_encoder_decoder.t .......... ok
04-test_encoder_decoder_legacy.t ... ok
04-test_err.t ...................... ok
04-test_hexstring.t ................ ok
04-test_param_build.t .............. ok
04-test_params.t ................... ok
04-test_params_conversion.t ........ ok
04-test_pem_read_depr.t ............ ok
04-test_pem_reading.t .............. ok
04-test_provider.t ................. ok
04-test_provider_fallback.t ........ ok
05-test_bf.t ....................... ok
05-test_cast.t ..................... ok
05-test_cmac.t ..................... ok
05-test_des.t ...................... ok
05-test_hmac.t ..................... ok
05-test_idea.t ..................... ok
05-test_rand.t ..................... ok
05-test_rc2.t ...................... ok
05-test_rc4.t ...................... ok
05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build
06-test_algorithmid.t .............. ok
06-test_rdrand_sanity.t ............ ok
10-test_bn.t ....................... ok
10-test_exp.t ...................... ok
15-test_dh.t ....................... ok
15-test_dsa.t ...................... ok
15-test_dsaparam.t ................. ok
15-test_ec.t ....................... ok
15-test_ecdsa.t .................... ok
15-test_ecparam.t .................. ok
15-test_gendh.t .................... ok
15-test_gendhparam.t ............... ok
15-test_gendsa.t ................... ok
15-test_genec.t .................... ok
15-test_genrsa.t ................... ok
15-test_mp_rsa.t ................... ok
15-test_out_option.t ............... ok
15-test_rsa.t ...................... ok
15-test_rsaoaep.t .................. ok
15-test_rsapss.t ................... ok
20-test_app.t ...................... ok
20-test_cli_fips.t ................. skipped: Test only supported in a fips build with security checks
20-test_dgst.t ..................... ok
20-test_dhparam.t .................. ok
make[1]: *** wait: No child processes.  Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: *** wait: No child processes.  Stop.
make: *** [Makefile:3168: tests] Terminated

From openssl at openssl.org  Thu May  6 07:59:58 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 06 May 2021 07:59:58 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
 --strict-warnings no-des
Message-ID: <1620287998.802114.869663.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

From matt at openssl.org  Thu May  6 10:40:27 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 06 May 2021 10:40:27 +0000
Subject: [openssl]  master update
Message-ID: <1620297627.800730.862.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b86fa8c55682169c88e14e616170d6caeb208865 (commit)
       via  c4c8791e145a7cb2d59e73410505e36e4d57ff78 (commit)
      from  a35536b52d91d02cbfeef22d1373a92252d19d62 (commit)


- Log -----------------------------------------------------------------
commit b86fa8c55682169c88e14e616170d6caeb208865
Author: EasySec <easy.sec at free.fr>
Date:   Tue May 4 00:24:24 2021 +0200

    try to document changes in salt handling for the 'enc' command
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4486)

commit c4c8791e145a7cb2d59e73410505e36e4d57ff78
Author: EasySec <easy.sec at free.fr>
Date:   Sat Dec 30 16:19:47 2017 +0100

    change salt handling, way 1
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4486)

-----------------------------------------------------------------------

Summary of changes:
 apps/enc.c                  | 74 +++++++++++++++++++++++++--------------------
 doc/man1/openssl-enc.pod.in | 10 ++++--
 2 files changed, 48 insertions(+), 36 deletions(-)

diff --git a/apps/enc.c b/apps/enc.c
index 4339ba4114..32ed08d943 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -429,14 +429,11 @@ int enc_main(int argc, char **argv)
     }
 
     if (cipher != NULL) {
-        /*
-         * Note that str is NULL if a key was passed on the command line, so
-         * we get no salt in that case. Is this a bug?
-         */
-        if (str != NULL) {
+        if (str != NULL) { /* a passphrase is available */
             /*
-             * Salt handling: if encrypting generate a salt and write to
-             * output BIO. If decrypting read salt from input BIO.
+             * Salt handling: if encrypting generate a salt if not supplied,
+             * and write to output BIO. If decrypting use salt from input BIO
+             * if not given with args
              */
             unsigned char *sptr;
             size_t str_len = strlen(str);
@@ -444,36 +441,47 @@ int enc_main(int argc, char **argv)
             if (nosalt) {
                 sptr = NULL;
             } else {
-                if (enc) {
-                    if (hsalt) {
-                        if (!set_hex(hsalt, salt, sizeof(salt))) {
-                            BIO_printf(bio_err, "invalid hex salt value\n");
+                if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) {
+                    BIO_printf(bio_err, "invalid hex salt value\n");
+                    goto end;
+                }
+                if (enc) {  /* encryption */
+                    if (hsalt == NULL) {
+                        if (RAND_bytes(salt, sizeof(salt)) <= 0) {
+                            BIO_printf(bio_err, "RAND_bytes failed\n");
+                            goto end;
+                        }
+                        /*
+                         * If -P option then don't bother writing.
+                         * If salt is given, shouldn't either ?
+                         */
+                        if ((printkey != 2)
+                            && (BIO_write(wbio, magic,
+                                          sizeof(magic) - 1) != sizeof(magic) - 1
+                                || BIO_write(wbio,
+                                             (char *)salt,
+                                             sizeof(salt)) != sizeof(salt))) {
+                            BIO_printf(bio_err, "error writing output file\n");
                             goto end;
                         }
-                    } else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
-                        goto end;
                     }
-                    /*
-                     * If -P option then don't bother writing
-                     */
-                    if ((printkey != 2)
-                        && (BIO_write(wbio, magic,
-                                      sizeof(magic) - 1) != sizeof(magic) - 1
-                            || BIO_write(wbio,
-                                         (char *)salt,
-                                         sizeof(salt)) != sizeof(salt))) {
-                        BIO_printf(bio_err, "error writing output file\n");
-                        goto end;
+                } else {    /* decryption */
+                    if (hsalt == NULL) {
+                        if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) {
+                            BIO_printf(bio_err, "error reading input file\n");
+                            goto end;
+                        }
+                        if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */
+                            if (BIO_read(rbio, salt,
+                                         sizeof(salt)) != sizeof(salt)) {
+                                BIO_printf(bio_err, "error reading input file\n");
+                                goto end;
+                            }
+                        } else { /* file is NOT salted, NO salt available */
+                            BIO_printf(bio_err, "bad magic number\n");
+                            goto end;
+                        }
                     }
-                } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
-                           || BIO_read(rbio,
-                                       (unsigned char *)salt,
-                                       sizeof(salt)) != sizeof(salt)) {
-                    BIO_printf(bio_err, "error reading input file\n");
-                    goto end;
-                } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
-                    BIO_printf(bio_err, "bad magic number\n");
-                    goto end;
                 }
                 sptr = salt;
             }
diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in
index 8c4812c831..e744c8344b 100644
--- a/doc/man1/openssl-enc.pod.in
+++ b/doc/man1/openssl-enc.pod.in
@@ -143,6 +143,8 @@ encrypting, this is the default.
 =item B<-S> I<salt>
 
 The actual salt to use: this must be represented as a string of hex digits.
+If this option is used while encrypting, the same exact value will be needed
+again during decryption.
 
 =item B<-K> I<key>
 
@@ -230,9 +232,11 @@ OpenSSL.
 Without the B<-salt> option it is possible to perform efficient dictionary
 attacks on the password and to attack stream cipher encrypted data. The reason
 for this is that without the salt the same password always generates the same
-encryption key. When the salt is being used the first eight bytes of the
-encrypted data are reserved for the salt: it is generated at random when
-encrypting a file and read from the encrypted file when it is decrypted.
+encryption key.
+
+When the salt is generated at random (that means when encrypting using a
+passphrase without explicit salt given using B<-S> option), the first bytes
+of the encrypted data are reserved to store the salt for later decrypting.
 
 Some of the ciphers do not have large keys and others have security
 implications if not used correctly. A beginner is advised to just use

From openssl at openssl.org  Thu May  6 10:41:44 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 06 May 2021 10:41:44 +0000
Subject: FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-ec2m
Message-ID: <1620297704.421995.1183764.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec2m

Commit log since last time:

a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

Build log ended with (last 100 lines):

70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok

# 
Killing mock server with pid=117415580-test_cmp_http.t ................. ok

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
30-test_evp.t                    (Wstat: 1280 Tests: 66 Failed: 5)
  Failed tests:  25-29
  Non-zero exit status: 5
Files=235, Tests=2590, 750 wallclock secs (70.13 usr  1.27 sys + 634.83 cusr 65.41 csys = 771.64 CPU)
Result: FAIL
make[1]: *** [Makefile:3173: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m'
make: *** [Makefile:3170: tests] Error 2

From matt at openssl.org  Thu May  6 10:59:34 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 06 May 2021 10:59:34 +0000
Subject: [openssl]  master update
Message-ID: <1620298774.107333.30321.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d105a24c8987dde38595a2fa336057b141e5ddf3 (commit)
       via  bee3f3890547cc7f349b69ef63665ebcc80d48ed (commit)
       via  3d1becd42aecbd00c2514bac7b5e8e33f097fdc2 (commit)
       via  0b294f5647a21a8762871b18f0cbbf96ce8cc68d (commit)
       via  d382e79632677f2457025be3d820e08d7ea12d85 (commit)
      from  b86fa8c55682169c88e14e616170d6caeb208865 (commit)


- Log -----------------------------------------------------------------
commit d105a24c8987dde38595a2fa336057b141e5ddf3
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 3 14:40:06 2021 +0200

    Add some tests for -inform/keyform enforcement
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15100)

commit bee3f3890547cc7f349b69ef63665ebcc80d48ed
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 3 14:15:26 2021 +0200

    Document the behavior of the -inform and related options
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15100)

commit 3d1becd42aecbd00c2514bac7b5e8e33f097fdc2
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 3 14:14:54 2021 +0200

    provider-storemgmt: Document the input-type and properties parameters.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15100)

commit 0b294f5647a21a8762871b18f0cbbf96ce8cc68d
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 3 08:45:52 2021 +0200

    Update gost-engine to make it compatible with the added params
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15100)

commit d382e79632677f2457025be3d820e08d7ea12d85
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Apr 30 16:57:53 2021 +0200

    Make the -inform option to be respected if possible
    
    Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
    set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.
    
    The input type format is enforced only in case the file
    type file store is used.
    
    By default we use FORMAT_UNDEF meaning the input type
    is not enforced.
    
    Fixes #14569
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15100)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                       |  7 +++
 apps/ca.c                                        | 10 ++--
 apps/cmp.c                                       |  6 +--
 apps/cms.c                                       | 16 +++---
 apps/crl.c                                       |  6 +--
 apps/dgst.c                                      |  2 +-
 apps/dsa.c                                       |  2 +-
 apps/dsaparam.c                                  |  4 +-
 apps/ec.c                                        |  2 +-
 apps/ecparam.c                                   |  2 +-
 apps/gendsa.c                                    |  2 +-
 apps/include/apps.h                              | 15 +++---
 apps/lib/apps.c                                  | 61 +++++++++++++++------
 apps/lib/s_cb.c                                  |  3 +-
 apps/ocsp.c                                      | 12 ++---
 apps/pkcs8.c                                     |  9 ++--
 apps/pkey.c                                      |  2 +-
 apps/pkeyutl.c                                   |  5 +-
 apps/req.c                                       |  6 +--
 apps/rsa.c                                       |  4 +-
 apps/rsautl.c                                    |  4 +-
 apps/s_client.c                                  | 11 ++--
 apps/s_server.c                                  | 22 ++++----
 apps/smime.c                                     |  9 ++--
 apps/spkac.c                                     |  2 +-
 apps/storeutl.c                                  |  2 +-
 apps/verify.c                                    |  2 +-
 apps/x509.c                                      |  8 +--
 crypto/pem/pem_pkey.c                            |  2 +-
 crypto/store/store_lib.c                         | 68 ++++++++++++++----------
 crypto/x509/by_store.c                           |  3 +-
 doc/man1/openssl-ca.pod.in                       | 19 +++----
 doc/man1/openssl-cmp.pod.in                      |  3 +-
 doc/man1/openssl-cms.pod.in                      |  6 +--
 doc/man1/openssl-crl.pod.in                      | 13 ++---
 doc/man1/openssl-dgst.pod.in                     |  6 +--
 doc/man1/openssl-dsa.pod.in                      |  9 +++-
 doc/man1/openssl-dsaparam.pod.in                 |  9 +++-
 doc/man1/openssl-ec.pod.in                       |  5 +-
 doc/man1/openssl-ecparam.pod.in                  |  9 +++-
 doc/man1/openssl-format-options.pod              | 10 ++--
 doc/man1/openssl-pkey.pod.in                     |  3 +-
 doc/man1/openssl-pkeyutl.pod.in                  |  9 +---
 doc/man1/openssl-req.pod.in                      |  9 ++--
 doc/man1/openssl-rsa.pod.in                      |  3 +-
 doc/man1/openssl-rsautl.pod.in                   |  6 +--
 doc/man1/openssl-s_client.pod.in                 | 12 ++---
 doc/man1/openssl-s_server.pod.in                 | 24 +++------
 doc/man1/openssl-smime.pod.in                    |  6 +--
 doc/man1/openssl-spkac.pod.in                    |  6 +--
 doc/man1/openssl-x509.pod.in                     | 17 ++----
 doc/man3/OSSL_STORE_attach.pod                   |  1 +
 doc/man3/OSSL_STORE_open.pod                     |  5 +-
 doc/man7/provider-storemgmt.pod                  | 10 ++++
 gost-engine                                      |  2 +-
 include/openssl/core_names.h                     |  2 +
 include/openssl/store.h                          |  2 +
 providers/fips-sources.checksums                 |  2 +-
 providers/fips.checksum                          |  2 +-
 providers/implementations/storemgmt/file_store.c | 33 +++++++-----
 test/ossl_store_test.c                           |  6 +--
 test/recipes/20-test_pkeyutl.t                   | 12 ++++-
 test/recipes/25-test_crl.t                       |  8 +--
 test/recipes/25-test_req.t                       | 12 ++++-
 test/recipes/25-test_x509.t                      | 16 +++++-
 65 files changed, 342 insertions(+), 264 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 5c696ff65a..9d557c5c53 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -51,6 +51,13 @@ OpenSSL 3.0
 
    *Shane Lontis*
 
+ * The openssl commands that read keys, certificates, and CRLs now
+   automatically detect the PEM or DER format of the input files so it is not
+   necessary to explicitly specify the input format anymore. However if the
+   input format option is used the specified format will be required.
+
+   *David von Oheimb, Richard Levitte, and Tom?? Mr?z*
+
  * Added enhanced PKCS#12 APIs which accept a library context `OSSL_LIB_CTX`
    and (where relevant) a property query. Other APIs which handle PKCS#7 and
    PKCS#8 objects have also been enhanced where required. This includes:
diff --git a/apps/ca.c b/apps/ca.c
index 9dd46e4f5c..923ede4cde 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -274,7 +274,7 @@ int ca_main(int argc, char **argv)
     char def_dgst[80] = "";
     char *dgst = NULL, *policy = NULL, *keyfile = NULL;
     char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
-    int certformat = FORMAT_PEM, informat = FORMAT_PEM;
+    int certformat = FORMAT_UNDEF, informat = FORMAT_UNDEF;
     const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
     const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
     char *passin = NULL;
@@ -289,7 +289,7 @@ int ca_main(int argc, char **argv)
     size_t outdirlen = 0;
     int create_ser = 0, free_passin = 0, total = 0, total_done = 0;
     int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
-    int keyformat = FORMAT_PEM, multirdn = 1, notext = 0, output_der = 0;
+    int keyformat = FORMAT_UNDEF, multirdn = 1, notext = 0, output_der = 0;
     int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
     int rand_ser = 0, i, j, selfsign = 0, def_ret;
     char *crl_lastupdate = NULL, *crl_nextupdate = NULL;
@@ -594,7 +594,7 @@ end_of_options:
             && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
             goto end;
 
-        x509 = load_cert_pass(certfile, 1, passin, "CA certificate");
+        x509 = load_cert_pass(certfile, certformat, 1, passin, "CA certificate");
         if (x509 == NULL)
             goto end;
 
@@ -1287,7 +1287,7 @@ end_of_options:
         } else {
             X509 *revcert;
 
-            revcert = load_cert_pass(infile, 1, passin,
+            revcert = load_cert_pass(infile, informat, 1, passin,
                                      "certificate to be revoked");
             if (revcert == NULL)
                 goto end;
@@ -1417,7 +1417,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat,
     EVP_PKEY *pktmp = NULL;
     int ok = -1, i;
 
-    if ((template_cert = load_cert_pass(infile, 1, passin,
+    if ((template_cert = load_cert_pass(infile, certformat, 1, passin,
                                         "template certificate")) == NULL)
         goto end;
     if (verbose)
diff --git a/apps/cmp.c b/apps/cmp.c
index fdd0043311..f64cb8c813 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -131,8 +131,8 @@ static int opt_revreason = CRL_REASON_NONE;
 /* credentials format */
 static char *opt_certform_s = "PEM";
 static int opt_certform = FORMAT_PEM;
-static char *opt_keyform_s = "PEM";
-static int opt_keyform = FORMAT_PEM;
+static char *opt_keyform_s = NULL;
+static int opt_keyform = FORMAT_UNDEF;
 static char *opt_otherpass = NULL;
 static char *opt_engine = NULL;
 
@@ -635,7 +635,7 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc)
     X509 *cert;
     char *pass_string = get_passwd(pass, desc);
 
-    cert = load_cert_pass(uri, 0, pass_string, desc);
+    cert = load_cert_pass(uri, FORMAT_UNDEF, 0, pass_string, desc);
     clear_free(pass_string);
     return cert;
 }
diff --git a/apps/cms.c b/apps/cms.c
index e512f1d3e8..f40049edac 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -292,7 +292,7 @@ int cms_main(int argc, char **argv)
     int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
     int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
     int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
-    int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+    int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
     size_t secret_keylen = 0, secret_keyidlen = 0;
     unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
     unsigned char *secret_key = NULL, *secret_keyid = NULL;
@@ -611,7 +611,8 @@ int cms_main(int argc, char **argv)
             if (operation == SMIME_ENCRYPT) {
                 if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
                     goto end;
-                cert = load_cert(opt_arg(), "recipient certificate file");
+                cert = load_cert(opt_arg(), FORMAT_UNDEF,
+                                 "recipient certificate file");
                 if (cert == NULL)
                     goto end;
                 sk_X509_push(encerts, cert);
@@ -810,7 +811,8 @@ int cms_main(int argc, char **argv)
             if ((encerts = sk_X509_new_null()) == NULL)
                 goto end;
         while (*argv) {
-            if ((cert = load_cert(*argv, "recipient certificate file")) == NULL)
+            if ((cert = load_cert(*argv, FORMAT_UNDEF,
+                                  "recipient certificate file")) == NULL)
                 goto end;
             sk_X509_push(encerts, cert);
             cert = NULL;
@@ -826,7 +828,7 @@ int cms_main(int argc, char **argv)
     }
 
     if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
-        if ((recip = load_cert(recipfile,
+        if ((recip = load_cert(recipfile, FORMAT_UNDEF,
                                "recipient certificate file")) == NULL) {
             ERR_print_errors(bio_err);
             goto end;
@@ -834,7 +836,7 @@ int cms_main(int argc, char **argv)
     }
 
     if (originatorfile != NULL) {
-        if ((originator = load_cert(originatorfile,
+        if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
                                     "originator certificate file")) == NULL) {
              ERR_print_errors(bio_err);
              goto end;
@@ -842,7 +844,7 @@ int cms_main(int argc, char **argv)
     }
 
     if (operation == SMIME_SIGN_RECEIPT) {
-        if ((signer = load_cert(signerfile,
+        if ((signer = load_cert(signerfile, FORMAT_UNDEF,
                                 "receipt signer certificate file")) == NULL) {
             ERR_print_errors(bio_err);
             goto end;
@@ -1048,7 +1050,7 @@ int cms_main(int argc, char **argv)
             signerfile = sk_OPENSSL_STRING_value(sksigners, i);
             keyfile = sk_OPENSSL_STRING_value(skkeys, i);
 
-            signer = load_cert(signerfile, "signer certificate");
+            signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
             if (signer == NULL) {
                 ret = 2;
                 goto end;
diff --git a/apps/crl.c b/apps/crl.c
index 8f1babde6f..8904cc08c7 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -88,7 +88,7 @@ int crl_main(int argc, char **argv)
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog;
     OPTION_CHOICE o;
     int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
     int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
     int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0;
     int i;
@@ -211,7 +211,7 @@ int crl_main(int argc, char **argv)
         if (!opt_md(digestname, &digest))
             goto opthelp;
     }
-    x = load_crl(infile, 1, "CRL");
+    x = load_crl(infile, informat, 1, "CRL");
     if (x == NULL)
         goto end;
 
@@ -256,7 +256,7 @@ int crl_main(int argc, char **argv)
             BIO_puts(bio_err, "Missing CRL signing key\n");
             goto end;
         }
-        newcrl = load_crl(crldiff, 0, "other CRL");
+        newcrl = load_crl(crldiff, informat, 0, "other CRL");
         if (!newcrl)
             goto end;
         pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
diff --git a/apps/dgst.c b/apps/dgst.c
index fcc7fc8679..15f9e2e685 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -105,7 +105,7 @@ int dgst_main(int argc, char **argv)
     const char *sigfile = NULL;
     const char *md_name = NULL;
     OPTION_CHOICE o;
-    int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
+    int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
     int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
     int xoflen = 0;
     unsigned char *buf = NULL, *sigbuf = NULL;
diff --git a/apps/dsa.c b/apps/dsa.c
index c00673a8ac..abb422132a 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -83,7 +83,7 @@ int dsa_main(int argc, char **argv)
     char *infile = NULL, *outfile = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     OPTION_CHOICE o;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
     int modulus = 0, pubin = 0, pubout = 0, ret = 1;
     int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
     int private = 0;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index c78d28ecb1..d7fb736b98 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -69,7 +69,7 @@ int dsaparam_main(int argc, char **argv)
     EVP_PKEY *params = NULL, *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
     int numbits = -1, num = 0, genkey = 0;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0;
     int ret = 1, i, text = 0, private = 0;
     char *infile = NULL, *outfile = NULL, *prog;
     OPTION_CHOICE o;
@@ -181,7 +181,7 @@ int dsaparam_main(int argc, char **argv)
             goto end;
         }
     } else {
-        params = load_keyparams(infile, 1, "DSA", "DSA parameters");
+        params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters");
     }
     if (params == NULL) {
         /* Error message should already have been displayed */
diff --git a/apps/ec.c b/apps/ec.c
index 379c6b6132..e3ce437076 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -73,7 +73,7 @@ int ec_main(int argc, char **argv)
     char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     OPTION_CHOICE o;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0;
     int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0;
     int check = 0;
     char *asn1_encoding = NULL;
diff --git a/apps/ecparam.c b/apps/ecparam.c
index e9e36d1d8b..a801ad69bf 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -240,7 +240,7 @@ int ecparam_main(int argc, char **argv)
             goto end;
         }
     } else {
-        params_key = load_keyparams(infile, 1, "EC", "EC parameters");
+        params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters");
         if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC"))
             goto end;
         if (point_format
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 6d1c91d230..f4bd0fe09e 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -121,7 +121,7 @@ int gendsa_main(int argc, char **argv)
         goto end;
     }
 
-    pkey = load_keyparams(dsaparams, 1, "DSA", "DSA parameters");
+    pkey = load_keyparams(dsaparams, FORMAT_UNDEF, 1, "DSA", "DSA parameters");
 
     out = bio_open_owner(outfile, FORMAT_PEM, private);
     if (out == NULL)
diff --git a/apps/include/apps.h b/apps/include/apps.h
index a8556b8132..207ed41bc7 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -108,18 +108,19 @@ char *get_passwd(const char *pass, const char *desc);
 int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
 int add_oid_section(CONF *conf);
 X509_REQ *load_csr(const char *file, int format, const char *desc);
-X509 *load_cert_pass(const char *uri, int maybe_stdin,
+X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
                      const char *pass, const char *desc);
-#define load_cert(uri, desc) load_cert_pass(uri, 1, NULL, desc)
-X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc);
+#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc)
+X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
+                   const char *desc);
 void cleanse(char *str);
 void clear_free(char *str);
 EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
                    const char *pass, ENGINE *e, const char *desc);
 EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
                       const char *pass, ENGINE *e, const char *desc);
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
-                         const char *desc);
+EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
+                         const char *keytype, const char *desc);
 char *next_item(char *opt); /* in list separated by comma and/or space */
 int load_cert_certs(const char *uri,
                     X509 **pcert, STACK_OF(X509) **pcerts,
@@ -133,13 +134,13 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
                const char *pass, const char *desc);
 int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
               const char *pass, const char *desc);
-int load_key_certs_crls(const char *uri, int maybe_stdin,
+int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
                         const char *pass, const char *desc,
                         EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
                         EVP_PKEY **pparams,
                         X509 **pcert, STACK_OF(X509) **pcerts,
                         X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);
-int load_key_cert_crl(const char *uri, int maybe_stdin,
+int load_key_cert_crl(const char *uri, int format, int maybe_stdin,
                       const char *pass, const char *desc,
                       EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
                       X509 **pcert, X509_CRL **pcrl);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index bfd938b555..f0a9ffc93a 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -38,6 +38,7 @@
 #include <openssl/bn.h>
 #include <openssl/ssl.h>
 #include <openssl/store.h>
+#include <openssl/core_names.h>
 #include "s_apps.h"
 #include "apps.h"
 
@@ -478,7 +479,7 @@ CONF *app_load_config_modules(const char *configfile)
 #define IS_HTTPS(uri) ((uri) != NULL \
         && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
 
-X509 *load_cert_pass(const char *uri, int maybe_stdin,
+X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
                      const char *pass, const char *desc)
 {
     X509 *cert = NULL;
@@ -490,7 +491,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
     else if (IS_HTTP(uri))
         cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */);
     else
-        (void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
+        (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
                                   NULL, NULL, NULL, &cert, NULL, NULL, NULL);
     if (cert == NULL) {
         BIO_printf(bio_err, "Unable to load %s\n", desc);
@@ -499,7 +500,8 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin,
     return cert;
 }
 
-X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
+X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
+                   const char *desc)
 {
     X509_CRL *crl = NULL;
 
@@ -510,7 +512,7 @@ X509_CRL *load_crl(const char *uri, int maybe_stdin, const char *desc)
     else if (IS_HTTP(uri))
         crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */);
     else
-        (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
+        (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
                                   NULL, NULL,  NULL, NULL, NULL, &crl, NULL);
     if (crl == NULL) {
         BIO_printf(bio_err, "Unable to load %s\n", desc);
@@ -524,6 +526,8 @@ X509_REQ *load_csr(const char *file, int format, const char *desc)
     X509_REQ *req = NULL;
     BIO *in;
 
+    if (format == FORMAT_UNDEF)
+        format = FORMAT_PEM;
     if (desc == NULL)
         desc = "CSR";
     in = bio_open_default(file, 'r', format);
@@ -570,7 +574,7 @@ EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
     if (format == FORMAT_ENGINE) {
         uri = allocated_uri = make_engine_uri(e, uri, desc);
     }
-    (void)load_key_certs_crls(uri, may_stdin, pass, desc,
+    (void)load_key_certs_crls(uri, format, may_stdin, pass, desc,
                               &pkey, NULL, NULL, NULL, NULL, NULL, NULL);
 
     OPENSSL_free(allocated_uri);
@@ -589,22 +593,22 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
     if (format == FORMAT_ENGINE) {
         uri = allocated_uri = make_engine_uri(e, uri, desc);
     }
-    (void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
+    (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc,
                               NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
 
     OPENSSL_free(allocated_uri);
     return pkey;
 }
 
-EVP_PKEY *load_keyparams(const char *uri, int maybe_stdin, const char *keytype,
-                         const char *desc)
+EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
+                         const char *keytype, const char *desc)
 {
     EVP_PKEY *params = NULL;
 
     if (desc == NULL)
         desc = "key parameters";
 
-    (void)load_key_certs_crls(uri, maybe_stdin, NULL, desc,
+    (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc,
                               NULL, NULL, &params, NULL, NULL, NULL, NULL);
     if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) {
         BIO_printf(bio_err,
@@ -698,7 +702,8 @@ int load_cert_certs(const char *uri,
         return ret;
     }
     pass_string = get_passwd(pass, desc);
-    ret = load_key_certs_crls(uri, 0, pass_string, desc, NULL, NULL, NULL,
+    ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc,
+                              NULL, NULL, NULL,
                               pcert, pcerts, NULL, NULL);
     clear_free(pass_string);
 
@@ -800,7 +805,8 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
                const char *pass, const char *desc)
 {
     int was_NULL = *certs == NULL;
-    int ret = load_key_certs_crls(uri, maybe_stdin, pass, desc, NULL, NULL,
+    int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin,
+                                  pass, desc, NULL, NULL,
                                   NULL, NULL, certs, NULL, NULL);
 
     if (!ret && was_NULL) {
@@ -818,7 +824,8 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
               const char *pass, const char *desc)
 {
     int was_NULL = *crls == NULL;
-    int ret = load_key_certs_crls(uri, 0, pass, desc, NULL, NULL, NULL,
+    int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc,
+                                  NULL, NULL, NULL,
                                   NULL, NULL, NULL, crls);
 
     if (!ret && was_NULL) {
@@ -828,6 +835,17 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
     return ret;
 }
 
+static const char *format2string(int format)
+{
+    switch(format) {
+    case FORMAT_PEM:
+        return "PEM";
+    case FORMAT_ASN1:
+        return "DER";
+    }
+    return NULL;
+}
+
 /* Set type expectation, but clear it if objects of different types expected. */
 #define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
 /*
@@ -843,7 +861,7 @@ int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,
  * In any case (also on error) the caller is responsible for freeing all members
  * of *pcerts and *pcrls (as far as they are not NULL).
  */
-int load_key_certs_crls(const char *uri, int maybe_stdin,
+int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
                         const char *pass, const char *desc,
                         EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
                         EVP_PKEY **pparams,
@@ -863,6 +881,9 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
         pcrls != NULL ? "CRLs" : NULL;
     int cnt_expectations = 0;
     int expect = -1;
+    const char *input_type;
+    OSSL_PARAM itp[2];
+    const OSSL_PARAM *params = NULL;
     /* TODO make use of the engine reference 'eng' when loading pkeys */
 
     if (ppkey != NULL) {
@@ -915,6 +936,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
     uidata.password = pass;
     uidata.prompt_info = uri;
 
+    if ((input_type = format2string(format)) != NULL) {
+       itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE,
+                                                 (char *)input_type, 0);
+       itp[1] = OSSL_PARAM_construct_end();
+       params = itp;
+    }
+
     if (uri == NULL) {
         BIO *bio;
 
@@ -927,12 +955,13 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
         bio = BIO_new_fp(stdin, 0);
         if (bio != NULL) {
             ctx = OSSL_STORE_attach(bio, "file", libctx, propq,
-                                    get_ui_method(), &uidata, NULL, NULL);
+                                    get_ui_method(), &uidata, params,
+                                    NULL, NULL);
             BIO_free(bio);
         }
     } else {
         ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
-                                 NULL, NULL);
+                                 params, NULL, NULL);
     }
     if (ctx == NULL) {
         BIO_printf(bio_err, "Could not open file or uri for loading");
@@ -2322,7 +2351,7 @@ static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
         DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
         urlptr = get_dp_url(dp);
         if (urlptr != NULL)
-            return load_crl(urlptr, 0, "CRL via CDP");
+            return load_crl(urlptr, FORMAT_UNDEF, 0, "CRL via CDP");
     }
     return NULL;
 }
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 6824567c70..0bb4b6c436 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1019,7 +1019,8 @@ int load_excert(SSL_EXCERT **pexc)
             BIO_printf(bio_err, "Missing filename\n");
             return 0;
         }
-        exc->cert = load_cert(exc->certfile, "Server Certificate");
+        exc->cert = load_cert(exc->certfile, exc->certform,
+                              "Server Certificate");
         if (exc->cert == NULL)
             return 0;
         if (exc->keyfile != NULL) {
diff --git a/apps/ocsp.c b/apps/ocsp.c
index d59cd1eb59..355b4127c8 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -402,7 +402,7 @@ int ocsp_main(int argc, char **argv)
             path = opt_arg();
             break;
         case OPT_ISSUER:
-            issuer = load_cert(opt_arg(), "issuer certificate");
+            issuer = load_cert(opt_arg(), FORMAT_UNDEF, "issuer certificate");
             if (issuer == NULL)
                 goto end;
             if (issuers == NULL) {
@@ -414,7 +414,7 @@ int ocsp_main(int argc, char **argv)
             break;
         case OPT_CERT:
             X509_free(cert);
-            cert = load_cert(opt_arg(), "certificate");
+            cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
             if (cert == NULL)
                 goto end;
             if (cert_id_md == NULL)
@@ -565,7 +565,7 @@ int ocsp_main(int argc, char **argv)
     if (rsignfile != NULL) {
         if (rkeyfile == NULL)
             rkeyfile = rsignfile;
-        rsigner = load_cert(rsignfile, "responder certificate");
+        rsigner = load_cert(rsignfile, FORMAT_UNDEF, "responder certificate");
         if (rsigner == NULL) {
             BIO_printf(bio_err, "Error loading responder certificate\n");
             goto end;
@@ -581,7 +581,7 @@ int ocsp_main(int argc, char **argv)
             BIO_printf(bio_err, "Error getting password\n");
             goto end;
         }
-        rkey = load_key(rkeyfile, FORMAT_PEM, 0, passin, NULL,
+        rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL,
                         "responder private key");
         if (rkey == NULL)
             goto end;
@@ -661,7 +661,7 @@ redo_accept:
     if (signfile != NULL) {
         if (keyfile == NULL)
             keyfile = signfile;
-        signer = load_cert(signfile, "signer certificate");
+        signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate");
         if (signer == NULL) {
             BIO_printf(bio_err, "Error loading signer certificate\n");
             goto end;
@@ -671,7 +671,7 @@ redo_accept:
                             "signer certificates"))
                 goto end;
         }
-        key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
+        key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL,
                        "signer private key");
         if (key == NULL)
             goto end;
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index d7cb2d6672..6b09b909eb 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -83,7 +83,7 @@ int pkcs8_main(int argc, char **argv)
     char *passin = NULL, *passout = NULL, *p8pass = NULL;
     OPTION_CHOICE o;
     int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
     int private = 0, traditional = 0;
 #ifndef OPENSSL_NO_SCRYPT
     long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
@@ -214,7 +214,8 @@ int pkcs8_main(int argc, char **argv)
     if ((pbe_nid == -1) && cipher == NULL)
         cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
 
-    in = bio_open_default(infile, 'r', informat);
+    in = bio_open_default(infile, 'r',
+                          informat == FORMAT_UNDEF ? FORMAT_PEM : informat);
     if (in == NULL)
         goto end;
     out = bio_open_owner(outfile, outformat, private);
@@ -298,7 +299,7 @@ int pkcs8_main(int argc, char **argv)
     }
 
     if (nocrypt) {
-        if (informat == FORMAT_PEM) {
+        if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
             p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
         } else if (informat == FORMAT_ASN1) {
             p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
@@ -307,7 +308,7 @@ int pkcs8_main(int argc, char **argv)
             goto end;
         }
     } else {
-        if (informat == FORMAT_PEM) {
+        if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) {
             p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
         } else if (informat == FORMAT_ASN1) {
             p8 = d2i_PKCS8_bio(in, NULL);
diff --git a/apps/pkey.c b/apps/pkey.c
index d7e32b6e58..ddc3414d0c 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -75,7 +75,7 @@ int pkey_main(int argc, char **argv)
     char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
     char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog;
     OPTION_CHOICE o;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM;
     int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
     int private = 0, traditional = 0, check = 0, pub_check = 0;
 #ifndef OPENSSL_NO_EC
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 3a26ec5ca7..0424e556c1 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -111,7 +111,8 @@ int pkeyutl_main(int argc, char **argv)
     char hexdump = 0, asn1parse = 0, rev = 0, *prog;
     unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
     OPTION_CHOICE o;
-    int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
+    int buf_inlen = 0, siglen = -1;
+    int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
     int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
     int engine_impl = 0;
     int ret = 1, rv = -1;
@@ -555,7 +556,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
         break;
 
     case KEY_CERT:
-        x = load_cert(keyfile, "Certificate");
+        x = load_cert(keyfile, keyform, "Certificate");
         if (x) {
             pkey = X509_get_pubkey(x);
             X509_free(x);
diff --git a/apps/req.c b/apps/req.c
index 6817a8bd54..d41b992e6d 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -256,7 +256,7 @@ int req_main(int argc, char **argv)
     int days = UNSET_DAYS;
     int ret = 1, gen_x509 = 0, i = 0, newreq = 0, verbose = 0;
     int pkey_type = -1;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyform = FORMAT_UNDEF;
     int modulus = 0, multirdn = 1, verify = 0, noout = 0, text = 0;
     int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
     long newkey_len = -1;
@@ -762,7 +762,7 @@ int req_main(int argc, char **argv)
             BIO_printf(bio_err,
                        "Ignoring -CAkey option since no -CA option is given\n");
         } else {
-            if ((CAkey = load_key(CAkeyfile, FORMAT_PEM,
+            if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
                                   0, passin, e, "issuer private key")) == NULL)
                 goto end;
         }
@@ -777,7 +777,7 @@ int req_main(int argc, char **argv)
                            "Need to give the -CAkey option if using -CA\n");
                 goto end;
             }
-            if ((CAcert = load_cert_pass(CAfile, 1, passin,
+            if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
                                          "issuer certificate")) == NULL)
                 goto end;
             if (!X509_check_private_key(CAcert, CAkey)) {
diff --git a/apps/rsa.c b/apps/rsa.c
index 0ff6cf3266..83fd8350df 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -96,7 +96,7 @@ int rsa_main(int argc, char **argv)
     char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     int private = 0;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, check = 0;
     int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
     int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH;
     OPTION_CHOICE o;
@@ -204,7 +204,7 @@ int rsa_main(int argc, char **argv)
     }
 
     if (pubin) {
-        int tmpformat = -1;
+        int tmpformat = FORMAT_UNDEF;
 
         if (pubin == 2) {
             if (informat == FORMAT_PEM)
diff --git a/apps/rsautl.c b/apps/rsautl.c
index a8911ff206..c2bc1af89b 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -81,7 +81,7 @@ int rsautl_main(int argc, char **argv)
     char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
     unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
     size_t rsa_inlen, rsa_outlen = 0;
-    int keyformat = FORMAT_PEM, keysize, ret = 1, rv;
+    int keyformat = FORMAT_UNDEF, keysize, ret = 1, rv;
     int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
     OPTION_CHOICE o;
 
@@ -196,7 +196,7 @@ int rsautl_main(int argc, char **argv)
         break;
 
     case KEY_CERT:
-        x = load_cert(keyfile, "Certificate");
+        x = load_cert(keyfile, FORMAT_UNDEF, "Certificate");
         if (x) {
             pkey = X509_get_pubkey(x);
             X509_free(x);
diff --git a/apps/s_client.c b/apps/s_client.c
index 3c62739698..1aa7a3b7de 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -815,15 +815,15 @@ int s_client_main(int argc, char **argv)
     struct timeval timeout, *timeoutp;
     fd_set readfds, writefds;
     int noCApath = 0, noCAfile = 0, noCAstore = 0;
-    int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
-    int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
+    int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_UNDEF;
+    int key_format = FORMAT_UNDEF, crlf = 0, full_log = 1, mbuf_len = 0;
     int prexit = 0;
     int sdebug = 0;
     int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
     int ret = 1, in_init = 1, i, nbio_test = 0, sock = -1, k, width, state = 0;
     int sbuf_len, sbuf_off, cmdletters = 1;
     int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
-    int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
+    int starttls_proto = PROTO_OFF, crl_format = FORMAT_UNDEF, crl_download = 0;
     int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
     int at_eof = 0;
@@ -1620,7 +1620,8 @@ int s_client_main(int argc, char **argv)
     }
 
     if (cert_file != NULL) {
-        cert = load_cert_pass(cert_file, 1, pass, "client certificate");
+        cert = load_cert_pass(cert_file, cert_format, 1, pass,
+                              "client certificate");
         if (cert == NULL)
             goto end;
     }
@@ -1632,7 +1633,7 @@ int s_client_main(int argc, char **argv)
 
     if (crl_file != NULL) {
         X509_CRL *crl;
-        crl = load_crl(crl_file, 0, "CRL");
+        crl = load_crl(crl_file, crl_format, 0, "CRL");
         if (crl == NULL)
             goto end;
         crls = sk_X509_CRL_new_null();
diff --git a/apps/s_server.c b/apps/s_server.c
index 6adee7ec6d..5d9e8cd568 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -978,11 +978,11 @@ int s_server_main(int argc, char *argv[])
     int no_dhe = 0;
     int nocert = 0, ret = 1;
     int noCApath = 0, noCAfile = 0, noCAstore = 0;
-    int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-    int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+    int s_cert_format = FORMAT_UNDEF, s_key_format = FORMAT_UNDEF;
+    int s_dcert_format = FORMAT_UNDEF, s_dkey_format = FORMAT_UNDEF;
     int rev = 0, naccept = -1, sdebug = 0;
     int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
-    int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
+    int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0;
     char *host = NULL;
     char *port = OPENSSL_strdup(PORT);
     unsigned char *context = NULL;
@@ -1688,7 +1688,8 @@ int s_server_main(int argc, char *argv[])
         if (s_key == NULL)
             goto end;
 
-        s_cert = load_cert_pass(s_cert_file, 1, pass, "server certificate");
+        s_cert = load_cert_pass(s_cert_file, s_cert_format, 1, pass,
+                                "server certificate");
 
         if (s_cert == NULL)
             goto end;
@@ -1704,7 +1705,7 @@ int s_server_main(int argc, char *argv[])
             if (s_key2 == NULL)
                 goto end;
 
-            s_cert2 = load_cert_pass(s_cert_file2, 1, pass,
+            s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, 1, pass,
                                 "second server certificate");
 
             if (s_cert2 == NULL)
@@ -1727,7 +1728,7 @@ int s_server_main(int argc, char *argv[])
 
     if (crl_file != NULL) {
         X509_CRL *crl;
-        crl = load_crl(crl_file, 0, "CRL");
+        crl = load_crl(crl_file, crl_format, 0, "CRL");
         if (crl == NULL)
             goto end;
         crls = sk_X509_CRL_new_null();
@@ -1749,7 +1750,7 @@ int s_server_main(int argc, char *argv[])
         if (s_dkey == NULL)
             goto end;
 
-        s_dcert = load_cert_pass(s_dcert_file, 1, dpass,
+        s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, 1, dpass,
                                  "second server certificate");
 
         if (s_dcert == NULL) {
@@ -1975,9 +1976,9 @@ int s_server_main(int argc, char *argv[])
         EVP_PKEY *dhpkey = NULL;
 
         if (dhfile != NULL)
-            dhpkey = load_keyparams(dhfile, 0, "DH", "DH parameters");
+            dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters");
         else if (s_cert_file != NULL)
-            dhpkey = load_keyparams(s_cert_file, 0, "DH", "DH parameters");
+            dhpkey = load_keyparams(s_cert_file, FORMAT_UNDEF, 0, "DH", "DH parameters");
 
         if (dhpkey != NULL) {
             BIO_printf(bio_s_out, "Setting temp DH parameters\n");
@@ -2009,7 +2010,8 @@ int s_server_main(int argc, char *argv[])
 
         if (ctx2 != NULL) {
             if (dhfile != NULL) {
-                EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, 0, "DH",
+                EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, FORMAT_UNDEF,
+                                                   0, "DH",
                                                    "DH parameters");
 
                 if (dhpkey2 != NULL) {
diff --git a/apps/smime.c b/apps/smime.c
index 011dc99c4b..ea71121fb4 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -151,7 +151,7 @@ int smime_main(int argc, char **argv)
     int noCApath = 0, noCAfile = 0, noCAstore = 0;
     int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
     int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
-        FORMAT_PEM;
+        FORMAT_UNDEF;
     int vpmtouched = 0, rv = 0;
     ENGINE *e = NULL;
     const char *mime_eol = "\n";
@@ -449,7 +449,8 @@ int smime_main(int argc, char **argv)
         if (encerts == NULL)
             goto end;
         while (*argv != NULL) {
-            cert = load_cert(*argv, "recipient certificate file");
+            cert = load_cert(*argv, FORMAT_UNDEF,
+                             "recipient certificate file");
             if (cert == NULL)
                 goto end;
             sk_X509_push(encerts, cert);
@@ -466,7 +467,7 @@ int smime_main(int argc, char **argv)
     }
 
     if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
-        if ((recip = load_cert(recipfile,
+        if ((recip = load_cert(recipfile, FORMAT_UNDEF,
                                "recipient certificate file")) == NULL) {
             ERR_print_errors(bio_err);
             goto end;
@@ -573,7 +574,7 @@ int smime_main(int argc, char **argv)
         for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
             signerfile = sk_OPENSSL_STRING_value(sksigners, i);
             keyfile = sk_OPENSSL_STRING_value(skkeys, i);
-            signer = load_cert(signerfile, "signer certificate");
+            signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
             if (signer == NULL)
                 goto end;
             key = load_key(keyfile, keyform, 0, passin, e, "signing key");
diff --git a/apps/spkac.c b/apps/spkac.c
index 9c12504b90..adc6f7372c 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -67,7 +67,7 @@ int spkac_main(int argc, char **argv)
     char *spkstr = NULL, *prog;
     const char *spkac = "SPKAC", *spksect = "default";
     int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
-    int keyformat = FORMAT_PEM;
+    int keyformat = FORMAT_UNDEF;
     OPTION_CHOICE o;
 
     prog = opt_init(argc, argv, spkac_options);
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 3e7ab32b7a..1368caae92 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -358,7 +358,7 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
     int ret = 1, items = 0;
 
     if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata,
-                                        NULL, NULL))
+                                        NULL, NULL, NULL))
         == NULL) {
         BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
         ERR_print_errors(bio_err);
diff --git a/apps/verify.c b/apps/verify.c
index d66f137258..acf80c65c4 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -253,7 +253,7 @@ static int check(X509_STORE *ctx, const char *file,
     STACK_OF(X509) *chain = NULL;
     int num_untrusted;
 
-    x = load_cert(file, "certificate file");
+    x = load_cert(file, FORMAT_UNDEF, "certificate file");
     if (x == NULL)
         goto end;
 
diff --git a/apps/x509.c b/apps/x509.c
index a9c5d41096..9632d72260 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -266,9 +266,9 @@ int x509_main(int argc, char **argv)
     char *prog;
     int days = UNSET_DAYS; /* not explicitly set */
     int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0;
-    int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
+    int CAformat = FORMAT_UNDEF, CAkeyformat = FORMAT_UNDEF;
     int fingerprint = 0, reqfile = 0, checkend = 0;
-    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
     int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
     int noout = 0, CA_createserial = 0, email = 0;
     int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
@@ -719,7 +719,7 @@ int x509_main(int argc, char **argv)
             }
         }
     } else {
-        x = load_cert_pass(infile, 1, passin, "certificate");
+        x = load_cert_pass(infile, informat, 1, passin, "certificate");
         if (x == NULL)
             goto end;
     }
@@ -734,7 +734,7 @@ int x509_main(int argc, char **argv)
         goto end;
 
     if (CAfile != NULL) {
-        xca = load_cert_pass(CAfile, 1, passin, "CA certificate");
+        xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
         if (xca == NULL)
             goto end;
     }
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index e5b740f214..3faca8d0ec 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -55,7 +55,7 @@ static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
         return NULL;
 
     if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
-                                 NULL, NULL)) == NULL)
+                                 NULL, NULL, NULL)) == NULL)
         goto err;
 #ifndef OPENSSL_NO_SECURE_HEAP
 # ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index e7f5860604..158b7be79d 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -32,9 +32,37 @@
 
 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
 
+static int loader_set_params(OSSL_STORE_LOADER *loader,
+                             OSSL_STORE_LOADER_CTX *loader_ctx,
+                             const OSSL_PARAM params[], const char *propq)
+{
+   if (params != NULL) {
+       if (!loader->p_set_ctx_params(loader_ctx, params))
+           return 0;
+   }
+
+   if (propq != NULL) {
+       OSSL_PARAM propp[2];
+
+       if (OSSL_PARAM_locate_const(params,
+                                   OSSL_STORE_PARAM_PROPERTIES) != NULL)
+           /* use the propq from params */
+           return 1;
+
+       propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
+                                                   (char *)propq, 0);
+       propp[1] = OSSL_PARAM_construct_end();
+
+       if (!loader->p_set_ctx_params(loader_ctx, propp))
+           return 0;
+    }
+    return 1;
+}
+
 OSSL_STORE_CTX *
 OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
                    const UI_METHOD *ui_method, void *ui_data,
+                   const OSSL_PARAM params[],
                    OSSL_STORE_post_process_info_fn post_process,
                    void *post_process_data)
 {
@@ -103,18 +131,11 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
             if (loader_ctx == NULL) {
                 OSSL_STORE_LOADER_free(fetched_loader);
                 fetched_loader = NULL;
-            } else if (propq != NULL) {
-                OSSL_PARAM params[2];
-
-                params[0] = OSSL_PARAM_construct_utf8_string(
-                                OSSL_STORE_PARAM_PROPERTIES, (char *)propq, 0);
-                params[1] = OSSL_PARAM_construct_end();
-
-                if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
-                    (void)fetched_loader->p_close(loader_ctx);
-                    OSSL_STORE_LOADER_free(fetched_loader);
-                    fetched_loader = NULL;
-                }
+            } else if(!loader_set_params(fetched_loader, loader_ctx,
+                                         params, propq)) {
+                (void)fetched_loader->p_close(loader_ctx);
+                OSSL_STORE_LOADER_free(fetched_loader);
+                fetched_loader = NULL;
             }
             loader = fetched_loader;
         }
@@ -187,8 +208,8 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
                                 OSSL_STORE_post_process_info_fn post_process,
                                 void *post_process_data)
 {
-    return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, post_process,
-                              post_process_data);
+    return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
+                              post_process, post_process_data);
 }
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -927,6 +948,7 @@ const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
                                   OSSL_LIB_CTX *libctx, const char *propq,
                                   const UI_METHOD *ui_method, void *ui_data,
+                                  const OSSL_PARAM params[],
                                   OSSL_STORE_post_process_info_fn post_process,
                                   void *post_process_data)
 {
@@ -957,19 +979,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
             || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
             OSSL_STORE_LOADER_free(fetched_loader);
             fetched_loader = NULL;
-        } else if (propq != NULL) {
-            OSSL_PARAM params[] = {
-                OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
-                                       NULL, 0),
-                OSSL_PARAM_END
-            };
-
-            params[0].data = (void *)propq;
-            if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
-                (void)fetched_loader->p_close(loader_ctx);
-                OSSL_STORE_LOADER_free(fetched_loader);
-                fetched_loader = NULL;
-            }
+        } else if (!loader_set_params(fetched_loader, loader_ctx,
+                                      params, propq)) {
+            (void)fetched_loader->p_close(loader_ctx);
+            OSSL_STORE_LOADER_free(fetched_loader);
+            fetched_loader = NULL;
         }
         loader = fetched_loader;
         ossl_core_bio_free(cbio);
diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c
index caccf38412..b9feb038b8 100644
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -21,7 +21,8 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
     OSSL_STORE_CTX *ctx = NULL;
     X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
 
-    if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, NULL)) == NULL)
+    if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
+                                  NULL, NULL)) == NULL)
         return 0;
 
     /*
diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in
index 4e702f98c3..3e2708ae04 100644
--- a/doc/man1/openssl-ca.pod.in
+++ b/doc/man1/openssl-ca.pod.in
@@ -114,8 +114,9 @@ signed by the CA.
 
 =item B<-inform> B<DER>|B<PEM>
 
-The format of the data in certificate request input files.
-The default is PEM.
+The format of the data in certificate request input files;
+unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-ss_cert> I<filename>
 
@@ -150,8 +151,8 @@ The CA certificate, which must match with B<-keyfile>.
 
 =item B<-certform> B<DER>|B<PEM>|B<P12>
 
-The format of the data in certificate input files.
-This option has no effect and is retained for backward compatibility only.
+The format of the data in certificate input files; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-keyfile> I<filename>|I<uri>
 
@@ -160,8 +161,7 @@ This must match with B<-cert>.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The format of the private key input file; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The format of the private key input file; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-sigopt> I<nm>:I<v>
@@ -818,11 +818,8 @@ retained mainly for compatibility reasons.
 
 The B<-section> option was added in OpenSSL 3.0.0.
 
-The B<-certform> and B<-multivalue-rdn> options
-have become obsolete in OpenSSL 3.0.0 and have no effect.
-
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
+The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
+has no effect.
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index f27443ca9c..28ea4ee6a5 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -732,8 +732,7 @@ Default value is PEM.
 
 =item B<-keyform> I<PEM|DER|P12|ENGINE>
 
-The format of the key input.
-The only value with effect is B<ENGINE>.
+The format of the key input; unspecified by default.
 See L<openssl(1)/Format Options> for details.
 
 =item B<-otherpass> I<arg>
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 51aff981a5..0ec906cbc1 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -241,8 +241,7 @@ See L<openssl-format-options(1)> for details.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The format of the private key file; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The format of the private key file; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-rctform> B<DER>|B<PEM>|B<SMIME>
@@ -786,9 +785,6 @@ was added in OpenSSL 1.0.2.
 
 The -no_alt_chains option was added in OpenSSL 1.0.2b.
 
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-nameopt> option was added in OpenSSL 3.0.0.
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in
index ccba7938a2..d00b80c862 100644
--- a/doc/man1/openssl-crl.pod.in
+++ b/doc/man1/openssl-crl.pod.in
@@ -47,8 +47,8 @@ Print out a usage message.
 
 =item B<-inform> B<DER>|B<PEM>
 
-The CRL input format.
-This option has no effect and is retained for backward compatibility only.
+The CRL input format; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-outform> B<DER>|B<PEM>
 
@@ -61,8 +61,8 @@ The private key to be used to sign the CRL.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>
 
-The format of the private key file.
-This option has no effect and is retained for backward compatibility only.
+The format of the private key file; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-in> I<filename>
 
@@ -156,11 +156,6 @@ L<openssl-ca(1)>,
 L<openssl-x509(1)>,
 L<ossl_store-file(7)>
 
-=head1 HISTORY
-
-The B<-inform> and B<-keyform> options have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in
index 4b0653912d..f493e83b41 100644
--- a/doc/man1/openssl-dgst.pod.in
+++ b/doc/man1/openssl-dgst.pod.in
@@ -108,8 +108,7 @@ command instead for this.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The format of the key to sign with; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The format of the key to sign with; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-sigopt> I<nm>:I<v>
@@ -256,9 +255,6 @@ L<openssl-mac(1)>
 The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
 The FIPS-related options were removed in OpenSSL 1.1.0.
 
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index 61f4b1f74b..116121caf2 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -55,9 +55,14 @@ applications should use the more secure PKCS#8 format using the B<pkcs8>
 
 Print out a usage message.
 
-=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
+=item B<-inform> B<DER>|B<PEM>
 
-The input and formats; the default is B<PEM>.
+The key input format; unspecified by default.
+See L<openssl-format-options(1)> for details.
+
+=item B<-outform> B<DER>|B<PEM>
+
+The key output format; the default is B<PEM>.
 See L<openssl-format-options(1)> for details.
 
 Private keys are a sequence of B<ASN.1 INTEGERS>: the version (zero), B<p>,
diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in
index 96c429cf94..6437707429 100644
--- a/doc/man1/openssl-dsaparam.pod.in
+++ b/doc/man1/openssl-dsaparam.pod.in
@@ -36,9 +36,14 @@ DSA parameters is often used to generate several distinct keys.
 
 Print out a usage message.
 
-=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
+=item B<-inform> B<DER>|B<PEM>
 
-This option has become obsolete.
+The DSA parameters input format; unspecified by default.
+See L<openssl-format-options(1)> for details.
+
+=item B<-outform> B<DER>|B<PEM>
+
+The DSA parameters output format; the default is B<PEM>.
 See L<openssl-format-options(1)> for details.
 
 Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>.
diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in
index 06c225f11c..b3aabcb41a 100644
--- a/doc/man1/openssl-ec.pod.in
+++ b/doc/man1/openssl-ec.pod.in
@@ -53,13 +53,12 @@ Print out a usage message.
 
 =item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key input format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key input format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-outform> B<DER>|B<PEM>
 
-The key output formats; the default is B<PEM>.
+The key output format; the default is B<PEM>.
 See L<openssl-format-options(1)> for details.
 
 Private keys are an SEC1 private key or PKCS#8 format.
diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in
index ee5c021819..dd8f0f2c24 100644
--- a/doc/man1/openssl-ecparam.pod.in
+++ b/doc/man1/openssl-ecparam.pod.in
@@ -43,9 +43,14 @@ this command can only create EC parameters from known (named) curves.
 
 Print out a usage message.
 
-=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
+=item B<-inform> B<DER>|B<PEM>
 
-The input and formats; the default is B<PEM>.
+The EC parameters input format; unspecified by default.
+See L<openssl-format-options(1)> for details.
+
+=item B<-outform> B<DER>|B<PEM>
+
+The EC parameters output format; the default is B<PEM>.
 See L<openssl-format-options(1)> for details.
 
 Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279.
diff --git a/doc/man1/openssl-format-options.pod b/doc/man1/openssl-format-options.pod
index 20b62f9b15..91058831cd 100644
--- a/doc/man1/openssl-format-options.pod
+++ b/doc/man1/openssl-format-options.pod
@@ -15,9 +15,13 @@ I<command>
 
 Several OpenSSL commands can take input or generate output in a variety
 of formats.
+
 Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
-files in any of the B<DER>, B<PEM> or B<P12> formats,
-while specifying their input format is no more needed.
+files in any of the B<DER>, B<PEM> or B<P12> formats. Specifying their input
+format is no more needed and the openssl commands will automatically try all
+the possible formats. However if the B<DER> or B<PEM> input format is specified
+it will be enforced.
+
 In order to access a key via an engine the input format B<ENGINE> may be used;
 alternatively the key identifier in the <uri> argument of the respective key
 option may be preceded by C<org.openssl.engine:>.
@@ -39,8 +43,6 @@ The format of the input or output streams.
 =item B<-keyform> I<format>
 
 Format of a private key input source.
-The only value with effect is B<ENGINE>; all others have become obsolete.
-See L<openssl(1)/Format Options> for details.
 
 =item B<-CRLform> I<format>
 
diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in
index 004be5c132..d297b19638 100644
--- a/doc/man1/openssl-pkey.pod.in
+++ b/doc/man1/openssl-pkey.pod.in
@@ -78,8 +78,7 @@ a pass phrase will be prompted for.
 
 =item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key input format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key input format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-passin> I<arg>
diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
index 26b9ed1e42..b57640992c 100644
--- a/doc/man1/openssl-pkeyutl.pod.in
+++ b/doc/man1/openssl-pkeyutl.pod.in
@@ -91,8 +91,7 @@ The input key, by default it should be a private key.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-passin> I<arg>
@@ -106,8 +105,7 @@ The peer key file, used by key derivation (agreement) operations.
 
 =item B<-peerform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The peer key format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The peer key format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-pubin>
@@ -410,9 +408,6 @@ L<EVP_PKEY_CTX_set_tls1_prf_md(3)>,
 
 =head1 HISTORY
 
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index a877140cdc..32ae4b2e32 100644
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -74,7 +74,7 @@ Print out a usage message.
 
 =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
 
-The input and output formats; the default is B<PEM>.
+The input and output formats; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 The data is a PKCS#10 object.
@@ -197,8 +197,7 @@ It also accepts PKCS#8 format private keys for PEM format files.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The format of the private key; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The format of the private key; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-keyout> I<filename>
@@ -737,8 +736,8 @@ L<x509v3_config(5)>
 
 The B<-section> option was added in OpenSSL 3.0.0.
 
-All B<-keyform> values except B<ENGINE> and the B<-multivalue-rdn> option
-have become obsolete in OpenSSL 3.0.0 and have no effect.
+The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
+has no effect.
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
 The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index 1d98caabb6..503b31a6d6 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -60,8 +60,7 @@ Print out a usage message.
 
 =item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key input format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key input format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-outform> B<DER>|B<PEM>
diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
index 62c39eb69e..a16c0bda15 100644
--- a/doc/man1/openssl-rsautl.pod.in
+++ b/doc/man1/openssl-rsautl.pod.in
@@ -73,8 +73,7 @@ The input key, by default it should be an RSA private key.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-pubin>
@@ -231,9 +230,6 @@ L<openssl-genrsa(1)>
 
 This command was deprecated in OpenSSL 3.0.
 
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index e11df7a9ae..33e8f313b6 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -243,8 +243,8 @@ The chain for the client certificate may be specified using B<-cert_chain>.
 
 =item B<-certform> B<DER>|B<PEM>|B<P12>
 
-The client certificate file format to use; the default is B<PEM>.
-This option has no effect and is retained for backward compatibility only.
+The client certificate file format to use; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-cert_chain>
 
@@ -263,7 +263,7 @@ CRL file to use to check the server's certificate.
 
 =item B<-CRLform> B<DER>|B<PEM>
 
-The CRL file format; the default is B<PEM>.
+The CRL file format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-crl_download>
@@ -277,8 +277,7 @@ If not specified then the certificate file will be used to read also the key.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-pass> I<arg>
@@ -912,9 +911,6 @@ The B<-name> option was added in OpenSSL 1.1.1.
 
 The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
 
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index fa4190a869..f07e2ae3b4 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -225,8 +225,8 @@ The certificate file to use for servername; default is C<server2.pem>.
 
 =item B<-certform> B<DER>|B<PEM>|B<P12>
 
-The server certificate file format.
-This option has no effect and is retained for backward compatibility only.
+The server certificate file format; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-cert_chain>
 
@@ -258,8 +258,7 @@ The private Key file to use for servername if not given via B<-cert2>.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-pass> I<val>
@@ -288,14 +287,13 @@ The input can be in PEM, DER, or PKCS#12 format.
 
 =item B<-dcertform> B<DER>|B<PEM>|B<P12>
 
-The format of the additional certificate file.
-This option has no effect and is retained for backward compatibility only.
+The format of the additional certificate file; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The format of the additional private key; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
-See L<openssl-format-options(1)>.
+The format of the additional private key; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-dpass> I<val>
 
@@ -333,7 +331,7 @@ The CRL file to use.
 
 =item B<-CRLform> B<DER>|B<PEM>
 
-The CRL file format; the default is B<PEM>.
+The CRL file format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-crl_download>
@@ -844,12 +842,6 @@ The -no_alt_chains option was added in OpenSSL 1.1.0.
 The
 -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
 
-All B<-keyform> and B<-dkeyform> values except B<ENGINE>
-have become obsolete in OpenSSL 3.0.0 and have no effect.
-
-The B<-certform> and B<-dcertform> options have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in
index 3c5859dc01..2fcf7020fe 100644
--- a/doc/man1/openssl-smime.pod.in
+++ b/doc/man1/openssl-smime.pod.in
@@ -127,8 +127,7 @@ See L<openssl-format-options(1)> for details.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-stream>, B<-indef>, B<-noindef>
@@ -481,9 +480,6 @@ added in OpenSSL 1.0.0
 
 The -no_alt_chains option was added in OpenSSL 1.1.0.
 
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man1/openssl-spkac.pod.in b/doc/man1/openssl-spkac.pod.in
index f0ddd5179d..3de862e035 100644
--- a/doc/man1/openssl-spkac.pod.in
+++ b/doc/man1/openssl-spkac.pod.in
@@ -60,8 +60,7 @@ present.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-passin> I<arg>
@@ -150,9 +149,6 @@ L<openssl-ca(1)>
 
 =head1 HISTORY
 
-All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
-and have no effect.
-
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index 7f42d45cf7..0dcad3fd9b 100644
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -154,7 +154,7 @@ The B<-ext> option can be used to further restrict which extensions to copy.
 
 =item B<-inform> B<DER>|B<PEM>
 
-The CSR input file format; the default is B<PEM>.
+The input file format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-vfyopt> I<nm>:I<v>
@@ -181,8 +181,7 @@ This option is an alias of B<-key>.
 
 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The key input format; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The key input format; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-out> I<filename>
@@ -468,8 +467,8 @@ unless the B<-new> option is given, which generates a certificate from scratch.
 
 =item B<-CAform> B<DER>|B<PEM>|B<P12>,
 
-The format for the CA certificate.
-This option has no effect and is retained for backward compatibility.
+The format for the CA certificate; unspecifed by default.
+See L<openssl-format-options(1)> for details.
 
 =item B<-CAkey> I<filename>|I<uri>
 
@@ -479,8 +478,7 @@ If this option is not provided then the key must be present in the B<-CA> input.
 
 =item B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The format for the CA key; the default is B<PEM>.
-The only value with effect is B<ENGINE>; all others have become obsolete.
+The format for the CA key; unspecified by default.
 See L<openssl-format-options(1)> for details.
 
 =item B<-CAserial> I<filename>
@@ -879,11 +877,6 @@ form must have their links rebuilt using L<openssl-rehash(1)> or similar.
 The B<-signkey> option has been renamed to B<-key> in OpenSSL 3.0,
 keeping the old name as an alias.
 
-All B<-keyform> and B<-CAkeyform> values except B<ENGINE>
-have become obsolete in OpenSSL 3.0.0 and have no effect.
-
-The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
-
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
 The B<-C> option was removed in OpenSSL 3.0.
diff --git a/doc/man3/OSSL_STORE_attach.pod b/doc/man3/OSSL_STORE_attach.pod
index 9ad53af81a..f272961bac 100644
--- a/doc/man3/OSSL_STORE_attach.pod
+++ b/doc/man3/OSSL_STORE_attach.pod
@@ -11,6 +11,7 @@ OSSL_STORE_attach - Functions to read objects from a BIO
  OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
                                    OSSL_LIB_CTX *libctx, const char *propq,
                                    const UI_METHOD *ui_method, void *ui_data,
+                                   const OSSL_PARAM params[],
                                    OSSL_STORE_post_process_info_fn post_process,
                                    void *post_process_data);
 
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 3d6d03a990..39a795b0ef 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -24,6 +24,7 @@ OSSL_STORE_error, OSSL_STORE_close
  OSSL_STORE_CTX *
  OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
                     const UI_METHOD *ui_method, void *ui_data,
+                    const OSSL_PARAM params[],
                     OSSL_STORE_post_process_info_fn post_process,
                     void *post_process_data);
 
@@ -68,6 +69,8 @@ B<OSSL_STORE_CTX> with all necessary internal information.
 The given I<ui_method> and I<ui_data> will be reused by all
 functions that use B<OSSL_STORE_CTX> when interaction is needed,
 for instance to provide a password.
+The auxiliary B<OSSL_PARAM> parameters in I<params> can be set to further
+modify the store operation.
 The given I<post_process> and I<post_process_data> will be reused by
 OSSL_STORE_load() to manipulate or drop the value to be returned.
 The I<post_process> function drops values by returning NULL, which
@@ -76,7 +79,7 @@ the next object, until I<post_process> returns something other than
 NULL, or the end of data is reached as indicated by OSSL_STORE_eof().
 
 OSSL_STORE_open() is similar to OSSL_STORE_open_ex() but uses NULL for
-the library context I<libctx> and property query I<propq>.
+the I<params>, the library context I<libctx> and property query I<propq>.
 
 OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number I<cmd> and
 more arguments not specified here.
diff --git a/doc/man7/provider-storemgmt.pod b/doc/man7/provider-storemgmt.pod
index 32f4e467ac..d34f0377ae 100644
--- a/doc/man7/provider-storemgmt.pod
+++ b/doc/man7/provider-storemgmt.pod
@@ -153,6 +153,16 @@ fingerprint, computed with the given digest.
 Indicates that the caller wants to search for an object with the given
 alias (some call it a "friendly name").
 
+=item "properties" (B<OSSL_STORE_PARAM_PROPERTIES) <utf8 string>
+
+Property string to use when querying for algorithms such as the B<OSSL_DECODER>
+decoder implementations.
+
+=item "input-type" (B<OSSL_STORE_PARAM_INPUT_TYPE) <utf8 string>
+
+Type of the input format as a hint to use when decoding the objects in the
+store.
+
 =back
 
 Several of these search criteria may be combined.  For example, to
diff --git a/gost-engine b/gost-engine
index 28a0a19354..1b684f3f90 160000
--- a/gost-engine
+++ b/gost-engine
@@ -1 +1 @@
-Subproject commit 28a0a193549a9b778a14fade0219b9daa0e7c5db
+Subproject commit 1b684f3f906bc81154ca1d5af7d6bc60199f1f9c
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 708f79d480..02476560f0 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -545,6 +545,8 @@ extern "C" {
 
 /* You may want to pass properties for the provider implementation to use */
 #define OSSL_STORE_PARAM_PROPERTIES "properties"   /* utf8_string */
+/* OSSL_DECODER input type if a decoder is used by the store */
+#define OSSL_STORE_PARAM_INPUT_TYPE "input-type"   /* UTF8_STRING */
 
 # ifdef __cplusplus
 }
diff --git a/include/openssl/store.h b/include/openssl/store.h
index f0c20e56fe..d5703d5040 100644
--- a/include/openssl/store.h
+++ b/include/openssl/store.h
@@ -59,6 +59,7 @@ OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, void *ui_data,
 OSSL_STORE_CTX *
 OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
                    const UI_METHOD *ui_method, void *ui_data,
+                   const OSSL_PARAM params[],
                    OSSL_STORE_post_process_info_fn post_process,
                    void *post_process_data);
 
@@ -131,6 +132,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
                                   OSSL_LIB_CTX *libctx, const char *propq,
                                   const UI_METHOD *ui_method, void *ui_data,
+                                  const OSSL_PARAM params[],
                                   OSSL_STORE_post_process_info_fn post_process,
                                   void *post_process_data);
 
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index a7ee231b15..fc8d6362df 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -452,7 +452,7 @@ a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/impl
 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy.c
 25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa.c
 c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732  providers/implementations/signature/sm2sig.c
-c63cb744c26af304cf00006071d3ebd9325a4d65913b75a2bcb1d2e104c734fd  providers/implementations/storemgmt/file_store.c
+e2750b310565e74617310566c1ccfbd75559521117fd8936540fff54dd304902  providers/implementations/storemgmt/file_store.c
 291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab  providers/implementations/storemgmt/file_store_der2obj.c
 04ea01e48b8fee822acb376ab8679b4c627b32ab75c137bf23ebb4fe2a1c0703  providers/prov_running.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index ff7a1c2c78..e28929484f 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-b998b19b940b606688e4711014407c48c3fca4c58b2fdc60ac64c1cef94861c1  providers/fips-sources.checksums
+de031c8fbe10ee9b6447dd230956217e599cf923ff36a1026b515c2a22158b37  providers/fips-sources.checksums
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 033efb40ac..b9bb3b36c0 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -149,15 +149,11 @@ static OSSL_DECODER_CLEANUP file_load_cleanup;
  *
  */
 static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
-                                            const char *input_type,
                                             void *provctx)
 {
     struct file_ctx_st *ctx;
 
-    if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL
-        || (input_type != NULL
-            && (ctx->_.file.input_type =
-                OPENSSL_strdup(input_type)) == NULL)) {
+    if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -285,7 +281,7 @@ static void *file_open(void *provctx, const char *uri)
     if (S_ISDIR(st.st_mode))
         ctx = file_open_dir(path, uri, provctx);
     else if ((bio = BIO_new_file(path, "rb")) == NULL
-             || (ctx = file_open_stream(bio, uri, NULL, provctx)) == NULL)
+             || (ctx = file_open_stream(bio, uri, provctx)) == NULL)
         BIO_free_all(bio);
 
     return ctx;
@@ -299,7 +295,7 @@ void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
     if (new_bio == NULL)
         return NULL;
 
-    ctx = file_open_stream(new_bio, NULL, NULL, provctx);
+    ctx = file_open_stream(new_bio, NULL, provctx);
     if (ctx == NULL)
         BIO_free(new_bio);
     return ctx;
@@ -316,6 +312,7 @@ static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
         OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
         OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
         OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
         OSSL_PARAM_END
     };
     return known_settable_ctx_params;
@@ -329,12 +326,22 @@ static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
     if (params == NULL)
         return 1;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
-    if (p != NULL) {
-        OPENSSL_free(ctx->_.file.propq);
-        ctx->_.file.propq = NULL;
-        if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
-            return 0;
+    if (ctx->type != IS_DIR) {
+        /* these parameters are ignored for directories */
+        p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
+        if (p != NULL) {
+            OPENSSL_free(ctx->_.file.propq);
+            ctx->_.file.propq = NULL;
+            if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
+                return 0;
+        }
+        p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
+        if (p != NULL) {
+            OPENSSL_free(ctx->_.file.input_type);
+            ctx->_.file.input_type = NULL;
+            if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
+                return 0;
+        }
     }
     p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
     if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c
index 7a5df01647..b9135cfcb3 100644
--- a/test/ossl_store_test.c
+++ b/test/ossl_store_test.c
@@ -47,7 +47,7 @@ static int test_store_open(void)
           && TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing"))
           && TEST_ptr(ui_method= UI_create_method("DummyUI"))
           && TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method,
-                                                NULL, NULL, NULL))
+                                                NULL, NULL, NULL, NULL))
           && TEST_false(OSSL_STORE_find(sctx, NULL))
           && TEST_true(OSSL_STORE_find(sctx, search));
     UI_destroy_method(ui_method);
@@ -75,7 +75,7 @@ static int get_params(const char *uri, const char *type)
     OSSL_STORE_INFO *info;
     int ret = 0;
 
-    ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL);
+    ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
     if (!TEST_ptr(ctx))
         goto err;
 
@@ -157,7 +157,7 @@ static int test_store_attach_unregistered_scheme(void)
           && TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default"))
           && TEST_ptr(bio = BIO_new_file(input, "r"))
           && TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL,
-                                                    NULL, NULL, NULL, NULL))
+                                                    NULL, NULL, NULL, NULL, NULL))
           && TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE)
           && TEST_int_ne(ERR_GET_REASON(ERR_peek_error()),
                          OSSL_STORE_R_UNREGISTERED_SCHEME);
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 7f2ff029ba..5492baa551 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -80,7 +80,7 @@ sub tsignverify {
     my $sigfile = basename($privkey, '.pem') . '.sig';
 
     my @args = ();
-    plan tests => 4;
+    plan tests => 5;
 
     @args = ('openssl', 'pkeyutl', '-sign',
              '-inkey', $privkey,
@@ -90,6 +90,15 @@ sub tsignverify {
     ok(run(app([@args])),
        $testtext.": Generating signature");
 
+    @args = ('openssl', 'pkeyutl', '-sign',
+             '-inkey', $privkey,
+             '-keyform', 'DER',
+             '-out', $sigfile,
+             '-in', $data_to_sign);
+    push(@args, @extraopts);
+    ok(!run(app([@args])),
+       $testtext.": Checking that mismatching keyform fails");
+
     @args = ('openssl', 'pkeyutl', '-verify',
              '-inkey', $privkey,
              '-sigfile', $sigfile,
@@ -99,6 +108,7 @@ sub tsignverify {
        $testtext.": Verify signature with private key");
 
     @args = ('openssl', 'pkeyutl', '-verify',
+             '-keyform', 'PEM',
              '-inkey', $pubkey, '-pubin',
              '-sigfile', $sigfile,
              '-in', $data_to_sign);
diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
index 1d6200e6d4..c789da6aa6 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_crl");
 
-plan tests => 9;
+plan tests => 10;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
 
@@ -44,8 +44,10 @@ ok(compare1stline_stdin([qw{openssl crl -hash -noout}],
                         '106cd822'),
    "crl piped input test");
 
-ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out,
-            "-nameopt", "utf8"])));
+ok(!run(app(["openssl", "crl", "-text", "-in", $pem, "-inform", "DER",
+             "-out", $out, "-nameopt", "utf8"])));
+ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-inform", "PEM",
+            "-out", $out, "-nameopt", "utf8"])));
 is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")),
    0, 'Comparing utf8 output');
 
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index ab6c6e681b..30c1c43a7f 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -73,16 +73,24 @@ subtest "generating alt certificate requests with RSA" => sub {
 
 
 subtest "generating certificate requests with RSA" => sub {
-    plan tests => 2;
+    plan tests => 3;
 
     SKIP: {
         skip "RSA is not supported by this OpenSSL build", 2
             if disabled("rsa");
 
+        ok(!run(app(["openssl", "req",
+                     "-config", srctop_file("test", "test.cnf"),
+                     "-new", "-out", "testreq-rsa.pem", "-utf8",
+                     "-key", srctop_file("test", "testrsa.pem"),
+                     "-keyform", "DER"])),
+           "Checking that mismatching keyform fails");
+
         ok(run(app(["openssl", "req",
                     "-config", srctop_file("test", "test.cnf"),
                     "-new", "-out", "testreq-rsa.pem", "-utf8",
-                    "-key", srctop_file("test", "testrsa.pem")])),
+                    "-key", srctop_file("test", "testrsa.pem"),
+                    "-keyform", "PEM"])),
            "Generating request");
 
         ok(run(app(["openssl", "req",
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index ae934bf420..1324f754e9 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 15;
+plan tests => 18;
 
 require_ok(srctop_file("test", "recipes", "tconversion.pl"));
 
@@ -24,6 +24,8 @@ my @certs = qw(test certs);
 my $pem = srctop_file(@certs, "cyrillic.pem");
 my $out_msb = "out-cyrillic.msb";
 my $out_utf8 = "out-cyrillic.utf8";
+my $der = "cyrillic.der";
+my $der2 = "cyrillic.der";
 my $msb = srctop_file(@certs, "cyrillic.msb");
 my $utf = srctop_file(@certs, "cyrillic.utf8");
 
@@ -36,7 +38,7 @@ ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out_utf8,
 is(cmp_text($out_utf8, $utf),
    0, 'Comparing utf8 output with cyrillic.utf8');
 
- SKIP: {
+SKIP: {
     skip "DES disabled", 1 if disabled("des");
 
     my $p12 = srctop_file("test", "shibboleth.pfx");
@@ -47,6 +49,16 @@ is(cmp_text($out_utf8, $utf),
     # not unlinking $out_pem
 }
 
+ok(!run(app(["openssl", "x509", "-in", $pem, "-inform", "DER",
+             "-out", $der, "-outform", "DER"])),
+   "Checking failure of mismatching -inform DER");
+ok(run(app(["openssl", "x509", "-in", $pem, "-inform", "PEM",
+            "-out", $der, "-outform", "DER"])),
+   "Conversion to DER");
+ok(!run(app(["openssl", "x509", "-in", $der, "-inform", "PEM",
+             "-out", $der2, "-outform", "DER"])),
+   "Checking failure of mismatching -inform PEM");
+
 # producing and checking self-issued (but not self-signed) cert
 my $subj = "/CN=CA"; # using same DN as in issuer of ee-cert.pem
 my $extfile = srctop_file("test", "v3_ca_exts.cnf");

From matt at openssl.org  Thu May  6 11:52:55 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 06 May 2021 11:52:55 +0000
Subject: [openssl]  master update
Message-ID: <1620301975.465454.6697.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6269fedffb3856fc63414fcafb20a4c4c62c8f1a (commit)
      from  d105a24c8987dde38595a2fa336057b141e5ddf3 (commit)


- Log -----------------------------------------------------------------
commit 6269fedffb3856fc63414fcafb20a4c4c62c8f1a
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 6 12:04:38 2021 +0100

    Update the FIPS checksums
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15177)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips-sources.checksums | 2 +-
 providers/fips.checksum          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index fc8d6362df..c3d4dd9292 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -182,7 +182,7 @@ c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp
 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670  crypto/evp/keymgmt_lib.c
 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535  crypto/evp/keymgmt_meth.c
 9fd78bfd59378fc4a9f56ce474310d8d2851aa42862c694ee0e47b175e836c51  crypto/evp/m_sigver.c
-a661a25d70af7eb79d1dd76ea1595c370c266307e20ee2e60074216672286a71  crypto/evp/mac_lib.c
+0f5e0cd5c66712803a19774610f6bdfe572f5dda08c58cdf1b19d38a0693911c  crypto/evp/mac_lib.c
 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
 f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5  crypto/evp/p_lib.c
 b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pmeth_check.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index e28929484f..913f8b0992 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-de031c8fbe10ee9b6447dd230956217e599cf923ff36a1026b515c2a22158b37  providers/fips-sources.checksums
+f51d5228b36f7d4ef300ceddfb426e672b136c0b64706af027707830828fa442  providers/fips-sources.checksums

From matt at openssl.org  Thu May  6 12:11:54 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 06 May 2021 12:11:54 +0000
Subject: [openssl]  master update
Message-ID: <1620303114.850170.15431.nullmailer@dev.openssl.org>

The branch master has been updated
       via  aff636a4893e24bdc686a00a13ae6199dd38d6aa (commit)
      from  6269fedffb3856fc63414fcafb20a4c4c62c8f1a (commit)


- Log -----------------------------------------------------------------
commit aff636a4893e24bdc686a00a13ae6199dd38d6aa
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 6 13:03:23 2021 +0100

    Update copyright year
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15181)

-----------------------------------------------------------------------

Summary of changes:
 apps/asn1pars.c                                         | 2 +-
 apps/engine.c                                           | 2 +-
 apps/include/fmt.h                                      | 2 +-
 apps/info.c                                             | 2 +-
 apps/nseq.c                                             | 2 +-
 apps/prime.c                                            | 2 +-
 apps/progs.pl                                           | 2 +-
 apps/sess_id.c                                          | 2 +-
 apps/spkac.c                                            | 2 +-
 apps/version.c                                          | 2 +-
 crypto/bio/bio_local.h                                  | 2 +-
 crypto/bn/bn_nist.c                                     | 2 +-
 crypto/cpt_err.c                                        | 2 +-
 crypto/evp/evp_cnf.c                                    | 2 +-
 crypto/evp/evp_pbe.c                                    | 2 +-
 crypto/pkcs12/p12_add.c                                 | 2 +-
 crypto/pkcs12/p12_crpt.c                                | 2 +-
 crypto/pkcs12/p12_init.c                                | 2 +-
 crypto/pkcs12/p12_p8d.c                                 | 2 +-
 crypto/pkcs12/p12_p8e.c                                 | 2 +-
 crypto/pkcs12/p12_sbag.c                                | 2 +-
 crypto/rc2/rc2_skey.c                                   | 2 +-
 crypto/x509/t_crl.c                                     | 2 +-
 doc/man1/openssl-crl.pod.in                             | 2 +-
 doc/man1/openssl-dhparam.pod.in                         | 2 +-
 doc/man1/openssl-dsa.pod.in                             | 2 +-
 doc/man1/openssl-dsaparam.pod.in                        | 2 +-
 doc/man1/openssl-ecparam.pod.in                         | 2 +-
 doc/man1/openssl-format-options.pod                     | 2 +-
 doc/man1/openssl-rsa.pod.in                             | 2 +-
 doc/man1/openssl-smime.pod.in                           | 2 +-
 doc/man1/openssl-spkac.pod.in                           | 2 +-
 doc/man1/openssl-verify.pod.in                          | 2 +-
 doc/man3/BIO_ctrl.pod                                   | 2 +-
 doc/man3/BIO_new.pod                                    | 2 +-
 doc/man3/BIO_parse_hostserv.pod                         | 2 +-
 doc/man3/BIO_s_connect.pod                              | 2 +-
 doc/man3/BIO_s_fd.pod                                   | 2 +-
 doc/man3/CMS_get1_ReceiptRequest.pod                    | 2 +-
 doc/man3/EVP_PKEY_ASN1_METHOD.pod                       | 2 +-
 doc/man3/EVP_PKEY_meth_new.pod                          | 2 +-
 doc/man3/OSSL_STORE_expect.pod                          | 2 +-
 doc/man3/OSSL_STORE_open.pod                            | 2 +-
 doc/man3/PKCS5_PBKDF2_HMAC.pod                          | 2 +-
 doc/man3/TS_VERIFY_CTX_set_certs.pod                    | 2 +-
 doc/man3/X509_get_version.pod                           | 2 +-
 doc/man7/openssl-core.h.pod                             | 2 +-
 include/openssl/conf.h.in                               | 2 +-
 include/openssl/e_os2.h                                 | 2 +-
 include/openssl/hmac.h                                  | 2 +-
 include/openssl/pkcs12.h.in                             | 2 +-
 include/openssl/safestack.h.in                          | 2 +-
 include/openssl/stack.h                                 | 2 +-
 test/asn1_decode_test.c                                 | 2 +-
 test/dtlstest.c                                         | 2 +-
 test/ecstresstest.c                                     | 2 +-
 test/errtest.c                                          | 2 +-
 test/helpers/pkcs12.h                                   | 2 +-
 test/memleaktest.c                                      | 2 +-
 test/pkcs12_format_test.c                               | 2 +-
 test/recipes/04-test_bio_core.t                         | 2 +-
 test/recipes/15-test_gendh.t                            | 2 +-
 test/recipes/20-test_dgst.t                             | 2 +-
 test/recipes/25-test_crl.t                              | 2 +-
 test/recipes/30-test_evp_data/evpciph_aes_wrap.txt      | 2 +-
 test/recipes/30-test_evp_data/evpciph_aria.txt          | 2 +-
 test/recipes/30-test_evp_data/evpciph_camellia.txt      | 2 +-
 test/recipes/30-test_evp_data/evpciph_des.txt           | 2 +-
 test/recipes/30-test_evp_data/evpciph_des3_common.txt   | 2 +-
 test/recipes/30-test_evp_data/evpciph_rc2.txt           | 2 +-
 test/recipes/30-test_evp_data/evpciph_rc5.txt           | 2 +-
 test/recipes/30-test_evp_data/evpciph_seed.txt          | 2 +-
 test/recipes/30-test_evp_data/evppkey_ecdsa.txt         | 2 +-
 test/recipes/80-test_pkcs12.t                           | 2 +-
 test/recipes/95-test_external_pyca_data/cryptography.sh | 2 +-
 test/ssl-tests/16-dtls-certstatus.cnf.in                | 2 +-
 test/ssl-tests/18-dtls-renegotiate.cnf.in               | 2 +-
 test/v3nametest.c                                       | 2 +-
 util/perl/OpenSSL/Test.pm                               | 2 +-
 util/perl/OpenSSL/stackhash.pm                          | 2 +-
 80 files changed, 80 insertions(+), 80 deletions(-)

diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 95a21a04f4..f0bfd1d45f 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/engine.c b/apps/engine.c
index b132bb7608..1b0f64309c 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/include/fmt.h b/apps/include/fmt.h
index f235899bf8..98dfed7dc0 100644
--- a/apps/include/fmt.h
+++ b/apps/include/fmt.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/info.c b/apps/info.c
index e432be46d5..c68603652f 100644
--- a/apps/info.c
+++ b/apps/info.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/nseq.c b/apps/nseq.c
index 8848e895ae..d5524370f2 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/prime.c b/apps/prime.c
index 20b26cddad..e269493d5c 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/progs.pl b/apps/progs.pl
index 74461f5b3f..ff39f85325 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/sess_id.c b/apps/sess_id.c
index a1e5415cc4..714c0f7787 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/spkac.c b/apps/spkac.c
index adc6f7372c..19576e4878 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/version.c b/apps/version.c
index b4cc2e04a1..cab17a46bf 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h
index 3d9afe0760..581b19c0c1 100644
--- a/crypto/bio/bio_local.h
+++ b/crypto/bio/bio_local.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index ad3cc6b85c..aea8a6e65d 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index bad3ca3cee..a56cb2c804 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index aee79712cd..145f52fe1d 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 193920724d..7c73cfc501 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index f0b0819f84..b644834f33 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index aeea598696..777bc93ac3 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
index dcfdd5ba13..45aa2f9154 100644
--- a/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c
index 599a64f878..449336aa2d 100644
--- a/crypto/pkcs12/p12_p8d.c
+++ b/crypto/pkcs12/p12_p8d.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index 5351e11d34..e357f310a6 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index e439372082..888736d16b 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
index 313250b58c..e43b84af17 100644
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index 48bcf5bb44..e77a77978a 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in
index d00b80c862..e1e31782e8 100644
--- a/doc/man1/openssl-crl.pod.in
+++ b/doc/man1/openssl-crl.pod.in
@@ -158,7 +158,7 @@ L<ossl_store-file(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in
index 7bbd04ba5d..7227130693 100644
--- a/doc/man1/openssl-dhparam.pod.in
+++ b/doc/man1/openssl-dhparam.pod.in
@@ -128,7 +128,7 @@ The B<-C> option was removed in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index 116121caf2..b17b49ad0f 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -169,7 +169,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in
index 6437707429..c88e11f3cf 100644
--- a/doc/man1/openssl-dsaparam.pod.in
+++ b/doc/man1/openssl-dsaparam.pod.in
@@ -110,7 +110,7 @@ The B<-C> option was removed in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in
index dd8f0f2c24..2f0968c311 100644
--- a/doc/man1/openssl-ecparam.pod.in
+++ b/doc/man1/openssl-ecparam.pod.in
@@ -174,7 +174,7 @@ The B<-C> option was removed in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-format-options.pod b/doc/man1/openssl-format-options.pod
index 91058831cd..a9bd1d6971 100644
--- a/doc/man1/openssl-format-options.pod
+++ b/doc/man1/openssl-format-options.pod
@@ -135,7 +135,7 @@ Note that the parsing is simple and might fail to parse some legal data.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index 503b31a6d6..d67a0f64bb 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -189,7 +189,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in
index 2fcf7020fe..8b9064761a 100644
--- a/doc/man1/openssl-smime.pod.in
+++ b/doc/man1/openssl-smime.pod.in
@@ -484,7 +484,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-spkac.pod.in b/doc/man1/openssl-spkac.pod.in
index 3de862e035..4d994de3b4 100644
--- a/doc/man1/openssl-spkac.pod.in
+++ b/doc/man1/openssl-spkac.pod.in
@@ -153,7 +153,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in
index bb57109b12..8a807d21f6 100644
--- a/doc/man1/openssl-verify.pod.in
+++ b/doc/man1/openssl-verify.pod.in
@@ -159,7 +159,7 @@ The B<-engine option> was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod
index b3108f83ef..fdffda7b41 100644
--- a/doc/man3/BIO_ctrl.pod
+++ b/doc/man3/BIO_ctrl.pod
@@ -145,7 +145,7 @@ OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/BIO_new.pod b/doc/man3/BIO_new.pod
index 5d14a8d6e1..282da275ee 100644
--- a/doc/man3/BIO_new.pod
+++ b/doc/man3/BIO_new.pod
@@ -69,7 +69,7 @@ Create a memory BIO:
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/BIO_parse_hostserv.pod b/doc/man3/BIO_parse_hostserv.pod
index 27d4735b50..8898ae2266 100644
--- a/doc/man3/BIO_parse_hostserv.pod
+++ b/doc/man3/BIO_parse_hostserv.pod
@@ -69,7 +69,7 @@ L<BIO_ADDRINFO(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod
index 9a029066ff..f31da27fe7 100644
--- a/doc/man3/BIO_s_connect.pod
+++ b/doc/man3/BIO_s_connect.pod
@@ -201,7 +201,7 @@ Use BIO_set_conn_address() and BIO_get_conn_address() instead.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/BIO_s_fd.pod b/doc/man3/BIO_s_fd.pod
index 40a223b61d..1f7bb0cd30 100644
--- a/doc/man3/BIO_s_fd.pod
+++ b/doc/man3/BIO_s_fd.pod
@@ -88,7 +88,7 @@ L<BIO_set_close(3)>, L<BIO_get_close(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/CMS_get1_ReceiptRequest.pod b/doc/man3/CMS_get1_ReceiptRequest.pod
index 972345fce8..b821103a59 100644
--- a/doc/man3/CMS_get1_ReceiptRequest.pod
+++ b/doc/man3/CMS_get1_ReceiptRequest.pod
@@ -82,7 +82,7 @@ The function CMS_ReceiptRequest_create0_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
index 544d2a99c9..cbf735d333 100644
--- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod
+++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
@@ -440,7 +440,7 @@ parameter is now constified.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod
index 196b7ca885..d07ec1a637 100644
--- a/doc/man3/EVP_PKEY_meth_new.pod
+++ b/doc/man3/EVP_PKEY_meth_new.pod
@@ -456,7 +456,7 @@ has changed in OpenSSL 3.0 so its I<src> parameter is now constified.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod
index 8b79f35337..a60661f096 100644
--- a/doc/man3/OSSL_STORE_expect.pod
+++ b/doc/man3/OSSL_STORE_expect.pod
@@ -71,7 +71,7 @@ were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 39a795b0ef..2d127a30fe 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -176,7 +176,7 @@ OSSL_STORE_ctrl() and OSSL_STORE_vctrl() were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod
index 51c8ce8e6d..0984e993da 100644
--- a/doc/man3/PKCS5_PBKDF2_HMAC.pod
+++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod
@@ -66,7 +66,7 @@ L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/TS_VERIFY_CTX_set_certs.pod b/doc/man3/TS_VERIFY_CTX_set_certs.pod
index cf6aee1921..5a35302c41 100644
--- a/doc/man3/TS_VERIFY_CTX_set_certs.pod
+++ b/doc/man3/TS_VERIFY_CTX_set_certs.pod
@@ -51,7 +51,7 @@ compatibility reasons, but it is deprecated in OpenSSL 3.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/X509_get_version.pod b/doc/man3/X509_get_version.pod
index 9aadcb7f94..082859e4f4 100644
--- a/doc/man3/X509_get_version.pod
+++ b/doc/man3/X509_get_version.pod
@@ -75,7 +75,7 @@ functions in OpenSSL 1.1.0, in previous versions they were macros.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/openssl-core.h.pod b/doc/man7/openssl-core.h.pod
index 866abd581d..03980a4b56 100644
--- a/doc/man7/openssl-core.h.pod
+++ b/doc/man7/openssl-core.h.pod
@@ -122,7 +122,7 @@ The types described here were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/conf.h.in b/include/openssl/conf.h.in
index ee7cbb00e4..0911a38f8b 100644
--- a/include/openssl/conf.h.in
+++ b/include/openssl/conf.h.in
@@ -1,7 +1,7 @@
 /*
  * {- join("\n * ", @autowarntext) -}
  *
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index eb8c46d72a..f17a373493 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
index c954b3767d..f2f502ea5c 100644
--- a/include/openssl/hmac.h
+++ b/include/openssl/hmac.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/pkcs12.h.in b/include/openssl/pkcs12.h.in
index 48b0998b2c..c98eebfb39 100644
--- a/include/openssl/pkcs12.h.in
+++ b/include/openssl/pkcs12.h.in
@@ -1,7 +1,7 @@
 /*
  * {- join("\n * ", @autowarntext) -}
  *
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/safestack.h.in b/include/openssl/safestack.h.in
index 7bd4410dfc..6b36607928 100644
--- a/include/openssl/safestack.h.in
+++ b/include/openssl/safestack.h.in
@@ -1,7 +1,7 @@
 /*
  * {- join("\n * ", @autowarntext) -}
  *
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
index 79c25030cb..f0c5c54765 100644
--- a/include/openssl/stack.h
+++ b/include/openssl/stack.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
index 3a3ad525ae..9c676d3dcc 100644
--- a/test/asn1_decode_test.c
+++ b/test/asn1_decode_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/dtlstest.c b/test/dtlstest.c
index 05b8ded9cc..2f3fcae0f6 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/ecstresstest.c b/test/ecstresstest.c
index f6adc4235e..1ffb7e522e 100644
--- a/test/ecstresstest.c
+++ b/test/ecstresstest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/test/errtest.c b/test/errtest.c
index 1d4a708e07..e19501a036 100644
--- a/test/errtest.c
+++ b/test/errtest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/helpers/pkcs12.h b/test/helpers/pkcs12.h
index 7805875806..d1a3b93d32 100644
--- a/test/helpers/pkcs12.h
+++ b/test/helpers/pkcs12.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/memleaktest.c b/test/memleaktest.c
index b48dbced0d..97827b8e9c 100644
--- a/test/memleaktest.c
+++ b/test/memleaktest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/pkcs12_format_test.c b/test/pkcs12_format_test.c
index 45eb24eca3..e3fb55315a 100644
--- a/test/pkcs12_format_test.c
+++ b/test/pkcs12_format_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/04-test_bio_core.t b/test/recipes/04-test_bio_core.t
index 0d8806b8ec..e489907c84 100644
--- a/test/recipes/04-test_bio_core.t
+++ b/test/recipes/04-test_bio_core.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/15-test_gendh.t b/test/recipes/15-test_gendh.t
index 39112f1bfe..015a974eea 100644
--- a/test/recipes/15-test_gendh.t
+++ b/test/recipes/15-test_gendh.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t
index 451bcabbb1..1083da71b8 100644
--- a/test/recipes/20-test_dgst.t
+++ b/test/recipes/20-test_dgst.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t
index c789da6aa6..92101e8d94 100644
--- a/test/recipes/25-test_crl.t
+++ b/test/recipes/25-test_crl.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
index 2d42d7f539..4eb1ed1a38 100644
--- a/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_aria.txt b/test/recipes/30-test_evp_data/evpciph_aria.txt
index 503351e12e..e6c23804de 100644
--- a/test/recipes/30-test_evp_data/evpciph_aria.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aria.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_camellia.txt b/test/recipes/30-test_evp_data/evpciph_camellia.txt
index 361d07e638..2f27710407 100644
--- a/test/recipes/30-test_evp_data/evpciph_camellia.txt
+++ b/test/recipes/30-test_evp_data/evpciph_camellia.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_des.txt b/test/recipes/30-test_evp_data/evpciph_des.txt
index 104ae50f50..9d62cbb4db 100644
--- a/test/recipes/30-test_evp_data/evpciph_des.txt
+++ b/test/recipes/30-test_evp_data/evpciph_des.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
index 511fabfaac..30be60e842 100644
--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_rc2.txt b/test/recipes/30-test_evp_data/evpciph_rc2.txt
index 62dea3d23a..e2dc9efd05 100644
--- a/test/recipes/30-test_evp_data/evpciph_rc2.txt
+++ b/test/recipes/30-test_evp_data/evpciph_rc2.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_rc5.txt b/test/recipes/30-test_evp_data/evpciph_rc5.txt
index 185f91a047..8c84a99831 100644
--- a/test/recipes/30-test_evp_data/evpciph_rc5.txt
+++ b/test/recipes/30-test_evp_data/evpciph_rc5.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evpciph_seed.txt b/test/recipes/30-test_evp_data/evpciph_seed.txt
index 92a35abde3..c93b20b8e0 100644
--- a/test/recipes/30-test_evp_data/evpciph_seed.txt
+++ b/test/recipes/30-test_evp_data/evpciph_seed.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index 7202b5ce70..9297bb2d21 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -1,5 +1,5 @@
 #
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
index 12189da3a3..e03c197e20 100644
--- a/test/recipes/80-test_pkcs12.t
+++ b/test/recipes/80-test_pkcs12.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/95-test_external_pyca_data/cryptography.sh b/test/recipes/95-test_external_pyca_data/cryptography.sh
index 3745f133f7..b73f64b836 100755
--- a/test/recipes/95-test_external_pyca_data/cryptography.sh
+++ b/test/recipes/95-test_external_pyca_data/cryptography.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/test/ssl-tests/16-dtls-certstatus.cnf.in b/test/ssl-tests/16-dtls-certstatus.cnf.in
index ebab3d7ca2..b5ae020e6a 100644
--- a/test/ssl-tests/16-dtls-certstatus.cnf.in
+++ b/test/ssl-tests/16-dtls-certstatus.cnf.in
@@ -1,5 +1,5 @@
 # -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in
index 400ec67d31..dbac249f47 100644
--- a/test/ssl-tests/18-dtls-renegotiate.cnf.in
+++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in
@@ -1,5 +1,5 @@
 # -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/v3nametest.c b/test/v3nametest.c
index d11077fb3d..06d713b2fe 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm
index 55f26cc630..6960514ac6 100644
--- a/util/perl/OpenSSL/Test.pm
+++ b/util/perl/OpenSSL/Test.pm
@@ -1,4 +1,4 @@
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/util/perl/OpenSSL/stackhash.pm b/util/perl/OpenSSL/stackhash.pm
index f99e1690a2..4d59eab0c9 100644
--- a/util/perl/OpenSSL/stackhash.pm
+++ b/util/perl/OpenSSL/stackhash.pm
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy

From matt at openssl.org  Thu May  6 12:33:20 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 06 May 2021 12:33:20 +0000
Subject: [openssl]  master update
Message-ID: <1620304400.791633.12421.nullmailer@dev.openssl.org>

The branch master has been updated
       via  4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf (commit)
       via  d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit)
      from  aff636a4893e24bdc686a00a13ae6199dd38d6aa (commit)


- Log -----------------------------------------------------------------
commit 4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 6 13:15:11 2021 +0100

    Prepare for 3.0 alpha 17
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>

commit d0c041b13ad12c2c689313c607e2c001f3d5a1b7
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 6 13:15:03 2021 +0100

    Prepare for release of 3.0 alpha 16
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 VERSION.dat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION.dat b/VERSION.dat
index 2e16aa375b..b4b1faa05f 100644
--- a/VERSION.dat
+++ b/VERSION.dat
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
 PATCH=0
-PRE_RELEASE_TAG=alpha16-dev
+PRE_RELEASE_TAG=alpha17-dev
 BUILD_METADATA=
 RELEASE_DATE=""
 SHLIB_VERSION=3

From matt at openssl.org  Thu May  6 12:33:33 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 06 May 2021 12:33:33 +0000
Subject: [openssl]  openssl-3.0.0-alpha16 create
Message-ID: <1620304413.492179.13416.nullmailer@dev.openssl.org>

The annotated tag openssl-3.0.0-alpha16 has been created
        at  2777f7f3a9a447979c75d3caa14c62c4fcd11ae8 (tag)
   tagging  d0c041b13ad12c2c689313c607e2c001f3d5a1b7 (commit)
  replaces  openssl-3.0.0-alpha15
 tagged by  Matt Caswell
        on  Thu May 6 13:15:03 2021 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha16 release tag
-----BEGIN PGP SIGNATURE-----

iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCT3ccRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHaOgf/Z5bHiWzyODIP6PSTRAF70dbhFUkrcktq
Y+72rP3ZPyBPiuRWkxwMihPSNbfDui48iIvRVOvKS0VipgY2gvAokJz0n6yyxhA4
1ktmHE+LpLShVII29CutvtEHocUcC8N0KiDGeuvjwn+P4oqRjWHhlgO9KEDbRDX6
1Avalq+YyDbvDFkLVokg+UZfNj/DkADNNZH/Z5iPTHC+S22Cdpujvnpg6vf+LaFD
9ZDz2oW+Fw2wsj7Yn3jawqnJWG9b5NeVVyu/u5w9x4smsjyjHLkcilYEqdaT2rAD
yBeZ4bOeHN07FIuEYS0cHRxKSmWWAks+1EaXcpWY3HKXpCB9KJy39w==
=Y3R/
-----END PGP SIGNATURE-----

Andreas Schwab (1):
      Add system guessing for linux64-riscv64 target

Benjamin Kaduk (3):
      Enforce secure renegotiation support by default
      Correct ssl_conf logic for "legacy_server_connect"
      adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change

Daniel Bevenius (1):
      Fix typo in OSSL_DECODER_CTX_set_input_structure

David Benjamin (1):
      Add X509 version constants.

Dmitry Belyavskiy (1):
      Use OCSP-specific error code for clarity

Dr. David von Oheimb (21):
      apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() function
      BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.
      APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
      APPS: Improve diagnostics for string options and options expecting int >= 0
      ESS: Export three core functions, clean up TS and CMS CAdES-BES usage
      TS ESS: Move four internal aux function to where they belong in crypto/ts
      CMS ESS: Move four internal aux function to where they belong in crypto/cms
      OCSP: Minor improvements of documentation and header file
      OSSL_STORE_expect(): Improve error handling and documentation
      APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
      OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
      BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
      testutil/load.c: Add checks for file(name) == NULL
      HTTP client: Correct the use of optional proxy URL and its documentation
      test/certs/setup.sh: structural cleanup
      update test/certs/ee-pathlen.pem to contain SKID and AKID
      test/certs/setup.sh: Fix two glitches
      cleanup where purpose is not needed in 25-test_verify.t
      APPS: Slightly extend and improve documentation of the opt_ API
      APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
      Deprecate X509{,_CRL}_http_nbio() and simplify their definition

Dr. Matthias St. Pierre (12):
      Remove obsolete comment
      Configure/Makefile: fix the `-macopt` argument of the fipsinstall command
      Configure/Makefile: use the correct openssl app for FIPS installation
      Configure/Makefile: correct the FIPS module configuration file path
      Configure/Makefile: separate install of the FIPS module
      Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
      Configure/Makefile: install the fips provider if it was configured
      build.info: add the Perl wrapper to build generator programs on Windows
      Configure: sort the disablables alphabetically
      Configure: disable fips mode by default
      README-FIPS: document the installation of the FIPS provider
      CHANGES: document the FIPS provider configuration and installation

EasySec (2):
      change salt handling, way 1
      try to document changes in salt handling for the 'enc' command

Eric Curtin (1):
      Remove dated term and fixed typo anther

FdaSilvaYY (1):
      ssl:  fix possible ref counting fields use before init.

Hubert Kario (2):
      add Changelog item for TLS1.3 FFDHE work
      man: s_server: fix text repetition in -alpn description

Jon Spillett (2):
      Add testing for updated cipher IV
      Add library context and property query support into the PKCS12 API

Kevin Cadieux (1):
      memleaktest with MSVC's AddressSanitizer

Klaas van Schelven (1):
      Documentation fix for openssl-verify certificates

Matt Caswell (15):
      Prepare for 3.0 alpha 16
      Add a threading test for loading/unloading providers
      Properly protect access to the provider flag_activated field
      Store the list of activated providers in the libctx
      Defer Finished MAC handling until after state transition
      Test a Finished message at the wrong time results in unexpected message
      Adjust dtlstest for SHA1 security level
      Adjust sslapitest for SHA1 security level
      Adjust ssl_test_new for SHA1 security level
      Create libcrypto support for BIO_new_from_core_bio()
      Add a test for the public core bio API
      Document the new core BIO public API support
      Update the FIPS checksums
      Update copyright year
      Prepare for release of 3.0 alpha 16

Niclas Rosenvik (1):
      Some compilers define __STDC_VERSION__ in c++

Paul Kehrer (4):
      updated pyca/cryptography submodule version
      add wycheproof submodule
      re-add pyca/cryptography testing
      add verbosity for pyca job

Pauli (17):
      Runchecker: fix no-ec2m build which was trying to validate the e2cm curves
      Runchecker: fix TLS curves test failure with no-tls1_3 option
      Runchecker: fix failure with no-autoalginit option by disabling FIPS
      Runchecker fix for the no-autoerrinit build
      test: fix test_evp_kdf when DES is disabled.
      test: separate some DES based tests out to permit a no-des build to work
      test: never run fipsinstall if the tests are not enabled.
      runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
      remove end of line whitespace
      acvp: fix the no-acvp_test build
      acvp-test: disable the ACVP testing code by default
      test: fix failure with FIPS and no-des configured.
      doc: document EVP_MAC_finalXOF()
      mac: update life-cycle description and diagrams to include finalXOF
      mac: allow XOF MACs to be specified either via control or via the dedicated function
      mac: add EVP_MAC_finalXOF() function
      coverity: fix 1478169: dereference after NULL check

Petr Gotthard (2):
      apps/ca,req,x509: Switch to EVP_DigestSignInit_ex
      apps: Switch to X509_REQ_verify_ex

Prcuvu (1):
      e_os.h: Include wspiapi.h to improve Windows backward compatibility

Randall S. Becker (1):
      Added Perl installation instructions to NOTES-PERL.md for HPE NonStop.

Rich Salz (9):
      Read a REQUEST not RESPONSE in ocsp responder
      Remove an unused parameter
      Rename some globals, add ossl prefix.
      APPS: Document the core of the opt_ API
      Fetch cipher-wrap after loading providers.
      Note that dhparam does support X9.42
      Allow absolute paths to be set
      Add .includedir pragma
      Remove all trace of FIPS_mode functions

Richard Levitte (22):
      Don't remove $(TARFILE) when cleaning
      EVP: evp_keymgmt_util_try_import() should clean up on failed import
      crypto/store/ossl_result.c: Better filtering of errors
      STORE: Simplify error filtering in der2obj_decode()
      TEST: correct test/recipes/30-test_evp_data/evppkey_ecdh.txt
      ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
      Windows bulding: Make dependency generation not quite as talkative
      Configuration: rework how dependency making is handled
      util/add-depends.pl: Adapt to localized /showIncludes output
      STORE: Use the 'expect' param to limit the amount of decoders used
      CORE: Rework the pre-population of the namemap
      STORE: Fix the repeated prompting of passphrase
      OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!
      Windows build file: add forgotten quotes on POD->html command line
      Add OpenSSL::Config::Query and use it in configdata.pm
      Unix build file: Add a target to create providers/fips.module.sources
      FIPS module checksums: add scripts and Makefile rule
      GitHub CI: ensure that unifdef is installed
      [TEMPORARY] make 'make update' verbose in ci.yml
      APPS: Set a default passphrase UI for the "ec" command
      APPS: Add passphrase handling in the "rsa" and "dsa" commands
      DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs

Scott McPeak (1):
      asn1_lib.c: ASN1_put_object: Remove comment about "class 0".

Shane Lontis (9):
      Fixes related to separation of DH and DHX types
      Doc updates for DH/DSA examples
      Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
      Test that we don't have a memory leak in d2i_ASN1_OBJECT.
      Fix CRL app so that stdin works.
      Fix memory leak in load_key_certs_crls() when using stdin.
      Update OSSL_STORE_attach() documentation to indicate it increases the ref_count of the passed in bio
      Fix no-fips-securitychecks test failure
      Fix KMAC bounds checks.

Tanzinul Islam (1):
      Avoid #include with inline function on C++Builder

Todd Short (1):
      Add RUN_ONCE support to zlib init

Tomas Mraz (31):
      Removed dead code in linebuffer_ctrl()
      Fix potential NULL dereference in ossl_ec_key_dup()
      Fix potential NULL dereference in OSSL_PARAM_get_utf8_string()
      http/http_lib.c: Include stdio.h for sscanf()
      test_sslextension: skip tests that cannot work with no-tls1_2
      Trivial shortcuts for EVP_PKEY_eq()
      Add type_name member to provided methods and use it
      Prefer fetch over legacy get_digestby/get_cipherby
      Skip GOST engine tests in out of tree builds
      Use "canonical" names when matching the output of the commands
      Improve the implementation of X509_STORE_CTX_get1_issuer()
      OPENSSL_sk functions are effectively already documented
      Explicitly enable or disable fips if it is or is not relevant for the test
      Skip test_fipsload when fips is disabled.
      crl: noout is not an output item
      Add test case for openssl crl -noout -hash output
      Document the API breaking constification changes
      sm2: Cleanup handling of DIGEST and DIGEST_SIZE parameters
      SM2 signatures work correctly only with SM3 digests
      Add -latomic to threads enabled 32bit linux builds
      Simplify AppVeyor configuration
      coveralls: Enable fips as it is disabled by default
      Run coveralls daily and not exactly at midnight
      fips-checksums: The define for fips module is FIPS_MODULE
      Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
      Fix missing symbols in no-cms and no-ts build
      Make the -inform option to be respected if possible
      Update gost-engine to make it compatible with the added params
      provider-storemgmt: Document the input-type and properties parameters.
      Document the behavior of the -inform and related options
      Add some tests for -inform/keyform enforcement

Wolf (1):
      Force public key to be included unless explicitly excluded with -no_public

-----------------------------------------------------------------------

From matt at openssl.org  Thu May  6 12:37:01 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 06 May 2021 12:37:01 +0000
Subject: [web]  master update
Message-ID: <1620304621.004645.19515.nullmailer@dev.openssl.org>

The branch master has been updated
       via  fd0743669f8f47f638b9ad5822d893fb94a1a89d (commit)
      from  4fab73cc1edf551a6ade144dfcae1223fa2aa120 (commit)


- Log -----------------------------------------------------------------
commit fd0743669f8f47f638b9ad5822d893fb94a1a89d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 6 12:58:22 2021 +0100

    Updates to newsflash for the alpha16 release
    
    Reviewed-by: Mark J. Cox <mark at awe.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/web/pull/238)

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 1c80d9c..44e8272 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 
+06-May-2021: Alpha 16 of OpenSSL 3.0 is now available: please download and test it
 22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it
 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it
 25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes

From pauli at openssl.org  Thu May  6 12:59:45 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 06 May 2021 12:59:45 +0000
Subject: [openssl]  master update
Message-ID: <1620305985.231064.21069.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 (commit)
      from  4c8e6f7d20c74c7711823d7d724c39ab7eb5eeaf (commit)


- Log -----------------------------------------------------------------
commit 6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46
Author: Daniel Bevenius <daniel.bevenius at gmail.com>
Date:   Wed May 5 05:39:56 2021 +0200

    Clarify two comments (typos) in fipsprov.c
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15150)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips/fipsprov.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index a7d335b78a..841c80bab7 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -671,14 +671,14 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         return 0;
     }
     /*
-     * Disable the conditional error check if is disabled in the fips config
-     * file
+     * Disable the conditional error check if it's disabled in the fips config
+     * file.
      */
     if (fgbl->selftest_params.conditional_error_check != NULL
         && strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0)
         SELF_TEST_disable_conditional_error_state();
 
-    /* Disable the security check if is disabled in the fips config file */
+    /* Disable the security check if it's disabled in the fips config file. */
     if (fgbl->fips_security_check_option != NULL
         && strcmp(fgbl->fips_security_check_option, "0") == 0)
         fgbl->fips_security_checks = 0;

From pauli at openssl.org  Thu May  6 13:00:50 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 06 May 2021 13:00:50 +0000
Subject: [openssl]  master update
Message-ID: <1620306051.000771.22794.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6ef2f71ac70aff99da277be4a554e3b1fe739050 (commit)
      from  6d418dbcd36c2e5e264fd4a007afcc8deeb8ab46 (commit)


- Log -----------------------------------------------------------------
commit 6ef2f71ac70aff99da277be4a554e3b1fe739050
Author: Daniel Bevenius <daniel.bevenius at gmail.com>
Date:   Wed May 5 08:56:36 2021 +0200

    Clarify where dispatch functions/ids are defined
    
    When reading the comment for ossl_dispatch_st it seems to indicate that
    the function_id numbers are defined further down in the same file. But I
    was not able to find them there, but instead in core_dispatch.h.
    
    This commit suggests updating the comment to point to core_dispatch.h
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15156)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/core.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/openssl/core.h b/include/openssl/core.h
index 5d69278d2e..3356ef2088 100644
--- a/include/openssl/core.h
+++ b/include/openssl/core.h
@@ -32,8 +32,8 @@ typedef struct openssl_core_ctx_st OPENSSL_CORE_CTX;
 typedef struct ossl_core_bio_st OSSL_CORE_BIO;
 
 /*
- * Dispatch table element.  function_id numbers are defined further down,
- * see macros with '_FUNC' in their names.
+ * Dispatch table element.  function_id numbers and the functions are defined
+ * in core_dispatch.h, see macros with 'OSSL_CORE_MAKE_FUNC' in their names.
  *
  * An array of these is always terminated by function_id == 0
  */

From tomas at openssl.org  Thu May  6 15:01:17 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 06 May 2021 15:01:17 +0000
Subject: [openssl]  master update
Message-ID: <1620313277.878255.28599.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bfe2fcc840e92df5a5875e55c6aed79891d2612f (commit)
      from  6ef2f71ac70aff99da277be4a554e3b1fe739050 (commit)


- Log -----------------------------------------------------------------
commit bfe2fcc840e92df5a5875e55c6aed79891d2612f
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 4 15:38:48 2021 +0200

    evp_extra_test: Avoid potential double free of params
    
    Fixes #14916
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15135)

-----------------------------------------------------------------------

Summary of changes:
 test/evp_extra_test.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index f8fdc7287d..7fd45bc316 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -688,6 +688,7 @@ static int test_EC_priv_pub(void)
     if (!test_fromdata("EC", params))
         goto err;
     OSSL_PARAM_free(params);
+    params = NULL;
     OSSL_PARAM_BLD_free(bld);
 
     /* Test priv and !pub */
@@ -704,6 +705,7 @@ static int test_EC_priv_pub(void)
     if (!test_fromdata("EC", params))
         goto err;
     OSSL_PARAM_free(params);
+    params = NULL;
     OSSL_PARAM_BLD_free(bld);
 
     /* Test !priv and pub */
@@ -721,6 +723,7 @@ static int test_EC_priv_pub(void)
     if (!test_fromdata("EC", params))
         goto err;
     OSSL_PARAM_free(params);
+    params = NULL;
     OSSL_PARAM_BLD_free(bld);
 
     /* Test priv and pub */

From tomas at openssl.org  Thu May  6 15:04:16 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 06 May 2021 15:04:16 +0000
Subject: [openssl]  master update
Message-ID: <1620313456.225462.31357.nullmailer@dev.openssl.org>

The branch master has been updated
       via  021521aa91d7b1a47f3c3b704f1cc39f169b2e5b (commit)
      from  bfe2fcc840e92df5a5875e55c6aed79891d2612f (commit)


- Log -----------------------------------------------------------------
commit 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b
Author: Petr Gotthard <petr.gotthard at centrum.cz>
Date:   Sun Apr 18 18:28:25 2021 +0200

    Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
    
    External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT,
    so a check for NULL is needed.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14919)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/encoder_pkey.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c
index 4bfd219fe2..3bb0702e43 100644
--- a/crypto/encode_decode/encoder_pkey.c
+++ b/crypto/encode_decode/encoder_pkey.c
@@ -76,6 +76,7 @@ struct collected_encoder_st {
     const char *output_structure;
     const char *output_type;
 
+    const OSSL_PROVIDER *keymgmt_prov;
     OSSL_ENCODER_CTX *ctx;
 
     int error_occurred;
@@ -102,7 +103,9 @@ static void collect_encoder(OSSL_ENCODER *encoder, void *arg)
 
         if (!OSSL_ENCODER_is_a(encoder, name)
             || (encoder->does_selection != NULL
-                && !encoder->does_selection(provctx, data->ctx->selection)))
+                && !encoder->does_selection(provctx, data->ctx->selection))
+            || (data->keymgmt_prov != prov
+                && encoder->import_object == NULL))
             continue;
 
         /* Only add each encoder implementation once */
@@ -213,6 +216,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
                                            const char *propquery)
 {
     struct construct_data_st *data = NULL;
+    const OSSL_PROVIDER *prov = NULL;
     OSSL_LIB_CTX *libctx = NULL;
     int ok = 0;
 
@@ -222,8 +226,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
     }
 
     if (evp_pkey_is_provided(pkey)) {
-        const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt);
-
+        prov = EVP_KEYMGMT_provider(pkey->keymgmt);
         libctx = ossl_provider_libctx(prov);
     }
 
@@ -252,6 +255,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
         encoder_data.output_type = ctx->output_type;
         encoder_data.output_structure = ctx->output_structure;
         encoder_data.error_occurred = 0;
+        encoder_data.keymgmt_prov = prov;
         encoder_data.ctx = ctx;
         OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
         sk_OPENSSL_CSTRING_free(keymgmt_data.names);

From beldmit at gmail.com  Thu May  6 15:10:10 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Thu, 06 May 2021 15:10:10 +0000
Subject: [openssl]  master update
Message-ID: <1620313810.273295.1545.nullmailer@dev.openssl.org>

The branch master has been updated
       via  22d1138fe2fde9a16e80b81de1d848ae6fa879ef (commit)
      from  021521aa91d7b1a47f3c3b704f1cc39f169b2e5b (commit)


- Log -----------------------------------------------------------------
commit 22d1138fe2fde9a16e80b81de1d848ae6fa879ef
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Wed May 5 14:29:28 2021 +0200

    Avoid sending alerts after shutdown
    
    Fixes #11388
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15159)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_msg.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
index 066623d5fb..4b0906820e 100644
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -52,6 +52,8 @@ int ssl3_send_alert(SSL *s, int level, int desc)
                                           * protocol_version alerts */
     if (desc < 0)
         return -1;
+    if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
+        return -1;
     /* If a fatal one, remove from cache */
     if ((level == SSL3_AL_FATAL) && (s->session != NULL))
         SSL_CTX_remove_session(s->session_ctx, s->session);

From beldmit at gmail.com  Thu May  6 15:11:34 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Thu, 06 May 2021 15:11:34 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1620313894.953691.2833.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16 (commit)
      from  9f85ab647c8c9f47a1523f99facdf15fc34797a0 (commit)


- Log -----------------------------------------------------------------
commit a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Wed May 5 14:29:28 2021 +0200

    Avoid sending alerts after shutdown
    
    Fixes #11388
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15159)
    
    (cherry picked from commit 22d1138fe2fde9a16e80b81de1d848ae6fa879ef)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_msg.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
index 339fb2774a..721bbb7320 100644
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -48,6 +48,8 @@ int ssl3_send_alert(SSL *s, int level, int desc)
                                           * protocol_version alerts */
     if (desc < 0)
         return -1;
+    if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
+        return -1;
     /* If a fatal one, remove from cache */
     if ((level == SSL3_AL_FATAL) && (s->session != NULL))
         SSL_CTX_remove_session(s->session_ctx, s->session);

From no-reply at appveyor.com  Thu May  6 23:40:12 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 06 May 2021 23:40:12 +0000
Subject: Build failed: openssl master.41957
Message-ID: <20210506234012.1.FD7FF7704920E5B6@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210506/21f3d209/attachment.html>

From openssl at openssl.org  Fri May  7 00:47:57 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Fri, 07 May 2021 00:47:57 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 enable-fuzz-afl no-shared no-module
Message-ID: <1620348477.321757.2782495.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

Build log ended with (last 100 lines):

../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo -1 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo5.pem -out_trusted root.crt => 0
    not ok 47 - popo NONE
# ------------------------------------------------------------------------------
    #   Failed test 'popo NONE'
    #   at ../openssl/test/recipes/80-test_cmp_http.t line 145.
Warning: certificate from 'trusted.crt' with subject '/O=openssl_cmp' is not a CA cert
# cmp_main:../openssl/apps/cmp.c:2582:CMP info: using section(s) 'Mock enrollment' of OpenSSL configuration file '../Mock/test.cnf'
# opt_str:../openssl/apps/cmp.c:2191:CMP warning: -proxy option argument is empty string, resetting option
# setup_client_ctx:../openssl/apps/cmp.c:1891:CMP info: will contact http://127.0.0.1:1700/pkix/
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending IR
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received IP
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:167:CMP info: sending CERTCONF
# send_receive_check:../openssl/crypto/cmp/cmp_client.c:187:CMP info: received PKICONF
# save_free_certs:../openssl/apps/cmp.c:1941:CMP info: received 1 enrolled certificate(s), saving to file '../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem'
../../../../../enable-fuzz-afl/util/wrap.pl ../../../../../enable-fuzz-afl/apps/openssl cmp -config ../Mock/test.cnf -section 'Mock enrollment' -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.cert.pem -proxy '' -no_proxy 127.0.0.1 -cmd ir -newkey new.key -newkeypass 'pass:' -popo 2 -certout ../../../../../enable-fuzz-afl/test-runs/test_cmp_http/test.certout_popo6.pem -out_trusted root.crt => 0
    not ok 48 - popo KEYENC not supported
# ------------------------------------------------------------------------------
    # Looks like you failed 3 tests of 92.
not ok 5 - CMP app CLI Mock enrollment
# ------------------------------------------------------------------------------
# 
#   Failed test 'CMP app CLI Mock enrollment
# '
#   at /home/openssl/run-checker/enable-fuzz-afl/../openssl/util/perl/OpenSSL/Test.pm line 1335.
Killing mock server with pid=2774025
# Looks like you failed 3 tests of 5.80-test_cmp_http.t ................. 
Dubious, test returned 3 (wstat 768, 0x300)
Failed 3/5 subtests 

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ skipped: Test only supported in a shared build
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. skipped: test_tls13secrets is not supported in this build
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
80-test_cmp_http.t               (Wstat: 768 Tests: 5 Failed: 3)
  Failed tests:  2-3, 5
  Non-zero exit status: 3
Files=235, Tests=2777, 926 wallclock secs (67.62 usr  1.45 sys + 805.63 cusr 70.33 csys = 945.03 CPU)
Result: FAIL
make[1]: *** [Makefile:2514: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl'
make: *** [Makefile:2511: tests] Error 2

From no-reply at appveyor.com  Fri May  7 02:21:45 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 07 May 2021 02:21:45 +0000
Subject: Build completed: openssl master.41958
Message-ID: <20210507022145.1.9AFF1B72B92E8B2B@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210507/54d878aa/attachment.html>

From openssl at openssl.org  Fri May  7 04:56:59 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Fri, 07 May 2021 04:56:59 +0000
Subject: FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-multiblock
Message-ID: <1620363419.253041.3276708.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-multiblock

Commit log since last time:

a07b0bfb99 Deprecate X509{,_CRL}_http_nbio() and simplify their definition
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
284076982d APPS: Slightly extend and improve documentation of the opt_ API
6c0ac9b99f adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
cbbbc8fce4 Correct ssl_conf logic for "legacy_server_connect"
72d2670bd2 Enforce secure renegotiation support by default
8369592d35 Fix missing symbols in no-cms and no-ts build
b039c87a4c mac: add EVP_MAC_finalXOF() function
6a38b09a7f mac: allow XOF MACs to be specified either via control or via the dedicated function
f14a2c9d7a mac: update life-cycle description and diagrams to include finalXOF
a59c69724d doc: document EVP_MAC_finalXOF()
f7050588bc Add .includedir pragma
3fb985fd04 Allow absolute paths to be set
1127754e48 Note that dhparam does support X9.42
97b59744f2 cleanup where purpose is not needed in 25-test_verify.t
eca4826a29 test/certs/setup.sh: Fix two glitches
c774f4e50f update test/certs/ee-pathlen.pem to contain SKID and AKID
4f449d90dd test/certs/setup.sh: structural cleanup
a485561b2e Fetch cipher-wrap after loading providers.
2b05439f84 Fix KMAC bounds checks.
029875dc5b Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3
355e1f041c DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs
79a2bccdb0 HTTP client: Correct the use of optional proxy URL and its documentation
9520fe5f49 testutil/load.c: Add checks for file(name) == NULL
8b25b0eb99 BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
d9efb24de8 OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF
6c3d101a62 APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()
6e328484ab OSSL_STORE_expect(): Improve error handling and documentation
7031f5821c OCSP: Minor improvements of documentation and header file
bad0d6c789 fips-checksums: The define for fips module is FIPS_MODULE
f9548d21ba Document the new core BIO public API support
93954ab050 Add a test for the public core bio API
b0ee1de9ab Create libcrypto support for BIO_new_from_core_bio()
e3188bae04 Run coveralls daily and not exactly at midnight
9deb202e6a coveralls: Enable fips as it is disabled by default
a0baa98b5c apps: Switch to X509_REQ_verify_ex
67cd43084c test: fix failure with FIPS and no-des configured.
5432d827ec APPS: Add passphrase handling in the "rsa" and "dsa" commands
49ce003740 APPS: Set a default passphrase UI for the "ec" command
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
49f699b54d GitHub CI: ensure that unifdef is installed
be22315235 FIPS module checksums: add scripts and Makefile rule
27ca03ea82 Unix build file: Add a target to create providers/fips.module.sources
841a438c7f Add OpenSSL::Config::Query and use it in configdata.pm
02669b677e Windows build file: add forgotten quotes on POD->html command line
0d6c144e8d OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

Build log ended with (last 100 lines):

70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok

# 
Killing mock server with pid=326688180-test_cmp_http.t ................. ok

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
15-test_gendhparam.t             (Wstat: 0 Tests: 17 Failed: 1)
  Failed test:  16
  Parse errors: Tests out of sequence.  Found (4) but expected (5)
                Tests out of sequence.  Found (5) but expected (6)
                Tests out of sequence.  Found (6) but expected (7)
                Tests out of sequence.  Found (7) but expected (8)
                Tests out of sequence.  Found (8) but expected (9)
Displayed the first 5 of 14 TAP syntax errors.
Re-run prove with the -p option to see them all.
Files=235, Tests=3202, 993 wallclock secs (71.32 usr  1.43 sys + 863.10 cusr 81.78 csys = 1017.63 CPU)
Result: FAIL
make[1]: *** [Makefile:3181: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-multiblock'
make: *** [Makefile:3178: tests] Error 2

From pauli at openssl.org  Fri May  7 07:53:51 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 07 May 2021 07:53:51 +0000
Subject: [openssl]  master update
Message-ID: <1620374031.295684.24651.nullmailer@dev.openssl.org>

The branch master has been updated
       via  28a8d07d7fb8046b9efcca33a4a7a26a1591c6c7 (commit)
      from  22d1138fe2fde9a16e80b81de1d848ae6fa879ef (commit)


- Log -----------------------------------------------------------------
commit 28a8d07d7fb8046b9efcca33a4a7a26a1591c6c7
Author: Pauli <pauli at openssl.org>
Date:   Thu May 6 15:22:38 2021 +1000

    changes: add note about application output formatting differences.
    
    Fixes #13220
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15168)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 9d557c5c53..29d28f91ab 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -134,6 +134,15 @@ OpenSSL 3.0
    Previously (in 1.1.1) they would return -2. For key types that do not have
    parameters then EVP_PKEY_param_check() will always return 1.
 
+ * The output from the command line applications may have minor
+   changes.  These are primarily changes in capitalisation and white
+   space.  However, in some cases, there are additional differences.
+   For example, the DH parameters output from `dhparam` now lists 'P',
+   'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup
+   order' and 'counter' respectively.
+
+   *Paul Dale*
+
  * The output from numerous "printing" functions such as X509_signature_print(),
    X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
    amended such that there may be cosmetic differences between the output

From levitte at openssl.org  Fri May  7 08:19:32 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 07 May 2021 08:19:32 +0000
Subject: [openssl]  master update
Message-ID: <1620375572.579293.3041.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6d1bb1fffdeb053c6448ebf025979f9ad4689aaf (commit)
       via  848af5e8feab2dd27becec8a4121947ab4a97df3 (commit)
       via  5a86dac8620b31b3259a8a2f609f3c9d06a1a21b (commit)
      from  28a8d07d7fb8046b9efcca33a4a7a26a1591c6c7 (commit)


- Log -----------------------------------------------------------------
commit 6d1bb1fffdeb053c6448ebf025979f9ad4689aaf
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 6 09:03:23 2021 +0200

    make update
    
    The impact on the FIPS checksum files is pretty significant
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15171)

commit 848af5e8feab2dd27becec8a4121947ab4a97df3
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 6 08:48:15 2021 +0200

    Drop libimplementations.a
    
    libimplementations.a was a nice idea, but had a few flaws:
    
    1.  The idea to have common code in libimplementations.a and FIPS
        sensitive helper functions in libfips.a / libnonfips.a didn't
        catch on, and we saw full implementation ending up in them instead
        and not appearing in libimplementations.a at all.
    
    2.  Because more or less ALL algorithm implementations were included
        in libimplementations.a (the idea being that the appropriate
        objects from it would be selected automatically by the linker when
        building the shared libraries), it's very hard to find only the
        implementation source that should go into the FIPS module, with
        the result that the FIPS checksum mechanism include source files
        that it shouldn't
    
    To mitigate, we drop libimplementations.a, but retain the idea of
    collecting implementations in static libraries.  With that, we not
    have:
    
    libfips.a
    
        Includes all implementations that should become part of the FIPS
        provider.
    
    liblegacy.a
    
        Includes all implementations that should become part of the legacy
        provider.
    
    libdefault.a
    
        Includes all implementations that should become part of the
        default and base providers.
    
    With this, libnonfips.a becomes irrelevant and is dropped.
    libcommon.a is retained to include common provider code that can be
    used uniformly by all providers.
    
    Fixes #15157
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15171)

commit 5a86dac8620b31b3259a8a2f609f3c9d06a1a21b
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 6 08:40:18 2021 +0200

    Rename files in providers/implementations/signatures
    
    It was discovered that eddsa.c exist in two places, here and in
    crypto/ec/curve448/, which would result in a file name clash if they
    ever end up in the same library.
    
    To mitigate, we rename the copy in providers/implementations/signatures
    to have '_sig' in the file name, and do the same with all other source
    files in this directory, for consistency.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15171)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/build.info                              |   1 -
 crypto/bn/build.info                               |   1 -
 crypto/build.info                                  |   1 -
 crypto/ec/build.info                               |   1 -
 crypto/md5/build.info                              |   5 +-
 crypto/modes/build.info                            |   1 -
 crypto/poly1305/build.info                         |   1 -
 crypto/ripemd/build.info                           |   1 -
 crypto/sha/build.info                              |   1 -
 crypto/whrlpool/build.info                         |   4 -
 providers/build.info                               | 164 +++++++++------------
 providers/common/build.info                        |   2 +-
 providers/common/der/build.info                    |   4 +-
 providers/fips-sources.checksums                   |  64 +-------
 providers/fips.checksum                            |   2 +-
 providers/fips.module.sources                      |  64 +-------
 providers/implementations/asymciphers/build.info   |   4 +-
 providers/implementations/ciphers/build.info       |  23 ++-
 providers/implementations/digests/build.info       |  12 +-
 providers/implementations/encode_decode/build.info |  16 +-
 providers/implementations/exchange/build.info      |   9 +-
 providers/implementations/kdfs/build.info          |  23 ++-
 providers/implementations/kem/build.info           |   2 +-
 providers/implementations/keymgmt/build.info       |  24 +--
 providers/implementations/macs/build.info          |  16 +-
 providers/implementations/rands/build.info         |   6 +-
 providers/implementations/rands/seeding/build.info |   2 +-
 providers/implementations/signature/build.info     |  20 +--
 .../implementations/signature/{dsa.c => dsa_sig.c} |   0
 .../signature/{ecdsa.c => ecdsa_sig.c}             |   0
 .../signature/{eddsa.c => eddsa_sig.c}             |   0
 .../signature/{mac_legacy.c => mac_legacy_sig.c}   |   0
 .../implementations/signature/{rsa.c => rsa_sig.c} |   0
 .../signature/{sm2sig.c => sm2_sig.c}              |   0
 providers/implementations/storemgmt/build.info     |   2 +-
 ssl/build.info                                     |   2 +-
 36 files changed, 160 insertions(+), 318 deletions(-)
 rename providers/implementations/signature/{dsa.c => dsa_sig.c} (100%)
 rename providers/implementations/signature/{ecdsa.c => ecdsa_sig.c} (100%)
 rename providers/implementations/signature/{eddsa.c => eddsa_sig.c} (100%)
 rename providers/implementations/signature/{mac_legacy.c => mac_legacy_sig.c} (100%)
 rename providers/implementations/signature/{rsa.c => rsa_sig.c} (100%)
 rename providers/implementations/signature/{sm2sig.c => sm2_sig.c} (100%)

diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index 2b2053031f..cc523c8f4f 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -70,7 +70,6 @@ SOURCE[../../providers/libfips.a]=$COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$AESDEF
 DEFINE[../../providers/libfips.a]=$AESDEF
-DEFINE[../../providers/libimplementations.a]=$AESDEF
 
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 89ff0044f2..5e948b8433 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -120,7 +120,6 @@ SOURCE[../../providers/liblegacy.a]=$BNASM
 DEFINE[../../providers/liblegacy.a]=$BNDEF
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
-DEFINE[../../providers/libimplementations.a]=$BNDEF
 DEFINE[../../providers/libcommon.a]=$BNDEF
 
 INCLUDE[bn_exp.o]=..
diff --git a/crypto/build.info b/crypto/build.info
index 3e1c295aea..ffcc2b0183 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -80,7 +80,6 @@ ENDIF
 
 # Implementations are now spread across several libraries, so the CPUID define
 # need to be applied to all affected libraries and modules.
-DEFINE[../providers/libimplementations.a]=$CPUIDDEF
 DEFINE[../providers/libcommon.a]=$CPUIDDEF
 
 # The Core
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index ed256981c7..4b6556acc0 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -65,7 +65,6 @@ SOURCE[../../providers/libfips.a]=$COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$ECDEF
 DEFINE[../../providers/libfips.a]=$ECDEF
-DEFINE[../../providers/libimplementations.a]=$ECDEF
 
 GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl
 
diff --git a/crypto/md5/build.info b/crypto/md5/build.info
index bbb70fde3c..c35177bd50 100644
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
@@ -15,8 +15,7 @@ IF[{- !$disabled{asm} -}]
 ENDIF
 
 $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM
-SOURCE[../../libcrypto]=$COMMON
-SOURCE[../../providers/libimplementations.a]=$COMMON
+SOURCE[../../libcrypto ../../providers/libfips.a]=$COMMON
 
 # A no-deprecated no-shared build ends up with double function definitions
 # without conditioning this on dso. The issue is MD5 which is needed in the
@@ -31,7 +30,7 @@ ENDIF
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$MD5DEF
-DEFINE[../../providers/libimplementations.a]=$MD5DEF
+DEFINE[../../providers/libfips.a]=$MD5DEF
 DEFINE[../../providers/liblegacy.a]=$MD5DEF
 
 GENERATE[md5-586.s]=asm/md5-586.pl
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index fb54b46ea5..687e872a1e 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -58,7 +58,6 @@ SOURCE[../../providers/libfips.a]=$COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$MODESDEF
 DEFINE[../../providers/libfips.a]=$MODESDEF
-DEFINE[../../providers/libimplementations.a]=$MODESDEF
 
 
 INCLUDE[gcm128.o]=..
diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info
index 9e4085f9fa..7e055ef338 100644
--- a/crypto/poly1305/build.info
+++ b/crypto/poly1305/build.info
@@ -34,7 +34,6 @@ SOURCE[../../libcrypto]=poly1305.c $POLY1305ASM
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$POLY1305DEF
-DEFINE[../../providers/libimplementations.a]=$POLY1305DEF
 
 GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl
 INCLUDE[poly1305-sparcv9.o]=..
diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info
index 762067e635..f1845733a8 100644
--- a/crypto/ripemd/build.info
+++ b/crypto/ripemd/build.info
@@ -14,7 +14,6 @@ ENDIF
 
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules
-DEFINE[../../providers/libimplementations.a]=$RMD160DEF
 
 SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM
 DEFINE[../../libcrypto]=$RMD160DEF
diff --git a/crypto/sha/build.info b/crypto/sha/build.info
index dd10c5cd66..4f0ad6571e 100644
--- a/crypto/sha/build.info
+++ b/crypto/sha/build.info
@@ -81,7 +81,6 @@ SOURCE[../../providers/libfips.a]= $COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF
 DEFINE[../../providers/libfips.a]=$SHA1DEF $KECCAK1600DEF
-DEFINE[../../providers/libimplementations.a]=$SHA1DEF $KECCAK1600DEF
 
 GENERATE[sha1-586.s]=asm/sha1-586.pl
 DEPEND[sha1-586.s]=../perlasm/x86asm.pl
diff --git a/crypto/whrlpool/build.info b/crypto/whrlpool/build.info
index 471b8acf2c..88f0c7bd3a 100644
--- a/crypto/whrlpool/build.info
+++ b/crypto/whrlpool/build.info
@@ -17,10 +17,6 @@ IF[{- !$disabled{asm} -}]
   ENDIF
 ENDIF
 
-# Implementations are now spread across several libraries, so the defines
-# need to be applied to all affected libraries and modules.
-DEFINE[../../providers/libimplementations.a]=$WPDEF
-
 SOURCE[../../libcrypto]=wp_dgst.c $WPASM
 DEFINE[../../libcrypto]=$WPDEF
 
diff --git a/providers/build.info b/providers/build.info
index b772e5ec25..065b570253 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -1,52 +1,35 @@
-# We place all implementations in static libraries, and then let the
-# provider mains pilfer what they want through symbol resolution when
-# linking.
-#
-# The non-legacy implementations (libimplementations) must be made FIPS
-# agnostic as much as possible, as well as the common building blocks
-# (libcommon).  The legacy implementations (liblegacy) will never be
-# part of the FIPS provider.
-#
-# If there is anything that isn't FIPS agnostic, it should be set aside
-# in its own source file, which is then included directly into other
-# static libraries geared for FIPS and non-FIPS providers, and built
-# separately.
-#
-# libcommon.a           Contains common building blocks, potentially
-#                       needed both by non-legacy and legacy code.
-#
-# libimplementations.a  Contains all non-legacy implementations.
-# liblegacy.a           Contains all legacy implementations.
-#
-# libfips.a             Contains all things needed to support
-#                       FIPS implementations, such as code from
-#                       crypto/ and object files that contain
-#                       FIPS-specific code.  FIPS_MODULE is defined
-#                       for this library.  The FIPS module uses
-#                       this.
-# libnonfips.a          Corresponds to libfips.a, but built with
-#                       FIPS_MODULE undefined.  The default and legacy
-#                       providers use this.
-#
-# This is how different provider modules should be linked:
-#
-# FIPS:
-#     -o fips.so {object files...} libimplementations.a libcommon.a libfips.a
-# Non-FIPS:
-#     -o module.so {object files...} libimplementations.a libcommon.a libnonfips.a
-#
-# It is crucial that code that checks for the FIPS_MODULE macro end up in
-# libfips.a and libnonfips.a, never in libcommon.a.
-# It is crucial that such code is written so libfips.a and libnonfips.a doesn't
-# end up depending on libimplementations.a or libcommon.a.
-# It is crucial that such code is written so libcommon.a doesn't end up
-# depending on libimplementations.a.
-#
-# Code in providers/implementations/ should be written in such a way that the
-# OSSL_DISPATCH arrays (and preferably the majority of the actual code) ends
-# up in either libimplementations.a or liblegacy.a.
-# If need be, write an abstraction layer in separate source files and make them
-# libfips.a / libnonfips.a sources.
+# libcommon.a           Contains common building blocks and other routines,
+#                       potentially needed by any of our providers.
+#
+# libfips.a             Contains all algorithm implementations that should
+#                       go in the FIPS provider.  The compilations for this
+#                       library are all done with FIPS_MODULE defined.
+#
+# liblegacy.a           Contains all algorithm implementations that should
+#                       go into the legacy provider.  The compilations for
+#                       this library are all done with STATIC_LEGACY defined.
+#
+# libdefault.a          Contains all algorithm implementations that should
+#                       into the default or base provider.
+#
+# To be noted is that the FIPS provider shares source code with libcrypto,
+# which means that select source files from crypto/ are compiled for
+# libfips.a the sources from providers/implementations.
+#
+# This is how a provider module should be linked:
+#
+#     -o {modulename}.so {object files...} lib{modulename}.a libcommon.a
+#
+# It is crucial that code that checks the FIPS_MODULE macro ends up in
+# libfips.a.
+# It is crucial that code that checks the STATIC_LEGACY macro ends up in
+# liblegacy.a.
+# It is recommended that code that is written for libcommon.a doesn't end
+# up depending on libfips.a, liblegacy.a or libdefault.a
+#
+# Code in providers/implementations/ should be written in such a way that
+# the OSSL_DISPATCH arrays (and preferably the majority of the actual code)
+# end up in either libfips.a, liblegacy.a or libdefault.a.
 
 SUBDIRS=common implementations
 
@@ -54,10 +37,10 @@ INCLUDE[../libcrypto]=common/include
 
 # Libraries we're dealing with
 $LIBCOMMON=libcommon.a
-$LIBIMPLEMENTATIONS=libimplementations.a
-$LIBLEGACY=liblegacy.a
-$LIBNONFIPS=libnonfips.a
 $LIBFIPS=libfips.a
+$LIBLEGACY=liblegacy.a
+$LIBDEFAULT=libdefault.a
+LIBS{noinst}=$LIBDEFAULT $LIBCOMMON
 
 # Enough of our implementations include prov/ciphercommon.h (present in
 # providers/implementations/include), which includes crypto/*_platform.h
@@ -66,31 +49,22 @@ $LIBFIPS=libfips.a
 $COMMON_INCLUDES=../crypto ../include implementations/include common/include
 
 INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
-INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES
-INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
-INCLUDE[$LIBNONFIPS]=.. $COMMON_INCLUDES
 INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
+INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
+INCLUDE[$LIBDEFAULT]=.. $COMMON_INCLUDES
 DEFINE[$LIBFIPS]=FIPS_MODULE
 
-# Weak dependencies to provide library order information.
-# We make it weak so they aren't both used always; what is
-# actually used is determined by non-weak dependencies.
-DEPEND[$LIBIMPLEMENTATIONS]{weak}=$LIBFIPS $LIBNONFIPS
-DEPEND[$LIBCOMMON]{weak}=$LIBFIPS
+# Weak dependencies to provide library order information.  What is actually
+# used is determined by non-weak dependencies.
+DEPEND[$LIBCOMMON]{weak}=../libcrypto
 
-# Strong dependencies.  This ensures that any time libimplementations
+# Strong dependencies.  This ensures that any time an implementation library
 # is used, libcommon gets included as well.
-DEPEND[$LIBIMPLEMENTATIONS]=$LIBCOMMON
-DEPEND[$LIBNONFIPS]=../libcrypto
-# It's tempting to make libcommon depend on ../libcrypto.  However,
-# since the FIPS provider module must NOT depend on ../libcrypto, we
-# need to set that dependency up specifically for the final products
-# that use $LIBCOMMON or anything that depends on it.
-
-# Libraries common to all providers, must be built regardless
-LIBS{noinst}=$LIBCOMMON
-# Libraries that are common for all non-FIPS providers, must be built regardless
-LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS
+# The $LIBFIPS dependency on $LIBCOMMON is extra strong, to mitigate for
+# linking problems because they are interdependent
+SOURCE[$LIBFIPS]=$LIBCOMMON
+DEPEND[$LIBLEGACY]=$LIBCOMMON
+DEPEND[$LIBDEFAULT]=$LIBCOMMON
 
 #
 # Default provider stuff
@@ -98,24 +72,20 @@ LIBS{noinst}=$LIBNONFIPS $LIBIMPLEMENTATIONS
 # Because the default provider is built in, it means that libcrypto must
 # include all the object files that are needed (we do that indirectly,
 # by using the appropriate libraries as source).  Note that for shared
-# libraries, SOURCEd libraries are considered as if the where specified
+# libraries, SOURCEd libraries are considered as if they were specified
 # with DEPEND.
 $DEFAULTGOAL=../libcrypto
-SOURCE[$DEFAULTGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
-SOURCE[$DEFAULTGOAL]=defltprov.c
-# Some legacy implementations depend on provider header files
+SOURCE[$DEFAULTGOAL]=$LIBDEFAULT defltprov.c
 INCLUDE[$DEFAULTGOAL]=implementations/include
 
-LIBS=$DEFAULTGOAL
-
 #
 # Base provider stuff
 #
-# Because the base provider is built in, it means that libcrypto
-# must include all of the object files that are needed.
+# Because the base provider is built in, it means that libcrypto must
+# include all of the object files that are needed, just like the default
+# provider.
 $BASEGOAL=../libcrypto
-SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
-SOURCE[$BASEGOAL]=baseprov.c
+SOURCE[$BASEGOAL]=$LIBDEFAULT baseprov.c
 INCLUDE[$BASEGOAL]=implementations/include
 
 #
@@ -127,22 +97,23 @@ INCLUDE[$BASEGOAL]=implementations/include
 # diverse build.info files.  libfips.a, fips.so and their sources aren't
 # built unless the proper LIBS or MODULES statement has been seen, so we
 # have those and only those within a condition.
-SUBDIRS=fips
-$FIPSGOAL=fips
-DEPEND[$FIPSGOAL]=$LIBIMPLEMENTATIONS $LIBFIPS
-INCLUDE[$FIPSGOAL]=../include
-DEFINE[$FIPSGOAL]=FIPS_MODULE
-IF[{- defined $target{shared_defflag} -}]
-  SOURCE[$FIPSGOAL]=fips.ld
-  GENERATE[fips.ld]=../util/providers.num
-ENDIF
-
 IF[{- !$disabled{fips} -}]
+  SUBDIRS=fips
+  $FIPSGOAL=fips
+
   # This is the trigger to actually build the FIPS module.  Without these
   # statements, the final build file will not have a trace of it.
   MODULES{fips}=$FIPSGOAL
   LIBS{noinst}=$LIBFIPS
 
+  DEPEND[$FIPSGOAL]=$LIBFIPS
+  INCLUDE[$FIPSGOAL]=../include
+  DEFINE[$FIPSGOAL]=FIPS_MODULE
+  IF[{- defined $target{shared_defflag} -}]
+    SOURCE[$FIPSGOAL]=fips.ld
+    GENERATE[fips.ld]=../util/providers.num
+  ENDIF
+
   # For tests that try to use the FIPS module, we need to make a local fips
   # module installation.  We have the output go to standard output, because
   # the generated commands in build templates are expected to catch that,
@@ -160,11 +131,8 @@ ENDIF
 # Legacy provider stuff
 #
 IF[{- !$disabled{legacy} -}]
-  # The legacy implementation library
   LIBS{noinst}=$LIBLEGACY
-  DEPEND[$LIBLEGACY]=$LIBCOMMON $LIBNONFIPS
 
-  # The Legacy provider
   IF[{- $disabled{module} -}]
     # Become built in
     # In this case, we need to do the same thing a for the default provider,
@@ -174,18 +142,18 @@ IF[{- !$disabled{legacy} -}]
     # implementation specific build.info files harder to write, so we don't.
     $LEGACYGOAL=../libcrypto
     SOURCE[$LEGACYGOAL]=$LIBLEGACY
-    DEFINE[$LIBLEGACY]=STATIC_LEGACY
     DEFINE[$LEGACYGOAL]=STATIC_LEGACY
   ELSE
     # Become a module
     # In this case, we can work with dependencies
     $LEGACYGOAL=legacy
     MODULES=$LEGACYGOAL
-    DEPEND[$LEGACYGOAL]=$LIBLEGACY
+    DEPEND[$LEGACYGOAL]=$LIBLEGACY ../libcrypto
     IF[{- defined $target{shared_defflag} -}]
       SOURCE[legacy]=legacy.ld
       GENERATE[legacy.ld]=../util/providers.num
     ENDIF
+    SOURCE[$LIBLEGACY]=prov_running.c
   ENDIF
 
   # Common things that are valid no matter what form the Legacy provider
@@ -202,4 +170,4 @@ ENDIF
 $NULLGOAL=../libcrypto
 SOURCE[$NULLGOAL]=nullprov.c prov_running.c
 
-SOURCE[$LIBNONFIPS]=prov_running.c
+SOURCE[$LIBDEFAULT]=prov_running.c
diff --git a/providers/common/build.info b/providers/common/build.info
index 8de65f3fa8..e23ff58855 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -3,5 +3,5 @@ SUBDIRS=der
 SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
 $FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\
             securitycheck.c provider_seeding.c
-SOURCE[../libnonfips.a]=$FIPSCOMMON securitycheck_default.c
+SOURCE[../libdefault.a]=$FIPSCOMMON securitycheck_default.c
 SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c
diff --git a/providers/common/der/build.info b/providers/common/der/build.info
index 8ef1180d6c..b9fe4552d7 100644
--- a/providers/common/der/build.info
+++ b/providers/common/der/build.info
@@ -98,7 +98,7 @@ ENDIF
 #----- Conclusion
 
 # TODO(3.0) $COMMON should go to libcommon.a, but this currently leads
-# to linking conflicts, so we add it to libfips.a and libnonfips.a for
+# to linking conflicts, so we add it to libfips.a and libdefault.a for
 # the moment being
 $COMMON= $DER_RSA_COMMON $DER_DIGESTS_GEN $DER_WRAP_GEN
 
@@ -116,4 +116,4 @@ IF[{- !$disabled{sm2} -}]
 ENDIF
 
 SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE
-SOURCE[../../libnonfips.a]=$COMMON $DER_RSA_FIPSABLE
+SOURCE[../../libdefault.a]=$COMMON $DER_RSA_FIPSABLE
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index c3d4dd9292..239667e003 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -332,13 +332,11 @@ d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/comm
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3  providers/common/securitycheck.c
-eaa448a029b592c0bb947ba98b8888b059c487078be10b28d3c7cbe73cf5a8c7  providers/common/securitycheck_default.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
 fd92f958755683dda449a45f82ecdff342574a9536f6e8727decf5be9a5b747a  providers/fips/fipsprov.c
 c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
 fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
 08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
-60f1d5a19025784698cd67ac54fd9625f4be2149e85cb31d58aea516df22ee12  providers/implementations/asymciphers/sm2_enc.c
 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a  providers/implementations/ciphers/cipher_aes.c
 5b7d6a1d0df42c082c3731a3d2a0fe2d0034874e0fbb2f4916efb72da4fe6b66  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
 10f5bee481daad40609b04743de5ea364f4a2d25bba6d901213294dd966ae786  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -351,34 +349,13 @@ e540092e34896a0f75622365a8d97473dfc7c3036ef6ef6f8ce343922ac03f56  providers/impl
 33144c78ad050b2f9976946c67cbc593442d9a215c5f3d678ac56b504169fe18  providers/implementations/ciphers/cipher_aes_hw.c
 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573  providers/implementations/ciphers/cipher_aes_ocb.c
 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70  providers/implementations/ciphers/cipher_aes_ocb_hw.c
-d088dd386950df04b5ad5a68d529fa36b2fa6b808d7cc7da6de96cdd91ecb92f  providers/implementations/ciphers/cipher_aes_siv.c
-47edbfb9bca49df0d1e36b1bf06367ff31762545e7087bea159ad60e0f684a48  providers/implementations/ciphers/cipher_aes_siv_hw.c
 d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2  providers/implementations/ciphers/cipher_aes_wrp.c
 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931  providers/implementations/ciphers/cipher_aes_xts.c
 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da  providers/implementations/ciphers/cipher_aes_xts_fips.c
 f12bf83d8fffa833fed6d82d74709c7a0563ea0fe291988149d7c85bda8366e7  providers/implementations/ciphers/cipher_aes_xts_hw.c
-e292ec9b6e760b6bec12753a65f9a19bcc05afb6e56399c3561e63281bda4191  providers/implementations/ciphers/cipher_aria.c
-73a9c37bf73b32c98085deaec8a197cab8a6fcdc602593dbbb6b585dd2391bc3  providers/implementations/ciphers/cipher_aria_ccm.c
-1b9832f78203f3badf98f574cfee56c7b782709d68265237fe4c9479e6063172  providers/implementations/ciphers/cipher_aria_ccm_hw.c
-976c1ca4767e4442bb22ce055d756336e0693866e406ae62dd0dc1929ac43c14  providers/implementations/ciphers/cipher_aria_gcm.c
-d4ec3b09d49b7b5ac2941230a2c49b4ede55deeb284366ac26642a3ecbe64e5e  providers/implementations/ciphers/cipher_aria_gcm_hw.c
-cb6985bbec1a885e5fc51dd4df27bb2ef5c201abc88609fe26899fd5ed14e1fd  providers/implementations/ciphers/cipher_aria_hw.c
-8b4ddee713455a1cc8417d2dbe6c28f5a2c9c4d5497af44bc562814eb7fe7911  providers/implementations/ciphers/cipher_camellia.c
-755b686613b311e7d40403926284e0c91704f99b9fea91f5bae6c4c03fc20389  providers/implementations/ciphers/cipher_camellia_hw.c
-090f4035e6fa6566a3cd39301789d2cffa3853b1408326a7dd12f33c3fa12603  providers/implementations/ciphers/cipher_chacha20.c
-cb7839e081f1d86664f152f982062e81a0c365382a123edb08fb7b443398dfe6  providers/implementations/ciphers/cipher_chacha20_hw.c
-fd879ed73c85cb7900a6732eb06ee080c6a0d956cc514b2413dfcb850d831855  providers/implementations/ciphers/cipher_chacha20_poly1305.c
-23bd426356db5afa4df530ed1992777f1d8213c6740b0bdc39590dcd5c4de376  providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
-d3098f6ded4c6b6f6d4e1bf9f641c2bb6499bb76b386a3658527a35b484ce381  providers/implementations/ciphers/cipher_null.c
-4ae134ee0c4113670a7d09c9a5f5a289b1a4a9350bca74d7c2ef6c71d5a5e051  providers/implementations/ciphers/cipher_sm4.c
-61d2796a4dbf1f82dadf86219de5b762016d2e606f636b98b70f888227957c2d  providers/implementations/ciphers/cipher_sm4_hw.c
 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5  providers/implementations/ciphers/cipher_tdes.c
 7b7172e7e5d646e07c1ac07036716c67d9a821de7c0dfd41f8243610215a61c4  providers/implementations/ciphers/cipher_tdes_common.c
-39be7651ea83263815cd48c649a54af56279879361fe91573800d84fbaf40bd9  providers/implementations/ciphers/cipher_tdes_default.c
-c3a9a1fca4416e4ecdeecc3e83cbd24ff3f3185f5c1fea8c5fb8346f3b0e9a67  providers/implementations/ciphers/cipher_tdes_default_hw.c
 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25  providers/implementations/ciphers/cipher_tdes_hw.c
-9bf68e5921f780cb489e8e19a0fd02e5285cea67381b2f55367c65ad0e65ecc3  providers/implementations/ciphers/cipher_tdes_wrap.c
-b98c8a9eb256008fb335084531dd5422563651a5a2d4cbe97f62fba49254a954  providers/implementations/ciphers/cipher_tdes_wrap_hw.c
 db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/implementations/ciphers/ciphercommon.c
 697e9f2254574cc93f0737456d0f3a275946296466a179bb5d0fea607c7a92fa  providers/implementations/ciphers/ciphercommon_block.c
 4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2  providers/implementations/ciphers/ciphercommon_ccm.c
@@ -386,35 +363,17 @@ db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/impl
 1a6377698528eb24943c7616b55e43305a98569497279df8c6e6e411ed009424  providers/implementations/ciphers/ciphercommon_gcm.c
 bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/implementations/ciphers/ciphercommon_gcm_hw.c
 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693  providers/implementations/ciphers/ciphercommon_hw.c
-6b292cf7b2de5e7edb50ab4fedc4adcde2e17aeb30a7c5e4502a4c3994a446cf  providers/implementations/digests/blake2_prov.c
-0dd0cb9e70c5e339c8540aece6be4be1ee328fdc7d32d54e049ff708c981f2d4  providers/implementations/digests/blake2b_prov.c
-6e18c13f50a291de8a4241f8cb9b6b6b1200f3cc4eee0d8d7ffabf0f36daa652  providers/implementations/digests/blake2s_prov.c
 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
-4e6dd0d5343117ee5b3b61326e14e2aad035ae4f2bb0a1cc4b4be708371a9fe3  providers/implementations/digests/md5_prov.c
-322887272619e335b3157128d772d4f7851eef7314ab65ce8b742c5ab8ac5d63  providers/implementations/digests/md5_sha1_prov.c
 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057  providers/implementations/digests/sha2_prov.c
 de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/implementations/digests/sha3_prov.c
-320eb5deda82a3c052d0d0530fc27a66a402cbf3ddcf6640c5911d0e8d145e0c  providers/implementations/digests/sm3_prov.c
-e7660e887b3a98789b09645c7b8b3a0d94bef80837a30c750c1c3fd0c8de3d60  providers/implementations/encode_decode/decode_der2key.c
-130057ec5593166df25e0ece457e5623c218127d8b7714a7162604c22a420976  providers/implementations/encode_decode/decode_msblob2key.c
-4ab7936e2bda93aec2083fb3545d261bd3ffbee62657a0c7118bd5fc4f02b5e0  providers/implementations/encode_decode/decode_pem2der.c
-cebde4c1b7f333159daeec6ac014d3477bf4d3e25a3cccfb0bc7b55bdcf78498  providers/implementations/encode_decode/decode_pvk2key.c
-a4a2c4f7e1c86cb194040db19c801d749fac52ff3dd59e3759524226b772178e  providers/implementations/encode_decode/encode_key2any.c
-8fe61023c2d19a43b1aaacf617f2d6098a525216e91622549c1bfabb80256de0  providers/implementations/encode_decode/encode_key2blob.c
-1412482218e6aadd0cc1eaac3d4a2aaf57be43705e2b4d2ba926b5493e7e1b55  providers/implementations/encode_decode/encode_key2ms.c
-820e4501145f07e7f48d29e3124fdcdb834e7e6658fb2340a1f2d2ce373362a6  providers/implementations/encode_decode/encode_key2text.c
-ecc88a83dc108b869e8d8223d466d49b829364bea0dae602c05e2b999aa5a02c  providers/implementations/encode_decode/endecoder_common.c
 2d3adc404341e3a8a3c29adf732cb740dc4c4b0cde1c422cbeb352c4509320db  providers/implementations/exchange/dh_exch.c
 427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6  providers/implementations/exchange/ecdh_exch.c
 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969  providers/implementations/exchange/ecx_exch.c
 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513  providers/implementations/exchange/kdf_exch.c
 4f8049771ff0cb57944e1ffc9599a96023e36b424138e51b1466f9a133f03943  providers/implementations/kdfs/hkdf.c
 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
-9625cab3ea0a1830838412d0ce6210c9a77eeebddb3cb1bee5198d90c33539ae  providers/implementations/kdfs/krb5kdf.c
 f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
 abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/implementations/kdfs/pbkdf2_fips.c
-43fae0685aa32e34545704fccd1f0ec3357ef28cc817c03960d649044420b368  providers/implementations/kdfs/pkcs12kdf.c
-0994de1013c5b1a3007ce71150a28efdc791be96c8b8f7b6d25c8b593735f8f2  providers/implementations/kdfs/scrypt.c
 6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1  providers/implementations/kdfs/sshkdf.c
 eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/implementations/kdfs/sskdf.c
 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a  providers/implementations/kdfs/tls1_prf.c
@@ -427,33 +386,20 @@ a5b4ddffa137a52f6a0a0c0c28c618d9bff00af2ec49e51885fc7af116e04869  providers/impl
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 21b259d6a9eb5e319106012179e04963fb9659ed85af37f5c9c8752ec2385dae  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87  providers/implementations/keymgmt/rsa_kmgmt.c
-7d268a8d8179b35b6a9cb6b362976b3d861351c9ea076961f02a54ab37f3f5b0  providers/implementations/macs/blake2b_mac.c
-3d50f84587431277bfb7af241485b150e02f7b30750f9faa40dd6e98927e5592  providers/implementations/macs/blake2s_mac.c
 25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef  providers/implementations/macs/cmac_prov.c
 f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/implementations/macs/gmac_prov.c
 35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf  providers/implementations/macs/hmac_prov.c
 e42823cce1d08d9cb6cb32cc6b913241573c2cbbd856ff77a331b0956ee5aa02  providers/implementations/macs/kmac_prov.c
-94d80682125b40ba694242fdfa978b802c6e70f2b0167215c9d689c0ccf5820f  providers/implementations/macs/poly1305_prov.c
-d594704aa3173afdb2b1e95253285cdb245a42078f9ca06b68aaeecb858b10fd  providers/implementations/macs/siphash_prov.c
 dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064  providers/implementations/rands/crngt.c
 c7a811a8b2911ec76faf985145a445b81d19c57f5457dad203b39f1da48e6c1b  providers/implementations/rands/drbg.c
 3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed  providers/implementations/rands/drbg_ctr.c
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
-8075edbf4957b625301c85331bb4737cbefd334ee51e146fa15c3dc40bdd4973  providers/implementations/rands/seed_src.c
-c440957b586c6dac6c0b695080f0f4147c81f3a269b2fb07a742e73b54b2fa64  providers/implementations/rands/seeding/rand_cpu_x86.c
-c1a6007e76d21279e0b4eafef970c94cefad48a1a0d609aa9c359b5418486b95  providers/implementations/rands/seeding/rand_tsc.c
-7cd4b532adf4eff8209c5eb7d7c1020840fc1728cb3179beb163639fc7aff285  providers/implementations/rands/seeding/rand_unix.c
-38a0be4c03ea3c0e4761173a44ed421e3ec4f5c5eafafd8861b84a28c48d75f2  providers/implementations/rands/seeding/rand_win.c
 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16  providers/implementations/rands/test_rng.c
-a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/implementations/signature/dsa.c
-1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f  providers/implementations/signature/ecdsa.c
-8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa.c
-1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy.c
-25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa.c
-c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732  providers/implementations/signature/sm2sig.c
-e2750b310565e74617310566c1ccfbd75559521117fd8936540fff54dd304902  providers/implementations/storemgmt/file_store.c
-291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab  providers/implementations/storemgmt/file_store_der2obj.c
-04ea01e48b8fee822acb376ab8679b4c627b32ab75c137bf23ebb4fe2a1c0703  providers/prov_running.c
+a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/implementations/signature/dsa_sig.c
+1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f  providers/implementations/signature/ecdsa_sig.c
+8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa_sig.c
+1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy_sig.c
+25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa_sig.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
 0143753184c1bddf47af3bd5b5e0d788fc757dac4b77f291627fc25d46eba05c  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 913f8b0992..3f183b8c1a 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-f51d5228b36f7d4ef300ceddfb426e672b136c0b64706af027707830828fa442  providers/fips-sources.checksums
+31b3d6511f42b33ac269d527ab6ff7c18f0afda32f913d825eee5efc7e772da2  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 79b532fe89..7e17658602 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -339,13 +339,11 @@ providers/common/provider_err.c
 providers/common/provider_seeding.c
 providers/common/provider_util.c
 providers/common/securitycheck.c
-providers/common/securitycheck_default.c
 providers/common/securitycheck_fips.c
 providers/fips/fipsprov.c
 providers/fips/self_test.c
 providers/fips/self_test_kats.c
 providers/implementations/asymciphers/rsa_enc.c
-providers/implementations/asymciphers/sm2_enc.c
 providers/implementations/ciphers/cipher_aes.c
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -358,34 +356,13 @@ providers/implementations/ciphers/cipher_aes_gcm_hw.c
 providers/implementations/ciphers/cipher_aes_hw.c
 providers/implementations/ciphers/cipher_aes_ocb.c
 providers/implementations/ciphers/cipher_aes_ocb_hw.c
-providers/implementations/ciphers/cipher_aes_siv.c
-providers/implementations/ciphers/cipher_aes_siv_hw.c
 providers/implementations/ciphers/cipher_aes_wrp.c
 providers/implementations/ciphers/cipher_aes_xts.c
 providers/implementations/ciphers/cipher_aes_xts_fips.c
 providers/implementations/ciphers/cipher_aes_xts_hw.c
-providers/implementations/ciphers/cipher_aria.c
-providers/implementations/ciphers/cipher_aria_ccm.c
-providers/implementations/ciphers/cipher_aria_ccm_hw.c
-providers/implementations/ciphers/cipher_aria_gcm.c
-providers/implementations/ciphers/cipher_aria_gcm_hw.c
-providers/implementations/ciphers/cipher_aria_hw.c
-providers/implementations/ciphers/cipher_camellia.c
-providers/implementations/ciphers/cipher_camellia_hw.c
-providers/implementations/ciphers/cipher_chacha20.c
-providers/implementations/ciphers/cipher_chacha20_hw.c
-providers/implementations/ciphers/cipher_chacha20_poly1305.c
-providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
-providers/implementations/ciphers/cipher_null.c
-providers/implementations/ciphers/cipher_sm4.c
-providers/implementations/ciphers/cipher_sm4_hw.c
 providers/implementations/ciphers/cipher_tdes.c
 providers/implementations/ciphers/cipher_tdes_common.c
-providers/implementations/ciphers/cipher_tdes_default.c
-providers/implementations/ciphers/cipher_tdes_default_hw.c
 providers/implementations/ciphers/cipher_tdes_hw.c
-providers/implementations/ciphers/cipher_tdes_wrap.c
-providers/implementations/ciphers/cipher_tdes_wrap_hw.c
 providers/implementations/ciphers/ciphercommon.c
 providers/implementations/ciphers/ciphercommon_block.c
 providers/implementations/ciphers/ciphercommon_ccm.c
@@ -393,35 +370,17 @@ providers/implementations/ciphers/ciphercommon_ccm_hw.c
 providers/implementations/ciphers/ciphercommon_gcm.c
 providers/implementations/ciphers/ciphercommon_gcm_hw.c
 providers/implementations/ciphers/ciphercommon_hw.c
-providers/implementations/digests/blake2_prov.c
-providers/implementations/digests/blake2b_prov.c
-providers/implementations/digests/blake2s_prov.c
 providers/implementations/digests/digestcommon.c
-providers/implementations/digests/md5_prov.c
-providers/implementations/digests/md5_sha1_prov.c
 providers/implementations/digests/sha2_prov.c
 providers/implementations/digests/sha3_prov.c
-providers/implementations/digests/sm3_prov.c
-providers/implementations/encode_decode/decode_der2key.c
-providers/implementations/encode_decode/decode_msblob2key.c
-providers/implementations/encode_decode/decode_pem2der.c
-providers/implementations/encode_decode/decode_pvk2key.c
-providers/implementations/encode_decode/encode_key2any.c
-providers/implementations/encode_decode/encode_key2blob.c
-providers/implementations/encode_decode/encode_key2ms.c
-providers/implementations/encode_decode/encode_key2text.c
-providers/implementations/encode_decode/endecoder_common.c
 providers/implementations/exchange/dh_exch.c
 providers/implementations/exchange/ecdh_exch.c
 providers/implementations/exchange/ecx_exch.c
 providers/implementations/exchange/kdf_exch.c
 providers/implementations/kdfs/hkdf.c
 providers/implementations/kdfs/kbkdf.c
-providers/implementations/kdfs/krb5kdf.c
 providers/implementations/kdfs/pbkdf2.c
 providers/implementations/kdfs/pbkdf2_fips.c
-providers/implementations/kdfs/pkcs12kdf.c
-providers/implementations/kdfs/scrypt.c
 providers/implementations/kdfs/sshkdf.c
 providers/implementations/kdfs/sskdf.c
 providers/implementations/kdfs/tls1_prf.c
@@ -434,34 +393,21 @@ providers/implementations/keymgmt/ecx_kmgmt.c
 providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 providers/implementations/keymgmt/mac_legacy_kmgmt.c
 providers/implementations/keymgmt/rsa_kmgmt.c
-providers/implementations/macs/blake2b_mac.c
-providers/implementations/macs/blake2s_mac.c
 providers/implementations/macs/cmac_prov.c
 providers/implementations/macs/gmac_prov.c
 providers/implementations/macs/hmac_prov.c
 providers/implementations/macs/kmac_prov.c
-providers/implementations/macs/poly1305_prov.c
-providers/implementations/macs/siphash_prov.c
 providers/implementations/rands/crngt.c
 providers/implementations/rands/drbg.c
 providers/implementations/rands/drbg_ctr.c
 providers/implementations/rands/drbg_hash.c
 providers/implementations/rands/drbg_hmac.c
-providers/implementations/rands/seed_src.c
-providers/implementations/rands/seeding/rand_cpu_x86.c
-providers/implementations/rands/seeding/rand_tsc.c
-providers/implementations/rands/seeding/rand_unix.c
-providers/implementations/rands/seeding/rand_win.c
 providers/implementations/rands/test_rng.c
-providers/implementations/signature/dsa.c
-providers/implementations/signature/ecdsa.c
-providers/implementations/signature/eddsa.c
-providers/implementations/signature/mac_legacy.c
-providers/implementations/signature/rsa.c
-providers/implementations/signature/sm2sig.c
-providers/implementations/storemgmt/file_store.c
-providers/implementations/storemgmt/file_store_der2obj.c
-providers/prov_running.c
+providers/implementations/signature/dsa_sig.c
+providers/implementations/signature/ecdsa_sig.c
+providers/implementations/signature/eddsa_sig.c
+providers/implementations/signature/mac_legacy_sig.c
+providers/implementations/signature/rsa_sig.c
 ssl/record/tls_pad.c
 ssl/s3_cbc.c
 util/providers.num
diff --git a/providers/implementations/asymciphers/build.info b/providers/implementations/asymciphers/build.info
index 4b629d04ee..dbca473684 100644
--- a/providers/implementations/asymciphers/build.info
+++ b/providers/implementations/asymciphers/build.info
@@ -1,8 +1,8 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$RSA_GOAL=../../libimplementations.a
-$SM2_GOAL=../../libimplementations.a
+$RSA_GOAL=../../libdefault.a ../../libfips.a
+$SM2_GOAL=../../libdefault.a
 
 SOURCE[$RSA_GOAL]=rsa_enc.c
 
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index a278c2182b..cb87ea62d9 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -7,12 +7,12 @@
 
 $COMMON_GOAL=../../libcommon.a
 
-$NULL_GOAL=../../libimplementations.a
-$AES_GOAL=../../libimplementations.a
-$TDES_1_GOAL=../../libimplementations.a
-$TDES_2_GOAL=../../libimplementations.a
-$ARIA_GOAL=../../libimplementations.a
-$CAMELLIA_GOAL=../../libimplementations.a
+$NULL_GOAL=../../libdefault.a
+$AES_GOAL=../../libdefault.a ../../libfips.a
+$TDES_1_GOAL=../../libdefault.a ../../libfips.a
+$TDES_2_GOAL=../../libdefault.a
+$ARIA_GOAL=../../libdefault.a
+$CAMELLIA_GOAL=../../libdefault.a
 $DES_GOAL=../../liblegacy.a
 $BLOWFISH_GOAL=../../liblegacy.a
 $IDEA_GOAL=../../liblegacy.a
@@ -21,10 +21,10 @@ $RC2_GOAL=../../liblegacy.a
 $RC4_GOAL=../../liblegacy.a
 $RC5_GOAL=../../liblegacy.a
 $SEED_GOAL=../../liblegacy.a
-$SM4_GOAL=../../libimplementations.a
-$CHACHA_GOAL=../../libimplementations.a
-$CHACHAPOLY_GOAL=../../libimplementations.a
-$SIV_GOAL=../../libimplementations.a
+$SM4_GOAL=../../libdefault.a
+$CHACHA_GOAL=../../libdefault.a
+$CHACHAPOLY_GOAL=../../libdefault.a
+$SIV_GOAL=../../libdefault.a
 
 # This source is common building blocks for all ciphers in all our providers.
 SOURCE[$COMMON_GOAL]=\
@@ -51,8 +51,7 @@ SOURCE[$AES_GOAL]=\
 
 # Extra code to satisfy the FIPS and non-FIPS separation.
 # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed.
-SOURCE[../../libfips.a]=cipher_aes_xts_fips.c
-SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c
+SOURCE[$AES_GOAL]=cipher_aes_xts_fips.c
 
 IF[{- !$disabled{siv} -}]
   SOURCE[$SIV_GOAL]=\
diff --git a/providers/implementations/digests/build.info b/providers/implementations/digests/build.info
index a90636cbb9..2c2b0c3db0 100644
--- a/providers/implementations/digests/build.info
+++ b/providers/implementations/digests/build.info
@@ -3,12 +3,12 @@
 
 $COMMON_GOAL=../../libcommon.a
 
-$SHA1_GOAL=../../libimplementations.a
-$SHA2_GOAL=../../libimplementations.a
-$SHA3_GOAL=../../libimplementations.a
-$BLAKE2_GOAL=../../libimplementations.a
-$SM3_GOAL=../../libimplementations.a
-$MD5_GOAL=../../libimplementations.a
+$SHA1_GOAL=../../libdefault.a ../../libfips.a
+$SHA2_GOAL=../../libdefault.a ../../libfips.a
+$SHA3_GOAL=../../libdefault.a ../../libfips.a
+$BLAKE2_GOAL=../../libdefault.a
+$SM3_GOAL=../../libdefault.a
+$MD5_GOAL=../../libdefault.a
 
 $MD2_GOAL=../../liblegacy.a
 $MD4_GOAL=../../liblegacy.a
diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info
index 694e3c94a5..06fe6aa462 100644
--- a/providers/implementations/encode_decode/build.info
+++ b/providers/implementations/encode_decode/build.info
@@ -1,14 +1,14 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$ENCODER_GOAL=../../libimplementations.a
-$DECODER_GOAL=../../libimplementations.a
-$RSA_GOAL=../../libimplementations.a
-$FFC_GOAL=../../libimplementations.a
-$DH_GOAL=../../libimplementations.a
-$DSA_GOAL=../../libimplementations.a
-$ECX_GOAL=../../libimplementations.a
-$EC_GOAL=../../libimplementations.a
+$ENCODER_GOAL=../../libdefault.a
+$DECODER_GOAL=../../libdefault.a
+$RSA_GOAL=../../libdefault.a
+$FFC_GOAL=../../libdefault.a
+$DH_GOAL=../../libdefault.a
+$DSA_GOAL=../../libdefault.a
+$ECX_GOAL=../../libdefault.a
+$EC_GOAL=../../libdefault.a
 
 SOURCE[$ENCODER_GOAL]=endecoder_common.c
 
diff --git a/providers/implementations/exchange/build.info b/providers/implementations/exchange/build.info
index 4659dc9b0e..3c1e5c58f1 100644
--- a/providers/implementations/exchange/build.info
+++ b/providers/implementations/exchange/build.info
@@ -1,11 +1,10 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$DH_GOAL=../../libimplementations.a
-$ECDH_GOAL=../../libimplementations.a
-$ECX_GOAL=../../libimplementations.a
-$ECDH_GOAL=../../libimplementations.a
-$KDF_GOAL=../../libimplementations.a
+$DH_GOAL=../../libdefault.a ../../libfips.a
+$ECDH_GOAL=../../libdefault.a ../../libfips.a
+$ECX_GOAL=../../libdefault.a ../../libfips.a
+$KDF_GOAL=../../libdefault.a ../../libfips.a
 
 IF[{- !$disabled{dh} -}]
   SOURCE[$DH_GOAL]=dh_exch.c
diff --git a/providers/implementations/kdfs/build.info b/providers/implementations/kdfs/build.info
index 459005def5..1711466e3f 100644
--- a/providers/implementations/kdfs/build.info
+++ b/providers/implementations/kdfs/build.info
@@ -1,16 +1,16 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$TLS1_PRF_GOAL=../../libimplementations.a
-$HKDF_GOAL=../../libimplementations.a
-$KBKDF_GOAL=../../libimplementations.a
-$KRB5KDF_GOAL=../../libimplementations.a
-$PBKDF2_GOAL=../../libimplementations.a
-$PKCS12KDF_GOAL=../../libimplementations.a
-$SSKDF_GOAL=../../libimplementations.a
-$SCRYPT_GOAL=../../libimplementations.a
-$SSHKDF_GOAL=../../libimplementations.a
-$X942KDF_GOAL=../../libimplementations.a
+$TLS1_PRF_GOAL=../../libdefault.a ../../libfips.a
+$HKDF_GOAL=../../libdefault.a ../../libfips.a
+$KBKDF_GOAL=../../libdefault.a ../../libfips.a
+$KRB5KDF_GOAL=../../libdefault.a
+$PBKDF2_GOAL=../../libdefault.a ../../libfips.a
+$PKCS12KDF_GOAL=../../libdefault.a
+$SSKDF_GOAL=../../libdefault.a ../../libfips.a
+$SCRYPT_GOAL=../../libdefault.a
+$SSHKDF_GOAL=../../libdefault.a ../../libfips.a
+$X942KDF_GOAL=../../libdefault.a ../../libfips.a
 
 SOURCE[$TLS1_PRF_GOAL]=tls1_prf.c
 
@@ -23,8 +23,7 @@ SOURCE[$KRB5KDF_GOAL]=krb5kdf.c
 SOURCE[$PBKDF2_GOAL]=pbkdf2.c
 # Extra code to satisfy the FIPS and non-FIPS separation.
 # When the PBKDF2 moves to legacy, this can be removed.
-SOURCE[../../libfips.a]=pbkdf2_fips.c
-SOURCE[../../libnonfips.a]=pbkdf2_fips.c
+SOURCE[$PBKDF2_GOAL]=pbkdf2_fips.c
 
 SOURCE[$PKCS12KDF_GOAL]=pkcs12kdf.c
 
diff --git a/providers/implementations/kem/build.info b/providers/implementations/kem/build.info
index e9f91cba43..dbb1b7d750 100644
--- a/providers/implementations/kem/build.info
+++ b/providers/implementations/kem/build.info
@@ -1,6 +1,6 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$RSA_KEM_GOAL=../../libimplementations.a
+$RSA_KEM_GOAL=../../libdefault.a ../../libfips.a
 
 SOURCE[$RSA_KEM_GOAL]=rsa_kem.c
diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info
index f434a720bc..0d86907aed 100644
--- a/providers/implementations/keymgmt/build.info
+++ b/providers/implementations/keymgmt/build.info
@@ -1,20 +1,22 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$ECX_GOAL=../../libimplementations.a
-$KDF_GOAL=../../libimplementations.a
+$DH_GOAL=../../libdefault.a ../../libfips.a
+$DSA_GOAL=../../libdefault.a ../../libfips.a
+$EC_GOAL=../../libdefault.a ../../libfips.a
+$ECX_GOAL=../../libdefault.a ../../libfips.a
+$KDF_GOAL=../../libdefault.a ../../libfips.a
+$MAC_GOAL=../../libdefault.a ../../libfips.a
+$RSA_GOAL=../../libdefault.a ../../libfips.a
 
 IF[{- !$disabled{dh} -}]
-  SOURCE[../../libfips.a]=dh_kmgmt.c
-  SOURCE[../../libnonfips.a]=dh_kmgmt.c
+  SOURCE[$DH_GOAL]=dh_kmgmt.c
 ENDIF
 IF[{- !$disabled{dsa} -}]
-  SOURCE[../../libfips.a]=dsa_kmgmt.c
-  SOURCE[../../libnonfips.a]=dsa_kmgmt.c
+  SOURCE[$DSA_GOAL]=dsa_kmgmt.c
 ENDIF
 IF[{- !$disabled{ec} -}]
-  SOURCE[../../libfips.a]=ec_kmgmt.c
-  SOURCE[../../libnonfips.a]=ec_kmgmt.c
+  SOURCE[$EC_GOAL]=ec_kmgmt.c
 ENDIF
 
 IF[{- !$disabled{asm} -}]
@@ -32,10 +34,8 @@ IF[{- !$disabled{ec} -}]
   DEFINE[$ECX_GOAL]=$ECDEF
 ENDIF
 
-SOURCE[../../libfips.a]=rsa_kmgmt.c
-SOURCE[../../libnonfips.a]=rsa_kmgmt.c
+SOURCE[$RSA_GOAL]=rsa_kmgmt.c
 
 SOURCE[$KDF_GOAL]=kdf_legacy_kmgmt.c
 
-SOURCE[../../libfips.a]=mac_legacy_kmgmt.c
-SOURCE[../../libnonfips.a]=mac_legacy_kmgmt.c
+SOURCE[$MAC_GOAL]=mac_legacy_kmgmt.c
diff --git a/providers/implementations/macs/build.info b/providers/implementations/macs/build.info
index 07c40d354b..35db66bf23 100644
--- a/providers/implementations/macs/build.info
+++ b/providers/implementations/macs/build.info
@@ -1,13 +1,13 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$GMAC_GOAL=../../libimplementations.a
-$HMAC_GOAL=../../libimplementations.a
-$KMAC_GOAL=../../libimplementations.a
-$CMAC_GOAL=../../libimplementations.a
-$BLAKE2_GOAL=../../libimplementations.a
-$SIPHASH_GOAL=../../libimplementations.a
-$POLY1305_GOAL=../../libimplementations.a
+$GMAC_GOAL=../../libdefault.a ../../libfips.a
+$HMAC_GOAL=../../libdefault.a ../../libfips.a
+$KMAC_GOAL=../../libdefault.a ../../libfips.a
+$CMAC_GOAL=../../libdefault.a ../../libfips.a
+$BLAKE2_GOAL=../../libdefault.a
+$SIPHASH_GOAL=../../libdefault.a
+$POLY1305_GOAL=../../libdefault.a
 
 SOURCE[$GMAC_GOAL]=gmac_prov.c
 SOURCE[$HMAC_GOAL]=hmac_prov.c
@@ -17,8 +17,6 @@ IF[{- !$disabled{cmac} -}]
   SOURCE[$CMAC_GOAL]=cmac_prov.c
 ENDIF
 
-$GOAL=../../libimplementations.a
-
 IF[{- !$disabled{blake2} -}]
   SOURCE[$BLAKE2_GOAL]=blake2b_mac.c blake2s_mac.c
 ENDIF
diff --git a/providers/implementations/rands/build.info b/providers/implementations/rands/build.info
index b44c1caa8a..8bcac43be7 100644
--- a/providers/implementations/rands/build.info
+++ b/providers/implementations/rands/build.info
@@ -1,6 +1,6 @@
 SUBDIRS=seeding
 
-$COMMON=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c
+$RANDS_GOAL=../../libdefault.a ../../libfips.a
 
-SOURCE[../../libfips.a]=$COMMON
-SOURCE[../../libnonfips.a]=$COMMON seed_src.c
+SOURCE[$RANDS_GOAL]=drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c
+SOURCE[../../libdefault.a]=seed_src.c
diff --git a/providers/implementations/rands/seeding/build.info b/providers/implementations/rands/seeding/build.info
index 58c5be3daf..2788146ad4 100644
--- a/providers/implementations/rands/seeding/build.info
+++ b/providers/implementations/rands/seeding/build.info
@@ -6,5 +6,5 @@ IF[{- $config{target} =~ /vms/i -}]
   $COMMON=$COMMON rand_vms.c
 ENDIF
 
-SOURCE[../../../libnonfips.a]=$COMMON
+SOURCE[../../../libdefault.a]=$COMMON
 
diff --git a/providers/implementations/signature/build.info b/providers/implementations/signature/build.info
index 84c5d905b2..539a57e24b 100644
--- a/providers/implementations/signature/build.info
+++ b/providers/implementations/signature/build.info
@@ -1,24 +1,25 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$DSA_GOAL=../../libimplementations.a
-$EC_GOAL=../../libimplementations.a
-$SM2SIG_GOAL=../../libimplementations.a
+$DSA_GOAL=../../libdefault.a ../../libfips.a
+$EC_GOAL=../../libdefault.a ../../libfips.a
+$MAC_GOAL=../../libdefault.a ../../libfips.a
+$RSA_GOAL=../../libdefault.a ../../libfips.a
+$SM2_GOAL=../../libdefault.a
 
 IF[{- !$disabled{dsa} -}]
-  SOURCE[$DSA_GOAL]=dsa.c
+  SOURCE[$DSA_GOAL]=dsa_sig.c
 ENDIF
 
 IF[{- !$disabled{ec} -}]
-  SOURCE[$EC_GOAL]=eddsa.c ecdsa.c
+  SOURCE[$EC_GOAL]=eddsa_sig.c ecdsa_sig.c
 ENDIF
 
 IF[{- !$disabled{sm2} -}]
-  SOURCE[$SM2SIG_GOAL]=sm2sig.c
+  SOURCE[$SM2_GOAL]=sm2_sig.c
 ENDIF
 
-SOURCE[../../libfips.a]=rsa.c
-SOURCE[../../libnonfips.a]=rsa.c
+SOURCE[$RSA_GOAL]=rsa_sig.c
 
 DEPEND[rsa.o]=../../common/include/prov/der_rsa.h
 DEPEND[dsa.o]=../../common/include/prov/der_dsa.h
@@ -26,5 +27,4 @@ DEPEND[ecdsa.o]=../../common/include/prov/der_ec.h
 DEPEND[eddsa.o]=../../common/include/prov/der_ecx.h
 DEPEND[sm2sig.o]=../../common/include/prov/der_sm2.h
 
-SOURCE[../../libfips.a]=mac_legacy.c
-SOURCE[../../libnonfips.a]=mac_legacy.c
+SOURCE[$MAC_GOAL]=mac_legacy_sig.c
diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa_sig.c
similarity index 100%
rename from providers/implementations/signature/dsa.c
rename to providers/implementations/signature/dsa_sig.c
diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa_sig.c
similarity index 100%
rename from providers/implementations/signature/ecdsa.c
rename to providers/implementations/signature/ecdsa_sig.c
diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa_sig.c
similarity index 100%
rename from providers/implementations/signature/eddsa.c
rename to providers/implementations/signature/eddsa_sig.c
diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy_sig.c
similarity index 100%
rename from providers/implementations/signature/mac_legacy.c
rename to providers/implementations/signature/mac_legacy_sig.c
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa_sig.c
similarity index 100%
rename from providers/implementations/signature/rsa.c
rename to providers/implementations/signature/rsa_sig.c
diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2_sig.c
similarity index 100%
rename from providers/implementations/signature/sm2sig.c
rename to providers/implementations/signature/sm2_sig.c
diff --git a/providers/implementations/storemgmt/build.info b/providers/implementations/storemgmt/build.info
index 89939cce54..ad47fb1fe8 100644
--- a/providers/implementations/storemgmt/build.info
+++ b/providers/implementations/storemgmt/build.info
@@ -1,6 +1,6 @@
 # We make separate GOAL variables for each algorithm, to make it easy to
 # switch each to the Legacy provider when needed.
 
-$STORE_GOAL=../../libimplementations.a
+$STORE_GOAL=../../libdefault.a
 
 SOURCE[$STORE_GOAL]=file_store.c file_store_der2obj.c
diff --git a/ssl/build.info b/ssl/build.info
index 703cbaff50..c17084b9ad 100644
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -40,4 +40,4 @@ ENDIF
 DEFINE[../libssl]=$AESDEF
 
 SOURCE[../providers/libcommon.a]=record/tls_pad.c
-SOURCE[../providers/libimplementations.a]=s3_cbc.c
+SOURCE[../providers/libdefault.a ../providers/libfips.a]=s3_cbc.c

From tomas at openssl.org  Fri May  7 09:01:06 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 07 May 2021 09:01:06 +0000
Subject: [openssl]  master update
Message-ID: <1620378066.341361.17444.nullmailer@dev.openssl.org>

The branch master has been updated
       via  592ea4ba94b790a9c366fd12792d88fb9c28ef88 (commit)
      from  6d1bb1fffdeb053c6448ebf025979f9ad4689aaf (commit)


- Log -----------------------------------------------------------------
commit 592ea4ba94b790a9c366fd12792d88fb9c28ef88
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Tue May 4 15:19:42 2021 +1000

    Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15130)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_lib.c                           | 14 ++++--
 doc/man7/provider-cipher.pod                   |  2 +-
 include/openssl/core_names.h                   |  2 +-
 providers/fips-sources.checksums               |  2 +-
 providers/fips.checksum                        |  2 +-
 providers/implementations/ciphers/cipher_rc2.c |  6 ++-
 test/pkcs12_format_test.c                      | 65 +++++++++++++++++++++++++-
 7 files changed, 81 insertions(+), 12 deletions(-)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 66a862688a..842ee51b8d 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -126,8 +126,9 @@ int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
          * We make two passes, the first to get the appropriate buffer size,
          * and the second to get the actual value.
          */
-        *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID,
-                                                 NULL, 0);
+        *p++ = OSSL_PARAM_construct_octet_string(
+                       OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
+                       NULL, 0);
         *p = OSSL_PARAM_construct_end();
 
         if (!EVP_CIPHER_CTX_get_params(c, params))
@@ -213,8 +214,9 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
 
         if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) {
             *p++ =
-                OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_ALG_ID,
-                                                  der, (size_t)derl);
+                OSSL_PARAM_construct_octet_string(
+                        OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS,
+                        der, (size_t)derl);
             *p = OSSL_PARAM_construct_end();
             if (EVP_CIPHER_CTX_set_params(c, params))
                 ret = 1;
@@ -369,6 +371,10 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher)
         /* Provided implementations may have a custom cipher_cipher */
         if (cipher->prov != NULL && cipher->ccipher != NULL)
             cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
+        /* Provided implementations may also have custom ASN1 algorithm parameters */
+        if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher),
+                                    OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS))
+            cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1;
     }
     return ok;
 }
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 87b7992d84..26c4e57852 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -350,7 +350,7 @@ Gets a implementation specific randomly generated key for the associated
 cipher ctx. This is currently only supported by 3DES (which sets the key to
 odd parity).
 
-=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALG_ID>) <octet string>
+=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string>
 
 Used to pass the DER encoded AlgorithmIdentifier parameter to or from
 the cipher implementation.  Functions like L<EVP_CIPHER_param_to_asn1(3)>
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 02476560f0..7ebde7c2a1 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -94,7 +94,7 @@ extern "C" {
 #define OSSL_CIPHER_PARAM_SPEED                "speed"        /* uint */
 #define OSSL_CIPHER_PARAM_CTS_MODE             "cts_mode"     /* utf8_string */
 /* For passing the AlgorithmIdentifier parameter in DER form */
-#define OSSL_CIPHER_PARAM_ALG_ID               "alg_id_param" /* octet_string */
+#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS  "alg_id_param" /* octet_string */
 
 #define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT                    \
     "tls1multi_maxsndfrag" /* uint */
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 239667e003..805b2da9c2 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -172,7 +172,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
 9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561  crypto/evp/evp_fetch.c
-c1017021bfff5cd76ac66e08ece80c78cbb9551194a4560c84ad0ad75d46511f  crypto/evp/evp_lib.c
+f975f6ba3aff8130b775f39182fdc783a3ef954402313248edd661d29032aa05  crypto/evp/evp_lib.c
 af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
 896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a  crypto/evp/exchange.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 3f183b8c1a..ab881aa507 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-31b3d6511f42b33ac269d527ab6ff7c18f0afda32f913d825eee5efc7e772da2  providers/fips-sources.checksums
+734ff29885aaf5d08474ad7e36f7ec6ea1813ce9c917d335225fe8fe284f38f1  providers/fips-sources.checksums
diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c
index f8a18462af..106f47e866 100644
--- a/providers/implementations/ciphers/cipher_rc2.c
+++ b/providers/implementations/ciphers/cipher_rc2.c
@@ -117,7 +117,7 @@ static int rc2_get_ctx_params(void *vctx, OSSL_PARAM params[])
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_ALG_ID);
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS);
     if (p != NULL) {
         long num;
         int i;
@@ -176,7 +176,7 @@ static int rc2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             return 0;
         }
     }
-    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_ALG_ID);
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS);
     if (p != NULL) {
         ASN1_TYPE *type = NULL;
         long num = 0;
@@ -210,11 +210,13 @@ static int rc2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(rc2)
 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL),
+OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0),
 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(rc2)
 
 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(rc2)
 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL),
+OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, NULL, 0),
 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(rc2)
 
 #define IMPLEMENT_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, blkbits,    \
diff --git a/test/pkcs12_format_test.c b/test/pkcs12_format_test.c
index e3fb55315a..0ab1651322 100644
--- a/test/pkcs12_format_test.c
+++ b/test/pkcs12_format_test.c
@@ -229,6 +229,15 @@ static const int enc_nids_all[] = {
     NID_des_ede3_cbc,
     NID_des_cbc,
 #endif
+#ifndef OPENSSL_NO_RC5
+    NID_rc5_cbc,
+#endif
+#ifndef OPENSSL_NO_RC4
+    NID_rc4,
+#endif
+#ifndef OPENSSL_NO_RC2
+    NID_rc2_cbc,
+#endif
 
 #ifndef OPENSSL_NO_MD2
 # ifndef OPENSSL_NO_DES
@@ -602,6 +611,55 @@ static int test_single_secret_encrypted_content(void)
     return end_pkcs12_builder(pb);
 }
 
+static int test_single_secret(PKCS12_ENC *enc)
+{
+    int custom_nid;
+    char fname[80];
+    PKCS12_BUILDER *pb;
+
+    sprintf(fname, "1secret_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
+    pb = new_pkcs12_builder(fname);
+    custom_nid = get_custom_oid();
+
+    /* Generate/encode */
+    start_pkcs12(pb);
+
+        start_contentinfo(pb);
+
+            add_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
+
+        end_contentinfo_encrypted(pb, enc);
+
+    end_pkcs12_with_mac(pb, &mac_default);
+
+    /* Read/decode */
+    start_check_pkcs12_with_mac(pb, &mac_default);
+
+        start_check_contentinfo_encrypted(pb, enc);
+
+            check_secretbag(pb, custom_nid, "VerySecretMessage", ATTRS1);
+
+        end_check_contentinfo(pb);
+
+    end_check_pkcs12(pb);
+
+    return end_pkcs12_builder(pb);
+}
+
+static int test_single_secret_enc_alg(int z)
+{
+    PKCS12_ENC enc;
+
+    if (lgcyprov == NULL)
+        enc.nid = enc_nids_no_legacy[z];
+    else
+        enc.nid = enc_nids_all[z];
+    enc.pass = enc_default.pass;
+    enc.iter = enc_default.iter;
+
+    return test_single_secret(&enc);
+}
+
 static int test_multiple_contents(void)
 {
     PKCS12_BUILDER *pb = new_pkcs12_builder("multi_contents.p12");
@@ -720,10 +778,13 @@ int setup_tests(void)
     }
 
     ADD_TEST(test_single_cert_no_attrs);
-    if (lgcyprov == NULL)
+    if (lgcyprov == NULL) {
         ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
-    else
+        ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_no_legacy));
+    } else {
         ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_all));
+        ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_all));
+    }
     ADD_ALL_TESTS(test_single_key_enc_pass, OSSL_NELEM(passwords));
     ADD_ALL_TESTS(test_single_key_enc_iter, OSSL_NELEM(iters));
     ADD_TEST(test_single_key_with_attrs);

From tomas at openssl.org  Fri May  7 09:52:20 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 07 May 2021 09:52:20 +0000
Subject: [openssl]  master update
Message-ID: <1620381140.784227.23209.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f71a7453589b29819f2e35b8cf08c8423b0d27a3 (commit)
      from  592ea4ba94b790a9c366fd12792d88fb9c28ef88 (commit)


- Log -----------------------------------------------------------------
commit f71a7453589b29819f2e35b8cf08c8423b0d27a3
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Wed Apr 28 13:01:48 2021 +1000

    Fixes #14662. Return all EC parameters even for named curves
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15060)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_backend.c           | 204 +++++++++++++++++++++++++--------------
 providers/fips-sources.checksums |   2 +-
 providers/fips.checksum          |   2 +-
 test/evp_pkey_provided_test.c    |  30 ++++++
 4 files changed, 162 insertions(+), 76 deletions(-)

diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index 581c006fd0..6acfa21f69 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -150,61 +150,42 @@ char *ossl_ec_pt_format_id2name(int id)
     return NULL;
 }
 
-int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
-                         OSSL_PARAM params[], OSSL_LIB_CTX *libctx,
-                         const char *propq,
-                         BN_CTX *bnctx, unsigned char **genbuf)
+static int ec_group_explicit_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
+                                    OSSL_PARAM params[], BN_CTX *bnctx,
+                                    unsigned char **genbuf)
 {
-    int ret = 0, curve_nid, encoding_flag;
-    const char *field_type, *encoding_name, *pt_form_name;
-    const BIGNUM *cofactor, *order;
-    BIGNUM *p = NULL, *a = NULL, *b = NULL;
-    point_conversion_form_t genform;
-    const EC_POINT *genpt;
-    unsigned char *seed = NULL;
-    size_t genbuf_len, seed_len;
-
-    if (group == NULL) {
-        ERR_raise(ERR_LIB_EC,EC_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-
-    genform = EC_GROUP_get_point_conversion_form(group);
-    pt_form_name = ossl_ec_pt_format_id2name(genform);
-    if (pt_form_name == NULL
-        || !ossl_param_build_set_utf8_string(
-                tmpl, params,
-                OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) {
-        ECerr(0, EC_R_INVALID_FORM);
-        return 0;
-    }
-    encoding_flag = EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE;
-    encoding_name = ec_param_encoding_id2name(encoding_flag);
-    if (encoding_name == NULL
-        || !ossl_param_build_set_utf8_string(tmpl, params,
-                                             OSSL_PKEY_PARAM_EC_ENCODING,
-                                             encoding_name)) {
-        ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+    int ret = 0, fid;
+    const char *field_type;
+    const OSSL_PARAM *param = NULL;
+    const OSSL_PARAM *param_p = NULL;
+    const OSSL_PARAM *param_a = NULL;
+    const OSSL_PARAM *param_b = NULL;
+
+    fid = EC_GROUP_get_field_type(group);
+
+    if (fid == NID_X9_62_prime_field) {
+        field_type = SN_X9_62_prime_field;
+    } else if (fid == NID_X9_62_characteristic_two_field) {
+#ifdef OPENSSL_NO_EC2M
+        ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
+        goto err;
+#else
+        field_type = SN_X9_62_characteristic_two_field;
+#endif
+    } else {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD);
         return 0;
     }
 
-    curve_nid = EC_GROUP_get_curve_name(group);
-    if (curve_nid == NID_undef) {
-        /* explicit curve */
-        int fid = EC_GROUP_get_field_type(group);
-
-        if (fid == NID_X9_62_prime_field) {
-            field_type = SN_X9_62_prime_field;
-        } else if (fid == NID_X9_62_characteristic_two_field) {
-            field_type = SN_X9_62_characteristic_two_field;
-        } else {
-            ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD);
-            return 0;
-        }
+    param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_P);
+    param_a = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_A);
+    param_b = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_B);
+    if (tmpl != NULL || param_p != NULL || param_a != NULL || param_b != NULL)
+    {
+        BIGNUM *p = BN_CTX_get(bnctx);
+        BIGNUM *a = BN_CTX_get(bnctx);
+        BIGNUM *b = BN_CTX_get(bnctx);
 
-        p = BN_CTX_get(bnctx);
-        a = BN_CTX_get(bnctx);
-        b = BN_CTX_get(bnctx);
         if (b == NULL) {
             ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -214,13 +195,45 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE);
             goto err;
         }
+        if (!ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_P, p)
+            || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_A, a)
+            || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_B, b)) {
+            ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ORDER);
+    if (tmpl != NULL || param != NULL) {
+        const BIGNUM *order = EC_GROUP_get0_order(group);
 
-        order = EC_GROUP_get0_order(group);
         if (order == NULL) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER);
             goto err;
         }
-        genpt = EC_GROUP_get0_generator(group);
+        if (!ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_ORDER,
+                                    order)) {
+            ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE);
+    if (tmpl != NULL || param != NULL) {
+        if (!ossl_param_build_set_utf8_string(tmpl, params,
+                                              OSSL_PKEY_PARAM_EC_FIELD_TYPE,
+                                              field_type)) {
+            ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GENERATOR);
+    if (tmpl != NULL || param != NULL) {
+        size_t genbuf_len;
+        const EC_POINT *genpt = EC_GROUP_get0_generator(group);
+        point_conversion_form_t genform = EC_GROUP_get_point_conversion_form(group);
+
         if (genpt == NULL) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
             goto err;
@@ -230,32 +243,31 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
             goto err;
         }
-
-        if (!ossl_param_build_set_utf8_string(tmpl, params,
-                                              OSSL_PKEY_PARAM_EC_FIELD_TYPE,
-                                              field_type)
-            || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_P, p)
-            || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_A, a)
-            || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_B, b)
-            || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_ORDER,
-                                        order)
-            || !ossl_param_build_set_octet_string(tmpl, params,
-                                                  OSSL_PKEY_PARAM_EC_GENERATOR,
-                                                  *genbuf, genbuf_len)) {
+        if (!ossl_param_build_set_octet_string(tmpl, params,
+                                               OSSL_PKEY_PARAM_EC_GENERATOR,
+                                               *genbuf, genbuf_len)) {
             ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
             goto err;
         }
+    }
+
+    param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_COFACTOR);
+    if (tmpl != NULL || param != NULL) {
+        const BIGNUM *cofactor = EC_GROUP_get0_cofactor(group);
 
-        cofactor = EC_GROUP_get0_cofactor(group);
         if (cofactor != NULL
             && !ossl_param_build_set_bn(tmpl, params,
                                         OSSL_PKEY_PARAM_EC_COFACTOR, cofactor)) {
             ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
             goto err;
         }
+    }
+
+    param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED);
+    if (tmpl != NULL || param != NULL) {
+        unsigned char *seed = EC_GROUP_get0_seed(group);
+        size_t seed_len = EC_GROUP_get_seed_len(group);
 
-        seed = EC_GROUP_get0_seed(group);
-        seed_len = EC_GROUP_get_seed_len(group);
         if (seed != NULL
             && seed_len > 0
             && !ossl_param_build_set_octet_string(tmpl, params,
@@ -264,14 +276,58 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
             ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-#ifdef OPENSSL_NO_EC2M
-        if (fid == NID_X9_62_characteristic_two_field) {
-            ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
+    }
+    ret = 1;
+err:
+    return ret;
+}
+
+int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
+                         OSSL_PARAM params[], OSSL_LIB_CTX *libctx,
+                         const char *propq,
+                         BN_CTX *bnctx, unsigned char **genbuf)
+{
+    int ret = 0, curve_nid, encoding_flag;
+    const char *encoding_name, *pt_form_name;
+    point_conversion_form_t genform;
+
+    if (group == NULL) {
+        ERR_raise(ERR_LIB_EC,EC_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    genform = EC_GROUP_get_point_conversion_form(group);
+    pt_form_name = ossl_ec_pt_format_id2name(genform);
+    if (pt_form_name == NULL
+        || !ossl_param_build_set_utf8_string(
+                tmpl, params,
+                OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_FORM);
+        return 0;
+    }
+    encoding_flag = EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE;
+    encoding_name = ec_param_encoding_id2name(encoding_flag);
+    if (encoding_name == NULL
+        || !ossl_param_build_set_utf8_string(tmpl, params,
+                                             OSSL_PKEY_PARAM_EC_ENCODING,
+                                             encoding_name)) {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    curve_nid = EC_GROUP_get_curve_name(group);
+
+    /*
+     * Get the explicit parameters in these two cases:
+     * - We do not have a template, i.e. specific parameters are requested
+     * - The curve is not a named curve
+     */
+    if (tmpl == NULL || curve_nid == NID_undef)
+        if (!ec_group_explicit_todata(group, tmpl, params, bnctx, genbuf))
             goto err;
-        }
-#endif
-    } else {
-        /* named curve */
+
+    if (curve_nid != NID_undef) {
+        /* Named curve */
         const char *curve_name = ossl_ec_curve_nid2name(curve_nid);
 
         if (curve_name == NULL
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 805b2da9c2..7d924a1d74 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -142,7 +142,7 @@ d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curv
 ed003170c5eaaaa4a33f4ef37b43465f2ba7a5fa5fec2d7d17c1e0897ea818d7  crypto/ec/ec2_oct.c
 7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
-5083d893493e7aba1ce6c3b70d1ce164483b6b0e78afe8651e67f8d3b8c8ce6d  crypto/ec/ec_backend.c
+8cf8af8e9bfc29e0cdc41720ec4a6d6c74eb5c15a9fc8193f8ec8270c0df1d37  crypto/ec/ec_backend.c
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index ab881aa507..37b689fe20 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-734ff29885aaf5d08474ad7e36f7ec6ea1813ce9c917d335225fe8fe284f38f1  providers/fips-sources.checksums
+701feb062161f63a81338d74c0837f79dee9b5e793778576b750e2037ba136bf  providers/fips-sources.checksums
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index c935e6288b..681a8e5846 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -1117,6 +1117,13 @@ static int test_fromdata_ec(void)
     char out_curve_name[80];
     const OSSL_PARAM *gettable = NULL;
     size_t len;
+    EC_GROUP *group = NULL;
+    BIGNUM *group_a = NULL;
+    BIGNUM *group_b = NULL;
+    BIGNUM *group_p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *p = NULL;
 
 
     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
@@ -1168,6 +1175,22 @@ static int test_fromdata_ec(void)
                                                  OSSL_PKEY_PARAM_PRIV_KEY)))
             goto err;
 
+        if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
+            || !TEST_ptr(group_p = BN_new())
+            || !TEST_ptr(group_a = BN_new())
+            || !TEST_ptr(group_b = BN_new())
+            || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
+            goto err;
+
+        if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
+            || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
+            || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
+            goto err;
+
+        if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
+            || !TEST_BN_eq(group_b, b))
+            goto err;
+
         if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
                                             out_curve_name,
                                             sizeof(out_curve_name),
@@ -1198,6 +1221,13 @@ static int test_fromdata_ec(void)
     }
 
 err:
+    EC_GROUP_free(group);
+    BN_free(group_a);
+    BN_free(group_b);
+    BN_free(group_p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(p);
     BN_free(bn_priv);
     BN_free(ec_priv_bn);
     OSSL_PARAM_free(fromdata_params);

From tomas at openssl.org  Fri May  7 13:41:08 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 07 May 2021 13:41:08 +0000
Subject: [openssl]  master update
Message-ID: <1620394868.945956.1760.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c9f18e5990654e83bab77eb2a80ed0073293d952 (commit)
      from  f71a7453589b29819f2e35b8cf08c8423b0d27a3 (commit)


- Log -----------------------------------------------------------------
commit c9f18e5990654e83bab77eb2a80ed0073293d952
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 6 13:28:13 2021 +0200

    Unify parameter types in documentation
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15178)

-----------------------------------------------------------------------

Summary of changes:
 doc/man7/EVP_KDF-KB.pod         |  4 ++--
 doc/man7/EVP_KEYEXCH-DH.pod     |  4 ++--
 doc/man7/EVP_KEYEXCH-ECDH.pod   | 13 +++++++------
 doc/man7/EVP_PKEY-DH.pod        |  2 +-
 doc/man7/EVP_PKEY-EC.pod        | 12 ++++++------
 doc/man7/EVP_PKEY-FFC.pod       |  6 +++---
 doc/man7/EVP_PKEY-X25519.pod    |  2 +-
 doc/man7/EVP_RAND-CTR-DRBG.pod  |  2 +-
 doc/man7/provider-base.pod      | 18 +++++++++---------
 doc/man7/provider-cipher.pod    |  2 +-
 doc/man7/provider-object.pod    |  8 ++++----
 doc/man7/provider-storemgmt.pod |  4 ++--
 12 files changed, 39 insertions(+), 38 deletions(-)

diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod
index 3020a42a81..d4fad66f76 100644
--- a/doc/man7/EVP_KDF-KB.pod
+++ b/doc/man7/EVP_KDF-KB.pod
@@ -47,12 +47,12 @@ The value is either CMAC or HMAC.
 
 The seed parameter is unused in counter mode.
 
-=item "use-l" (B<OSSL_KDF_PARAM_KBKDF_USE_L>) <int>
+=item "use-l" (B<OSSL_KDF_PARAM_KBKDF_USE_L>) <integer>
 
 Set to B<0> to disable use of the optional Fixed Input data 'L' (see SP800-108).
 The default value of B<1> will be used if unspecified.
 
-=item "use-separator" (B<OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR>) <int>
+=item "use-separator" (B<OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR>) <integer>
 
 Set to B<0> to disable use of the optional Fixed Input data 'zero separator'
 (see SP800-108) that is placed between the Label and Context.
diff --git a/doc/man7/EVP_KEYEXCH-DH.pod b/doc/man7/EVP_KEYEXCH-DH.pod
index 34930ef1f7..fc38531ae9 100644
--- a/doc/man7/EVP_KEYEXCH-DH.pod
+++ b/doc/man7/EVP_KEYEXCH-DH.pod
@@ -17,12 +17,12 @@ Key exchange support for the B<DH> key type.
 
 See L<provider-keyexch(7)/Common Key Exchange parameters>.
 
-=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet_string>
+=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
 
 Sets the User Key Material to be used as part of the selected Key Derivation
 Function associated with the given key exchange ctx.
 
-=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet_string_ptr>
+=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string ptr>
 
 Gets a pointer to the User Key Material to be used as part of the selected
 Key Derivation Function associated with the given key exchange ctx. Providers
diff --git a/doc/man7/EVP_KEYEXCH-ECDH.pod b/doc/man7/EVP_KEYEXCH-ECDH.pod
index 001df6ba0c..95076b1ebd 100644
--- a/doc/man7/EVP_KEYEXCH-ECDH.pod
+++ b/doc/man7/EVP_KEYEXCH-ECDH.pod
@@ -31,33 +31,34 @@ See also L<provider-keymgmt(7)> for the related
 B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> parameter that can be set on a
 per-key basis.
 
-=item "kdf-type" (B<OSSL_EXCHANGE_PARAM_KDF_TYPE>) <utf8_string>
+=item "kdf-type" (B<OSSL_EXCHANGE_PARAM_KDF_TYPE>) <UTF8 string>
 
 Sets or gets the Key Derivation Function type to apply within the associated key
 exchange ctx.
 
-=item "kdf-digest" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST>) <utf8_string>
+=item "kdf-digest" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST>) <UTF8 string>
 
 Sets or gets the Digest algorithm to be used as part of the Key Derivation Function
 associated with the given key exchange ctx.
 
-=item "kdf-digest-props" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS>) <utf8_string>
+=item "kdf-digest-props" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS>) <UTF8 string>
 
 Sets properties to be used upon look up of the implementation for the selected
 Digest algorithm for the Key Derivation Function associated with the given key
 exchange ctx.
 
-=item "kdf-outlen" (B<OSSL_EXCHANGE_PARAM_KDF_OUTLEN>) <size_t>
+=item "kdf-outlen" (B<OSSL_EXCHANGE_PARAM_KDF_OUTLEN>) <unsigned integer>
 
 Sets or gets the desired size for the output of the chosen Key Derivation Function
 associated with the given key exchange ctx.
+The length of the "kdf-outlen" parameter should not exceed that of a B<size_t>.
 
-=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet_string>
+=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
 
 Sets the User Key Material to be used as part of the selected Key Derivation
 Function associated with the given key exchange ctx.
 
-=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet_string_ptr>
+=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string ptr>
 
 Gets a pointer to the User Key Material to be used as part of the selected
 Key Derivation Function associated with the given key exchange ctx. Providers
diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod
index 63ab9d10d1..c5ba90ec8c 100644
--- a/doc/man7/EVP_PKEY-DH.pod
+++ b/doc/man7/EVP_PKEY-DH.pod
@@ -90,7 +90,7 @@ B<DH> and B<DHX> keytype implementation supports the following:
 
 =over 4
 
-=item "type" (B<OSSL_PKEY_PARAM_FFC_TYPE>) <utf8_string>
+=item "type" (B<OSSL_PKEY_PARAM_FFC_TYPE>) <UTF8 string>
 
 Sets the type of parameter generation. For B<DH> valid values are:
 
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
index 7555d71957..839d18a894 100644
--- a/doc/man7/EVP_PKEY-EC.pod
+++ b/doc/man7/EVP_PKEY-EC.pod
@@ -24,11 +24,11 @@ built-in EC algorithm:
 
 =over 4
 
-=item "group" (B<OSSL_PKEY_PARAM_GROUP_NAME>) <utf8 string>
+=item "group" (B<OSSL_PKEY_PARAM_GROUP_NAME>) <UTF8 string>
 
 The curve name.
 
-=item "field-type" (B<OSSL_PKEY_PARAM_EC_FIELD_TYPE>) <utf8 string>
+=item "field-type" (B<OSSL_PKEY_PARAM_EC_FIELD_TYPE>) <UTF8 string>
 
 The value should be either "prime-field" or "characteristic-two-field",
 which correspond to prime field Fp and binary field F2^m.
@@ -74,18 +74,18 @@ Enable Cofactor DH (ECC CDH) if this value is 1, otherwise it uses normal EC DH
 if the value is zero. The cofactor variant multiplies the shared secret by the
 EC curve's cofactor (note for some curves the cofactor is 1).
 
-=item "encoding" (B<OSSL_PKEY_PARAM_EC_ENCODING>) <utf8 string>
+=item "encoding" (B<OSSL_PKEY_PARAM_EC_ENCODING>) <UTF8 string>
 
 Set the format used for serializing the EC group parameters.
 Valid values are "explicit" or "named_curve". The default value is "named_curve".
 
-=item "point-format" (B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>) <utf8 string>
+=item "point-format" (B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>) <UTF8 string>
 
 Sets or gets the point_conversion_form for the I<key>. For a description of
 point_conversion_forms please see L<EC_POINT_new(3)>. Valid values are
 "uncompressed" or "compressed". The default value is "uncompressed".
 
-=item "group-check" (B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>) <utf8 string>
+=item "group-check" (B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>) <UTF8 string>
 
 Sets or Gets the type of group check done when EVP_PKEY_param_check() is called.
 Valid values are "default", "named" and "named-nist".
@@ -123,7 +123,7 @@ The following Gettable types are also available for the built-in EC algorithm:
 
 =over 4
 
-=item "basis-type" (B<OSSL_PKEY_PARAM_EC_CHAR2_TYPE>) <utf8 string>
+=item "basis-type" (B<OSSL_PKEY_PARAM_EC_CHAR2_TYPE>) <UTF8 string>
 
 Supports the values "tpBasis" for a trinomial or "ppBasis" for a pentanomial.
 This field is only used for a binary field F2^m.
diff --git a/doc/man7/EVP_PKEY-FFC.pod b/doc/man7/EVP_PKEY-FFC.pod
index e345580ec1..9de066a865 100644
--- a/doc/man7/EVP_PKEY-FFC.pod
+++ b/doc/man7/EVP_PKEY-FFC.pod
@@ -108,7 +108,7 @@ The following key generation types are available for DSA and DHX algorithms:
 
 =over 4
 
-=item "type" (B<OSSL_PKEY_PARAM_FFC_TYPE>) <utf8_string>
+=item "type" (B<OSSL_PKEY_PARAM_FFC_TYPE>) <UTF8 string>
 
 Sets the type of parameter generation. The shared valid values are:
 
@@ -140,13 +140,13 @@ Sets the size (in bits) of the prime 'q'.
 For "fips186_4" this can be either 224 or 256.
 For "fips186_2" this has a size of 160.
 
-=item "digest" (B<OSSL_PKEY_PARAM_FFC_DIGEST>)  <utf8_string>
+=item "digest" (B<OSSL_PKEY_PARAM_FFC_DIGEST>)  <UTF8 string>
 
 Sets the Digest algorithm to be used as part of the Key Generation Function
 associated with the given Key Generation I<ctx>.
 This must also be set for key validation.
 
-=item "properties" (B<OSSL_PKEY_PARAM_FFC_DIGEST_PROPS>) <utf8_string>
+=item "properties" (B<OSSL_PKEY_PARAM_FFC_DIGEST_PROPS>) <UTF8 string>
 
 Sets properties to be used upon look up of the implementation for the selected
 Digest algorithm for the Key Generation Function associated with the given key
diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod
index 80a1a627d0..6fa75ba3c1 100644
--- a/doc/man7/EVP_PKEY-X25519.pod
+++ b/doc/man7/EVP_PKEY-X25519.pod
@@ -52,7 +52,7 @@ RFC7748.
 
 =over 4
 
-=item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <utf8 string>
+=item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <UTF8 string>
 
 The empty string, signifying that no digest may be specified.
 
diff --git a/doc/man7/EVP_RAND-CTR-DRBG.pod b/doc/man7/EVP_RAND-CTR-DRBG.pod
index a8e92e5235..57e53c314b 100644
--- a/doc/man7/EVP_RAND-CTR-DRBG.pod
+++ b/doc/man7/EVP_RAND-CTR-DRBG.pod
@@ -50,7 +50,7 @@ The supported parameters are:
 
 These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.
 
-=item "use_derivation_function" (B<OSSL_DRBG_PARAM_USE_DF>) <int>
+=item "use_derivation_function" (B<OSSL_DRBG_PARAM_USE_DF>) <integer>
 
 This Boolean indicates if a derivation function should be used or not.
 A nonzero value (the default) uses the derivation function.  A zero value
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 7bead3a45d..c07f9fddf6 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -313,17 +313,17 @@ provider_get_params() can return the following provider parameters to the core:
 
 =over 4
 
-=item "name" (B<OSSL_PROV_PARAM_NAME>) <UTF8_ptr>
+=item "name" (B<OSSL_PROV_PARAM_NAME>) <UTF8 string ptr>
 
 This points to a string that should give a unique name for the provider.
 
-=item "version" (B<OSSL_PROV_PARAM_VERSION>) <UTF8_ptr>
+=item "version" (B<OSSL_PROV_PARAM_VERSION>) <UTF8 string ptr>
 
 This points to a string that is a version number associated with this provider.
 OpenSSL in-built providers use OPENSSL_VERSION_STR, but this may be different
 for any third party provider. This string is for informational purposes only.
 
-=item "buildinfo" (B<OSSL_PROV_PARAM_BUILDINFO>) <UTF8_ptr>
+=item "buildinfo" (B<OSSL_PROV_PARAM_BUILDINFO>) <UTF8 string ptr>
 
 This points to a string that is a build information associated with this provider.
 OpenSSL in-built providers use OPENSSL_FULL_VERSION_STR, but this may be
@@ -345,16 +345,16 @@ core_get_params() can retrieve the following core parameters for each provider:
 
 =over 4
 
-=item "openssl-version" (B<OSSL_PROV_PARAM_CORE_VERSION>) <UTF8_ptr>
+=item "openssl-version" (B<OSSL_PROV_PARAM_CORE_VERSION>) <UTF8 string ptr>
 
 This points to the OpenSSL libraries' full version string, i.e. the string
 expanded from the macro B<OPENSSL_VERSION_STR>.
 
-=item "provider-name" (B<OSSL_PROV_PARAM_CORE_PROV_NAME>) <UTF8_ptr>
+=item "provider-name" (B<OSSL_PROV_PARAM_CORE_PROV_NAME>) <UTF8 string ptr>
 
 This points to the OpenSSL libraries' idea of what the calling provider is named.
 
-=item "module-filename" (B<OSSL_PROV_PARAM_CORE_MODULE_FILENAME>) <UTF8_ptr>
+=item "module-filename" (B<OSSL_PROV_PARAM_CORE_MODULE_FILENAME>) <UTF8 string ptr>
 
 This points to a string containing the full filename of the providers
 module file.
@@ -433,12 +433,12 @@ B<OSSL_CAPABILITY_TLS_GROUP_IS_KEM>):
 
 =over 4
 
-=item "tls-group-name" (B<OSSL_CAPABILITY_TLS_GROUP_NAME>) <utf8 string>
+=item "tls-group-name" (B<OSSL_CAPABILITY_TLS_GROUP_NAME>) <UTF8 string>
 
 The name of the group as given in the IANA TLS Supported Groups registry
 L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>.
 
-=item "tls-group-name-internal" (B<OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL>) <utf8 string>
+=item "tls-group-name-internal" (B<OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL>) <UTF8 string>
 
 The name of the group as known by the provider. This could be the same as the
 "tls-group-name", but does not have to be.
@@ -447,7 +447,7 @@ The name of the group as known by the provider. This could be the same as the
 
 The TLS group id value as given in the IANA TLS Supported Groups registry.
 
-=item "tls-group-alg" (B<OSSL_CAPABILITY_TLS_GROUP_ALG>) <utf8 string>
+=item "tls-group-alg" (B<OSSL_CAPABILITY_TLS_GROUP_ALG>) <UTF8 string>
 
 The name of a Key Management algorithm that the provider offers and that should
 be used with this group. Keys created should be able to support I<key exchange>
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 26c4e57852..c0ff5f9d51 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -435,7 +435,7 @@ Byte 11-12: Input length (Always 0)
 
 Gets the result of running the "tls1multi_aad" operation.
 
-=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <utf8 string>
+=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
 
 Sets the cipher text stealing mode. For all modes the output size is the same as
 the input size.
diff --git a/doc/man7/provider-object.pod b/doc/man7/provider-object.pod
index 2380dd4b17..0032477e0f 100644
--- a/doc/man7/provider-object.pod
+++ b/doc/man7/provider-object.pod
@@ -94,7 +94,7 @@ of the following parameters:
 
 =over 4
 
-=item "data" (B<OSSL_OBJECT_PARAM_DATA>) <octet string> or <utf8 string>
+=item "data" (B<OSSL_OBJECT_PARAM_DATA>) <octet string> or <UTF8 string>
 
 The object data I<passed by value>.
 
@@ -142,7 +142,7 @@ B<X509_CRL> object with d2i_X509_CRL().
 
 =back
 
-=item "data-type" (B<OSSL_OBJECT_PARAM_DATA_TYPE>) <utf8 string>
+=item "data-type" (B<OSSL_OBJECT_PARAM_DATA_TYPE>) <UTF8 string>
 
 The specific type of the object content.  Legitimate values depend on the
 object type; if it is B<OSSL_OBJECT_PKEY>, the data type is expected to be a
@@ -153,12 +153,12 @@ data.
 is either missing or has the value OSSL_OBJECT_UNKNOWN), libcrypto
 interprets the object data type as the input type for a decoder.
 
-=item "data-structure" (B<OSSL_OBJECT_PARAM_DATA_STRUCTURE>) <utf8 string>
+=item "data-structure" (B<OSSL_OBJECT_PARAM_DATA_STRUCTURE>) <UTF8 string>
 
 The outermost structure of the object content.  Legitimate values depend on
 the object type.
 
-=item "desc" (B<OSSL_OBJECT_PARAM_DESC>) <utf8 string>
+=item "desc" (B<OSSL_OBJECT_PARAM_DESC>) <UTF8 string>
 
 A human readable text that describes extra details on the object.
 
diff --git a/doc/man7/provider-storemgmt.pod b/doc/man7/provider-storemgmt.pod
index d34f0377ae..0da07a11dc 100644
--- a/doc/man7/provider-storemgmt.pod
+++ b/doc/man7/provider-storemgmt.pod
@@ -141,14 +141,14 @@ The contents of the octet string is expected to be in DER form.
 Indicates that the caller wants to search for an object with the given
 serial number associated.
 
-=item "digest" (B<OSSL_STORE_PARAM_DIGEST>) <utf8 string>
+=item "digest" (B<OSSL_STORE_PARAM_DIGEST>) <UTF8 string>
 
 =item "fingerprint" (B<OSSL_STORE_PARAM_FINGERPRINT>) <octet string>
 
 Indicates that the caller wants to search for an object with the given
 fingerprint, computed with the given digest.
 
-=item "alias" (B<OSSL_STORE_PARAM_ALIAS>) <utf8 string>
+=item "alias" (B<OSSL_STORE_PARAM_ALIAS>) <UTF8 string>
 
 Indicates that the caller wants to search for an object with the given
 alias (some call it a "friendly name").

From tomas at openssl.org  Fri May  7 13:43:45 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 07 May 2021 13:43:45 +0000
Subject: [openssl]  master update
Message-ID: <1620395025.025755.2935.nullmailer@dev.openssl.org>

The branch master has been updated
       via  43d78564990a685f60e2fc0ab009735161d07434 (commit)
      from  c9f18e5990654e83bab77eb2a80ed0073293d952 (commit)


- Log -----------------------------------------------------------------
commit 43d78564990a685f60e2fc0ab009735161d07434
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 6 14:05:59 2021 +0200

    Updated gost-engine to latest commit from master branch
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/15180)

-----------------------------------------------------------------------

Summary of changes:
 gost-engine | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gost-engine b/gost-engine
index 1b684f3f90..62583fb222 160000
--- a/gost-engine
+++ b/gost-engine
@@ -1 +1 @@
-Subproject commit 1b684f3f906bc81154ca1d5af7d6bc60199f1f9c
+Subproject commit 62583fb222ec89ff4f6aa3d18b91ed3e64ed5cea

From pauli at openssl.org  Fri May  7 13:54:20 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 07 May 2021 13:54:20 +0000
Subject: [openssl]  master update
Message-ID: <1620395660.101122.29589.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9b53932b6fb359ad2063a640a3db3d2c5f44cfaa (commit)
       via  4ed1f0bc70955c1f9874b761777937e2962db382 (commit)
       via  2876528de594308df43301a5f282e7eec69b8ff5 (commit)
       via  ced7df26382e7b1713ac6662958933d31151b4b8 (commit)
       via  0090e50890ce7691f7d6ba4a301b17c2ce58a204 (commit)
      from  43d78564990a685f60e2fc0ab009735161d07434 (commit)


- Log -----------------------------------------------------------------
commit 9b53932b6fb359ad2063a640a3db3d2c5f44cfaa
Author: Pauli <pauli at openssl.org>
Date:   Fri May 7 23:51:27 2021 +1000

    FIPS checksum update
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15042)

commit 4ed1f0bc70955c1f9874b761777937e2962db382
Author: Pauli <pauli at openssl.org>
Date:   Wed May 5 20:47:02 2021 +1000

    provider: use a read lock when looking for a provider
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15042)

commit 2876528de594308df43301a5f282e7eec69b8ff5
Author: Pauli <pauli at openssl.org>
Date:   Wed May 5 11:22:08 2021 +1000

    doc: document the new ossl_provider_clear_all_operation_bits() function
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15042)

commit ced7df26382e7b1713ac6662958933d31151b4b8
Author: Pauli <pauli at openssl.org>
Date:   Tue Apr 27 15:29:16 2021 +1000

    test: add a provider load/unload cache flush test.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15042)

commit 0090e50890ce7691f7d6ba4a301b17c2ce58a204
Author: Pauli <pauli at openssl.org>
Date:   Tue Apr 27 15:17:25 2021 +1000

    provider: flush the store cache when providers are loaded/unloaded.
    
    When the providers change, the method cache needs to be flushed.  This also
    impacts the cache is full partial flushes and the algorithm flushing by ID.
    
    A new function is introduced to clear all of the operation bits in all
    providers in a library context.
    
    Fixes #15032
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15042)

-----------------------------------------------------------------------

Summary of changes:
 crypto/property/property.c              |  5 ++
 crypto/provider_core.c                  | 95 +++++++++++++++++++++++++++------
 doc/internal/man3/ossl_provider_new.pod | 10 +++-
 include/internal/provider.h             |  1 +
 providers/fips-sources.checksums        |  4 +-
 providers/fips.checksum                 |  2 +-
 test/provider_internal_test.c           | 38 +++++++++++++
 7 files changed, 134 insertions(+), 21 deletions(-)

diff --git a/crypto/property/property.c b/crypto/property/property.c
index b120dbe460..2b841a2204 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -12,7 +12,9 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <openssl/crypto.h>
+#include "internal/core.h"
 #include "internal/property.h"
+#include "internal/provider.h"
 #include "crypto/ctype.h"
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
@@ -425,6 +427,7 @@ static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid)
     ALGORITHM *alg = ossl_method_store_retrieve(store, nid);
 
     if (alg != NULL) {
+        ossl_provider_clear_all_operation_bits(store->ctx);
         store->nelem -= lh_QUERY_num_items(alg->cache);
         impl_cache_flush_alg(0, alg, NULL);
     }
@@ -436,6 +439,7 @@ int ossl_method_store_flush_cache(OSSL_METHOD_STORE *store, int all)
 
     if (!ossl_property_write_lock(store))
         return 0;
+    ossl_provider_clear_all_operation_bits(store->ctx);
     ossl_sa_ALGORITHM_doall_arg(store->algs, &impl_cache_flush_alg, arg);
     store->nelem = 0;
     ossl_property_unlock(store);
@@ -500,6 +504,7 @@ static void ossl_method_cache_flush_some(OSSL_METHOD_STORE *store)
     state.nelem = 0;
     if ((state.seed = OPENSSL_rdtsc()) == 0)
         state.seed = 1;
+    ossl_provider_clear_all_operation_bits(store->ctx);
     store->need_flush = 0;
     ossl_sa_ALGORITHM_doall_arg(store->algs, &impl_cache_flush_one_alg, &state);
     store->nelem = state.nelem;
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 1ef2cd5ca7..c419e6f644 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -116,6 +116,7 @@ struct provider_store_st {
     CRYPTO_RWLOCK *lock;
     char *default_path;
     unsigned int use_fallbacks:1;
+    unsigned int freeing:1;
 };
 
 /*
@@ -137,6 +138,7 @@ static void provider_store_free(void *vstore)
 
     if (store == NULL)
         return;
+    store->freeing = 1;
     OPENSSL_free(store->default_path);
     sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free);
     CRYPTO_THREAD_lock_free(store->default_path_lock);
@@ -236,7 +238,7 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
 #endif
 
         tmpl.name = (char *)name;
-        if (!CRYPTO_THREAD_write_lock(store->lock))
+        if (!CRYPTO_THREAD_read_lock(store->lock))
             return NULL;
         if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
             || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL
@@ -676,44 +678,76 @@ static int provider_init(OSSL_PROVIDER *prov, int flag_lock)
     return ok;
 }
 
+/*
+ * Deactivate a provider.
+ * Return -1 on failure and the activation count on success
+ */
 static int provider_deactivate(OSSL_PROVIDER *prov)
 {
+    int count;
+
     if (!ossl_assert(prov != NULL))
-        return 0;
+        return -1;
 
     if (!CRYPTO_THREAD_write_lock(prov->flag_lock))
-        return 0;
+        return -1;
 
-    if (--prov->activatecnt < 1)
+    if ((count = --prov->activatecnt) < 1)
         prov->flag_activated = 0;
 
     CRYPTO_THREAD_unlock(prov->flag_lock);
 
     /* We don't deinit here, that's done in ossl_provider_free() */
-    return 1;
+    return count;
 }
 
+/*
+ * Activate a provider.
+ * Return -1 on failure and the activation count on success
+ */
 static int provider_activate(OSSL_PROVIDER *prov, int flag_lock)
 {
+    int count;
+
     if (provider_init(prov, flag_lock)) {
         if (flag_lock && !CRYPTO_THREAD_write_lock(prov->flag_lock))
-            return 0;
-        prov->activatecnt++;
+            return -1;
+        count = ++prov->activatecnt;
         prov->flag_activated = 1;
         if (flag_lock)
             CRYPTO_THREAD_unlock(prov->flag_lock);
 
-        return 1;
+        return count;
     }
 
-    return 0;
+    return -1;
+}
+
+static int provider_flush_store_cache(const OSSL_PROVIDER *prov)
+{
+    struct provider_store_st *store;
+    int freeing;
+
+    if ((store = get_provider_store(prov->libctx)) == NULL)
+        return 0;
+
+    if (!CRYPTO_THREAD_read_lock(store->lock))
+        return 0;
+    freeing = store->freeing;
+    CRYPTO_THREAD_unlock(store->lock);
+
+    if (!freeing)
+        return evp_method_store_flush(prov->libctx);
+    return 1;
 }
 
 int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks)
 {
+    int count;
+
     if (prov == NULL)
         return 0;
-    if (provider_activate(prov, 1)) {
+    if ((count = provider_activate(prov, 1)) > 0) {
         if (!retain_fallbacks) {
             if (!CRYPTO_THREAD_write_lock(prov->store->lock)) {
                 provider_deactivate(prov);
@@ -722,16 +756,18 @@ int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks)
             prov->store->use_fallbacks = 0;
             CRYPTO_THREAD_unlock(prov->store->lock);
         }
-        return 1;
+        return count == 1 ? provider_flush_store_cache(prov) : 1;
     }
     return 0;
 }
 
 int ossl_provider_deactivate(OSSL_PROVIDER *prov)
 {
-    if (prov == NULL)
+    int count;
+
+    if (prov == NULL || (count = provider_deactivate(prov)) < 0)
         return 0;
-    return provider_deactivate(prov);
+    return count == 0 ? provider_flush_store_cache(prov) : 1;
 }
 
 void *ossl_provider_ctx(const OSSL_PROVIDER *prov)
@@ -773,7 +809,7 @@ static void provider_activate_fallbacks(struct provider_store_st *store)
 
         if (ossl_provider_up_ref(prov)) {
             if (prov->flag_fallback) {
-                if (provider_activate(prov, 1))
+                if (provider_activate(prov, 1) > 0)
                     activated_fallback_count++;
             }
             ossl_provider_free(prov);
@@ -843,7 +879,7 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
              * It's already activated, but we up the activated count to ensure
              * it remains activated until after we've called the user callback.
              */
-            if (!provider_activate(prov, 0)) {
+            if (provider_activate(prov, 0) < 0) {
                 ossl_provider_free(prov);
                 CRYPTO_THREAD_unlock(prov->flag_lock);
                 goto err_unlock;
@@ -984,7 +1020,7 @@ int ossl_provider_self_test(const OSSL_PROVIDER *prov)
         return 1;
     ret = prov->self_test(prov->provctx);
     if (ret == 0)
-        (void)evp_method_store_flush(ossl_provider_libctx(prov));
+        (void)provider_flush_store_cache(prov);
     return ret;
 }
 
@@ -1022,6 +1058,33 @@ void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov,
         prov->unquery_operation(prov->provctx, operation_id, algs);
 }
 
+int ossl_provider_clear_all_operation_bits(OSSL_LIB_CTX *libctx)
+{
+    struct provider_store_st *store;
+    OSSL_PROVIDER *provider;
+    int i, num, res = 1;
+
+    if ((store = get_provider_store(libctx)) != NULL) {
+        if (!CRYPTO_THREAD_read_lock(store->lock))
+            return 0;
+        num = sk_OSSL_PROVIDER_num(store->providers);
+        for (i = 0; i < num; i++) {
+            provider = sk_OSSL_PROVIDER_value(store->providers, i);
+            if (!CRYPTO_THREAD_write_lock(provider->opbits_lock)) {
+                res = 0;
+                continue;
+            }
+            if (provider->operation_bits != NULL)
+                memset(provider->operation_bits, 0,
+                       provider->operation_bits_sz);
+            CRYPTO_THREAD_unlock(provider->opbits_lock);
+        }
+        CRYPTO_THREAD_unlock(store->lock);
+        return res;
+    }
+    return 0;
+}
+
 int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum)
 {
     size_t byte = bitnum / 8;
diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod
index 8506839dee..e83869a9de 100644
--- a/doc/internal/man3/ossl_provider_new.pod
+++ b/doc/internal/man3/ossl_provider_new.pod
@@ -13,7 +13,7 @@ ossl_provider_name, ossl_provider_dso,
 ossl_provider_module_name, ossl_provider_module_path,
 ossl_provider_libctx,
 ossl_provider_teardown, ossl_provider_gettable_params,
-ossl_provider_get_params,
+ossl_provider_get_params, ossl_provider_clear_all_operation_bits,
 ossl_provider_query_operation, ossl_provider_unquery_operation,
 ossl_provider_set_operation_bit, ossl_provider_test_operation_bit,
 ossl_provider_get_capabilities
@@ -80,6 +80,7 @@ ossl_provider_get_capabilities
  int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum);
  int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum,
                                       int *result);
+ int ossl_provider_clear_all_operation_bits(OSSL_LIB_CTX *libctx);
 
 =head1 DESCRIPTION
 
@@ -245,10 +246,13 @@ that all relevant information has been copied.
 ossl_provider_set_operation_bit() registers a 1 for operation I<bitnum>
 in a bitstring that's internal to I<provider>.
 
-ossl_provider_tests_operation_bit() checks if the bit operation I<bitnum>
+ossl_provider_test_operation_bit() checks if the bit operation I<bitnum>
 is set (1) or not (0) in the internal I<provider> bitstring, and sets
 I<*result> to 1 or 0 accorddingly. 
 
+ossl_provider_clear_all_operation_bits() clears all of the operation bits
+to (0) for all providers in the library context I<libctx>.
+
 =head1 NOTES
 
 Locating a provider module happens as follows:
@@ -319,6 +323,8 @@ If this function isn't available in the provider, 0 is returned.
 ossl_provider_set_operation_bit() and ossl_provider_test_operation_bit()
 return 1 on success, or 0 on error.
 
+ossl_provider_clear_all_operation_bits() returns 1 on success, or 0 on error.
+
 ossl_provider_get_capabilities() returns 1 on success, or 0 on error.
 If this function isn't available in the provider or the provider does not
 support the requested capability then 0 is returned.
diff --git a/include/internal/provider.h b/include/internal/provider.h
index b755f17325..64fe2f1178 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -91,6 +91,7 @@ void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov,
 int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum);
 int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum,
                                      int *result);
+int ossl_provider_clear_all_operation_bits(OSSL_LIB_CTX *libctx);
 
 /* Configuration */
 void ossl_provider_add_conf_module(void);
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 7d924a1d74..01968b7e6f 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -237,10 +237,10 @@ c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb  crypto/param_b
 d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_from_text.c
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 098d0722daac442b8b6a6fc0aa6c4a4c49f9329426c3e2db9ebf71fe32376e4c  crypto/property/defn_cache.c
-737b1c67d0ee94f084d4b53d06c9561e10b802ddd61cada41f4ca2b7a9f8b4d1  crypto/property/property.c
+87cb2235e335046e04a563551cceb452e2eaf338123f482e76a037e4ffae0902  crypto/property/property.c
 51bc907d992893f03f35774178d2c8dc98cf3cf9503ff839ee1561640e6b274a  crypto/property/property_parse.c
 4941717698573a86d589fbec5002471cb4011e9a1840111a3ddccecc861a3af5  crypto/property/property_string.c
-b02ed771d70b1d2faf17bc3de261e8dfe67d847aa38fd65e1712491ea540d968  crypto/provider_core.c
+8bf84eeb85a16128170eb295c77245c8ba4ecf25fa4d2be907a612245e4b8b24  crypto/provider_core.c
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
 4fec006dc82d1bc5c03aa1b6d011b670bed67fad12b73823eb6767afc4f241f3  crypto/rand/rand_lib.c
 f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde  crypto/rand/rand_meth.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 37b689fe20..e5ff9a8040 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-701feb062161f63a81338d74c0837f79dee9b5e793778576b750e2037ba136bf  providers/fips-sources.checksums
+2e67c3ed3222fedf2d26e91f47b2b7708a95f39a74bd1489412f324f84daa57d  providers/fips-sources.checksums
diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c
index aeb38339fa..7bf2b8e272 100644
--- a/test/provider_internal_test.c
+++ b/test/provider_internal_test.c
@@ -85,6 +85,43 @@ static int test_configured_provider(void)
 }
 #endif
 
+static int test_cache_flushes(void)
+{
+    OSSL_LIB_CTX *ctx;
+    OSSL_PROVIDER *prov = NULL;
+    EVP_MD *md = NULL;
+    int ret = 0;
+
+    if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
+            || !TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "default"))
+            || !TEST_true(OSSL_PROVIDER_available(ctx, "default"))
+            || !TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", NULL)))
+        goto err;
+    EVP_MD_free(md);
+    md = NULL;
+    OSSL_PROVIDER_unload(prov);
+    prov = NULL;
+
+    if (!TEST_false(OSSL_PROVIDER_available(ctx, "default")))
+        goto err;
+
+    if (!TEST_ptr_null(md = EVP_MD_fetch(ctx, "SHA256", NULL))) {
+        const char *provname = OSSL_PROVIDER_name(EVP_MD_provider(md));
+
+        if (OSSL_PROVIDER_available(NULL, provname))
+            TEST_info("%s provider is available\n", provname);
+        else
+            TEST_info("%s provider is not available\n", provname);
+    }
+
+    ret = 1;
+ err:
+    OSSL_PROVIDER_unload(prov);
+    EVP_MD_free(md);
+    OSSL_LIB_CTX_free(ctx);
+    return ret;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_builtin_provider);
@@ -92,6 +129,7 @@ int setup_tests(void)
     ADD_TEST(test_loaded_provider);
     ADD_TEST(test_configured_provider);
 #endif
+    ADD_TEST(test_cache_flushes);
     return 1;
 }
 

From pauli at openssl.org  Sat May  8 05:03:04 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 08 May 2021 05:03:04 +0000
Subject: [openssl]  master update
Message-ID: <1620450184.735262.11187.nullmailer@dev.openssl.org>

The branch master has been updated
       via  531df8185ff4a083aca550b2c8a56d7993b2c60d (commit)
      from  9b53932b6fb359ad2063a640a3db3d2c5f44cfaa (commit)


- Log -----------------------------------------------------------------
commit 531df8185ff4a083aca550b2c8a56d7993b2c60d
Author: Scott McPeak <scott.g.mcpeak at gmail.com>
Date:   Fri Apr 23 03:31:54 2021 -0700

    BIO_printf.pod: Clarify that output is always null terminated.
    
    The original text was ambiguous about termination for errors other
    than insufficient space.  See issue #14772.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15000)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/BIO_printf.pod | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/man3/BIO_printf.pod b/doc/man3/BIO_printf.pod
index d7a59a36fd..221881d123 100644
--- a/doc/man3/BIO_printf.pod
+++ b/doc/man3/BIO_printf.pod
@@ -40,9 +40,10 @@ buffer is too small.
 
 =head1 NOTES
 
-Except when I<n> is 0, both BIO_snprintf() and BIO_vsnprintf() terminate
-their output with C<'\0'> even when there is insufficient space to output
-the whole string.
+Except when I<n> is 0, both BIO_snprintf() and BIO_vsnprintf() always
+terminate their output with C<'\0'>.  This includes cases where -1 is
+returned, such as when there is insufficient space to output the whole
+string.
 
 =head1 COPYRIGHT
 

From pauli at openssl.org  Sat May  8 10:40:27 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 08 May 2021 10:40:27 +0000
Subject: [openssl]  master update
Message-ID: <1620470427.071823.25513.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79 (commit)
      from  531df8185ff4a083aca550b2c8a56d7993b2c60d (commit)


- Log -----------------------------------------------------------------
commit 0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79
Author: Martin Schwenke <martin at meltin.net>
Date:   Wed Apr 14 14:31:58 2021 +1000

    bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
    
    Overall improvement for p384 of ~18% on Power 9, compared to existing
    Power assembling code.  See comment in code for more details.
    
    Multiple unrolled versions could be generated for values other than
    6.  However, for TLS 1.3 the only other ECC algorithms that might use
    Montgomery Multiplication are p256 and p521, but these have custom
    algorithms that don't use Montgomery Multiplication.  Non-ECC
    algorithms are likely to use larger key lengths that won't fit into
    the n <= 10 length limitation of this code.
    
    Signed-off-by: Amitay Isaacs <amitay at ozlabs.org>
    Signed-off-by: Alastair D'Silva <alastair at d-silva.org>
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15175)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/asm/ppc64-mont-fixed.pl | 585 ++++++++++++++++++++++++++++++++++++++
 crypto/bn/build.info              |   3 +-
 crypto/ppccap.c                   |  12 +
 providers/fips-sources.checksums  |   1 +
 providers/fips.checksum           |   2 +-
 providers/fips.module.sources     |   1 +
 6 files changed, 602 insertions(+), 2 deletions(-)
 create mode 100755 crypto/bn/asm/ppc64-mont-fixed.pl

diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
new file mode 100755
index 0000000000..62d2db0006
--- /dev/null
+++ b/crypto/bn/asm/ppc64-mont-fixed.pl
@@ -0,0 +1,585 @@
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# ====================================================================
+# Written by Amitay Isaacs <amitay at ozlabs.org>, Martin Schwenke
+# <martin at meltin.net> & Alastair D'Silva <alastair at d-silva.org> for
+# the OpenSSL project.
+# ====================================================================
+
+#
+# Fixed length (n=6), unrolled PPC Montgomery Multiplication
+#
+
+# 2021
+#
+# Although this is a generic implementation for unrolling Montgomery
+# Multiplication for arbitrary values of n, this is currently only
+# used for n = 6 to improve the performance of ECC p384.
+#
+# Unrolling allows intermediate results to be stored in registers,
+# rather than on the stack, improving performance by ~7% compared to
+# the existing PPC assembly code.
+#
+# The ISA 3.0 implementation uses combination multiply/add
+# instructions (maddld, maddhdu) to improve performance by an
+# additional ~10% on Power 9.
+#
+# Finally, saving non-volatile registers into volatile vector
+# registers instead of onto the stack saves a little more.
+#
+# On a Power 9 machine we see an overall improvement of ~18%.
+#
+
+use strict;
+use warnings;
+
+my ($flavour, $output, $dir, $xlate);
+
+# $output is the last argument if it looks like a file (it has an extension)
+# $flavour is the first argument if it doesn't look like a file
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour \"$output\""
+    or die "can't call $xlate: $!";
+
+if ($flavour !~ /64/) {
+	die "bad flavour ($flavour) - only ppc64 permitted";
+}
+
+my $SIZE_T= 8;
+
+# Registers are global so the code is remotely readable
+
+# Parameters for Montgomery multiplication
+my $sp	= "r1";
+my $toc	= "r2";
+my $rp	= "r3";
+my $ap	= "r4";
+my $bp	= "r5";
+my $np	= "r6";
+my $n0	= "r7";
+my $num	= "r8";
+
+$rp	= "r9";	# $rp is reassigned
+
+my $c0	= "r10";
+my $bp0	= "r11";
+my $bpi	= "r11";
+my $bpj	= "r11";
+my $tj	= "r12";
+my $apj	= "r12";
+my $npj	= "r12";
+my $lo	= "r14";
+my $c1	= "r14";
+my $i	= "r15";
+
+# Non-volatile registers used for tp[i]
+#
+# 12 registers are available but the limit on unrolling is 10,
+# since registers from $tp[0] to $tp[$n+1] are used.
+my @tp = ("r20" .. "r31");
+
+# volatile VSRs for saving non-volatile GPRs - faster than stack
+my @vsrs = ("v32" .. "v46");
+
+package Mont;
+
+sub new($$)
+{
+	my ($class, $n) = @_;
+
+	if ($n > 10) {
+		die "Can't unroll for BN length ${n} (maximum 10)"
+	}
+
+	my $self = {
+		code => "",
+		n => $n,
+	};
+	bless $self, $class;
+
+	return $self;
+}
+
+sub add_code($$)
+{
+	my ($self, $c) = @_;
+
+	$self->{code} .= $c;
+}
+
+sub get_code($)
+{
+	my ($self) = @_;
+
+	return $self->{code};
+}
+
+sub get_function_name($)
+{
+	my ($self) = @_;
+
+	return "bn_mul_mont_fixed_n" . $self->{n};
+}
+
+sub get_label($$)
+{
+	my ($self, $l) = @_;
+
+	return "L" . $l . "_" . $self->{n};
+}
+
+sub get_labels($@)
+{
+	my ($self, @labels) = @_;
+
+	my %out = ();
+
+	foreach my $l (@labels) {
+		$out{"$l"} = $self->get_label("$l");
+	}
+
+	return \%out;
+}
+
+sub nl($)
+{
+	my ($self) = @_;
+
+	$self->add_code("\n");
+}
+
+sub copy_result($)
+{
+	my ($self) = @_;
+
+	my ($n) = $self->{n};
+
+	for (my $j = 0; $j < $n; $j++) {
+		$self->add_code(<<___);
+	std		$tp[$j],`$j*$SIZE_T`($rp)
+___
+	}
+
+}
+
+sub mul_mont_fixed($)
+{
+	my ($self) = @_;
+
+	my ($n) = $self->{n};
+	my $fname = $self->get_function_name();
+	my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
+
+	$self->add_code(<<___);
+
+.globl	.${fname}
+.${fname}:
+	mr	$rp,r3
+
+___
+
+	$self->save_registers();
+
+	$self->add_code(<<___);
+	ld		$n0,0($n0)
+
+	ld		$bp0,0($bp)
+
+	ld		$apj,0($ap)
+___
+
+	$self->mul_c_0($tp[0], $apj, $bp0, $c0);
+
+	for (my $j = 1; $j < $n - 1; $j++) {
+		$self->add_code(<<___);
+	ld		$apj,`$j*$SIZE_T`($ap)
+___
+		$self->mul($tp[$j], $apj, $bp0, $c0);
+	}
+
+	$self->add_code(<<___);
+	ld		$apj,`($n-1)*$SIZE_T`($ap)
+___
+
+	$self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
+
+	$self->add_code(<<___);
+	li		$tp[$n+1],0
+
+___
+
+	$self->add_code(<<___);
+	li		$i,0
+	mtctr		$num
+	b		$label->{"enter"}
+
+$label->{"outer"}:
+	ldx		$bpi,$bp,$i
+
+	ld		$apj,0($ap)
+___
+
+	$self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
+
+	for (my $j = 1; $j < $n; $j++) {
+		$self->add_code(<<___);
+	ld		$apj,`$j*$SIZE_T`($ap)
+___
+		$self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
+	}
+
+	$self->add_code(<<___);
+	addc		$tp[$n],$tp[$n],$c0
+	addze		$tp[$n+1],$tp[$n+1]
+___
+
+	$self->add_code(<<___);
+$label->{"enter"}:
+	mulld		$bpi,$tp[0],$n0
+
+	ld		$npj,0($np)
+___
+
+	$self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
+
+	for (my $j = 1; $j < $n; $j++) {
+		$self->add_code(<<___);
+	ld		$npj,`$j*$SIZE_T`($np)
+___
+		$self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
+	}
+
+	$self->add_code(<<___);
+	addc		$tp[$n-1],$tp[$n],$c0
+	addze		$tp[$n],$tp[$n+1]
+
+	addi		$i,$i,$SIZE_T
+	bc		25,0,$label->{"outer"}
+
+	and.		$tp[$n],$tp[$n],$tp[$n]
+	bne		$label->{"sub"}
+
+	cmpld	$tp[$n-1],$npj
+	blt		$label->{"copy"}
+
+$label->{"sub"}:
+___
+
+	#
+	# Reduction
+	#
+
+		$self->add_code(<<___);
+	ld		$bpj,`0*$SIZE_T`($np)
+	subfc		$c1,$bpj,$tp[0]
+	std		$c1,`0*$SIZE_T`($rp)
+
+___
+	for (my $j = 1; $j < $n - 1; $j++) {
+		$self->add_code(<<___);
+	ld		$bpj,`$j*$SIZE_T`($np)
+	subfe		$c1,$bpj,$tp[$j]
+	std		$c1,`$j*$SIZE_T`($rp)
+
+___
+	}
+
+		$self->add_code(<<___);
+	subfe		$c1,$npj,$tp[$n-1]
+	std		$c1,`($n-1)*$SIZE_T`($rp)
+
+___
+
+	$self->add_code(<<___);
+	addme.		$tp[$n],$tp[$n]
+	beq		$label->{"end"}
+
+$label->{"copy"}:
+___
+
+	$self->copy_result();
+
+	$self->add_code(<<___);
+
+$label->{"end"}:
+___
+
+	$self->restore_registers();
+
+	$self->add_code(<<___);
+	li		r3,1
+	blr
+.size ${fname},.-${fname}
+___
+
+}
+
+package Mont::GPR;
+
+our @ISA = ('Mont');
+
+sub new($$)
+{
+    my ($class, $n) = @_;
+
+    return $class->SUPER::new($n);
+}
+
+sub save_registers($)
+{
+	my ($self) = @_;
+
+	my $n = $self->{n};
+
+	$self->add_code(<<___);
+	mtvsrd	$vsrs[0],$lo
+	mtvsrd	$vsrs[1],$i
+___
+
+	for (my $j = 0; $j <= $n+1; $j++) {
+		$self->{code}.=<<___;
+	mtvsrd	$vsrs[$j+2],$tp[$j]
+___
+	}
+
+	$self->add_code(<<___);
+
+___
+}
+
+sub restore_registers($)
+{
+	my ($self) = @_;
+
+	my $n = $self->{n};
+
+	$self->add_code(<<___);
+	mfvsrd	$lo,$vsrs[0]
+	mfvsrd	$i,$vsrs[1]
+___
+
+	for (my $j = 0; $j <= $n+1; $j++) {
+		$self->{code}.=<<___;
+	mfvsrd	$tp[$j],$vsrs[$j+2]
+___
+	}
+
+	$self->{code} .=<<___;
+
+___
+}
+
+# Direct translation of C mul()
+sub mul($$$$$)
+{
+	my ($self, $r, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	mulld		$lo,$a,$w
+	addc		$r,$lo,$c
+	mulhdu		$c,$a,$w
+	addze		$c,$c
+
+___
+}
+
+# Like mul() but $c is ignored as an input - an optimisation to save a
+# preliminary instruction that would set input $c to 0
+sub mul_c_0($$$$$)
+{
+	my ($self, $r, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	mulld		$r,$a,$w
+	mulhdu		$c,$a,$w
+
+___
+}
+
+# Like mul() but does not to the final addition of CA into $c - an
+# optimisation to save an instruction
+sub mul_last($$$$$$)
+{
+	my ($self, $r1, $r2, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	mulld		$lo,$a,$w
+	addc		$r1,$lo,$c
+	mulhdu		$c,$a,$w
+
+	addze		$r2,$c
+___
+}
+
+# Like C mul_add() but allow $r_out and $r_in to be different
+sub mul_add($$$$$$)
+{
+	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	mulld		$lo,$a,$w
+	addc		$lo,$lo,$c
+	mulhdu		$c,$a,$w
+	addze		$c,$c
+	addc		$r_out,$r_in,$lo
+	addze		$c,$c
+
+___
+}
+
+# Like mul_add() but $c is ignored as an input - an optimisation to save a
+# preliminary instruction that would set input $c to 0
+sub mul_add_c_0($$$$$$)
+{
+	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	mulld		$lo,$a,$w
+	addc		$r_out,$r_in,$lo
+	mulhdu		$c,$a,$w
+	addze		$c,$c
+
+___
+}
+
+package Mont::GPR_300;
+
+our @ISA = ('Mont::GPR');
+
+sub new($$)
+{
+	my ($class, $n) = @_;
+
+	my $mont = $class->SUPER::new($n);
+
+	return $mont;
+}
+
+sub get_function_name($)
+{
+	my ($self) = @_;
+
+	return "bn_mul_mont_300_fixed_n" . $self->{n};
+}
+
+sub get_label($$)
+{
+	my ($self, $l) = @_;
+
+	return "L" . $l . "_300_" . $self->{n};
+}
+
+# Direct translation of C mul()
+sub mul($$$$$)
+{
+	my ($self, $r, $a, $w, $c, $last) = @_;
+
+	$self->add_code(<<___);
+	maddld		$r,$a,$w,$c
+	maddhdu		$c,$a,$w,$c
+
+___
+}
+
+# Save the last carry as the final entry
+sub mul_last($$$$$)
+{
+	my ($self, $r1, $r2, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	maddld		$r1,$a,$w,$c
+	maddhdu		$r2,$a,$w,$c
+
+___
+}
+
+# Like mul() but $c is ignored as an input - an optimisation to save a
+# preliminary instruction that would set input $c to 0
+sub mul_c_0($$$$$)
+{
+	my ($self, $r, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	mulld          $r,$a,$w
+	mulhdu          $c,$a,$w
+
+___
+}
+
+# Like C mul_add() but allow $r_out and $r_in to be different
+sub mul_add($$$$$$)
+{
+	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	maddld		$lo,$a,$w,$c
+	maddhdu		$c,$a,$w,$c
+	addc		$r_out,$r_in,$lo
+	addze		$c,$c
+
+___
+}
+
+# Like mul_add() but $c is ignored as an input - an optimisation to save a
+# preliminary instruction that would set input $c to 0
+sub mul_add_c_0($$$$$$)
+{
+	my ($self, $r_out, $r_in, $a, $w, $c) = @_;
+
+	$self->add_code(<<___);
+	maddld		$lo,$a,$w,$r_in
+	maddhdu		$c,$a,$w,$r_in
+___
+
+	if ($r_out ne $lo) {
+		$self->add_code(<<___);
+	mr			$r_out,$lo
+___
+	}
+
+	$self->nl();
+}
+
+
+package main;
+
+my $code;
+
+$code.=<<___;
+.machine "any"
+.text
+.align	5
+.p2align	5,,31
+___
+
+my $mont;
+
+$mont = new Mont::GPR(6);
+$mont->mul_mont_fixed();
+$code .= $mont->get_code();
+
+$mont = new Mont::GPR_300(6);
+$mont->mul_mont_fixed();
+$code .= $mont->get_code();
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+$code.=<<___;
+.asciz  "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
+___
+
+print $code;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 5e948b8433..3c32e83067 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
 
   $BNASM_ppc32=bn-ppc.s ppc-mont.s
   $BNDEF_ppc32=OPENSSL_BN_ASM_MONT
-  $BNASM_ppc64=$BNASM_ppc32
+  $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
   $BNDEF_ppc64=$BNDEF_ppc32
 
   $BNASM_c64xplus=asm/bn-c64xplus.asm
@@ -168,6 +168,7 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
 GENERATE[bn-ppc.s]=asm/ppc.pl
 GENERATE[ppc-mont.s]=asm/ppc-mont.pl
 GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
+GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
 
 GENERATE[alpha-mont.S]=asm/alpha-mont.pl
 
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index 9ed1d80db5..a504bc59b0 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -47,6 +47,12 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                         const BN_ULONG *np, const BN_ULONG *n0, int num);
     int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                           const BN_ULONG *np, const BN_ULONG *n0, int num);
+    int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
+                             const BN_ULONG *bp, const BN_ULONG *np,
+                             const BN_ULONG *n0, int num);
+    int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const BN_ULONG *bp, const BN_ULONG *np,
+                                 const BN_ULONG *n0, int num);
 
     if (num < 4)
         return 0;
@@ -62,6 +68,12 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
      * no opportunity to figure it out...
      */
 
+    if (num == 6)
+        if (OPENSSL_ppccap_P & PPC_MADD300)
+            return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
+        else
+            return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
+
     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
 }
 #endif
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 01968b7e6f..b1ec8f2339 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -42,6 +42,7 @@ eb240c1f72063048abe026ab7fab340361a329d5cd355276a25950be446cc091  crypto/bn/asm/
 b27ec5181e387e812925bb26823b830f49d7a6e4971b6d11ea583f5632a1504b  crypto/bn/asm/parisc-mont.pl
 9973523b361db963eea4938a7a8a3adc692e1a4e1aec4fa1f1e57dc93da37921  crypto/bn/asm/ppc-mont.pl
 59cd27e1e10c4984b7fb684b27f491e7634473b1bcff197a07e0ca653124aa9a  crypto/bn/asm/ppc.pl
+13ba6625cc6c673dc6f7ef69a7bbe40487c5553b3873a996af4904de5b1cd82b  crypto/bn/asm/ppc64-mont-fixed.pl
 a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f  crypto/bn/asm/ppc64-mont.pl
 231579e532443665020d4d522d9f11713d9c5d5c814b95b434b0f65452e16de4  crypto/bn/asm/rsaz-avx2.pl
 c9bd8679a5104affd9f3f0bcda726f823a1a53cac872e4a21a6f2370489dae08  crypto/bn/asm/rsaz-avx512.pl
diff --git a/providers/fips.checksum b/providers/fips.checksum
index e5ff9a8040..e9adf327b3 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-2e67c3ed3222fedf2d26e91f47b2b7708a95f39a74bd1489412f324f84daa57d  providers/fips-sources.checksums
+4fcfc6375eef7bed6219191cce24513be04a6ebb8b2d5da8e404150a2ecc0eba  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 7e17658602..416a2b97f7 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -42,6 +42,7 @@ crypto/bn/asm/mips.pl
 crypto/bn/asm/parisc-mont.pl
 crypto/bn/asm/ppc-mont.pl
 crypto/bn/asm/ppc.pl
+crypto/bn/asm/ppc64-mont-fixed.pl
 crypto/bn/asm/ppc64-mont.pl
 crypto/bn/asm/rsaz-avx2.pl
 crypto/bn/asm/rsaz-avx512.pl

From pauli at openssl.org  Sat May  8 10:45:15 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 08 May 2021 10:45:15 +0000
Subject: [openssl]  master update
Message-ID: <1620470715.451554.30170.nullmailer@dev.openssl.org>

The branch master has been updated
       via  839261592ca447aa083403cee7b0ced97cef6159 (commit)
      from  0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79 (commit)


- Log -----------------------------------------------------------------
commit 839261592ca447aa083403cee7b0ced97cef6159
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu May 6 14:03:20 2021 +1000

    Remove unused code from the fips module
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15167)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl |  1 -
 crypto/ec/build.info              | 11 ++++++-----
 crypto/evp/build.info             |  7 ++++---
 crypto/md5/build.info             |  3 +--
 providers/fips-sources.checksums  | 11 +----------
 providers/fips.checksum           |  2 +-
 providers/fips.module.sources     |  9 ---------
 ssl/s3_cbc.c                      | 16 +++++++++++-----
 8 files changed, 24 insertions(+), 36 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index d98c42c85e..c2a0de3a97 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1167,7 +1167,6 @@ $(SRCDIR)/providers/fips.module.sources: \
 	  for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \
 		   crypto/aes/asm/*.pl crypto/aes/asm/*.S \
 		   crypto/ec/asm/*.pl \
-		   crypto/md5/asm/*.pl \
 		   crypto/modes/asm/*.pl \
 		   crypto/sha/asm/*.pl; do \
 	    echo "$$x"; \
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index 4b6556acc0..dbe3a52572 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -44,9 +44,9 @@ IF[{- !$disabled{asm} -}]
 ENDIF
 
 $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
-        ec_curve.c ec_check.c ec_print.c ec_key.c ecx_key.c ec_asn1.c \
-        ec2_smpl.c ec_deprecated.c \
-        ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \
+        ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \
+        ec2_smpl.c \
+        ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \
         ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
         curve448/f_generic.c curve448/scalar.c \
         curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
@@ -57,8 +57,9 @@ IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
   $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
 ENDIF
 
-SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \
-                        ec_err.c eck_prn.c
+SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \
+                        ec_err.c eck_prn.c \
+                        ec_deprecated.c ec_print.c
 SOURCE[../../providers/libfips.a]=$COMMON
 
 # Implementations are now spread across several libraries, so the defines
diff --git a/crypto/evp/build.info b/crypto/evp/build.info
index 34551df4a3..95fea31226 100644
--- a/crypto/evp/build.info
+++ b/crypto/evp/build.info
@@ -1,8 +1,8 @@
 LIBS=../../libcrypto
-$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \
+$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c evp_utils.c \
         mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \
         m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
-        pmeth_check.c evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c
+        evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c
 
 SOURCE[../../libcrypto]=$COMMON\
         encode.c evp_key.c evp_cnf.c \
@@ -15,7 +15,8 @@ SOURCE[../../libcrypto]=$COMMON\
         evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
         e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
         e_chacha20_poly1305.c \
-        legacy_sha.c ctrl_params_translate.c
+        legacy_sha.c ctrl_params_translate.c \
+        cmeth_lib.c
 
 # Diverse type specific ctrl functions.  They are kinda sorta legacy, kinda
 # sorta not.
diff --git a/crypto/md5/build.info b/crypto/md5/build.info
index c35177bd50..080411cc2c 100644
--- a/crypto/md5/build.info
+++ b/crypto/md5/build.info
@@ -15,7 +15,7 @@ IF[{- !$disabled{asm} -}]
 ENDIF
 
 $COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM
-SOURCE[../../libcrypto ../../providers/libfips.a]=$COMMON
+SOURCE[../../libcrypto]=$COMMON
 
 # A no-deprecated no-shared build ends up with double function definitions
 # without conditioning this on dso. The issue is MD5 which is needed in the
@@ -30,7 +30,6 @@ ENDIF
 # Implementations are now spread across several libraries, so the defines
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$MD5DEF
-DEFINE[../../providers/libfips.a]=$MD5DEF
 DEFINE[../../providers/liblegacy.a]=$MD5DEF
 
 GENERATE[md5-586.s]=asm/md5-586.pl
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index b1ec8f2339..e6d798648a 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -147,13 +147,11 @@ ed003170c5eaaaa4a33f4ef37b43465f2ba7a5fa5fec2d7d17c1e0897ea818d7  crypto/ec/ec2_
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
-06fa7c8f23374ab9c1006d6fd65ee95dac3a3fae036ea6f14399c1a5cc0c7d00  crypto/ec/ec_deprecated.c
 2103bb62699b1a0ca4e3f75bd1697d856a9afd7f0051d49e433cf69d62d53e2a  crypto/ec/ec_key.c
 7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68  crypto/ec/ec_kmeth.c
 90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908  crypto/ec/ec_lib.c
 58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0  crypto/ec/ec_mult.c
 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166  crypto/ec/ec_oct.c
-ccbf1f7dcba81cb40c07619120e9c330e06e1e7c788ca8912f0f4b1d25bd3f7c  crypto/ec/ec_print.c
 4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73  crypto/ec/ecdh_kdf.c
 b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866  crypto/ec/ecdh_ossl.c
 49bf1a4dd3d53a5c0e4e05d71be0f6fcbeb5d013c70084ad8111e2d46b7e0f58  crypto/ec/ecdsa_ossl.c
@@ -167,7 +165,6 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d  crypto/ec/ecx_backend.c
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
-2aacf20d2b9ff0d11b0b4869c530685558ad8898da11391978322b606a0133ba  crypto/evp/cmeth_lib.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
 4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531  crypto/evp/digest.c
 87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
@@ -201,12 +198,6 @@ a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52  crypto/ffc/ffc
 84d8ae0141a79548ad65b31fe4673e8603930f942f21f3a7623e23f539799764  crypto/hmac/hmac.c
 7000ba81f54c1d516a536bc6e96ad3729e3b5b15740006c2e22f0b76606042d6  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
-b0662fd0dddbac0379be51cee8ccb0384d819f52780a5c7b0b3fcdde145fa7bf  crypto/md5/asm/md5-586.pl
-2a31a7f88d948192d6b7c10822c72cf40f215f32909014a2babc3955dafa1593  crypto/md5/asm/md5-sparcv9.pl
-33a402414b3f08e2325bbcb07edff42c553a4400da4ec89d583b29360a3483ed  crypto/md5/asm/md5-x86_64.pl
-6926a95504413b5b29b2fa89a6c8cec5406ae7044cefe28c577279c8bb56291b  crypto/md5/md5_dgst.c
-5d07872812807c385daea71df1d4569dcba03fabce646878f9f338947528fe1f  crypto/md5/md5_one.c
-8641fbe434f769a9d70981963870ceb4dcc3aadbe4f4fa2e7a8bf70e1c47fba0  crypto/md5/md5_sha1.c
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d  crypto/modes/asm/aes-gcm-armv8_64.pl
 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0  crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -403,4 +394,4 @@ a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/impl
 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy_sig.c
 25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa_sig.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
-0143753184c1bddf47af3bd5b5e0d788fc757dac4b77f291627fc25d46eba05c  ssl/s3_cbc.c
+85a9701b05ab8dfea42550fbc5e4d9f4011d08ccc64829648fc12091cc1133f5  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index e9adf327b3..4ee2135be1 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-4fcfc6375eef7bed6219191cce24513be04a6ebb8b2d5da8e404150a2ecc0eba  providers/fips-sources.checksums
+a1ce185646a78b5eb88229b77aec1455e6e361f7428bb884aebe45cb8fdc3703  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 416a2b97f7..7be12dc42e 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -147,13 +147,11 @@ crypto/ec/ec_backend.c
 crypto/ec/ec_check.c
 crypto/ec/ec_curve.c
 crypto/ec/ec_cvt.c
-crypto/ec/ec_deprecated.c
 crypto/ec/ec_key.c
 crypto/ec/ec_kmeth.c
 crypto/ec/ec_lib.c
 crypto/ec/ec_mult.c
 crypto/ec/ec_oct.c
-crypto/ec/ec_print.c
 crypto/ec/ecdh_kdf.c
 crypto/ec/ecdh_ossl.c
 crypto/ec/ecdsa_ossl.c
@@ -167,7 +165,6 @@ crypto/ec/ecp_smpl.c
 crypto/ec/ecx_backend.c
 crypto/ec/ecx_key.c
 crypto/evp/asymcipher.c
-crypto/evp/cmeth_lib.c
 crypto/evp/dh_support.c
 crypto/evp/digest.c
 crypto/evp/ec_support.c
@@ -201,12 +198,6 @@ crypto/ffc/ffc_params_validate.c
 crypto/hmac/hmac.c
 crypto/initthread.c
 crypto/lhash/lhash.c
-crypto/md5/asm/md5-586.pl
-crypto/md5/asm/md5-sparcv9.pl
-crypto/md5/asm/md5-x86_64.pl
-crypto/md5/md5_dgst.c
-crypto/md5/md5_one.c
-crypto/md5/md5_sha1.c
 crypto/mem_clr.c
 crypto/modes/asm/aes-gcm-armv8_64.pl
 crypto/modes/asm/aesni-gcm-x86_64.pl
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 26f12654e4..2b4b16cb58 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -75,15 +75,16 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
  */
 #define MAX_HASH_BLOCK_SIZE 128
 
+#ifndef FIPS_MODULE
 /*
  * u32toLE serializes an unsigned, 32-bit number (n) as four bytes at (p) in
  * little-endian order. The value of p is advanced by four.
  */
-#define u32toLE(n, p) \
-        (*((p)++)=(unsigned char)(n), \
-         *((p)++)=(unsigned char)(n>>8), \
-         *((p)++)=(unsigned char)(n>>16), \
-         *((p)++)=(unsigned char)(n>>24))
+# define u32toLE(n, p) \
+         (*((p)++)=(unsigned char)(n), \
+          *((p)++)=(unsigned char)(n>>8), \
+          *((p)++)=(unsigned char)(n>>16), \
+          *((p)++)=(unsigned char)(n>>24))
 
 /*
  * These functions serialize the state of a hash and thus perform the
@@ -98,6 +99,7 @@ static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
     u32toLE(md5->C, md_out);
     u32toLE(md5->D, md_out);
 }
+#endif /* FIPS_MODULE */
 
 static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
 {
@@ -196,6 +198,9 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         return 0;
 
     if (EVP_MD_is_a(md, "MD5")) {
+#ifdef FIPS_MODULE
+        return 0;
+#else
         if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
             return 0;
         md_final_raw = tls1_md5_final_raw;
@@ -204,6 +209,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
         md_size = 16;
         sslv3_pad_length = 48;
         length_is_big_endian = 0;
+#endif
     } else if (EVP_MD_is_a(md, "SHA1")) {
         if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
             return 0;

From pauli at openssl.org  Sat May  8 12:14:10 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 08 May 2021 12:14:10 +0000
Subject: [openssl]  master update
Message-ID: <1620476050.028848.29571.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a1230dea4d255a1ea27b18af7a178fe2501e7dad (commit)
      from  839261592ca447aa083403cee7b0ced97cef6159 (commit)


- Log -----------------------------------------------------------------
commit a1230dea4d255a1ea27b18af7a178fe2501e7dad
Author: Pauli <pauli at openssl.org>
Date:   Fri May 7 16:58:16 2021 +1000

    apps: add mac, cipher and digest arguments to the kdf applet.
    
    This adds -digest, -mac and -cipher which correspond to -kdfopt digest: and
    -kdfopt mac: and -kdfopt cipher: respectively.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15190)

-----------------------------------------------------------------------

Summary of changes:
 apps/kdf.c                  | 44 ++++++++++++++++++++++++++++++++++++++++++++
 doc/man1/openssl-kdf.pod.in | 33 +++++++++++++++++++++++++++++++--
 test/recipes/20-test_kdf.t  | 38 ++++++++++++++++++++++++++++++++++++--
 3 files changed, 111 insertions(+), 4 deletions(-)

diff --git a/apps/kdf.c b/apps/kdf.c
index b3865d9e87..7b016051f1 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -20,6 +20,7 @@
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
+    OPT_CIPHER, OPT_DIGEST, OPT_MAC,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
 
@@ -29,6 +30,9 @@ const OPTIONS kdf_options[] = {
     OPT_SECTION("General"),
     {"help", OPT_HELP, '-', "Display this summary"},
     {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form"},
+    {"cipher", OPT_CIPHER, 's', "Cipher"},
+    {"digest", OPT_DIGEST, 's', "Digest"},
+    {"mac", OPT_MAC, 's', "MAC"},
     {OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n"},
     {"keylen", OPT_KEYLEN, 's', "The size of the output derived key"},
 
@@ -44,6 +48,24 @@ const OPTIONS kdf_options[] = {
     {NULL}
 };
 
+static char *alloc_kdf_algorithm_name(STACK_OF(OPENSSL_STRING) **optp,
+                                      const char *name, const char *arg)
+{
+    size_t len = strlen(name) + strlen(arg) + 2;
+    char *res = app_malloc(len, "algorithm name");
+
+    if (*optp == NULL)
+        *optp = sk_OPENSSL_STRING_new_null();
+    if (*optp == NULL)
+        return NULL;
+
+    BIO_snprintf(res, len, "%s:%s", name, arg);
+    if (sk_OPENSSL_STRING_push(*optp, res))
+        return res;
+    OPENSSL_free(res);
+    return NULL;
+}
+
 int kdf_main(int argc, char **argv)
 {
     int ret = 1, out_bin = 0;
@@ -56,6 +78,7 @@ int kdf_main(int argc, char **argv)
     BIO *out = NULL;
     EVP_KDF *kdf = NULL;
     EVP_KDF_CTX *ctx = NULL;
+    char *digest = NULL, *cipher = NULL, *mac = NULL;
 
     prog = opt_init(argc, argv, kdf_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -83,6 +106,24 @@ opthelp:
             if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg()))
                 goto opthelp;
             break;
+        case OPT_CIPHER:
+            OPENSSL_free(cipher);
+            cipher = alloc_kdf_algorithm_name(&opts, "cipher", opt_arg());
+            if (cipher == NULL)
+                goto opthelp;
+            break;
+        case OPT_DIGEST:
+            OPENSSL_free(digest);
+            digest = alloc_kdf_algorithm_name(&opts, "digest", opt_arg());
+            if (digest == NULL)
+                goto opthelp;
+            break;
+        case OPT_MAC:
+            OPENSSL_free(mac);
+            mac = alloc_kdf_algorithm_name(&opts, "mac", opt_arg());
+            if (mac == NULL)
+                goto opthelp;
+            break;
         case OPT_PROV_CASES:
             if (!opt_provider(o))
                 goto err;
@@ -161,5 +202,8 @@ err:
     EVP_KDF_CTX_free(ctx);
     BIO_free(out);
     OPENSSL_free(hexout);
+    OPENSSL_free(cipher);
+    OPENSSL_free(digest);
+    OPENSSL_free(mac);
     return ret;
 }
diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in
index 3d532ebfc6..bc0fa82a88 100644
--- a/doc/man1/openssl-kdf.pod.in
+++ b/doc/man1/openssl-kdf.pod.in
@@ -9,6 +9,9 @@ openssl-kdf - perform Key Derivation Function operations
 
 B<openssl kdf>
 [B<-help>]
+[B<-cipher>]
+[B<-digest>]
+[B<-mac>]
 [B<-kdfopt> I<nm>:I<v>]
 [B<-keylen> I<num>]
 [B<-out> I<filename>]
@@ -41,6 +44,25 @@ Filename to output to, or standard output by default.
 
 Output the derived key in binary form. Uses hexadecimal text format if not specified.
 
+=item B<-cipher> I<name>
+
+Specify the cipher to be used by the KDF.
+Not all KDFs require a cipher and it is an error to use this option in such
+cases.
+
+=item B<-digest> I<name>
+
+Specify the digest to be used by the KDF.
+Not all KDFs require a digest and it is an error to use this option in such
+cases.
+To see the list of supported digests, use C<openssl list -digest-commands>.
+
+=item B<-mac> I<name>
+
+Specify the MAC to be used by the KDF.
+Not all KDFs require a MAC and it is an error to use this option in such
+cases.
+
 =item B<-kdfopt> I<nm>:I<v>
 
 Passes options to the KDF algorithm.
@@ -76,8 +98,15 @@ The password must be specified for PBKDF2 and scrypt.
 
 =item B<digest:>I<string>
 
-Specifies the name of a digest as an alphanumeric string.
-To see the list of supported digests, use the command I<list -digest-commands>.
+This option is identical to the B<-digest> option.
+
+=item B<cipher:>I<string>
+
+This option is identical to the B<-cipher> option.
+
+=item B<mac:>I<string>
+
+This option is identical to the B<-mac> option.
 
 =back
 
diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t
index d0ea07ee9a..47b0632888 100755
--- a/test/recipes/20-test_kdf.t
+++ b/test/recipes/20-test_kdf.t
@@ -16,6 +16,32 @@ use OpenSSL::Test::Utils;
 setup("test_kdf");
 
 my @kdf_tests = (
+    { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}],
+      expected => '8E:4D:93:25:30:D7:65:A0:AA:E9:74:C3:04:73:5E:CC',
+      desc => 'TLS1-PRF SHA256' },
+    { cmd => [qw{openssl kdf -keylen 16 -digest MD5-SHA1 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}],
+      expected => '65:6F:31:CB:04:03:D6:51:E2:E8:71:F8:20:04:AB:BA',
+      desc => 'TLS1-PRF MD5-SHA1' },
+    { cmd => [qw{openssl kdf -keylen 10 -digest SHA256 -kdfopt key:secret -kdfopt salt:salt -kdfopt info:label HKDF}],
+      expected => '2a:c4:36:9f:52:59:96:f8:de:13',
+      desc => 'HKDF SHA256' },
+    { cmd => [qw{openssl kdf -keylen 25 -digest SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}],
+      expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C',
+      desc => 'PBKDF2 SHA256'},
+    { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+      expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
+      desc => 'SSKDF KMAC128'},
+    { cmd => [qw{openssl kdf -keylen 16 -mac HMAC -digest SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+      expected => '44:f6:76:e8:5c:1b:1a:8b:bc:3d:31:92:18:63:1c:a3',
+      desc => 'SSKDF HMAC SHA256'},
+    { cmd => [qw{openssl kdf -keylen 14 -digest SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}],
+      expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8',
+      desc => 'SSKDF HASH SHA224'},
+    { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
+    expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
+    desc => 'SSHKDF SHA256'},
+
+    # Using the -kdfopt digest: option instead of -digest
     { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}],
       expected => '8E:4D:93:25:30:D7:65:A0:AA:E9:74:C3:04:73:5E:CC',
       desc => 'TLS1-PRF SHA256' },
@@ -28,10 +54,10 @@ my @kdf_tests = (
     { cmd => [qw{openssl kdf -keylen 25 -kdfopt digest:SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}],
       expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C',
       desc => 'PBKDF2 SHA256'},
-    { cmd => [qw{openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+    { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
       expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
       desc => 'SSKDF KMAC128'},
-    { cmd => [qw{openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+    { cmd => [qw{openssl kdf -keylen 16 -mac HMAC -kdfopt digest:SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
       expected => '44:f6:76:e8:5c:1b:1a:8b:bc:3d:31:92:18:63:1c:a3',
       desc => 'SSKDF HMAC SHA256'},
     { cmd => [qw{openssl kdf -keylen 14 -kdfopt digest:SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}],
@@ -40,6 +66,14 @@ my @kdf_tests = (
     { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
     expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
     desc => 'SSHKDF SHA256'},
+
+    # Additionally using -kdfopt mac: instead of -mac
+    { cmd => [qw{openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+      expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
+      desc => 'SSKDF KMAC128'},
+    { cmd => [qw{openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+      expected => '44:f6:76:e8:5c:1b:1a:8b:bc:3d:31:92:18:63:1c:a3',
+      desc => 'SSKDF HMAC SHA256'},
 );
 
 my @scrypt_tests = (

From pauli at openssl.org  Sat May  8 12:17:30 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 08 May 2021 12:17:30 +0000
Subject: [openssl]  master update
Message-ID: <1620476250.084428.16717.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0f4fb64785dbdb074b6a0e7f415697ad74596c0c (commit)
       via  29f5727b83c4ec26ff8e183c1b0dc707a3719588 (commit)
       via  68f3fb051487581e3a424235b3d4f651cf558493 (commit)
      from  a1230dea4d255a1ea27b18af7a178fe2501e7dad (commit)


- Log -----------------------------------------------------------------
commit 0f4fb64785dbdb074b6a0e7f415697ad74596c0c
Author: Pauli <pauli at openssl.org>
Date:   Fri May 7 15:48:27 2021 +1000

    apps/mac: Add digest and cipher command line options
    
    Add -cipher and -digest as short forms of -macopt cipher: and -macopt digest:
    respectively.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15189)

commit 29f5727b83c4ec26ff8e183c1b0dc707a3719588
Author: Pauli <pauli at openssl.org>
Date:   Fri May 7 14:19:06 2021 +1000

    apps/mac: avoid need for two ^D when using stdin from a terminal
    
    Fixes #13246
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15189)

commit 68f3fb051487581e3a424235b3d4f651cf558493
Author: Pauli <pauli at openssl.org>
Date:   Fri May 7 14:12:38 2021 +1000

    apps: remove initial newline from mac output
    
    Fixes #13247
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15189)

-----------------------------------------------------------------------

Summary of changes:
 apps/mac.c                  | 42 +++++++++++++++++++++++++++++++++++++++---
 doc/man1/openssl-mac.pod.in | 44 +++++++++++++++++++++++++++-----------------
 test/recipes/20-test_mac.t  | 30 +++++++++++++++++++++++++-----
 3 files changed, 91 insertions(+), 25 deletions(-)

diff --git a/apps/mac.c b/apps/mac.c
index c722be3102..ca02a781e5 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -15,6 +15,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/params.h>
+#include <openssl/core_names.h>
 
 #undef BUFSIZE
 #define BUFSIZE 1024*8
@@ -22,6 +23,7 @@
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT,
+    OPT_CIPHER, OPT_DIGEST,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
 
@@ -31,6 +33,8 @@ const OPTIONS mac_options[] = {
     OPT_SECTION("General"),
     {"help", OPT_HELP, '-', "Display this summary"},
     {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form"},
+    {"cipher", OPT_CIPHER, 's', "Cipher"},
+    {"digest", OPT_DIGEST, 's', "Digest"},
     {OPT_MORE_STR, 1, '-', "See 'PARAMETER NAMES' in the EVP_MAC_ docs"},
 
     OPT_SECTION("Input"),
@@ -48,6 +52,24 @@ const OPTIONS mac_options[] = {
     {NULL}
 };
 
+static char *alloc_mac_algorithm_name(STACK_OF(OPENSSL_STRING) **optp,
+                                      const char *name, const char *arg)
+{
+    size_t len = strlen(name) + strlen(arg) + 2;
+    char *res = app_malloc(len, "algorithm name");
+
+    if (*optp == NULL)
+        *optp = sk_OPENSSL_STRING_new_null();
+    if (*optp == NULL)
+        return NULL;
+
+    BIO_snprintf(res, len, "%s:%s", name, arg);
+    if (sk_OPENSSL_STRING_push(*optp, res))
+        return res;
+    OPENSSL_free(res);
+    return NULL;
+}
+
 int mac_main(int argc, char **argv)
 {
     int ret = 1;
@@ -64,6 +86,7 @@ int mac_main(int argc, char **argv)
     const char *infile = NULL;
     int out_bin = 0;
     int inform = FORMAT_BINARY;
+    char *digest = NULL, *cipher = NULL;
     OSSL_PARAM *params = NULL;
 
     prog = opt_init(argc, argv, mac_options);
@@ -93,6 +116,18 @@ opthelp:
             if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg()))
                 goto opthelp;
             break;
+        case OPT_CIPHER:
+            OPENSSL_free(cipher);
+            cipher = alloc_mac_algorithm_name(&opts, "cipher", opt_arg());
+            if (cipher == NULL)
+                goto opthelp;
+            break;
+        case OPT_DIGEST:
+            OPENSSL_free(digest);
+            digest = alloc_mac_algorithm_name(&opts, "digest", opt_arg());
+            if (digest == NULL)
+                goto opthelp;
+            break;
         case OPT_PROV_CASES:
             if (!opt_provider(o))
                 goto err;
@@ -150,10 +185,11 @@ opthelp:
         goto err;
     }
 
-    for (;;) {
+    while (BIO_pending(in) || !BIO_eof(in)) {
         i = BIO_read(in, (char *)buf, BUFSIZE);
         if (i < 0) {
             BIO_printf(bio_err, "Read Error in '%s'\n", infile);
+            ERR_print_errors(bio_err);
             goto err;
         }
         if (i == 0)
@@ -181,8 +217,6 @@ opthelp:
     if (out_bin) {
         BIO_write(out, buf, len);
     } else {
-        if (outfile == NULL)
-            BIO_printf(out,"\n");
         for (i = 0; i < (int)len; ++i)
             BIO_printf(out, "%02X", buf[i]);
         if (outfile == NULL)
@@ -194,6 +228,8 @@ err:
     if (ret != 0)
         ERR_print_errors(bio_err);
     OPENSSL_clear_free(buf, BUFSIZE);
+    OPENSSL_free(cipher);
+    OPENSSL_free(digest);
     sk_OPENSSL_STRING_free(opts);
     BIO_free(in);
     BIO_free(out);
diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in
index 4c9cc3bc31..b158ff3b8d 100644
--- a/doc/man1/openssl-mac.pod.in
+++ b/doc/man1/openssl-mac.pod.in
@@ -9,6 +9,8 @@ openssl-mac - perform Message Authentication Code operations
 
 B<openssl mac>
 [B<-help>]
+[B<-cipher>]
+[B<-digest>]
 [B<-macopt>]
 [B<-in> I<filename>]
 [B<-out> I<filename>]
@@ -44,6 +46,20 @@ Filename to output to, or standard output by default.
 
 Output the MAC in binary form. Uses hexadecimal text format if not specified.
 
+=item B<-cipher> I<name>
+
+Used by CMAC and GMAC to specify the cipher algorithm.
+For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or
+DES-EDE3-CBC.
+For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
+
+=item B<-digest> I<name>
+
+Used by HMAC as an alphanumeric string (use if the key contains printable
+characters only).
+The string length must conform to any restrictions of the MAC algorithm.
+To see the list of supported digests, use C<openssl list -digest-commands>.
+
 =item B<-macopt> I<nm>:I<v>
 
 Passes options to the MAC algorithm.
@@ -66,20 +82,6 @@ Specifies the MAC key in hexadecimal form (two hex digits per byte).
 The key length must conform to any restrictions of the MAC algorithm.
 A key must be specified for every MAC algorithm.
 
-=item B<digest:>I<string>
-
-Used by HMAC as an alphanumeric string (use if the key contains printable
-characters only).
-The string length must conform to any restrictions of the MAC algorithm.
-To see the list of supported digests, use C<openssl list -digest-commands>.
-
-=item B<cipher:>I<string>
-
-Used by CMAC and GMAC to specify the cipher algorithm.
-For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or
-DES-EDE3-CBC.
-For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
-
 =item B<iv:>I<string>
 
 Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains
@@ -99,6 +101,14 @@ The default sizes are 32 or 64 bytes respectively.
 Used by KMAC128 or KMAC256 to specify a customization string.
 The default is the empty string "".
 
+=item B<digest:>I<string>
+
+This option is identical to the B<-digest> option.
+
+=item B<cipher:>I<string>
+
+This option is identical to the B<-cipher> option.
+
 =back
 
 {- $OpenSSL::safe::opt_provider_item -}
@@ -115,7 +125,7 @@ To see the list of supported MAC's use the command C<opensssl list
 =head1 EXAMPLES
 
 To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \
- openssl mac -macopt digest:SHA1 \
+ openssl mac -digest SHA1 \
          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
          -in msg.bin HMAC
 
@@ -124,7 +134,7 @@ To create a SipHash MAC from a file with a binary file output: \
          -in msg.bin -out out.bin -binary SipHash
 
 To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\
- openssl mac -macopt cipher:AES-128-CBC \
+ openssl mac -cipher AES-128-CBC \
          -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
          -in msg.bin CMAC
 
@@ -134,7 +144,7 @@ To create a hex-encoded KMAC128 MAC from a file with a Customisation String
          -macopt size:16 -in msg.bin KMAC128
 
 To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \
- openssl mac -macopt cipher:AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
+ openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
          -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
 
 =head1 NOTES
diff --git a/test/recipes/20-test_mac.t b/test/recipes/20-test_mac.t
index ee5f77d361..cc25e77453 100644
--- a/test/recipes/20-test_mac.t
+++ b/test/recipes/20-test_mac.t
@@ -17,16 +17,26 @@ use Storable qw(dclone);
 setup("test_mac");
 
 my @mac_tests = (
-    { cmd => [qw{openssl mac -macopt digest:SHA1 -macopt hexkey:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F}],
+    { cmd => [qw{openssl mac -digest SHA1 -macopt hexkey:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F}],
       type => 'HMAC',
       input => unpack("H*", "Sample message for keylen=blocklen"),
       expected => '5FD596EE78D5553C8FF4E72D266DFD192366DA29',
       desc => 'HMAC SHA1' },
-   { cmd => [qw{openssl mac -macopt cipher:AES-256-GCM -macopt hexkey:4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5 -macopt hexiv:7AE8E2CA4EC500012E58495C}],
+    { cmd => [qw{openssl mac -macopt digest:SHA1 -macopt hexkey:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F}],
+      type => 'HMAC',
+      input => unpack("H*", "Sample message for keylen=blocklen"),
+      expected => '5FD596EE78D5553C8FF4E72D266DFD192366DA29',
+      desc => 'HMAC SHA1 via -macopt' },
+   { cmd => [qw{openssl mac -cipher AES-256-GCM -macopt hexkey:4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5 -macopt hexiv:7AE8E2CA4EC500012E58495C}],
      type => 'GMAC',
      input => '68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007',
      expected => '00BDA1B7E87608BCBF470F12157F4C07',
      desc => 'GMAC' },
+   { cmd => [qw{openssl mac -macopt cipher:AES-256-GCM -macopt hexkey:4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5 -macopt hexiv:7AE8E2CA4EC500012E58495C}],
+     type => 'GMAC',
+     input => '68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007',
+     expected => '00BDA1B7E87608BCBF470F12157F4C07',
+     desc => 'GMAC via -macopt' },
    { cmd => [qw{openssl mac -macopt hexkey:404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F -macopt xof:0}],
      type => 'KMAC128',
      input => '00010203',
@@ -53,11 +63,16 @@ my @siphash_tests = (
 );
 
 my @cmac_tests = (
+    { cmd => [qw{openssl mac -cipher AES-256-CBC -macopt hexkey:0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1}],
+      type => 'CMAC',
+      input => '498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F',
+      expected => 'F62C46329B41085625669BAF51DEA66A',
+      desc => 'CMAC AES-256-CBC' },
     { cmd => [qw{openssl mac -macopt cipher:AES-256-CBC -macopt hexkey:0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1}],
       type => 'CMAC',
       input => '498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F',
       expected => 'F62C46329B41085625669BAF51DEA66A',
-      desc => 'CMAC AES-256-CBC' }
+      desc => 'CMAC AES-256-CBC' },
 );
 
 my @poly1305_tests = (
@@ -83,6 +98,11 @@ my @mac_fail_tests = (
       input => '00',
       err => 'Invalid MAC name KMAC128',
       desc => 'KMAC128 Fail unknown property' },
+    { cmd => [qw{openssl mac -cipher AES-128-CBC -macopt hexkey:00}],
+      type => 'HMAC',
+      input => '00',
+      err => 'MAC parameter error',
+      desc => 'HMAC given a cipher' },
 );
 
 my @siphash_fail_tests = (
@@ -137,10 +157,10 @@ sub compareline {
     # Not unlinking $tmpfile
 
     if (defined($expect)) {
-        if ($lines[1] =~ m|^\Q${expect}\E\R$|) {
+        if ($lines[0] =~ m|^\Q${expect}\E\R$|) {
             return 1;
         } else {
-            print "Got: $lines[1]";
+            print "Got: $lines[0]";
             print "Exp: $expect\n";
             return 0;
         }

From dev at ddvo.net  Sat May  8 12:36:58 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 08 May 2021 12:36:58 +0000
Subject: [openssl]  master update
Message-ID: <1620477418.807484.28166.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0a8a6afdfb71e42962921980b51942cea8632697 (commit)
       via  bea31afef013aaf5638e96e9bed1b633c510d50d (commit)
      from  0f4fb64785dbdb074b6a0e7f415697ad74596c0c (commit)


- Log -----------------------------------------------------------------
commit 0a8a6afdfb71e42962921980b51942cea8632697
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Mar 29 19:42:33 2021 +0200

    Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
    
    This helps compensating for deprecated functions such as HMAC()
    and reduces clutter in the crypto lib, apps, and tests.
    Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c.
    and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod
    
    Partially fixes #14628.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14664)

commit bea31afef013aaf5638e96e9bed1b633c510d50d
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Mar 24 09:11:13 2021 +0100

    DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14664)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                             |  8 ++---
 apps/lib/s_cb.c                        | 35 ++++---------------
 crypto/crmf/crmf_pbm.c                 | 24 +++++--------
 crypto/evp/mac_lib.c                   | 62 ++++++++++++++++++++++++++++++++++
 crypto/hmac/hmac.c                     | 42 ++++++-----------------
 doc/man3/EVP_MAC.pod                   | 30 +++++++++++++---
 doc/man3/HMAC.pod                      | 59 ++++++++++++++++----------------
 doc/man3/PEM_X509_INFO_read_bio_ex.pod |  3 +-
 doc/man3/SSL_load_client_CA_file.pod   |  4 +--
 doc/man3/X509_LOOKUP.pod               | 16 ++++-----
 doc/man3/X509_STORE_add_cert.pod       | 14 ++++----
 doc/man3/X509_new.pod                  |  2 +-
 include/openssl/evp.h                  |  5 +++
 include/openssl/hmac.h                 |  9 ++---
 providers/fips-sources.checksums       |  6 ++--
 providers/fips.checksum                |  2 +-
 providers/implementations/kdfs/hkdf.c  | 30 +++++++++-------
 ssl/tls13_enc.c                        | 26 ++++----------
 test/hmactest.c                        | 23 ++++++-------
 util/libcrypto.num                     |  3 +-
 20 files changed, 217 insertions(+), 186 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 29d28f91ab..a2ef2f6b3f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1033,18 +1033,18 @@ OpenSSL 3.0
 
    *Paul Dale*
 
- * All of the low level HMAC functions have been deprecated including:
+ * All low level HMAC functions except for HMAC have been deprecated including:
 
-   HMAC, HMAC_size, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free,
+   HMAC_size, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free,
    HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags
    and HMAC_CTX_get_md.
 
    Use of these low level functions has been informally discouraged for a long
    time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
    L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
-   and L<EVP_MAC_final(3)>.
+   and L<EVP_MAC_final(3)> or the single-shot MAC function L<EVP_Q_mac(3)>.
 
-   *Paul Dale*
+   *Paul Dale and David von Oheimb*
 
  * Over two thousand fixes were made to the documentation, including:
    - Common options (such as -rand/-writerand, TLS version control, etc)
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 0bb4b6c436..bdd5051ee6 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -739,10 +739,6 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
     unsigned short port;
     BIO_ADDR *lpeer = NULL, *peer = NULL;
     int res = 0;
-    EVP_MAC *hmac = NULL;
-    EVP_MAC_CTX *ctx = NULL;
-    OSSL_PARAM params[2], *p = params;
-    size_t mac_len;
 
     /* Initialize a random secret */
     if (!cookie_initialized) {
@@ -780,32 +776,13 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
     memcpy(buffer, &port, sizeof(port));
     BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
 
-    /* Calculate HMAC of buffer using the secret */
-    hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
-    if (hmac == NULL) {
-            BIO_printf(bio_err, "HMAC not found\n");
-            goto end;
-    }
-    ctx = EVP_MAC_CTX_new(hmac);
-    if (ctx == NULL) {
-            BIO_printf(bio_err, "HMAC context allocation failed\n");
-            goto end;
-    }
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA1", 0);
-    *p = OSSL_PARAM_construct_end();
-    if (!EVP_MAC_init(ctx, cookie_secret, COOKIE_SECRET_LENGTH, params)) {
-            BIO_printf(bio_err, "HMAC context initialisation failed\n");
-            goto end;
-    }
-    if (!EVP_MAC_update(ctx, buffer, length)) {
-            BIO_printf(bio_err, "HMAC context update failed\n");
-            goto end;
-    }
-    if (!EVP_MAC_final(ctx, cookie, &mac_len, DTLS1_COOKIE_LENGTH)) {
-            BIO_printf(bio_err, "HMAC context final failed\n");
-            goto end;
+    if (EVP_Q_mac(NULL, "HMAC", NULL, "SHA1", NULL,
+                  cookie_secret, COOKIE_SECRET_LENGTH, buffer, length,
+                  cookie, DTLS1_COOKIE_LENGTH, cookie_len) == NULL) {
+        BIO_printf(bio_err,
+                   "Error calculating HMAC-SHA1 of buffer with secret\n");
+        goto end;
     }
-    *cookie_len = (int)mac_len;
     res = 1;
 end:
     OPENSSL_free(buffer);
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index 40a41c28b2..cf483dcb9a 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -16,6 +16,7 @@
 
 #include <openssl/rand.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 
 /* explicit #includes not strictly needed since implied by the above: */
 #include <openssl/asn1t.h>
@@ -120,8 +121,8 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
  * |msglen| length of the message
  * |sec| key to use
  * |seclen| length of the key
- * |mac| pointer to the computed mac, will be set on success
- * |maclen| if not NULL, will set variable to the length of the mac on success
+ * |out| pointer to the computed mac, will be set on success
+ * |outlen| if not NULL, will set variable to the length of the mac on success
  * returns 1 on success, 0 on error
  */
 /* TODO try to combine with other MAC calculations in the libray */
@@ -140,10 +141,8 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
     unsigned int bklen = EVP_MAX_MD_SIZE;
     int64_t iterations;
     unsigned char *mac_res = 0;
+    unsigned int maclen;
     int ok = 0;
-    EVP_MAC *mac = NULL;
-    EVP_MAC_CTX *mctx = NULL;
-    OSSL_PARAM macparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     if (out == NULL || pbmp == NULL || pbmp->mac == NULL
             || pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) {
@@ -208,23 +207,16 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
         ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
         goto err;
     }
-
-    macparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
-                                                    (char *)hmac_mdname, 0);
-    if ((mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL
-            || (mctx = EVP_MAC_CTX_new(mac)) == NULL
-            || !EVP_MAC_CTX_set_params(mctx, macparams)
-            || !EVP_MAC_init(mctx, basekey, bklen, macparams)
-            || !EVP_MAC_update(mctx, msg, msglen)
-            || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE))
+    /* TODO generalize to non-HMAC: */
+    if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen,
+                  msg, msglen, mac_res, EVP_MAX_MD_SIZE, &maclen) == NULL)
         goto err;
 
+    *outlen = (size_t)maclen;
     ok = 1;
 
  err:
     OPENSSL_cleanse(basekey, bklen);
-    EVP_MAC_CTX_free(mctx);
-    EVP_MAC_free(mac);
     EVP_MD_free(owf);
     EVP_MD_CTX_free(ctx);
 
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 6f97de94de..8a34df3757 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -222,3 +222,65 @@ int EVP_MAC_names_do_all(const EVP_MAC *mac,
 
     return 1;
 }
+
+unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+                         const char *subalg, const OSSL_PARAM *params,
+                         const void *key, size_t keylen,
+                         const unsigned char *data, size_t datalen,
+                         unsigned char *out, size_t outsize, unsigned int *outlen)
+{
+    EVP_MAC *mac = EVP_MAC_fetch(libctx, name, propq);
+    OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    EVP_MAC_CTX *ctx  = NULL;
+    size_t len;
+    unsigned char *res = NULL;
+
+    if (outlen != NULL)
+        *outlen = 0;
+    if (mac == NULL)
+        return NULL;
+    if (subalg != NULL) {
+        const OSSL_PARAM *defined_params = EVP_MAC_settable_ctx_params(mac);
+        const char *param_name = OSSL_MAC_PARAM_DIGEST;
+
+        /*
+         * The underlying algorithm may be a cipher or a digest.
+         * We don't know which it is, but we can ask the MAC what it
+         * should be and bet on that.
+         */
+        if (OSSL_PARAM_locate_const(defined_params, param_name) == NULL) {
+            param_name = OSSL_MAC_PARAM_CIPHER;
+            if (OSSL_PARAM_locate_const(defined_params, param_name) == NULL) {
+                ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
+                goto err;
+            }
+        }
+        subalg_param[0] =
+            OSSL_PARAM_construct_utf8_string(param_name, (char *)subalg, 0);
+    }
+    /* Single-shot - on NULL key input, set dummy key value for EVP_MAC_Init. */
+    if (key == NULL && keylen == 0)
+        key = data;
+    if ((ctx = EVP_MAC_CTX_new(mac)) != NULL
+            && EVP_MAC_CTX_set_params(ctx, subalg_param)
+            && EVP_MAC_CTX_set_params(ctx, params)
+            && EVP_MAC_init(ctx, key, keylen, params)
+            && EVP_MAC_update(ctx, data, datalen)
+            && EVP_MAC_final(ctx, out, &len, outsize)) {
+        if (out == NULL) {
+            out = OPENSSL_malloc(len);
+            if (out != NULL && !EVP_MAC_final(ctx, out, NULL, len)) {
+                OPENSSL_free(out);
+                out = NULL;
+            }
+        }
+        res = out;
+        if (res != NULL && outlen != NULL)
+            *outlen = (unsigned int)len;
+    }
+
+ err:
+    EVP_MAC_CTX_free(ctx);
+    EVP_MAC_free(mac);
+    return res;
+}
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 6c1a70e4bd..6d142f2cbb 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -17,8 +17,9 @@
 #include <stdlib.h>
 #include <string.h>
 #include "internal/cryptlib.h"
-#include <openssl/hmac.h>
 #include <openssl/opensslconf.h>
+#include <openssl/hmac.h>
+#include <openssl/core_names.h>
 #include "hmac_local.h"
 
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
@@ -34,13 +35,12 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
     if (md != NULL && md != ctx->md && (key == NULL || len < 0))
         return 0;
 
-    if (md != NULL) {
+    if (md != NULL)
         ctx->md = md;
-    } else if (ctx->md) {
+    else if (ctx->md != NULL)
         md = ctx->md;
-    } else {
+    else
         return 0;
-    }
 
     /*
      * The HMAC construction is not allowed to be used with the
@@ -217,34 +217,14 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 }
 
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-                    const unsigned char *d, size_t n, unsigned char *md,
-                    unsigned int *md_len)
+                    const unsigned char *data, size_t data_len,
+                    unsigned char *md, unsigned int *md_len)
 {
-    HMAC_CTX *c = NULL;
-    static unsigned char m[EVP_MAX_MD_SIZE];
-    static const unsigned char dummy_key[1] = {'\0'};
+    static unsigned char static_md[EVP_MAX_MD_SIZE];
 
-    if (md == NULL)
-        md = m;
-    if ((c = HMAC_CTX_new()) == NULL)
-        goto err;
-
-    /* For HMAC_Init_ex, NULL key signals reuse. */
-    if (key == NULL && key_len == 0) {
-        key = dummy_key;
-    }
-
-    if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
-        goto err;
-    if (!HMAC_Update(c, d, n))
-        goto err;
-    if (!HMAC_Final(c, md, md_len))
-        goto err;
-    HMAC_CTX_free(c);
-    return md;
- err:
-    HMAC_CTX_free(c);
-    return NULL;
+    return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_name(evp_md), NULL,
+                     key, key_len, data, data_len,
+                     md == NULL ? static_md : md, EVP_MD_size(evp_md), md_len);
 }
 
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 27930eb89a..f4386f9daf 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -7,8 +7,9 @@ EVP_MAC_number, EVP_MAC_name, EVP_MAC_names_do_all, EVP_MAC_description,
 EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params,
 EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
 EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
-EVP_MAC_CTX_get_mac_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final,
-EVP_MAC_finalXOF, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
+EVP_MAC_CTX_get_mac_size, EVP_Q_mac,
+EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF,
+EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
 EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params,
 EVP_MAC_do_all_provided - EVP MAC routines
 
@@ -41,6 +42,11 @@ EVP_MAC_do_all_provided - EVP MAC routines
  int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
 
  size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx);
+ unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+                          const char *subalg, const OSSL_PARAM *params,
+                          const void *key, size_t keylen,
+                          const unsigned char *data, size_t datalen,
+                          unsigned char *out, size_t outsize, unsigned int *outlen);
  int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
                   const OSSL_PARAM params[]);
  int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
@@ -119,6 +125,19 @@ I<ctx>.
 
 =head2 Computing functions
 
+EVP_Q_mac() computes the message authentication code
+of I<data> with length I<datalen>
+using the MAC algorithm I<name> and the key I<key> with length I<keylen>.
+The MAC algorithm is fetched using any given I<libctx> and property query
+string I<propq>. It takes parameters I<subalg> and further I<params>,
+both of which may be NULL if not needed.
+If I<out> is not NULL, it places the result in the memory pointed at by I<out>,
+but only if I<outsize> is sufficient (otherwise no computation is made).
+If I<out> is NULL, it allocates and uses a buffer of suitable length,
+which will be returned on success and must be freed by the caller.
+In either case, also on error,
+it assigns the number of bytes written to I<*outlen> unless I<outlen> is NULL.
+
 EVP_MAC_init() sets up the underlying context I<ctx> with information given
 via the I<key> and I<params> arguments.  The MAC I<key> has a length of
 I<keylen> and the parameters in I<params> are processed before setting
@@ -162,6 +181,7 @@ EVP_MAC_CTX_set_params() passes chosen parameters to the underlying
 context, given a context I<ctx>.
 The set of parameters given with I<params> determine exactly what
 parameters are passed down.
+If I<params> are NULL, the unterlying context should do nothing and return 1.
 Note that a parameter that is unknown in the underlying context is
 simply ignored.
 Also, what happens when a needed parameter isn't passed down is
@@ -325,7 +345,7 @@ not be considered a breaking change to the API.
 
 =head1 RETURN VALUES
 
-EVP_MAC_fetch() returns a pointer to a newly fetched EVP_MAC, or
+EVP_MAC_fetch() returns a pointer to a newly fetched B<EVP_MAC>, or
 NULL if allocation failed.
 
 EVP_MAC_up_ref() returns 1 on success, 0 on error.
@@ -351,7 +371,9 @@ EVP_MAC_CTX_free() returns nothing at all.
 EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on
 success, 0 on error.
 
-EVP_MAC_init(), EVP_MAC_update(), EVP_MAC_final() and  EVP_MAC_finalXOF()
+EVP_Q_mac() returns a pointer to the computed MAC value, or NULL on error.
+
+EVP_MAC_init(), EVP_MAC_update(), EVP_MAC_final(), and EVP_MAC_finalXOF()
 return 1 on success, 0 on error.
 
 EVP_MAC_CTX_get_mac_size() returns the expected output size, or 0 if it isn't set.
diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod
index 816d6e325d..5057360253 100644
--- a/doc/man3/HMAC.pod
+++ b/doc/man3/HMAC.pod
@@ -20,14 +20,14 @@ HMAC_size
 
  #include <openssl/hmac.h>
 
+ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                     const unsigned char *data, size_t data_len,
+                     unsigned char *md, unsigned int *md_len);
+
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
 
- unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
-                     int key_len, const unsigned char *d, size_t n,
-                     unsigned char *md, unsigned int *md_len);
-
  HMAC_CTX *HMAC_CTX_new(void);
  int HMAC_CTX_reset(HMAC_CTX *ctx);
 
@@ -53,28 +53,29 @@ L<openssl_user_macros(7)>:
 
 =head1 DESCRIPTION
 
-All of the functions described on this page are deprecated. Applications should
-instead use L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
-L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)>.
-
 HMAC is a MAC (message authentication code), i.e. a keyed hash
 function used for message authentication, which is based on a hash
 function.
 
-HMAC() computes the message authentication code of the B<n> bytes at
-B<d> using the hash function B<evp_md> and the key B<key> which is
-B<key_len> bytes long.
+HMAC() computes the message authentication code of the I<data_len> bytes at
+I<data> using the hash function I<evp_md> and the key I<key> which is
+I<key_len> bytes long. The I<key> may also be NULL with I<key_len> being 0.
 
-It places the result in B<md> (which must have space for the output of
+It places the result in I<md> (which must have space for the output of
 the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
-If B<md> is NULL, the digest is placed in a static array.  The size of
-the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
-value for B<md>  to use the static array is not thread safe.
+If I<md> is NULL, the digest is placed in a static array.  The size of
+the output is placed in I<md_len>, unless it is NULL. Note: passing a NULL
+value for I<md> to use the static array is not thread safe.
 
-B<evp_md> is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does
-not support variable output length digests such as EVP_shake128() and
+I<evp_md> is a message digest such as EVP_sha1(), EVP_ripemd160() etc.
+HMAC does not support variable output length digests such as EVP_shake128() and
 EVP_shake256().
 
+All of the functions described below are deprecated.
+Applications should instead use L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>,
+L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)>
+or the 'quick' single-shot MAC function L<EVP_Q_mac(3)>.
+
 HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
 
 HMAC_CTX_reset() clears an existing B<HMAC_CTX> and associated
@@ -89,27 +90,27 @@ The following functions may be used if the message is not completely
 stored in memory:
 
 HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
-function B<evp_md> and key B<key>. If both are NULL, or if B<key> is NULL
-and B<evp_md> is the same as the previous call, then the
+function I<evp_md> and key I<key>. If both are NULL, or if I<key> is NULL
+and I<evp_md> is the same as the previous call, then the
 existing key is
-reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
+reused. I<ctx> must have been created with HMAC_CTX_new() before the first use
 of an B<HMAC_CTX> in this function.
 
-If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
-same as the previous digest used by B<ctx> then an error is returned
+If HMAC_Init_ex() is called with I<key> NULL and I<evp_md> is not the
+same as the previous digest used by I<ctx> then an error is returned
 because reuse of an existing key with a different digest is not supported.
 
 HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
-function B<evp_md> and the key B<key> which is B<key_len> bytes
+function I<evp_md> and the key I<key> which is I<key_len> bytes
 long.
 
 HMAC_Update() can be called repeatedly with chunks of the message to
-be authenticated (B<len> bytes at B<data>).
+be authenticated (I<len> bytes at I<data>).
 
-HMAC_Final() places the message authentication code in B<md>, which
+HMAC_Final() places the message authentication code in I<md>, which
 must have space for the hash function output.
 
-HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
+HMAC_CTX_copy() copies all of the internal state from I<sctx> into I<dctx>.
 
 HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
 These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
@@ -125,7 +126,7 @@ HMAC() returns a pointer to the message authentication code or NULL if
 an error occurred.
 
 HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
-B<NULL> if an error occurred.
+NULL if an error occurred.
 
 HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
 HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
@@ -142,11 +143,11 @@ RFC 2104
 
 =head1 SEE ALSO
 
-L<SHA1(3)>, L<evp(7)>
+L<SHA1(3)>, EVP_Q_mac(3), L<evp(7)>
 
 =head1 HISTORY
 
-All of these functions were deprecated in OpenSSL 3.0.
+All functions except for HMAC() were deprecated in OpenSSL 3.0.
 
 HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.
 
diff --git a/doc/man3/PEM_X509_INFO_read_bio_ex.pod b/doc/man3/PEM_X509_INFO_read_bio_ex.pod
index bd79829d2b..0c9b0ab6df 100644
--- a/doc/man3/PEM_X509_INFO_read_bio_ex.pod
+++ b/doc/man3/PEM_X509_INFO_read_bio_ex.pod
@@ -24,11 +24,10 @@ PEM_X509_INFO_read_bio_ex, PEM_X509_INFO_read_ex
 
 PEM_X509_INFO_read_ex() loads the B<X509_INFO> objects from a file I<fp>.
 
-PEM_X509_INFO_read_bio_ex loads the B<X509_INFO> objects using a bio I<bp>.
+PEM_X509_INFO_read_bio_ex() loads the B<X509_INFO> objects using a bio I<bp>.
 
 Each of the loaded B<X509_INFO> objects can contain a CRL, a certificate,
 and/or a private key.
-
 The elements are read sequentially, and as far as they are of different type than
 the elements read before, they are combined into the same B<X509_INFO> object.
 The idea behind this is that if, for instance, a certificate is followed by
diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod
index 9fc385a18a..a02cc016ad 100644
--- a/doc/man3/SSL_load_client_CA_file.pod
+++ b/doc/man3/SSL_load_client_CA_file.pod
@@ -28,10 +28,10 @@ SSL_add_store_cert_subjects_to_stack
 
 SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
 a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
-and property query <propq> are used when fetching algorithms from providers.
+and property query I<propq> are used when fetching algorithms from providers.
 
 SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
-but uses NULL for the library context I<libctx> and property query <propq>.
+but uses NULL for the library context I<libctx> and property query I<propq>.
 
 SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
 and adds their subject name to the already existing I<stack>.
diff --git a/doc/man3/X509_LOOKUP.pod b/doc/man3/X509_LOOKUP.pod
index 89dbb6a201..615c2070b9 100644
--- a/doc/man3/X509_LOOKUP.pod
+++ b/doc/man3/X509_LOOKUP.pod
@@ -94,7 +94,7 @@ X509_LOOKUP_ctrl_ex() is used to set or get additional data to or from
 a B<X509_LOOKUP> structure or its associated L<X509_LOOKUP_METHOD(3)>.
 The arguments of the control command are passed via I<argc> and I<argl>,
 its return value via I<*ret>. The library context I<libctx> and property
-query <propq> are used when fetching algorithms from providers.
+query I<propq> are used when fetching algorithms from providers.
 The meaning of the arguments depends on the I<cmd> number of the
 control command. In general, this function is not called directly, but
 wrapped by a macro call, see below.
@@ -102,17 +102,17 @@ The control I<cmd>s known to OpenSSL are discussed in more depth
 in L</Control Commands>.
 
 X509_LOOKUP_ctrl() is similar to X509_LOOKUP_ctrl_ex() but
-uses NULL for the library context I<libctx> and property query <propq>.
+uses NULL for the library context I<libctx> and property query I<propq>.
 
 X509_LOOKUP_load_file_ex() passes a filename to be loaded immediately
 into the associated B<X509_STORE>. The library context I<libctx> and property
-query <propq> are used when fetching algorithms from providers.
+query I<propq> are used when fetching algorithms from providers.
 I<type> indicates what type of object is expected.
 This can only be used with a lookup using the implementation
 L<X509_LOOKUP_file(3)>.
 
 X509_LOOKUP_load_file() is similar to X509_LOOKUP_load_file_ex() but
-uses NULL for the library context I<libctx> and property query <propq>.
+uses NULL for the library context I<libctx> and property query I<propq>.
 
 X509_LOOKUP_add_dir() passes a directory specification from which
 certificates and CRLs are loaded on demand into the associated
@@ -124,20 +124,20 @@ L<X509_LOOKUP_hash_dir(3)>.
 X509_LOOKUP_add_store_ex() passes a URI for a directory-like structure
 from which containers with certificates and CRLs are loaded on demand
 into the associated B<X509_STORE>. The library context I<libctx> and property
-query <propq> are used when fetching algorithms from providers.
+query I<propq> are used when fetching algorithms from providers.
 
 X509_LOOKUP_add_store() is similar to X509_LOOKUP_add_store_ex() but
-uses NULL for the library context I<libctx> and property query <propq>.
+uses NULL for the library context I<libctx> and property query I<propq>.
 
 X509_LOOKUP_load_store_ex() passes a URI for a single container from
 which certificates and CRLs are immediately loaded into the associated
-B<X509_STORE>. The library context I<libctx> and property query <propq> are used
+B<X509_STORE>. The library context I<libctx> and property query I<propq> are used
 when fetching algorithms from providers.
 These functions can only be used with a lookup using the
 implementation L<X509_LOOKUP_store(3)>.
 
 X509_LOOKUP_load_store() is similar to X509_LOOKUP_load_store_ex() but
-uses NULL for the library context I<libctx> and property query <propq>.
+uses NULL for the library context I<libctx> and property query I<propq>.
 
 X509_LOOKUP_load_file_ex(), X509_LOOKUP_load_file(),
 X509_LOOKUP_add_dir(),
diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod
index db7f0cfd8c..07e8654acb 100644
--- a/doc/man3/X509_STORE_add_cert.pod
+++ b/doc/man3/X509_STORE_add_cert.pod
@@ -93,10 +93,10 @@ B<X509_LOOKUP> functions can look up objects in that store.
 
 X509_STORE_load_file_ex() loads trusted certificate(s) into an
 B<X509_STORE> from a given file. The library context I<libctx> and property
-query <propq> are used when fetching algorithms from providers.
+query I<propq> are used when fetching algorithms from providers.
 
 X509_STORE_load_file() is similar to X509_STORE_load_file_ex() but
-uses NULL for the library context I<libctx> and property query <propq>.
+uses NULL for the library context I<libctx> and property query I<propq>.
 
 X509_STORE_load_path() loads trusted certificate(s) into an
 B<X509_STORE> from a given directory path.
@@ -105,10 +105,10 @@ documented in L<X509_LOOKUP_hash_dir(3)>.
 
 X509_STORE_load_store_ex() loads trusted certificate(s) into an
 B<X509_STORE> from a store at a given URI. The library context I<libctx> and
-property query <propq> are used when fetching algorithms from providers.
+property query I<propq> are used when fetching algorithms from providers.
 
 X509_STORE_load_store() is similar to X509_STORE_load_store_ex() but
-uses NULL for the library context I<libctx> and property query <propq>.
+uses NULL for the library context I<libctx> and property query I<propq>.
 
 X509_STORE_load_locations_ex() combines
 X509_STORE_load_file_ex() and X509_STORE_load_dir() for a given file
@@ -117,17 +117,17 @@ It is permitted to specify just a file, just a directory, or both
 paths.
 
 X509_STORE_load_locations() is similar to X509_STORE_load_locations_ex()
-but uses NULL for the library context I<libctx> and property query <propq>.
+but uses NULL for the library context I<libctx> and property query I<propq>.
 
 X509_STORE_set_default_paths_ex() is somewhat misnamed, in that it does
 not set what default paths should be used for loading certificates.  Instead,
 it loads certificates into the B<X509_STORE> from the hardcoded default
-paths. The library context I<libctx> and property query <propq> are used when
+paths. The library context I<libctx> and property query I<propq> are used when
 fetching algorithms from providers.
 
 X509_STORE_set_default_paths() is similar to
 X509_STORE_set_default_paths_ex() but uses NULL for the library
-context I<libctx> and property query <propq>.
+context I<libctx> and property query I<propq>.
 
 =head1 RETURN VALUES
 
diff --git a/doc/man3/X509_new.pod b/doc/man3/X509_new.pod
index 2514ae34ce..ea2b3a2cc9 100644
--- a/doc/man3/X509_new.pod
+++ b/doc/man3/X509_new.pod
@@ -22,7 +22,7 @@ The X509 ASN1 allocation routines, allocate and free an
 X509 structure, which represents an X509 certificate.
 
 X509_new_ex() allocates and initializes a X509 structure with a
-library context of I<libctx>, property query of <propq> and a reference
+library context of I<libctx>, property query of I<propq> and a reference
 count of B<1>. Many X509 functions such as X509_check_purpose(), and
 X509_verify() use this library context to select which providers supply the
 fetched algorithms (SHA1 is used internally). This created X509 object can then
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 91b84ebf6f..9374e86e66 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1176,6 +1176,11 @@ int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
 int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
 
 size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx);
+unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+                         const char *subalg, const OSSL_PARAM *params,
+                         const void *key, size_t keylen,
+                         const unsigned char *data, size_t datalen,
+                         unsigned char *out, size_t outsize, unsigned int *outlen);
 int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
                  const OSSL_PARAM params[]);
 int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
index f2f502ea5c..f9e1bff3f7 100644
--- a/include/openssl/hmac.h
+++ b/include/openssl/hmac.h
@@ -27,6 +27,7 @@
 # ifdef  __cplusplus
 extern "C" {
 # endif
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0 size_t HMAC_size(const HMAC_CTX *e);
 OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void);
@@ -45,15 +46,15 @@ OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
                                       size_t len);
 OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
                                      unsigned int *len);
-OSSL_DEPRECATEDIN_3_0 unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
-                                          int key_len, const unsigned char *d,
-                                          size_t n, unsigned char *md,
-                                          unsigned int *md_len);
 OSSL_DEPRECATEDIN_3_0 __owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
 OSSL_DEPRECATEDIN_3_0 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
 # endif
 
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *data, size_t data_len,
+                    unsigned char *md, unsigned int *md_len);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index e6d798648a..6175384c2d 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -180,7 +180,7 @@ c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp
 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670  crypto/evp/keymgmt_lib.c
 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535  crypto/evp/keymgmt_meth.c
 9fd78bfd59378fc4a9f56ce474310d8d2851aa42862c694ee0e47b175e836c51  crypto/evp/m_sigver.c
-0f5e0cd5c66712803a19774610f6bdfe572f5dda08c58cdf1b19d38a0693911c  crypto/evp/mac_lib.c
+ec959b00487bfc51f4cf33c21a60fd8a73087a622504f459ba4cfe48bb0a738c  crypto/evp/mac_lib.c
 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
 f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5  crypto/evp/p_lib.c
 b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pmeth_check.c
@@ -195,7 +195,7 @@ ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc
 a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52  crypto/ffc/ffc_params.c
 887357f0422954f2ecb855d468ad2456a76372dc401301ba284c0fd8c6b5092e  crypto/ffc/ffc_params_generate.c
 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
-84d8ae0141a79548ad65b31fe4673e8603930f942f21f3a7623e23f539799764  crypto/hmac/hmac.c
+c193773792bec29c791e84d150ffe5ef25f53cb02e23f0e12e9000234b4322e5  crypto/hmac/hmac.c
 7000ba81f54c1d516a536bc6e96ad3729e3b5b15740006c2e22f0b76606042d6  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
@@ -362,7 +362,7 @@ de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/impl
 427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6  providers/implementations/exchange/ecdh_exch.c
 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969  providers/implementations/exchange/ecx_exch.c
 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513  providers/implementations/exchange/kdf_exch.c
-4f8049771ff0cb57944e1ffc9599a96023e36b424138e51b1466f9a133f03943  providers/implementations/kdfs/hkdf.c
+9b9e7937be361de8e3c3fa9a2ef17edde8a0a4391bf55c72ff9785c1e4ee7dfc  providers/implementations/kdfs/hkdf.c
 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
 f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
 abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/implementations/kdfs/pbkdf2_fips.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 4ee2135be1..50a9c51b5c 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-a1ce185646a78b5eb88229b77aec1455e6e361f7428bb884aebe45cb8fdc3703  providers/fips-sources.checksums
+4d501c5fb8a5646c618eb02511a7a1ffab71823f6adee558ee30df8bb4bd6f40  providers/fips-sources.checksums
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index 2d3c72f501..ce0c81c1d2 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -41,12 +41,12 @@ static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params;
 static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
 static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params;
 
-static int HKDF(const EVP_MD *evp_md,
+static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md,
                 const unsigned char *salt, size_t salt_len,
                 const unsigned char *key, size_t key_len,
                 const unsigned char *info, size_t info_len,
                 unsigned char *okm, size_t okm_len);
-static int HKDF_Extract(const EVP_MD *evp_md,
+static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md,
                         const unsigned char *salt, size_t salt_len,
                         const unsigned char *ikm, size_t ikm_len,
                         unsigned char *prk, size_t prk_len);
@@ -127,6 +127,7 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
                            const OSSL_PARAM params[])
 {
     KDF_HKDF *ctx = (KDF_HKDF *)vctx;
+    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
     const EVP_MD *md;
 
     if (!ossl_prov_is_running() || !kdf_hkdf_set_ctx_params(ctx, params))
@@ -148,13 +149,12 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
 
     switch (ctx->mode) {
     case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
-        return HKDF(md, ctx->salt, ctx->salt_len, ctx->key,
-                    ctx->key_len, ctx->info, ctx->info_len, key,
-                    keylen);
+        return HKDF(libctx, md, ctx->salt, ctx->salt_len,
+                    ctx->key, ctx->key_len, ctx->info, ctx->info_len, key, keylen);
 
     case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
-        return HKDF_Extract(md, ctx->salt, ctx->salt_len, ctx->key,
-                            ctx->key_len, key, keylen);
+        return HKDF_Extract(libctx, md, ctx->salt, ctx->salt_len,
+                            ctx->key, ctx->key_len, key, keylen);
 
     case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
         return HKDF_Expand(md, ctx->key, ctx->key_len, ctx->info,
@@ -169,13 +169,13 @@ static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     const OSSL_PARAM *p;
     KDF_HKDF *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
     int n;
 
     if (params == NULL)
         return 1;
 
-    if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
+    if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
         return 0;
 
     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) {
@@ -316,7 +316,7 @@ const OSSL_DISPATCH ossl_kdf_hkdf_functions[] = {
  *   2.3.  Step 2: Expand
  *     HKDF-Expand(PRK, info, L) -> OKM
  */
-static int HKDF(const EVP_MD *evp_md,
+static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md,
                 const unsigned char *salt, size_t salt_len,
                 const unsigned char *ikm, size_t ikm_len,
                 const unsigned char *info, size_t info_len,
@@ -332,7 +332,8 @@ static int HKDF(const EVP_MD *evp_md,
     prk_len = (size_t)sz;
 
     /* Step 1: HKDF-Extract(salt, IKM) -> PRK */
-    if (!HKDF_Extract(evp_md, salt, salt_len, ikm, ikm_len, prk, prk_len))
+    if (!HKDF_Extract(libctx, evp_md,
+                      salt, salt_len, ikm, ikm_len, prk, prk_len))
         return 0;
 
     /* Step 2: HKDF-Expand(PRK, info, L) -> OKM */
@@ -366,7 +367,7 @@ static int HKDF(const EVP_MD *evp_md,
  *
  *   PRK = HMAC-Hash(salt, IKM)
  */
-static int HKDF_Extract(const EVP_MD *evp_md,
+static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md,
                         const unsigned char *salt, size_t salt_len,
                         const unsigned char *ikm, size_t ikm_len,
                         unsigned char *prk, size_t prk_len)
@@ -380,7 +381,10 @@ static int HKDF_Extract(const EVP_MD *evp_md,
         return 0;
     }
     /* calc: PRK = HMAC-Hash(salt, IKM) */
-    return HMAC(evp_md, salt, salt_len, ikm, ikm_len, prk, NULL) != NULL;
+    return
+        EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_name(evp_md), NULL, salt,
+                  salt_len, ikm, ikm_len, prk, EVP_MD_size(evp_md), NULL)
+        != NULL;
 }
 
 /*
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index f88d59948d..dba1e5fb8c 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -306,22 +306,14 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
                              unsigned char *out)
 {
     const char *mdname = EVP_MD_name(ssl_handshake_md(s));
-    EVP_MAC *hmac = EVP_MAC_fetch(s->ctx->libctx, "HMAC", s->ctx->propq);
     unsigned char hash[EVP_MAX_MD_SIZE];
     unsigned char finsecret[EVP_MAX_MD_SIZE];
     unsigned char *key = NULL;
+    unsigned int len = 0;
     size_t hashlen, ret = 0;
-    EVP_MAC_CTX *ctx = NULL;
-    OSSL_PARAM params[3], *p = params;
-
-    if (hmac == NULL) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
+    OSSL_PARAM params[2], *p = params;
 
     /* Safe to cast away const here since we're not "getting" any data */
-    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
-                                            (char *)mdname, 0);
     if (s->ctx->propq != NULL)
         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES,
                                                 (char *)s->ctx->propq,
@@ -345,21 +337,17 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
         key = finsecret;
     }
 
-    ctx = EVP_MAC_CTX_new(hmac);
-    if (ctx == NULL
-            || !EVP_MAC_init(ctx, key, hashlen, params)
-            || !EVP_MAC_update(ctx, hash, hashlen)
-               /* outsize as per sizeof(peer_finish_md) */
-            || !EVP_MAC_final(ctx, out, &hashlen, EVP_MAX_MD_SIZE * 2)) {
+    if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname,
+                   params, key, hashlen, hash, hashlen,
+                   /* outsize as per sizeof(peer_finish_md) */
+                   out, EVP_MAX_MD_SIZE * 2, &len)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
 
-    ret = hashlen;
+    ret = len;
  err:
     OPENSSL_cleanse(finsecret, sizeof(finsecret));
-    EVP_MAC_CTX_free(ctx);
-    EVP_MAC_free(hmac);
     return ret;
 }
 
diff --git a/test/hmactest.c b/test/hmactest.c
index babfb0e1a7..918ae0b005 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -100,10 +100,7 @@ static int test_hmac_md5(int idx)
                 test[idx].data, test[idx].data_len, NULL, NULL),
                 MD5_DIGEST_LENGTH);
 
-    if (!TEST_str_eq(p, test[idx].digest))
-      return 0;
-
-    return 1;
+    return TEST_ptr(p) && TEST_str_eq(p, test[idx].digest);
 }
 # endif
 
@@ -151,7 +148,7 @@ static int test_hmac_run(void)
         goto err;
 
     p = pt(buf, len);
-    if (!TEST_str_eq(p, test[4].digest))
+    if (!TEST_ptr(p) || !TEST_str_eq(p, test[4].digest))
         goto err;
 
     if (!TEST_false(HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)))
@@ -164,7 +161,7 @@ static int test_hmac_run(void)
         goto err;
 
     p = pt(buf, len);
-    if (!TEST_str_eq(p, test[5].digest))
+    if (!TEST_ptr(p) || !TEST_str_eq(p, test[5].digest))
         goto err;
 
     if (!TEST_true(HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL))
@@ -172,7 +169,7 @@ static int test_hmac_run(void)
         || !TEST_true(HMAC_Final(ctx, buf, &len)))
         goto err;
     p = pt(buf, len);
-    if (!TEST_str_eq(p, test[6].digest))
+    if (!TEST_ptr(p) || !TEST_str_eq(p, test[6].digest))
         goto err;
 
     /* Test reusing a key */
@@ -181,7 +178,7 @@ static int test_hmac_run(void)
         || !TEST_true(HMAC_Final(ctx, buf, &len)))
         goto err;
     p = pt(buf, len);
-    if (!TEST_str_eq(p, test[6].digest))
+    if (!TEST_ptr(p) || !TEST_str_eq(p, test[6].digest))
         goto err;
 
     /*
@@ -193,7 +190,7 @@ static int test_hmac_run(void)
         || !TEST_true(HMAC_Final(ctx, buf, &len)))
         goto err;
     p = pt(buf, len);
-    if (!TEST_str_eq(p, test[6].digest))
+    if (!TEST_ptr(p) || !TEST_str_eq(p, test[6].digest))
         goto err;
 
     ret = 1;
@@ -207,10 +204,10 @@ static int test_hmac_single_shot(void)
 {
     char *p;
 
-    /* Test single-shot with an empty key. */
+    /* Test single-shot with NULL key. */
     p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len,
                 NULL, NULL), SHA_DIGEST_LENGTH);
-    if (!TEST_str_eq(p, test[4].digest))
+    if (!TEST_ptr(p) || !TEST_str_eq(p, test[4].digest))
         return 0;
 
     return 1;
@@ -237,7 +234,7 @@ static int test_hmac_copy(void)
         goto err;
 
     p = pt(buf, len);
-    if (!TEST_str_eq(p, test[7].digest))
+    if (!TEST_ptr(p) || !TEST_str_eq(p, test[7].digest))
         goto err;
 
     ret = 1;
@@ -253,6 +250,8 @@ static char *pt(unsigned char *md, unsigned int len)
     unsigned int i;
     static char buf[80];
 
+    if (md == NULL)
+        return NULL;
     for (i = 0; i < len; i++)
         sprintf(&(buf[i * 2]), "%02x", md[i]);
     return buf;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 13ec6e26f7..2e89c5dd26 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2028,7 +2028,7 @@ MDC2_Init                               2075	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 i2o_SCT                                 2076	3_0_0	EXIST::FUNCTION:CT
 d2i_TS_STATUS_INFO                      2077	3_0_0	EXIST::FUNCTION:TS
 ERR_error_string_n                      2078	3_0_0	EXIST::FUNCTION:
-HMAC                                    2079	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+HMAC                                    2079	3_0_0	EXIST::FUNCTION:
 BN_mul                                  2080	3_0_0	EXIST::FUNCTION:
 BN_get0_nist_prime_384                  2081	3_0_0	EXIST::FUNCTION:
 X509_VERIFY_PARAM_set1_ip_asc           2082	3_0_0	EXIST::FUNCTION:
@@ -4408,6 +4408,7 @@ EVP_MAC_CTX_free                        ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_CTX_dup                         ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_CTX_mac                         ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_CTX_get_mac_size                ?	3_0_0	EXIST::FUNCTION:
+EVP_Q_mac                               ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_init                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_final                           ?	3_0_0	EXIST::FUNCTION:

From dev at ddvo.net  Sat May  8 12:43:03 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 08 May 2021 12:43:03 +0000
Subject: [openssl]  master update
Message-ID: <1620477783.376087.23049.nullmailer@dev.openssl.org>

The branch master has been updated
       via  4d49b68504cc494e552bce8e0b82ec8b501d5abe (commit)
      from  0a8a6afdfb71e42962921980b51942cea8632697 (commit)


- Log -----------------------------------------------------------------
commit 4d49b68504cc494e552bce8e0b82ec8b501d5abe
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Mar 29 19:32:48 2021 +0200

    Crypto: Add deprecation compatibility declarations for SHA* message digest functions
    
    Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14741)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                         | 76 ++++++++++++----------
 crypto/evp/digest.c                                | 14 ++++
 crypto/evp/e_des3.c                                | 11 ++--
 crypto/sha/sha1_one.c                              |  3 +-
 crypto/sha/sha256.c                                | 28 --------
 crypto/sha/sha512.c                                | 28 --------
 doc/man3/EVP_DigestInit.pod                        | 24 +++++--
 doc/man3/SHA256_Init.pod                           | 28 ++++----
 doc/man7/provider-digest.pod                       |  2 +-
 include/crypto/sha.h                               |  3 +-
 include/openssl/evp.h                              |  3 +
 include/openssl/sha.h                              | 33 +++++-----
 providers/fips-sources.checksums                   |  6 +-
 providers/fips.checksum                            |  2 +-
 .../implementations/ciphers/cipher_tdes_wrap.c     | 10 +--
 util/libcrypto.num                                 | 11 ++--
 util/other.syms                                    |  5 ++
 17 files changed, 138 insertions(+), 149 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index a2ef2f6b3f..69863b27da 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -240,11 +240,11 @@ OpenSSL 3.0
 
    *Matt Caswell*
 
- * A number of functions handling low level keys or engines were deprecated
+ * A number of functions handling low-level keys or engines were deprecated
    including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(),
    EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and
    EVP_PKEY_get0_siphash(). Applications using engines should instead use
-   providers. Applications getting or setting low level keys in an EVP_PKEY
+   providers. Applications getting or setting low-level keys in an EVP_PKEY
    should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively
    use EVP_PKEY_fromdata() or EVP_PKEY_get_params().
 
@@ -405,7 +405,7 @@ OpenSSL 3.0
 
    *Dmitry Belyavskiy*
 
- * All of the low level EC_KEY functions have been deprecated including:
+ * All of the low-level EC_KEY functions have been deprecated including:
 
    EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
    EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
@@ -823,7 +823,7 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
- * All of the low level RSA functions have been deprecated including:
+ * All of the low-level RSA functions have been deprecated including:
 
    RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
    RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
@@ -854,12 +854,12 @@ OpenSSL 3.0
    RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
    RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
 
-   Use of these low level functions has been informally discouraged for a long
+   Use of these low-level functions has been informally discouraged for a long
    time.  Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
    L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
    L<EVP_PKEY_decrypt(3)>.
 
-   All of these low level RSA functions have been deprecated without
+   All of these low-level RSA functions have been deprecated without
    replacement:
 
    RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
@@ -904,7 +904,7 @@ OpenSSL 3.0
 
    *Paul Dale*
 
- * All of the low level DH functions have been deprecated including:
+ * All of the low-level DH functions have been deprecated including:
 
    DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
    DH_new_method, DH_new, DH_free, DH_up_ref, DH_bits, DH_set0_pqg, DH_size,
@@ -920,11 +920,11 @@ OpenSSL 3.0
    DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish,
    DH_meth_get_generate_params and DH_meth_set_generate_params.
 
-   Use of these low level functions has been informally discouraged for a long
+   Use of these low-level functions has been informally discouraged for a long
    time.  Instead applications should use L<EVP_PKEY_derive_init(3)>
    and L<EVP_PKEY_derive(3)>.
 
-   These low level DH functions have been deprecated without replacement:
+   These low-level DH functions have been deprecated without replacement:
 
    DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
    DH_set_flags and DH_test_flags.
@@ -948,7 +948,7 @@ OpenSSL 3.0
 
    *Paul Dale and Matt Caswell*
 
- * All of the low level DSA functions have been deprecated including:
+ * All of the low-level DSA functions have been deprecated including:
 
    DSA_new, DSA_free, DSA_up_ref, DSA_bits, DSA_get0_pqg, DSA_set0_pqg,
    DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g,
@@ -968,11 +968,11 @@ OpenSSL 3.0
    DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
    DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
 
-   Use of these low level functions has been informally discouraged for a long
+   Use of these low-level functions has been informally discouraged for a long
    time.  Instead applications should use L<EVP_DigestSignInit_ex(3)>,
    L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
 
-   These low level DSA functions have been deprecated without replacement:
+   These low-level DSA functions have been deprecated without replacement:
 
    DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
    DSA_test_flags.
@@ -1002,13 +1002,13 @@ OpenSSL 3.0
 
    *Richard Levitte*
 
- * Deprecated low level ECDH and ECDSA functions.  These include:
+ * Deprecated low-level ECDH and ECDSA functions.  These include:
 
    ECDH_compute_key, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify,
    ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify and
    ECDSA_size.
 
-   Use of these low level functions has been informally discouraged for a long
+   Use of these low-level functions has been informally discouraged for a long
    time.  Instead applications should use the EVP_PKEY_derive(3),
    EVP_DigestSign(3) and EVP_DigestVerify(3) functions.
 
@@ -1039,7 +1039,7 @@ OpenSSL 3.0
    HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags
    and HMAC_CTX_get_md.
 
-   Use of these low level functions has been informally discouraged for a long
+   Use of these low-level functions has been informally discouraged for a long
    time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
    L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
    and L<EVP_MAC_final(3)> or the single-shot MAC function L<EVP_Q_mac(3)>.
@@ -1058,19 +1058,19 @@ OpenSSL 3.0
 
    *Rich Salz*
 
- * All of the low level CMAC functions have been deprecated including:
+ * All of the low-level CMAC functions have been deprecated including:
 
    CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx,
    CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
 
-   Use of these low level functions has been informally discouraged for a long
+   Use of these low-level functions has been informally discouraged for a long
    time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
    L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
    and L<EVP_MAC_final(3)>.
 
    *Paul Dale*
 
- * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
+ * The low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
    SHA384, SHA512 and Whirlpool digest functions have been deprecated.
    These include:
 
@@ -1079,17 +1079,21 @@ OpenSSL 3.0
    MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
    RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
    RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
-   SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform, SHA256_Init,
-   SHA256_Update, SHA256_Final, SHA256_Transform, SHA384, SHA384_Init,
-   SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update,
-   SHA512_Final, SHA512_Transform, WHIRLPOOL, WHIRLPOOL_Init,
+   SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform,
+   SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform,
+   SHA384_Init, SHA384_Update, SHA384_Final,
+   SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
+   WHIRLPOOL, WHIRLPOOL_Init,
    WHIRLPOOL_Update, WHIRLPOOL_BitUpdate and WHIRLPOOL_Final.
 
-   Use of these low level functions has been informally discouraged
-   for a long time.  Applications should use the EVP_DigestInit_ex(3),
-   EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3) functions instead.
+   Use of these low-level functions has been informally discouraged
+   for a long time.  Applications should use the L<EVP_DigestInit_ex(3)>,
+   L<EVP_DigestUpdate(3)>, and L<EVP_DigestFinal_ex(3)> functions instead.
+   Alternatively, the quick one-shot function L<EVP_Q_digest(3)> can be used.
+   SHA1, SHA224, SHA256, SHA384 and SHA512 have changed from functions to macros
+   like this: (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL).
 
-   *Paul Dale*
+   *Paul Dale and David von Oheimb*
 
  * Corrected the documentation of the return values from the `EVP_DigestSign*`
    set of functions.  The documentation mentioned negative values for some
@@ -1101,7 +1105,7 @@ OpenSSL 3.0
 
    *Richard Levitte*
 
- * All of the low level cipher functions have been deprecated including:
+ * All of the low-level cipher functions have been deprecated including:
 
    AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
    AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
@@ -1133,7 +1137,7 @@ OpenSSL 3.0
    SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt,
    SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt.
 
-   Use of these low level functions has been informally discouraged for
+   Use of these low-level functions has been informally discouraged for
    a long time. Applications should use the high level EVP APIs, e.g.
    EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
    equivalently named decrypt functions instead.
@@ -1168,7 +1172,7 @@ OpenSSL 3.0
    difficult to perform and are not believed likely. Attacks against DH512
    are considered just feasible. However, for an attack the target would
    have to re-use the DH512 private key, which is not recommended anyway.
-   Also applications directly using the low level API BN_mod_exp may be
+   Also applications directly using the low-level API BN_mod_exp may be
    affected if they use BN_FLG_CONSTTIME.
    ([CVE-2019-1551])
 
@@ -7652,11 +7656,11 @@ OpenSSL 1.0.1
 
    *Steve Henson*
 
- * Add similar low level API blocking to ciphers.
+ * Add similar low-level API blocking to ciphers.
 
    *Steve Henson*
 
- * Low level digest APIs are not approved in FIPS mode: any attempt
+ * low-level digest APIs are not approved in FIPS mode: any attempt
    to use these will cause a fatal error. Applications that *really* want
    to use them can use the `private_*` version instead.
 
@@ -11044,7 +11048,7 @@ OpenSSL 0.9.8.]
 
  * Add new 'medium level' PKCS#12 API. Certificates and keys
    can be added using this API to created arbitrary PKCS#12
-   files while avoiding the low level API.
+   files while avoiding the low-level API.
 
    New options to PKCS12_create(), key or cert can be NULL and
    will then be omitted from the output file. The encryption
@@ -11055,7 +11059,7 @@ OpenSSL 0.9.8.]
    options work when creating a PKCS#12 file. New option -nomac
    to omit the mac, NONE can be set for an encryption algorithm.
    New code is modified to use the enhanced PKCS12_create()
-   instead of the low level API.
+   instead of the low-level API.
 
    *Steve Henson*
 
@@ -12777,7 +12781,7 @@ s-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
    *Richard Levitte*
 
- * Change all calls to low level digest routines in the library and
+ * Change all calls to low-level digest routines in the library and
    applications to use EVP. Add missing calls to HMAC_cleanup() and
    don't assume HMAC_CTX can be copied using memcpy().
 
@@ -15360,7 +15364,7 @@ s-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
    *Bodo Moeller*
 
  * New openssl application 'rsautl'. This utility can be
-   used for low level RSA operations. DER public key
+   used for low-level RSA operations. DER public key
    BIO/fp routines also added.
 
    *Steve Henson*
@@ -17240,7 +17244,7 @@ s-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
    provides hooks that allow the default DSA functions or functions on a
    "per key" basis to be replaced. This allows hardware acceleration and
    hardware key storage to be handled without major modification to the
-   library. Also added low level modexp hooks and CRYPTO_EX structure and
+   library. Also added low-level modexp hooks and CRYPTO_EX structure and
    associated functions.
 
    *Steve Henson*
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 67f6e839ca..e584bd8b2b 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -629,6 +629,20 @@ int EVP_Digest(const void *data, size_t count,
     return ret;
 }
 
+int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+                 const void *data, size_t count,
+                 unsigned char *md, unsigned int *size)
+{
+    EVP_MD *digest = EVP_MD_fetch(libctx, name, propq);
+    int ret = 0;
+
+    if (digest != NULL) {
+        ret = EVP_Digest(data, count, md, size, digest, NULL);
+        EVP_MD_free(digest);
+    }
+    return ret;
+}
+
 int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
 {
     if (digest != NULL && digest->get_params != NULL)
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index e8182b628b..9043f3fb1b 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -16,9 +16,9 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #ifndef OPENSSL_NO_DES
-# include <openssl/evp.h>
 # include <openssl/objects.h>
 # include "crypto/evp.h"
+# include "crypto/sha.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
 # include "evp_local.h"
@@ -347,10 +347,8 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     /* Decrypt again using new IV */
     des_ede_cbc_cipher(ctx, out, out, inl - 16);
     des_ede_cbc_cipher(ctx, icv, icv, 8);
-    /* Work out SHA1 hash of first portion */
-    SHA1(out, inl - 16, sha1tmp);
-
-    if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+    if (ossl_sha1(out, inl - 16, sha1tmp)  /* Work out hash of first portion */
+            && CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
         rv = inl - 16;
     OPENSSL_cleanse(icv, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
@@ -371,7 +369,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     /* Copy input to output buffer + 8 so we have space for IV */
     memmove(out + 8, in, inl);
     /* Work out ICV */
-    SHA1(in, inl, sha1tmp);
+    if (!ossl_sha1(in, inl, sha1tmp))
+        return -1;
     memcpy(out + inl + 8, sha1tmp, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     /* Generate random IV */
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index 5bd9953d96..b98f078739 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -17,8 +17,9 @@
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
+#include "crypto/sha.h"
 
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md)
 {
     SHA_CTX c;
     static unsigned char m[SHA_DIGEST_LENGTH];
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 4fa68953d1..7b3855f301 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -53,34 +53,6 @@ int SHA256_Init(SHA256_CTX *c)
     return 1;
 }
 
-unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
-{
-    SHA256_CTX c;
-    static unsigned char m[SHA224_DIGEST_LENGTH];
-
-    if (md == NULL)
-        md = m;
-    SHA224_Init(&c);
-    SHA256_Update(&c, d, n);
-    SHA256_Final(md, &c);
-    OPENSSL_cleanse(&c, sizeof(c));
-    return md;
-}
-
-unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
-{
-    SHA256_CTX c;
-    static unsigned char m[SHA256_DIGEST_LENGTH];
-
-    if (md == NULL)
-        md = m;
-    SHA256_Init(&c);
-    SHA256_Update(&c, d, n);
-    SHA256_Final(md, &c);
-    OPENSSL_cleanse(&c, sizeof(c));
-    return md;
-}
-
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
 {
     return SHA256_Update(c, data, len);
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index f0cf9ca902..a0d7f88ba9 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -338,34 +338,6 @@ void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
     sha512_block_data_order(c, data, 1);
 }
 
-unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
-{
-    SHA512_CTX c;
-    static unsigned char m[SHA384_DIGEST_LENGTH];
-
-    if (md == NULL)
-        md = m;
-    SHA384_Init(&c);
-    SHA512_Update(&c, d, n);
-    SHA512_Final(md, &c);
-    OPENSSL_cleanse(&c, sizeof(c));
-    return md;
-}
-
-unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
-{
-    SHA512_CTX c;
-    static unsigned char m[SHA512_DIGEST_LENGTH];
-
-    if (md == NULL)
-        md = m;
-    SHA512_Init(&c);
-    SHA512_Update(&c, d, n);
-    SHA512_Final(md, &c);
-    OPENSSL_cleanse(&c, sizeof(c));
-    return md;
-}
-
 #ifndef SHA512_ASM
 static const SHA_LONG64 K512[80] = {
     U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index a405c2be59..4b6aaeeb1c 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -10,7 +10,7 @@ EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
 EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params,
 EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params,
 EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
-EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
+EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
 EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
 EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number,
 EVP_MD_names_do_all, EVP_MD_provider,
@@ -49,6 +49,9 @@ EVP_MD_do_all_provided
  void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
  int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
 
+ int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
+                  const void *data, size_t count,
+                  unsigned char *md, unsigned int *size);
  int EVP_Digest(const void *data, size_t count, unsigned char *md,
                 unsigned int *size, const EVP_MD *type, ENGINE *impl);
  int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type,
@@ -216,6 +219,12 @@ as a parameter descriptor.
 
 Sets, clears and tests I<ctx> flags.  See L</FLAGS> below for more information.
 
+=item EVP_Q_digest() is a quick one-shot digest function.
+It hashes I<count> bytes of data at I<data> using the digest algorithm I<name>,
+which is fetched using the optional I<libctx> and I<propq> parameters.
+The digest value is placed in I<md> and its length is written at I<size>
+if the pointer is not NULL. At most B<EVP_MAX_MD_SIZE> bytes will be written.
+
 =item EVP_Digest()
 
 A wrapper around the Digest Init_ex, Update and Final_ex functions.
@@ -528,12 +537,16 @@ Returns a pointer to a B<EVP_MD> for success or NULL for failure.
 
 Returns 1 for success or 0 for failure.
 
-=item EVP_DigestInit_ex2(),
+=item EVP_Q_digest(),
+EVP_Digest(),
+EVP_DigestInit_ex2(),
 EVP_DigestInit_ex(),
 EVP_DigestUpdate(),
-EVP_DigestFinal_ex()
+EVP_DigestFinal_ex(),
+EVP_DigestFinalXOF(), and
+EVP_DigestFinal()
 
-Returns 1 for
+return 1 for
 success and 0 for failure.
 
 =item EVP_MD_CTX_ctrl()
@@ -698,7 +711,8 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0.
 
 The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1.
 
-The EVP_DigestInit_ex2(), EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(),
+The EVP_Q_digest(), EVP_DigestInit_ex2(),
+EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(),
 EVP_MD_get_params(), EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params(),
 EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(),
 EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and
diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod
index c8ac28de83..ee96cd2381 100644
--- a/doc/man3/SHA256_Init.pod
+++ b/doc/man3/SHA256_Init.pod
@@ -11,6 +11,12 @@ SHA512_Final - Secure Hash Algorithm
 
  #include <openssl/sha.h>
 
+ unsigned char *SHA1(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA224(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA256(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA384(const void *data, size_t count, unsigned char *md_buf);
+ unsigned char *SHA512(const void *data, size_t count, unsigned char *md_buf);
+
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
@@ -18,38 +24,33 @@ L<openssl_user_macros(7)>:
  int SHA1_Init(SHA_CTX *c);
  int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
  int SHA1_Final(unsigned char *md, SHA_CTX *c);
- unsigned char *SHA1(const unsigned char *d, size_t n,
-                     unsigned char *md);
 
  int SHA224_Init(SHA256_CTX *c);
  int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
  int SHA224_Final(unsigned char *md, SHA256_CTX *c);
- unsigned char *SHA224(const unsigned char *d, size_t n,
-                       unsigned char *md);
 
  int SHA256_Init(SHA256_CTX *c);
  int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
  int SHA256_Final(unsigned char *md, SHA256_CTX *c);
- unsigned char *SHA256(const unsigned char *d, size_t n,
-                       unsigned char *md);
 
  int SHA384_Init(SHA512_CTX *c);
  int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
  int SHA384_Final(unsigned char *md, SHA512_CTX *c);
- unsigned char *SHA384(const unsigned char *d, size_t n,
-                       unsigned char *md);
 
  int SHA512_Init(SHA512_CTX *c);
  int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
  int SHA512_Final(unsigned char *md, SHA512_CTX *c);
- unsigned char *SHA512(const unsigned char *d, size_t n,
-                       unsigned char *md);
 
 =head1 DESCRIPTION
 
-All of the functions described on this page are deprecated.
+All of the functions described on this page
+except for SHA1(), SHA224(), SHA256(), SHA384() and SHA512() are deprecated.
 Applications should instead use L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
-and L<EVP_DigestFinal_ex(3)>.
+and L<EVP_DigestFinal_ex(3)>, or the quick one-shot function L<EVP_Q_digest(3)>.
+SHA1(), SHA224(), SHA256(), SHA384(), and SHA256()
+can continue to be used. They can also be replaced by, e.g.,
+
+    (EVP_Q_digest(d, n, md, NULL, NULL, "SHA256", NULL) ? md : NULL)
 
 SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
 160 bit output.
@@ -95,11 +96,12 @@ ANSI X9.30
 
 =head1 SEE ALSO
 
+L<EVP_Q_digest(3)>,
 L<EVP_DigestInit(3)>
 
 =head1 HISTORY
 
-All of these functions were deprecated in OpenSSL 3.0.
+All of these functions except SHA*() were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod
index e92991afa8..bacdbf4821 100644
--- a/doc/man7/provider-digest.pod
+++ b/doc/man7/provider-digest.pod
@@ -255,7 +255,7 @@ algorithm.
 
 =head1 BUGS
 
-The EVP_Digest() and EVP_DigestFinal_ex() libcrypto API calls do not
+The EVP_Q_digest(), EVP_Digest() and EVP_DigestFinal_ex() API calls do not
 expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which
 produces larger digests is unusable with those API calls.
 
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index 20823b8bca..64305d1790 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -12,10 +12,11 @@
 # define OSSL_CRYPTO_SHA_H
 # pragma once
 
-# include <openssl/opensslconf.h>
+# include <openssl/sha.h>
 
 int sha512_224_init(SHA512_CTX *);
 int sha512_256_init(SHA512_CTX *);
 int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
+unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md);
 
 #endif
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9374e86e66..c380f2e539 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -681,6 +681,9 @@ __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
 __owur int EVP_Digest(const void *data, size_t count,
                           unsigned char *md, unsigned int *size,
                           const EVP_MD *type, ENGINE *impl);
+__owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name,
+                        const char *propq, const void *data, size_t count,
+                        unsigned char *md, unsigned int *size);
 
 __owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 36339373b7..0dca61c71d 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -17,6 +17,7 @@
 # endif
 
 # include <openssl/e_os2.h>
+# include <openssl/evp.h>
 # include <stddef.h>
 
 # ifdef  __cplusplus
@@ -45,16 +46,16 @@ typedef struct SHAstate_st {
     SHA_LONG data[SHA_LBLOCK];
     unsigned int num;
 } SHA_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
 OSSL_DEPRECATEDIN_3_0 int SHA1_Init(SHA_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA1(const unsigned char *d, size_t n,
-                                          unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 # endif
 
+# define SHA1(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL)
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
                                         * contiguous array of 32 bit wide
@@ -66,24 +67,24 @@ typedef struct SHA256state_st {
     SHA_LONG data[SHA_LBLOCK];
     unsigned int num, md_len;
 } SHA256_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
 OSSL_DEPRECATEDIN_3_0 int SHA224_Init(SHA256_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA224_Update(SHA256_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA224(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA256(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c,
                                             const unsigned char *data);
 # endif
 
+# define SHA224(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL)
+# define SHA256(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL)
+
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
 # define SHA384_DIGEST_LENGTH    48
@@ -118,24 +119,24 @@ typedef struct SHA512state_st {
     } u;
     unsigned int num, md_len;
 } SHA512_CTX;
-# endif /* !defined(OPENSSL_NO_DEPRECATED_3_0) */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+
 OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA384(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c);
 OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c,
                                         const void *data, size_t len);
 OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-OSSL_DEPRECATEDIN_3_0 unsigned char *SHA512(const unsigned char *d, size_t n,
-                                            unsigned char *md);
 OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c,
                                             const unsigned char *data);
 # endif
 
+# define SHA384(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL)
+# define SHA512(d, n, md) \
+    (EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL)
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 6175384c2d..0ab5e40394 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -166,7 +166,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
-4433d40517d9550f6a1db90dfb912e32ee10b95497ddfc2a7edb2116f87ee531  crypto/evp/digest.c
+e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5  crypto/evp/digest.c
 87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
 9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561  crypto/evp/evp_fetch.c
@@ -297,9 +297,9 @@ f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699  crypto/sha/asm
 8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907  crypto/sha/asm/sha512p8-ppc.pl
 4d13c5020a92190d43721018c50776fd4df858fe92f3cce1d465ed98dfb142d1  crypto/sha/keccak1600.c
 306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb  crypto/sha/sha1dgst.c
-b40bd40b91a2ecdba63777758f84c5405a92e673636dba2cb83512c34aae3882  crypto/sha/sha256.c
+4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b  crypto/sha/sha256.c
 01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07  crypto/sha/sha3.c
-7598a626c55fb6505cc234cb438c78846756cde95c4400ca07bf9460b9bec834  crypto/sha/sha512.c
+65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96  crypto/sha/sha512.c
 86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7  crypto/sparse_array.c
 32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df  crypto/stack/stack.c
 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8  crypto/threads_lib.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 50a9c51b5c..cbb359f123 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-4d501c5fb8a5646c618eb02511a7a1ffab71823f6adee558ee30df8bb4bd6f40  providers/fips-sources.checksums
+db2202782291f6e77fbe9f6271517cb41d7c06790a606a61f69e564f002f76f5  providers/fips-sources.checksums
diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index be109129bd..4bfd17f515 100644
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -18,6 +18,7 @@
 #include <openssl/proverr.h>
 #include "cipher_tdes_default.h"
 #include "crypto/evp.h"
+#include "crypto/sha.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
@@ -64,10 +65,8 @@ static int des_ede3_unwrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
     /* Decrypt again using new IV */
     ctx->hw->cipher(ctx, out, out, inl - 16);
     ctx->hw->cipher(ctx, icv, icv, 8);
-    /* Work out SHA1 hash of first portion */
-    SHA1(out, inl - 16, sha1tmp);
-
-    if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+    if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */
+            && CRYPTO_memcmp(sha1tmp, icv, 8) == 0)
         rv = inl - 16;
     OPENSSL_cleanse(icv, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
@@ -93,7 +92,8 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
     /* Copy input to output buffer + 8 so we have space for IV */
     memmove(out + ivlen, in, inl);
     /* Work out ICV */
-    SHA1(in, inl, sha1tmp);
+    if (!ossl_sha1(in, inl, sha1tmp))
+        return 0;
     memcpy(out + inl + ivlen, sha1tmp, icvlen);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     /* Generate random IV */
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 2e89c5dd26..019a6ecb52 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1144,7 +1144,7 @@ BN_security_bits                        1171	3_0_0	EXIST::FUNCTION:
 X509_PURPOSE_get0_name                  1172	3_0_0	EXIST::FUNCTION:
 TS_TST_INFO_get_serial                  1173	3_0_0	EXIST::FUNCTION:TS
 ASN1_PCTX_get_str_flags                 1174	3_0_0	EXIST::FUNCTION:
-SHA256                                  1175	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA256                                  1175	3_0_0	NOEXIST::FUNCTION:
 X509_LOOKUP_hash_dir                    1176	3_0_0	EXIST::FUNCTION:
 ASN1_BIT_STRING_check                   1177	3_0_0	EXIST::FUNCTION:
 ENGINE_set_default_RAND                 1178	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -1375,7 +1375,7 @@ EVP_MD_meth_get_cleanup                 1408	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 SRP_Calc_server_key                     1409	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 BN_mod_exp_simple                       1410	3_0_0	EXIST::FUNCTION:
 BIO_set_ex_data                         1411	3_0_0	EXIST::FUNCTION:
-SHA512                                  1412	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA512                                  1412	3_0_0	NOEXIST::FUNCTION:
 X509_STORE_CTX_get_explicit_policy      1413	3_0_0	EXIST::FUNCTION:
 EVP_DecodeBlock                         1414	3_0_0	EXIST::FUNCTION:
 OSSL_HTTP_REQ_CTX_set_request_line      1415	3_0_0	EXIST::FUNCTION:
@@ -2460,7 +2460,7 @@ BN_generate_dsa_nonce                   2512	3_0_0	EXIST::FUNCTION:
 X509_verify_cert                        2513	3_0_0	EXIST::FUNCTION:
 X509_policy_level_get0_node             2514	3_0_0	EXIST::FUNCTION:
 X509_REQ_get_attr                       2515	3_0_0	EXIST::FUNCTION:
-SHA1                                    2516	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA1                                    2516	3_0_0	NOEXIST::FUNCTION:
 X509_print                              2517	3_0_0	EXIST::FUNCTION:
 d2i_AutoPrivateKey                      2518	3_0_0	EXIST::FUNCTION:
 X509_REQ_new                            2519	3_0_0	EXIST::FUNCTION:
@@ -2927,7 +2927,7 @@ EC_GROUP_set_asn1_flag                  2991	3_0_0	EXIST::FUNCTION:EC
 EVP_PKEY_new                            2992	3_0_0	EXIST::FUNCTION:
 i2d_POLICYINFO                          2993	3_0_0	EXIST::FUNCTION:
 BN_get_flags                            2994	3_0_0	EXIST::FUNCTION:
-SHA384                                  2995	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA384                                  2995	3_0_0	NOEXIST::FUNCTION:
 NCONF_get_string                        2996	3_0_0	EXIST::FUNCTION:
 d2i_PROXY_CERT_INFO_EXTENSION           2997	3_0_0	EXIST::FUNCTION:
 EC_POINT_point2buf                      2998	3_0_0	EXIST::FUNCTION:EC
@@ -3510,7 +3510,7 @@ EVP_MD_meth_dup                         3588	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 ENGINE_unregister_ciphers               3589	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 X509_issuer_and_serial_cmp              3590	3_0_0	EXIST::FUNCTION:
 OCSP_response_create                    3591	3_0_0	EXIST::FUNCTION:OCSP
-SHA224                                  3592	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+SHA224                                  3592	3_0_0	NOEXIST::FUNCTION:
 MD2_options                             3593	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
 X509_REQ_it                             3595	3_0_0	EXIST::FUNCTION:
 RAND_bytes                              3596	3_0_0	EXIST::FUNCTION:
@@ -5320,6 +5320,7 @@ OSSL_ESS_signing_cert_new_init          ?	3_0_0	EXIST::FUNCTION:
 OSSL_ESS_signing_cert_v2_new_init       ?	3_0_0	EXIST::FUNCTION:
 ESS_SIGNING_CERT_it                     ?	3_0_0	EXIST::FUNCTION:
 ESS_SIGNING_CERT_V2_it                  ?	3_0_0	EXIST::FUNCTION:
+EVP_Q_digest                            ?	3_0_0	EXIST::FUNCTION:
 EVP_DigestInit_ex2                      ?	3_0_0	EXIST::FUNCTION:
 EVP_EncryptInit_ex2                     ?	3_0_0	EXIST::FUNCTION:
 EVP_DecryptInit_ex2                     ?	3_0_0	EXIST::FUNCTION:
diff --git a/util/other.syms b/util/other.syms
index 3f36f53076..fb8efcb12a 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -431,6 +431,11 @@ PEM_FLAG_EAY_COMPATIBLE                 define
 PEM_FLAG_ONLY_B64                       define
 PEM_FLAG_SECURE                         define
 RAND_cleanup                            define deprecated 1.1.0
+SHA1                                    define
+SHA224                                  define
+SHA256                                  define
+SHA384                                  define
+SHA512                                  define
 SSL_COMP_free_compression_methods       define deprecated 1.1.0
 SSL_CTX_add0_chain_cert                 define
 SSL_CTX_add1_chain_cert                 define

From dev at ddvo.net  Sat May  8 12:59:29 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 08 May 2021 12:59:29 +0000
Subject: [openssl]  master update
Message-ID: <1620478769.572294.26159.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b33cf2026368ff7e407ad8d69ac75c1901c9f8f0 (commit)
      from  4d49b68504cc494e552bce8e0b82ec8b501d5abe (commit)


- Log -----------------------------------------------------------------
commit b33cf2026368ff7e407ad8d69ac75c1901c9f8f0
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Mar 20 13:57:08 2021 +0100

    ssl.h.in: Fix deprecation exclusion for SRP-related declarations
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15176)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ssl.h.in |  6 ++++--
 util/libssl.num          | 38 +++++++++++++++++++-------------------
 2 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index d03fff6be5..5dd473c9bd 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -654,8 +654,8 @@ void SSL_set_msg_callback(SSL *ssl,
         SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
 
 # ifndef OPENSSL_NO_SRP
-
 /* see tls_srp.c */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0 __owur int SSL_SRP_CTX_init(SSL *s);
 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
 OSSL_DEPRECATEDIN_3_0 int SSL_SRP_CTX_free(SSL *ctx);
@@ -663,7 +663,7 @@ OSSL_DEPRECATEDIN_3_0 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
 OSSL_DEPRECATEDIN_3_0 __owur int SSL_srp_server_param_with_username(SSL *s,
                                                                     int *ad);
 OSSL_DEPRECATEDIN_3_0 __owur int SRP_Calc_A_param(SSL *s);
-
+#  endif
 # endif
 
 /* 100k max cert list */
@@ -1824,6 +1824,7 @@ __owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
 __owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
 
 # ifndef OPENSSL_NO_SRP
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
@@ -1850,6 +1851,7 @@ OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_N(SSL *s);
 
 OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_username(SSL *s);
 OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s);
+#  endif
 # endif
 
 /*
diff --git a/util/libssl.num b/util/libssl.num
index cd62067763..22222ddd04 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -2,9 +2,9 @@ SSL_get_selected_srtp_profile           1	3_0_0	EXIST::FUNCTION:SRTP
 SSL_set_read_ahead                      2	3_0_0	EXIST::FUNCTION:
 SSL_set_accept_state                    3	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_cipher_list                 4	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_srp_client_pwd_callback     5	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_client_pwd_callback     5	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_copy_session_id                     6	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_srp_password                7	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_password                7	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_shutdown                            8	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_msg_callback                9	3_0_0	EXIST::FUNCTION:
 SSL_SESSION_get0_ticket                 11	3_0_0	EXIST::FUNCTION:
@@ -32,16 +32,16 @@ SSL_use_PrivateKey_ASN1                 32	3_0_0	EXIST::FUNCTION:
 PEM_write_SSL_SESSION                   33	3_0_0	EXIST::FUNCTION:STDIO
 SSL_CTX_set_session_id_context          34	3_0_0	EXIST::FUNCTION:
 SSL_CIPHER_get_cipher_nid               35	3_0_0	EXIST::FUNCTION:
-SSL_get_srp_g                           36	3_0_0	EXIST::FUNCTION:SRP
+SSL_get_srp_g                           36	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_want                                37	3_0_0	EXIST::FUNCTION:
 SSL_get_cipher_list                     38	3_0_0	EXIST::FUNCTION:
 SSL_get_verify_result                   39	3_0_0	EXIST::FUNCTION:
 SSL_renegotiate                         40	3_0_0	EXIST::FUNCTION:
 SSL_get_privatekey                      41	3_0_0	EXIST::FUNCTION:
 SSL_peek                                42	3_0_0	EXIST::FUNCTION:
-SRP_Calc_A_param                        43	3_0_0	EXIST::FUNCTION:SRP
+SRP_Calc_A_param                        43	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_SESSION_get_ticket_lifetime_hint    44	3_0_0	EXIST::FUNCTION:
-SSL_SRP_CTX_free                        45	3_0_0	EXIST::FUNCTION:SRP
+SSL_SRP_CTX_free                        45	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_CTX_set_client_CA_list              46	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_next_proto_select_cb        47	3_0_0	EXIST::FUNCTION:NEXTPROTONEG
 BIO_ssl_copy_session_id                 48	3_0_0	EXIST::FUNCTION:
@@ -66,9 +66,9 @@ DTLSv1_2_method                         66	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1_
 SSL_get_fd                              67	3_0_0	EXIST::FUNCTION:
 SSL_get1_session                        68	3_0_0	EXIST::FUNCTION:
 SSL_use_RSAPrivateKey                   69	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-SSL_CTX_set_srp_cb_arg                  70	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_cb_arg                  70	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_CTX_add_session                     71	3_0_0	EXIST::FUNCTION:
-SSL_get_srp_N                           72	3_0_0	EXIST::FUNCTION:SRP
+SSL_get_srp_N                           72	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_has_matching_session_id             73	3_0_0	EXIST::FUNCTION:
 PEM_read_SSL_SESSION                    74	3_0_0	EXIST::FUNCTION:STDIO
 SSL_get_shared_ciphers                  75	3_0_0	EXIST::FUNCTION:
@@ -93,7 +93,7 @@ SSL_CTX_check_private_key               93	3_0_0	EXIST::FUNCTION:
 SSL_set_wfd                             94	3_0_0	EXIST::FUNCTION:SOCK
 SSL_get_client_CA_list                  95	3_0_0	EXIST::FUNCTION:
 SSL_CONF_CTX_set_flags                  96	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_srp_username_callback       97	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username_callback       97	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_connect                             98	3_0_0	EXIST::FUNCTION:
 SSL_get_psk_identity                    99	3_0_0	EXIST::FUNCTION:PSK
 SSL_CTX_use_certificate_file            100	3_0_0	EXIST::FUNCTION:
@@ -121,7 +121,7 @@ SSL_get_state                           121	3_0_0	EXIST::FUNCTION:
 SSL_CONF_CTX_finish                     122	3_0_0	EXIST::FUNCTION:
 SSL_CTX_add_server_custom_ext           123	3_0_0	EXIST::FUNCTION:
 SSL_SESSION_get_ex_data                 124	3_0_0	EXIST::FUNCTION:
-SSL_get_srp_username                    125	3_0_0	EXIST::FUNCTION:SRP
+SSL_get_srp_username                    125	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_CTX_set_purpose                     126	3_0_0	EXIST::FUNCTION:
 SSL_clear                               127	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_cert_store                  128	3_0_0	EXIST::FUNCTION:
@@ -144,9 +144,9 @@ SSL_up_ref                              144	3_0_0	EXIST::FUNCTION:
 SSL_export_keying_material              145	3_0_0	EXIST::FUNCTION:
 SSL_callback_ctrl                       146	3_0_0	EXIST::FUNCTION:
 SSL_set_security_callback               147	3_0_0	EXIST::FUNCTION:
-SSL_SRP_CTX_init                        148	3_0_0	EXIST::FUNCTION:SRP
+SSL_SRP_CTX_init                        148	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 ERR_load_SSL_strings                    149	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-SSL_CTX_SRP_CTX_init                    150	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_SRP_CTX_init                    150	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_SESSION_set_time                    151	3_0_0	EXIST::FUNCTION:
 i2d_SSL_SESSION                         152	3_0_0	EXIST::FUNCTION:
 SSL_SESSION_get_master_key              153	3_0_0	EXIST::FUNCTION:
@@ -171,7 +171,7 @@ SSL_set1_host                           171	3_0_0	EXIST::FUNCTION:
 SSL_use_RSAPrivateKey_file              172	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 SSL_CTX_get_info_callback               173	3_0_0	EXIST::FUNCTION:
 SSL_get0_peername                       174	3_0_0	EXIST::FUNCTION:
-SSL_set_srp_server_param                175	3_0_0	EXIST::FUNCTION:SRP
+SSL_set_srp_server_param                175	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 TLS_server_method                       176	3_0_0	EXIST::FUNCTION:
 SSL_get_psk_identity_hint               177	3_0_0	EXIST::FUNCTION:PSK
 SSL_set_session                         178	3_0_0	EXIST::FUNCTION:
@@ -251,10 +251,10 @@ SSL_set_debug                           251	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1
 SSL_get_security_level                  252	3_0_0	EXIST::FUNCTION:
 SSL_CIPHER_description                  253	3_0_0	EXIST::FUNCTION:
 SSL_set_default_passwd_cb_userdata      254	3_0_0	EXIST::FUNCTION:
-SSL_get_srp_userinfo                    255	3_0_0	EXIST::FUNCTION:SRP
+SSL_get_srp_userinfo                    255	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_extension_supported                 256	3_0_0	EXIST::FUNCTION:
 SSL_dane_tlsa_add                       257	3_0_0	EXIST::FUNCTION:
-SSL_srp_server_param_with_username      258	3_0_0	EXIST::FUNCTION:SRP
+SSL_srp_server_param_with_username      258	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_CIPHER_get_version                  259	3_0_0	EXIST::FUNCTION:
 SSL_get0_verified_chain                 260	3_0_0	EXIST::FUNCTION:
 SSL_CIPHER_find                         261	3_0_0	EXIST::FUNCTION:
@@ -282,7 +282,7 @@ SSL_pending                             282	3_0_0	EXIST::FUNCTION:
 SSL_set_bio                             283	3_0_0	EXIST::FUNCTION:
 BIO_new_ssl_connect                     284	3_0_0	EXIST::FUNCTION:
 SSL_waiting_for_async                   285	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_srp_strength                286	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_strength                286	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_CTX_get_quiet_shutdown              287	3_0_0	EXIST::FUNCTION:
 SSL_CTX_use_certificate_chain_file      288	3_0_0	EXIST::FUNCTION:
 SSL_CTX_dane_enable                     289	3_0_0	EXIST::FUNCTION:
@@ -297,7 +297,7 @@ SSL_accept                              297	3_0_0	EXIST::FUNCTION:
 SSL_use_psk_identity_hint               298	3_0_0	EXIST::FUNCTION:PSK
 SSL_trace                               299	3_0_0	EXIST::FUNCTION:SSL_TRACE
 DTLS_method                             300	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_srp_verify_param_callback   301	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_verify_param_callback   301	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_CTX_set_timeout                     302	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_security_level              303	3_0_0	EXIST::FUNCTION:
 TLS_client_method                       304	3_0_0	EXIST::FUNCTION:
@@ -307,14 +307,14 @@ SSL_check_private_key                   307	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_quiet_shutdown              308	3_0_0	EXIST::FUNCTION:
 SSL_select_next_proto                   309	3_0_0	EXIST::FUNCTION:
 SSL_load_client_CA_file                 310	3_0_0	EXIST::FUNCTION:
-SSL_set_srp_server_param_pw             311	3_0_0	EXIST::FUNCTION:SRP
+SSL_set_srp_server_param_pw             311	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_renegotiate_pending                 312	3_0_0	EXIST::FUNCTION:
 SSL_CTX_new                             313	3_0_0	EXIST::FUNCTION:
 SSL_set_session_ticket_ext_cb           314	3_0_0	EXIST::FUNCTION:
 SSL_CTX_get_timeout                     315	3_0_0	EXIST::FUNCTION:
 SSL_use_certificate_chain_file          316	3_0_0	EXIST::FUNCTION:
 SSL_set_not_resumable_session_callback  317	3_0_0	EXIST::FUNCTION:
-SSL_CTX_SRP_CTX_free                    318	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_SRP_CTX_free                    318	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_get_current_expansion               319	3_0_0	EXIST::FUNCTION:
 SSL_clear_options                       320	3_0_0	EXIST::FUNCTION:
 SSL_CTX_use_PrivateKey                  321	3_0_0	EXIST::FUNCTION:
@@ -337,7 +337,7 @@ SSL_CTX_sess_set_get_cb                 337	3_0_0	EXIST::FUNCTION:
 SSL_add_file_cert_subjects_to_stack     338	3_0_0	EXIST::FUNCTION:
 SSL_get_default_passwd_cb_userdata      339	3_0_0	EXIST::FUNCTION:
 SSL_get_security_callback               340	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_srp_username                341	3_0_0	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username                341	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SSL_COMP_get_name                       342	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_default_passwd_cb_userdata  343	3_0_0	EXIST::FUNCTION:
 SSL_set_verify                          344	3_0_0	EXIST::FUNCTION:

From dev at ddvo.net  Sat May  8 13:01:23 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 08 May 2021 13:01:23 +0000
Subject: [openssl]  master update
Message-ID: <1620478883.617231.28515.nullmailer@dev.openssl.org>

The branch master has been updated
       via  ab9d1af955ef71c0000bc27140623481a003d35c (commit)
      from  b33cf2026368ff7e407ad8d69ac75c1901c9f8f0 (commit)


- Log -----------------------------------------------------------------
commit ab9d1af955ef71c0000bc27140623481a003d35c
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 5 12:32:18 2021 +0200

    80-test_cmp_http.t: Improve fuzzing exclusion pattern
    
    Fixes #14966
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15158)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/80-test_cmp_http.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index bfae899040..5b9796e6ee 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations');
 use lib bldtop_dir('.');
 
 plan skip_all => "These tests are not supported in a fuzz build"
-    if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION/;
+    if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|fuzz-afl/;
 
 plan skip_all => "These tests are not supported in a no-cmp build"
     if disabled("cmp");

From kaduk at mit.edu  Sat May  8 16:34:27 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Sat, 08 May 2021 16:34:27 +0000
Subject: [openssl]  master update
Message-ID: <1620491667.610926.17494.nullmailer@dev.openssl.org>

The branch master has been updated
       via  32b1da718d5d6f35fcef82f3794273807d6202e9 (commit)
      from  ab9d1af955ef71c0000bc27140623481a003d35c (commit)


- Log -----------------------------------------------------------------
commit 32b1da718d5d6f35fcef82f3794273807d6202e9
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue May 4 12:33:28 2021 -0700

    tasn_dec: use do/while around statement macros
    
    Use the do {} while (0) construct around macros whose bodies are complete
    statements (including one that has internal control flow!).  This is
    safer and avoids any risk of misinterpretation if the macro is used in
    an unexpected context.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15143)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/tasn_dec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 20717df461..aaf3de7e19 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -90,9 +90,9 @@ unsigned long ASN1_tag2bit(int tag)
 
 /* Macro to initialize and invalidate the cache */
 
-#define asn1_tlc_clear(c)       if ((c) != NULL) (c)->valid = 0
+#define asn1_tlc_clear(c)       do { if ((c) != NULL) (c)->valid = 0; } while (0)
 /* Version to avoid compiler warning about 'c' always non-NULL */
-#define asn1_tlc_clear_nc(c)    (c)->valid = 0
+#define asn1_tlc_clear_nc(c)    do {(c)->valid = 0; } while (0)
 
 /*
  * Decode an ASN1 item, this currently behaves just like a standard 'd2i'

From no-reply at appveyor.com  Sun May  9 07:46:48 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 09 May 2021 07:46:48 +0000
Subject: Build failed: openssl master.41979
Message-ID: <20210509074648.1.25BEF9CD8DCB9F5D@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210509/134bb088/attachment.html>

From scan-admin at coverity.com  Sun May  9 07:48:17 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 09 May 2021 07:48:17 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for openssl/openssl
Message-ID: <609793c0cf675_fa9372afe93d399941339a@prd-scan-dashboard-0.mail>


    Your request for analysis of openssl/openssl has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DALlY_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEGU933lLFpYJkiOWrkpuW4WufYOtE6U3uyUGTqNWpEbaN0PS-2BeNe9NBL9Eq2Tp7IjBVM1hvEt4A10weKRPBku4BIaW6qRRP-2B-2F3vl5QImDFojeU8gjPlybrwaGAHuU3Yj7EFXewSD0sRyBPLxC5Ej2-2BAvl-2FVPC8OPbYTzQb4M1S3dLahhP8AnXQ-2Fetx0sXGiEE-3D

    Build ID: 385614

    Analysis Summary:
       New defects found: 6
       Defects eliminated: 9

    If you have difficulty understanding any defects, email us at scan-admin at coverity.com,
    or post your question to StackOverflow
    at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3D1O6r_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEGU933lLFpYJkiOWrkpuW4WufYOtE6U3uyUGTqNWpEbcBwNSS-2F3Fl3OscAKlIRw0Oy9f2t7zIoB5KpM4CrOAsP2bKNdOVxUHAApOKwE6tupCHRRZoHLbuFLy7x6vHc0Gvk9pbvlB9po-2BtD5UJYGIObbemd-2FQQBAPQ5p-2F2Q7XDSFicmJ66C1QOHlVMC3N2XSUY-3D

From scan-admin at coverity.com  Sun May  9 07:53:04 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 09 May 2021 07:53:04 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2
Message-ID: <609794df83e7e_faba62afe93d3999413381@prd-scan-dashboard-0.mail>


    Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DA3Ji_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHDr-2FHzsYK6RQMVfDXL7Jg1eQk56X-2B1-2FDKL17HoSGZ-2B2MSJE2ViBh5MPhOVFRd-2B9GfHZG4AXEqgOdUyCHzaOVMpyLg8zelepAqDswPZeMC2IKstCnhDi7wD3ognYchLl1sDkR-2BkzmsX9KyQ8OiHn14falhLwxwgIpgzoWg7OynlhiHtvonWrvzISmpUUWntsYc-3D

    Build ID: 385615

    Analysis Summary:
       New defects found: 0
       Defects eliminated: 0


From no-reply at appveyor.com  Sun May  9 10:28:10 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 09 May 2021 10:28:10 +0000
Subject: Build completed: openssl master.41980
Message-ID: <20210509102810.1.E75B4D1B7BB9B731@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210509/b5ed4818/attachment.html>

From nic.tuv at gmail.com  Sun May  9 12:21:33 2021
From: nic.tuv at gmail.com (nic.tuv at gmail.com)
Date: Sun, 09 May 2021 12:21:33 +0000
Subject: [openssl]  master update
Message-ID: <1620562893.168389.17878.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f0f4a46c4f5c82d4d9d0fb8a51d546c3135668a2 (commit)
       via  e70abb8b4cb3b6259812137f72efa100797bca22 (commit)
       via  56f0237938c7e99d04f004886d56cb76514c4d56 (commit)
      from  32b1da718d5d6f35fcef82f3794273807d6202e9 (commit)


- Log -----------------------------------------------------------------
commit f0f4a46c4f5c82d4d9d0fb8a51d546c3135668a2
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Sun May 9 14:57:14 2021 +0300

    FIPS checksums update
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15108)

commit e70abb8b4cb3b6259812137f72efa100797bca22
Author: Theo Buehler <tb at openbsd.org>
Date:   Sat May 1 13:09:10 2021 +0200

    Test oct2point for hybrid point encoding of (0, y)
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15108)

commit 56f0237938c7e99d04f004886d56cb76514c4d56
Author: Theo Buehler <tb at openbsd.org>
Date:   Sat May 1 12:25:50 2021 +0200

    Avoid division by zero in hybrid point encoding
    
    In hybrid and compressed point encodings, the form octet contains a bit
    of information allowing to calculate y from x.  For a point on a binary
    curve, this bit is zero if x is zero, otherwise it must match the
    rightmost bit of of the field element y / x.  The existing code only
    considers the second possibility. It could thus incorrecly fail with a
    division by zero error as found by Guido Vranken's cryptofuzz.
    
    This commit adds a few explanatory comments to oct2point. The only
    actual code change is in the last hunk which adds a BN_is_zero(x)
    check to avoid the division by zero.
    
    Fixes #15021
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15108)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec2_oct.c              | 41 +++++++++++++++++++++++++-------
 providers/fips-sources.checksums |  2 +-
 providers/fips.checksum          |  2 +-
 test/ectest.c                    | 50 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 85 insertions(+), 10 deletions(-)

diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 9f6e5de6fd..1970efd65c 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -270,9 +270,21 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL);
         return 0;
     }
-    form = buf[0];
-    y_bit = form & 1;
-    form = form & ~1U;
+
+    /*
+     * The first octet is the point converison octet PC, see X9.62, page 4
+     * and section 4.4.2.  It must be:
+     *     0x00          for the point at infinity
+     *     0x02 or 0x03  for compressed form
+     *     0x04          for uncompressed form
+     *     0x06 or 0x07  for hybrid form.
+     * For compressed or hybrid forms, we store the last bit of buf[0] as
+     * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
+     * We error if buf[0] contains any but the above values.
+     */
+    y_bit = buf[0] & 1;
+    form = buf[0] & ~1U;
+
     if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
         && (form != POINT_CONVERSION_UNCOMPRESSED)
         && (form != POINT_CONVERSION_HYBRID)) {
@@ -284,6 +296,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         return 0;
     }
 
+    /* The point at infinity is represented by a single zero octet. */
     if (form == 0) {
         if (len != 1) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
@@ -337,11 +350,23 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
             goto err;
         }
         if (form == POINT_CONVERSION_HYBRID) {
-            if (!group->meth->field_div(group, yxi, y, x, ctx))
-                goto err;
-            if (y_bit != BN_is_odd(yxi)) {
-                ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
-                goto err;
+            /*
+             * Check that the form in the encoding was set correctly
+             * according to X9.62 4.4.2.a, 4(c), see also first paragraph
+             * of X9.62, 4.4.1.b.
+             */
+            if (BN_is_zero(x)) {
+                if (y_bit != 0) {
+                    ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
+            } else {
+                if (!group->meth->field_div(group, yxi, y, x, ctx))
+                    goto err;
+                if (y_bit != BN_is_odd(yxi)) {
+                    ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
             }
         }
 
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 0ab5e40394..49535d99e5 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -140,7 +140,7 @@ eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51  crypto/ec/curv
 a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f  crypto/ec/curve448/eddsa.c
 d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curve448/f_generic.c
 7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93  crypto/ec/curve448/scalar.c
-ed003170c5eaaaa4a33f4ef37b43465f2ba7a5fa5fec2d7d17c1e0897ea818d7  crypto/ec/ec2_oct.c
+04f8d52acc6332bdf879bf1684e8c59d2f4d8ca303d16c74d87aab3dd4a94932  crypto/ec/ec2_oct.c
 7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
 8cf8af8e9bfc29e0cdc41720ec4a6d6c74eb5c15a9fc8193f8ec8270c0df1d37  crypto/ec/ec_backend.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index cbb359f123..2f3dff8cfc 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-db2202782291f6e77fbe9f6271517cb41d7c06790a606a61f69e564f002f76f5  providers/fips-sources.checksums
+5a2795b0bfeec67d234e9cf05bbac1571f205ba2da7e378e81b6e105fec1c85b  providers/fips-sources.checksums
diff --git a/test/ectest.c b/test/ectest.c
index 8b737149d8..f58cd4e4bc 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1083,6 +1083,55 @@ err:
     BN_free(yplusone);
     return r;
 }
+
+static int hybrid_point_encoding_test(void)
+{
+    BIGNUM *x = NULL, *y = NULL;
+    EC_GROUP *group = NULL;
+    EC_POINT *point = NULL;
+    unsigned char *buf = NULL;
+    size_t len;
+    int r = 0;
+
+    if (!TEST_true(BN_dec2bn(&x, "0"))
+        || !TEST_true(BN_dec2bn(&y, "1"))
+        || !TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_sect571k1))
+        || !TEST_ptr(point = EC_POINT_new(group))
+        || !TEST_true(EC_POINT_set_affine_coordinates(group, point, x, y, NULL))
+        || !TEST_size_t_ne(0, (len = EC_POINT_point2oct(group,
+                                                        point,
+                                                        POINT_CONVERSION_HYBRID,
+                                                        NULL,
+                                                        0,
+                                                        NULL)))
+        || !TEST_ptr(buf = OPENSSL_malloc(len))
+        || !TEST_size_t_eq(len, EC_POINT_point2oct(group,
+                                                   point,
+                                                   POINT_CONVERSION_HYBRID,
+                                                   buf,
+                                                   len,
+                                                   NULL)))
+        goto err;
+
+    r = 1;
+
+    /* buf contains a valid hybrid point, check that we can decode it. */
+    if (!TEST_true(EC_POINT_oct2point(group, point, buf, len, NULL)))
+        r = 0;
+
+    /* Flip the y_bit and verify that the invalid encoding is rejected. */
+    buf[0] ^= 1;
+    if (!TEST_false(EC_POINT_oct2point(group, point, buf, len, NULL)))
+        r = 0;
+
+err:
+    BN_free(x);
+    BN_free(y);
+    EC_GROUP_free(group);
+    EC_POINT_free(point);
+    OPENSSL_free(buf);
+    return r;
+}
 #endif
 
 static int internal_curve_test(int n)
@@ -2929,6 +2978,7 @@ int setup_tests(void)
     ADD_ALL_TESTS(cardinality_test, crv_len);
     ADD_TEST(prime_field_tests);
 #ifndef OPENSSL_NO_EC2M
+    ADD_TEST(hybrid_point_encoding_test);
     ADD_TEST(char2_field_tests);
     ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
 #endif

From pauli at openssl.org  Sun May  9 13:16:21 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sun, 09 May 2021 13:16:21 +0000
Subject: [openssl]  master update
Message-ID: <1620566181.756108.31047.nullmailer@dev.openssl.org>

The branch master has been updated
       via  10646160125ac1328d892f1dd27f2847892d33c5 (commit)
      from  f0f4a46c4f5c82d4d9d0fb8a51d546c3135668a2 (commit)


- Log -----------------------------------------------------------------
commit 10646160125ac1328d892f1dd27f2847892d33c5
Author: fangming.fang <fangming.fang at arm.com>
Date:   Fri Mar 19 06:45:57 2021 +0000

    Optimize RSA on armv8
    
    Add Neon path for RSA on armv8, this optimisation targets to A72
    and N1 that are ones of important cores of infrastructure. Other
    platforms are not impacted.
    
    A72
                            old		new             improved
    rsa  512 sign		9828.6		9738.7		-1%
    rsa  512 verify		121497.2	122367.7	1%
    rsa 1024 sign		1818		1816.9		0%
    rsa 1024 verify		37175.6		37161.3		0%
    rsa 2048 sign		267.3		267.4		0%
    rsa 2048 verify		10127.6		10119.6		0%
    rsa 3072 sign		86.8		87		0%
    rsa 3072 verify		4604.2		4956.2		8%
    rsa 4096 sign		38.3		38.5		1%
    rsa 4096 verify		2619.8		2972.1		13%
    rsa 7680 sign		5		7		40%
    rsa 7680 verify		756	     	929.4		23%
    rsa 15360 sign		0.8	     	1		25%
    rsa 15360 verify	190.4	 	246		29%
    
    N1
                            old		new             improved
    rsa  512 sign		12599.2		12596.7		0%
    rsa  512 verify		148636.1	148656.2	0%
    rsa 1024 sign		2150.6		2148.9		0%
    rsa 1024 verify		42353.5		42265.2		0%
    rsa 2048 sign		305.5		305.3		0%
    rsa 2048 verify		11209.7		11205.2		0%
    rsa 3072 sign		97.8		98.2		0%
    rsa 3072 verify		5061.3		5990.7		18%
    rsa 4096 sign		42.8		43		0%
    rsa 4096 verify		2867.6		3509.8		22%
    rsa 7680 sign		5.5		8.4		53%
    rsa 7680 verify		823.5		1058.3		29%
    rsa 15360 sign		0.9		1.1		22%
    rsa 15360 verify	207		273.9		32%
    
    CustomizedGitHooks: yes
    Change-Id: I01c732cc429d793c4eb5ffd27ccd30ff9cebf8af
    Jira: SECLIB-540
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14761)

-----------------------------------------------------------------------

Summary of changes:
 crypto/armcap.c             |   7 +
 crypto/bn/asm/armv8-mont.pl | 381 ++++++++++++++++++++++++++++++++++++++++++++
 crypto/bn/build.info        |   1 +
 3 files changed, 389 insertions(+)

diff --git a/crypto/armcap.c b/crypto/armcap.c
index 0e7c0842ad..dc2326f8f6 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -19,6 +19,7 @@
 
 unsigned int OPENSSL_armcap_P = 0;
 unsigned int OPENSSL_arm_midr = 0;
+unsigned int OPENSSL_armv8_rsa_neonized = 0;
 
 #if __ARM_MAX_ARCH__<7
 void OPENSSL_cpuid_setup(void)
@@ -237,6 +238,12 @@ void OPENSSL_cpuid_setup(void)
 # ifdef __aarch64__
     if (OPENSSL_armcap_P & ARMV8_CPUID)
         OPENSSL_arm_midr = _armv8_cpuid_probe();
+
+    if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)) &&
+        (OPENSSL_armcap_P & ARMV7_NEON)) {
+            OPENSSL_armv8_rsa_neonized = 1;
+    }
 # endif
 }
 #endif
diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index e8bdfa3bb8..0867ccabee 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -67,16 +67,34 @@ $n0="x4";	# const BN_ULONG *n0,
 $num="x5";	# int num);
 
 $code.=<<___;
+#ifndef	__KERNEL__
+# include "arm_arch.h"
+.extern OPENSSL_armv8_rsa_neonized
+.hidden OPENSSL_armv8_rsa_neonized
+#endif
 .text
 
 .globl	bn_mul_mont
 .type	bn_mul_mont,%function
 .align	5
 bn_mul_mont:
+.Lbn_mul_mont:
+	tst	$num,#3
+	b.ne	.Lmul_mont
+	cmp	$num,#32
+	b.le	.Lscalar_impl
+#ifndef	__KERNEL__
+	adrp	x17,OPENSSL_armv8_rsa_neonized
+	ldr	w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
+	cbnz	w17, bn_mul8x_mont_neon
+#endif
+
+.Lscalar_impl:
 	tst	$num,#7
 	b.eq	__bn_sqr8x_mont
 	tst	$num,#3
 	b.eq	__bn_mul4x_mont
+
 .Lmul_mont:
 	stp	x29,x30,[sp,#-64]!
 	add	x29,sp,#0
@@ -274,6 +292,369 @@ bn_mul_mont:
 .size	bn_mul_mont,.-bn_mul_mont
 ___
 {
+my ($A0,$A1,$N0,$N1)=map("v$_",(0..3));
+my ($Z,$Temp)=("v4.16b","v5");
+my @ACC=map("v$_",(6..13));
+my ($Bi,$Ni,$M0)=map("v$_",(28..30));
+my $sBi="s28";
+my $sM0="s30";
+my $zero="v14";
+my $temp="v15";
+my $ACCTemp="v16";
+
+my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("x$_",(0..5));
+my ($tinptr,$toutptr,$inner,$outer,$bnptr)=map("x$_",(6..11));
+
+$code.=<<___;
+.type	bn_mul8x_mont_neon,%function
+.align	5
+bn_mul8x_mont_neon:
+	stp	x29,x30,[sp,#-80]!
+	mov	x16,sp
+	stp	d8,d9,[sp,#16]
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+	lsl	$num,$num,#1
+	eor	$zero.16b,$zero.16b,$zero.16b
+
+.align	4
+.LNEON_8n:
+	eor	@ACC[0].16b, at ACC[0].16b, at ACC[0].16b
+	sub	$toutptr,sp,#128
+	eor	@ACC[1].16b, at ACC[1].16b, at ACC[1].16b
+	sub	$toutptr,$toutptr,$num,lsl#4
+	eor	@ACC[2].16b, at ACC[2].16b, at ACC[2].16b
+	and	$toutptr,$toutptr,#-64
+	eor	@ACC[3].16b, at ACC[3].16b, at ACC[3].16b
+	mov	sp,$toutptr		// alloca
+	eor	@ACC[4].16b, at ACC[4].16b, at ACC[4].16b
+	add	$toutptr,$toutptr,#256
+	eor	@ACC[5].16b, at ACC[5].16b, at ACC[5].16b
+	sub	$inner,$num,#8
+	eor	@ACC[6].16b, at ACC[6].16b, at ACC[6].16b
+	eor	@ACC[7].16b, at ACC[7].16b, at ACC[7].16b
+
+.LNEON_8n_init:
+	st1	{@ACC[0].2d, at ACC[1].2d},[$toutptr],#32
+	subs	$inner,$inner,#8
+	st1	{@ACC[2].2d, at ACC[3].2d},[$toutptr],#32
+	st1	{@ACC[4].2d, at ACC[5].2d},[$toutptr],#32
+	st1	{@ACC[6].2d, at ACC[7].2d},[$toutptr],#32
+	bne	.LNEON_8n_init
+
+	add	$tinptr,sp,#256
+	ld1	{$A0.4s,$A1.4s},[$aptr],#32
+	add	$bnptr,sp,#8
+	ldr	$sM0,[$n0],#4
+	mov	$outer,$num
+	b	.LNEON_8n_outer
+
+.align	4
+.LNEON_8n_outer:
+	ldr	$sBi,[$bptr],#4   // *b++
+	uxtl	$Bi.4s,$Bi.4h
+	add	$toutptr,sp,#128
+	ld1	{$N0.4s,$N1.4s},[$nptr],#32
+
+	umlal	@ACC[0].2d,$Bi.2s,$A0.s[0]
+	umlal	@ACC[1].2d,$Bi.2s,$A0.s[1]
+	umlal	@ACC[2].2d,$Bi.2s,$A0.s[2]
+	shl	$Ni.2d, at ACC[0].2d,#16
+	ext	$Ni.16b,$Ni.16b,$Ni.16b,#8
+	umlal	@ACC[3].2d,$Bi.2s,$A0.s[3]
+	add	$Ni.2d,$Ni.2d, at ACC[0].2d
+	umlal	@ACC[4].2d,$Bi.2s,$A1.s[0]
+	mul	$Ni.2s,$Ni.2s,$M0.2s
+	umlal	@ACC[5].2d,$Bi.2s,$A1.s[1]
+	st1	{$Bi.2s},[sp]		// put aside smashed b[8*i+0]
+	umlal	@ACC[6].2d,$Bi.2s,$A1.s[2]
+	uxtl	$Ni.4s,$Ni.4h
+	umlal	@ACC[7].2d,$Bi.2s,$A1.s[3]
+___
+for ($i=0; $i<7;) {
+$code.=<<___;
+	ldr	$sBi,[$bptr],#4   // *b++
+	umlal	@ACC[0].2d,$Ni.2s,$N0.s[0]
+	umlal	@ACC[1].2d,$Ni.2s,$N0.s[1]
+	uxtl	$Bi.4s,$Bi.4h
+	umlal	@ACC[2].2d,$Ni.2s,$N0.s[2]
+	ushr	$temp.2d, at ACC[0].2d,#16
+	umlal	@ACC[3].2d,$Ni.2s,$N0.s[3]
+	umlal	@ACC[4].2d,$Ni.2s,$N1.s[0]
+	ext	@ACC[0].16b, at ACC[0].16b, at ACC[0].16b,#8
+	add	@ACC[0].2d, at ACC[0].2d,$temp.2d
+	umlal	@ACC[5].2d,$Ni.2s,$N1.s[1]
+	ushr	@ACC[0].2d, at ACC[0].2d,#16
+	umlal	@ACC[6].2d,$Ni.2s,$N1.s[2]
+	umlal	@ACC[7].2d,$Ni.2s,$N1.s[3]
+	add	$ACCTemp.2d, at ACC[1].2d, at ACC[0].2d
+	ins	@ACC[1].d[0],$ACCTemp.d[0]
+	st1	{$Ni.2s},[$bnptr],#8	// put aside smashed m[8*i+$i]
+___
+	push(@ACC,shift(@ACC));	$i++;
+$code.=<<___;
+	umlal	@ACC[0].2d,$Bi.2s,$A0.s[0]
+	ld1	{@ACC[7].2d},[$tinptr],#16
+	umlal	@ACC[1].2d,$Bi.2s,$A0.s[1]
+	umlal	@ACC[2].2d,$Bi.2s,$A0.s[2]
+	shl	$Ni.2d, at ACC[0].2d,#16
+	ext	$Ni.16b,$Ni.16b,$Ni.16b,#8
+	umlal	@ACC[3].2d,$Bi.2s,$A0.s[3]
+	add	$Ni.2d,$Ni.2d, at ACC[0].2d
+	umlal	@ACC[4].2d,$Bi.2s,$A1.s[0]
+	mul	$Ni.2s,$Ni.2s,$M0.2s
+	umlal	@ACC[5].2d,$Bi.2s,$A1.s[1]
+	st1	{$Bi.2s},[$bnptr],#8	// put aside smashed b[8*i+$i]
+	umlal	@ACC[6].2d,$Bi.2s,$A1.s[2]
+	uxtl	$Ni.4s,$Ni.4h
+	umlal	@ACC[7].2d,$Bi.2s,$A1.s[3]
+___
+}
+$code.=<<___;
+	ld1	{$Bi.2s},[sp]		// pull smashed b[8*i+0]
+	umlal	@ACC[0].2d,$Ni.2s,$N0.s[0]
+	ld1	{$A0.4s,$A1.4s},[$aptr],#32
+	umlal	@ACC[1].2d,$Ni.2s,$N0.s[1]
+	umlal	@ACC[2].2d,$Ni.2s,$N0.s[2]
+	mov	$Temp.16b, at ACC[0].16b
+	ushr	$Temp.2d,$Temp.2d,#16
+	ext	@ACC[0].16b, at ACC[0].16b, at ACC[0].16b,#8
+	umlal	@ACC[3].2d,$Ni.2s,$N0.s[3]
+	umlal	@ACC[4].2d,$Ni.2s,$N1.s[0]
+	add	@ACC[0].2d, at ACC[0].2d,$Temp.2d
+	umlal	@ACC[5].2d,$Ni.2s,$N1.s[1]
+	ushr	@ACC[0].2d, at ACC[0].2d,#16
+	eor	$temp.16b,$temp.16b,$temp.16b
+	ins	@ACC[0].d[1],$temp.d[0]
+	umlal	@ACC[6].2d,$Ni.2s,$N1.s[2]
+	umlal	@ACC[7].2d,$Ni.2s,$N1.s[3]
+	add	@ACC[1].2d, at ACC[1].2d, at ACC[0].2d
+	st1	{$Ni.2s},[$bnptr],#8	// put aside smashed m[8*i+$i]
+	add	$bnptr,sp,#8		// rewind
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	sub	$inner,$num,#8
+	b	.LNEON_8n_inner
+
+.align	4
+.LNEON_8n_inner:
+	subs	$inner,$inner,#8
+	umlal	@ACC[0].2d,$Bi.2s,$A0.s[0]
+	ld1	{@ACC[7].2d},[$tinptr]
+	umlal	@ACC[1].2d,$Bi.2s,$A0.s[1]
+	ld1	{$Ni.2s},[$bnptr],#8	// pull smashed m[8*i+0]
+	umlal	@ACC[2].2d,$Bi.2s,$A0.s[2]
+	ld1	{$N0.4s,$N1.4s},[$nptr],#32
+	umlal	@ACC[3].2d,$Bi.2s,$A0.s[3]
+	b.eq	.LInner_jump
+	add	$tinptr,$tinptr,#16	// don't advance in last iteration
+.LInner_jump:
+	umlal	@ACC[4].2d,$Bi.2s,$A1.s[0]
+	umlal	@ACC[5].2d,$Bi.2s,$A1.s[1]
+	umlal	@ACC[6].2d,$Bi.2s,$A1.s[2]
+	umlal	@ACC[7].2d,$Bi.2s,$A1.s[3]
+___
+for ($i=1; $i<8; $i++) {
+$code.=<<___;
+	ld1	{$Bi.2s},[$bnptr],#8	// pull smashed b[8*i+$i]
+	umlal	@ACC[0].2d,$Ni.2s,$N0.s[0]
+	umlal	@ACC[1].2d,$Ni.2s,$N0.s[1]
+	umlal	@ACC[2].2d,$Ni.2s,$N0.s[2]
+	umlal	@ACC[3].2d,$Ni.2s,$N0.s[3]
+	umlal	@ACC[4].2d,$Ni.2s,$N1.s[0]
+	umlal	@ACC[5].2d,$Ni.2s,$N1.s[1]
+	umlal	@ACC[6].2d,$Ni.2s,$N1.s[2]
+	umlal	@ACC[7].2d,$Ni.2s,$N1.s[3]
+	st1	{@ACC[0].2d},[$toutptr],#16
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	umlal	@ACC[0].2d,$Bi.2s,$A0.s[0]
+	ld1	{@ACC[7].2d},[$tinptr]
+	umlal	@ACC[1].2d,$Bi.2s,$A0.s[1]
+	ld1	{$Ni.2s},[$bnptr],#8	// pull smashed m[8*i+$i]
+	umlal	@ACC[2].2d,$Bi.2s,$A0.s[2]
+	b.eq	.LInner_jump$i
+	add	$tinptr,$tinptr,#16	// don't advance in last iteration
+.LInner_jump$i:
+	umlal	@ACC[3].2d,$Bi.2s,$A0.s[3]
+	umlal	@ACC[4].2d,$Bi.2s,$A1.s[0]
+	umlal	@ACC[5].2d,$Bi.2s,$A1.s[1]
+	umlal	@ACC[6].2d,$Bi.2s,$A1.s[2]
+	umlal	@ACC[7].2d,$Bi.2s,$A1.s[3]
+___
+}
+$code.=<<___;
+	b.ne	.LInner_after_rewind$i
+	sub	$aptr,$aptr,$num,lsl#2	// rewind
+.LInner_after_rewind$i:
+	umlal	@ACC[0].2d,$Ni.2s,$N0.s[0]
+	ld1	{$Bi.2s},[sp]		// pull smashed b[8*i+0]
+	umlal	@ACC[1].2d,$Ni.2s,$N0.s[1]
+	ld1	{$A0.4s,$A1.4s},[$aptr],#32
+	umlal	@ACC[2].2d,$Ni.2s,$N0.s[2]
+	add	$bnptr,sp,#8		// rewind
+	umlal	@ACC[3].2d,$Ni.2s,$N0.s[3]
+	umlal	@ACC[4].2d,$Ni.2s,$N1.s[0]
+	umlal	@ACC[5].2d,$Ni.2s,$N1.s[1]
+	umlal	@ACC[6].2d,$Ni.2s,$N1.s[2]
+	st1	{@ACC[0].2d},[$toutptr],#16
+	umlal	@ACC[7].2d,$Ni.2s,$N1.s[3]
+
+	bne	.LNEON_8n_inner
+___
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	add	$tinptr,sp,#128
+	st1	{@ACC[0].2d, at ACC[1].2d},[$toutptr],#32
+	eor	$N0.16b,$N0.16b,$N0.16b	// $N0
+	st1	{@ACC[2].2d, at ACC[3].2d},[$toutptr],#32
+	eor	$N1.16b,$N1.16b,$N1.16b	// $N1
+	st1	{@ACC[4].2d, at ACC[5].2d},[$toutptr],#32
+	st1	{@ACC[6].2d},[$toutptr]
+
+	subs	$outer,$outer,#8
+	ld1	{@ACC[0].2d, at ACC[1].2d},[$tinptr],#32
+	ld1	{@ACC[2].2d, at ACC[3].2d},[$tinptr],#32
+	ld1	{@ACC[4].2d, at ACC[5].2d},[$tinptr],#32
+	ld1	{@ACC[6].2d, at ACC[7].2d},[$tinptr],#32
+
+	b.eq	.LInner_8n_jump_2steps
+	sub	$nptr,$nptr,$num,lsl#2	// rewind
+	b	.LNEON_8n_outer
+
+.LInner_8n_jump_2steps:
+	add	$toutptr,sp,#128
+	st1	{$N0.2d,$N1.2d}, [sp],#32	// start wiping stack frame
+	mov	$Temp.16b, at ACC[0].16b
+	ushr	$temp.2d, at ACC[0].2d,#16
+	ext	@ACC[0].16b, at ACC[0].16b, at ACC[0].16b,#8
+	st1	{$N0.2d,$N1.2d}, [sp],#32
+	add	@ACC[0].2d, at ACC[0].2d,$temp.2d
+	st1	{$N0.2d,$N1.2d}, [sp],#32
+	ushr	$temp.2d, at ACC[0].2d,#16
+	st1	{$N0.2d,$N1.2d}, [sp],#32
+	zip1	@ACC[0].4h,$Temp.4h, at ACC[0].4h
+	ins	$temp.d[1],$zero.d[0]
+
+	mov	$inner,$num
+	b	.LNEON_tail_entry
+
+.align	4
+.LNEON_tail:
+	add	@ACC[0].2d, at ACC[0].2d,$temp.2d
+	mov	$Temp.16b, at ACC[0].16b
+	ushr	$temp.2d, at ACC[0].2d,#16
+	ext	@ACC[0].16b, at ACC[0].16b, at ACC[0].16b,#8
+	ld1	{@ACC[2].2d, at ACC[3].2d}, [$tinptr],#32
+	add	@ACC[0].2d, at ACC[0].2d,$temp.2d
+	ld1	{@ACC[4].2d, at ACC[5].2d}, [$tinptr],#32
+	ushr	$temp.2d, at ACC[0].2d,#16
+	ld1	{@ACC[6].2d, at ACC[7].2d}, [$tinptr],#32
+	zip1	@ACC[0].4h,$Temp.4h, at ACC[0].4h
+	ins	$temp.d[1],$zero.d[0]
+
+.LNEON_tail_entry:
+___
+for ($i=1; $i<8; $i++) {
+$code.=<<___;
+	add	@ACC[1].2d, at ACC[1].2d,$temp.2d
+	st1	{@ACC[0].s}[0], [$toutptr],#4
+	ushr	$temp.2d, at ACC[1].2d,#16
+	mov	$Temp.16b, at ACC[1].16b
+	ext	@ACC[1].16b, at ACC[1].16b, at ACC[1].16b,#8
+	add	@ACC[1].2d, at ACC[1].2d,$temp.2d
+	ushr	$temp.2d, at ACC[1].2d,#16
+	zip1	@ACC[1].4h,$Temp.4h, at ACC[1].4h
+	ins	$temp.d[1],$zero.d[0]
+___
+	push(@ACC,shift(@ACC));
+}
+	push(@ACC,shift(@ACC));
+$code.=<<___;
+	ld1	{@ACC[0].2d, at ACC[1].2d}, [$tinptr],#32
+	subs	$inner,$inner,#8
+	st1	{@ACC[7].s}[0], [$toutptr],#4
+	bne	.LNEON_tail
+
+	st1	{$temp.s}[0], [$toutptr],#4	// top-most bit
+	sub	$nptr,$nptr,$num,lsl#2		// rewind $nptr
+	subs	$aptr,sp,#0			// clear carry flag
+	add	$bptr,sp,$num,lsl#2
+
+.LNEON_sub:
+	ldp	w4,w5,[$aptr],#8
+	ldp	w6,w7,[$aptr],#8
+	ldp	w8,w9,[$nptr],#8
+	ldp	w10,w11,[$nptr],#8
+	sbcs	w8,w4,w8
+	sbcs	w9,w5,w9
+	sbcs	w10,w6,w10
+	sbcs	w11,w7,w11
+	sub	x17,$bptr,$aptr
+	stp	w8,w9,[$rptr],#8
+	stp	w10,w11,[$rptr],#8
+	cbnz	x17,.LNEON_sub
+
+	ldr	w10, [$aptr]		// load top-most bit
+	mov	x11,sp
+	eor	v0.16b,v0.16b,v0.16b
+	sub	x11,$bptr,x11		// this is num*4
+	eor	v1.16b,v1.16b,v1.16b
+	mov	$aptr,sp
+	sub	$rptr,$rptr,x11		// rewind $rptr
+	mov	$nptr,$bptr		// second 3/4th of frame
+	sbcs	w10,w10,wzr		// result is carry flag
+
+.LNEON_copy_n_zap:
+	ldp	w4,w5,[$aptr],#8
+	ldp	w6,w7,[$aptr],#8
+	ldp	w8,w9,[$rptr],#8
+	ldp	w10,w11,[$rptr]
+	sub	$rptr,$rptr,#8
+	b.cs	.LCopy_1
+	mov	w8,w4
+	mov	w9,w5
+	mov	w10,w6
+	mov	w11,w7
+.LCopy_1:
+	st1	{v0.2d,v1.2d}, [$nptr],#32		// wipe
+	st1	{v0.2d,v1.2d}, [$nptr],#32		// wipe
+	ldp	w4,w5,[$aptr],#8
+	ldp	w6,w7,[$aptr],#8
+	stp	w8,w9,[$rptr],#8
+	stp	w10,w11,[$rptr],#8
+	sub	$aptr,$aptr,#32
+	ldp	w8,w9,[$rptr],#8
+	ldp	w10,w11,[$rptr]
+	sub	$rptr,$rptr,#8
+	b.cs	.LCopy_2
+	mov	w8, w4
+	mov	w9, w5
+	mov	w10, w6
+	mov	w11, w7
+.LCopy_2:
+	st1	{v0.2d,v1.2d}, [$aptr],#32		// wipe
+	st1	{v0.2d,v1.2d}, [$nptr],#32		// wipe
+	sub	x17,$bptr,$aptr		// preserves carry
+	stp	w8,w9,[$rptr],#8
+	stp	w10,w11,[$rptr],#8
+	cbnz	x17,.LNEON_copy_n_zap
+
+	mov	sp,x16
+	ldp	d14,d15,[sp,#64]
+	ldp	d12,d13,[sp,#48]
+	ldp	d10,d11,[sp,#32]
+	ldp	d8,d9,[sp,#16]
+	ldr	x29,[sp],#80
+	ret			// bx lr
+
+.size	bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
+___
+}
+{
 ########################################################################
 # Following is ARMv8 adaptation of sqrx8x_mont from x86_64-mont5 module.
 
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 3c32e83067..d0c1034bde 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -177,3 +177,4 @@ INCLUDE[armv4-mont.o]=..
 GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl
 INCLUDE[armv4-gf2m.o]=..
 GENERATE[armv8-mont.S]=asm/armv8-mont.pl
+INCLUDE[armv8-mont.o]=..

From kaduk at mit.edu  Sun May  9 16:52:15 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Sun, 09 May 2021 16:52:15 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1620579135.482767.14921.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  207b8693b0821aab356ce9dccb7f2fe86e5e035a (commit)
      from  a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16 (commit)


- Log -----------------------------------------------------------------
commit 207b8693b0821aab356ce9dccb7f2fe86e5e035a
Author: David Carlier <devnexen at gmail.com>
Date:   Sat Apr 24 16:13:26 2021 +0100

    BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15015)
    
    (cherry picked from commit f7f0632b01cf16efccb133e395cf115c194bd003)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/b_sock2.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
index 335dfabc61..f54b550ecf 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@@ -243,7 +243,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
         }
     }
 
-# ifdef IPV6_V6ONLY
+  /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
     if (BIO_ADDR_family(addr) == AF_INET6) {
         /*
          * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.

From kaduk at mit.edu  Sun May  9 16:48:20 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Sun, 09 May 2021 16:48:20 +0000
Subject: [openssl]  master update
Message-ID: <1620578900.384746.13249.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f7f0632b01cf16efccb133e395cf115c194bd003 (commit)
      from  10646160125ac1328d892f1dd27f2847892d33c5 (commit)


- Log -----------------------------------------------------------------
commit f7f0632b01cf16efccb133e395cf115c194bd003
Author: David Carlier <devnexen at gmail.com>
Date:   Sat Apr 24 16:13:26 2021 +0100

    BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15015)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/b_sock2.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
index 0446e7fd8d..f13f20148b 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@@ -264,7 +264,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
         }
     }
 
-# ifdef IPV6_V6ONLY
+  /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
     if (BIO_ADDR_family(addr) == AF_INET6) {
         /*
          * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.

From kaduk at mit.edu  Sun May  9 19:08:34 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Sun, 09 May 2021 19:08:34 +0000
Subject: [openssl]  master update
Message-ID: <1620587314.023012.20270.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8be513ae46765ab4c4c3e244640652c24633288d (commit)
      from  f7f0632b01cf16efccb133e395cf115c194bd003 (commit)


- Log -----------------------------------------------------------------
commit 8be513ae46765ab4c4c3e244640652c24633288d
Author: Daniel Bevenius <daniel.bevenius at gmail.com>
Date:   Wed Apr 28 10:30:13 2021 +0200

    Mark pop/clear error stack in der2key_decode_p8
    
    This commit sets the error mark before calling d2i_X509_SIG
    and clear it if that function call is successful.
    
    The motivation for this is that if d2i_X509_SIG returns NULL then the
    else clause will be entered and d2i_PKCS8_PRIV_KEY_INFO will be
    called. If d2i_X509_SIG raised any errors those error will be on the
    error stack when d2i_PKCS8_PRIV_KEY_INFO gets called, and even if it
    returns successfully those errors will still be on the error stack.
    
    We ran into this issue when upgrading Node.js to 3.0.0-alpha15.
    More details can be found in the ref links below.
    
    Refs: https://github.com/nodejs/node/issues/38373
    Refs: https://github.com/danbev/learning-libcrypto/blob/master/notes/wrong-tag-issue2.md
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15067)

-----------------------------------------------------------------------

Summary of changes:
 .../implementations/encode_decode/decode_der2key.c |  5 ++++
 test/evp_extra_test.c                              | 35 ++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index 73acf527c1..01c050ccb0 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -124,10 +124,13 @@ static void *der2key_decode_p8(const unsigned char **input_der,
 
     ctx->flag_fatal = 0;
 
+    ERR_set_mark();
     if ((p8 = d2i_X509_SIG(NULL, input_der, input_der_len)) != NULL) {
         char pbuf[PEM_BUFSIZE];
         size_t plen = 0;
 
+        ERR_clear_last_mark();
+
         if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg))
             ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
         else
@@ -136,6 +139,8 @@ static void *der2key_decode_p8(const unsigned char **input_der,
             ctx->flag_fatal = 1;
         X509_SIG_free(p8);
     } else {
+        /* Pop any errors that might have been raised by d2i_X509_SIG. */
+        ERR_pop_to_mark();
         p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len);
     }
     if (p8inf != NULL
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 7fd45bc316..56522e4af9 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1172,7 +1172,41 @@ static int test_EVP_PKCS82PKEY(void)
 
     return ret;
 }
+
 #endif
+static int test_EVP_PKCS82PKEY_wrong_tag(void)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY *pkey2 = NULL;
+    BIO *membio = NULL;
+    char *membuf = NULL;
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    int ok = 0;
+
+    if (testctx != NULL)
+        /* test not supported with non-default context */
+        return 1;
+
+    if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
+        || !TEST_ptr(pkey = load_example_rsa_key())
+        || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
+                                                NULL, 0, NULL, NULL),
+                        0)
+        || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
+        || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
+        || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
+        || !TEST_int_eq(ERR_get_error(), 0)) {
+        goto done;
+    }
+
+    ok = 1;
+ done:
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_free(pkey2);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    BIO_free_all(membio);
+    return ok;
+}
 
 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
 static int test_privatekey_to_pkcs8(void)
@@ -2894,6 +2928,7 @@ int setup_tests(void)
     ADD_TEST(test_EVP_Enveloped);
     ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
     ADD_TEST(test_privatekey_to_pkcs8);
+    ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
 #ifndef OPENSSL_NO_EC
     ADD_TEST(test_EVP_PKCS82PKEY);
 #endif

From no-reply at appveyor.com  Sun May  9 21:07:18 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 09 May 2021 21:07:18 +0000
Subject: Build failed: openssl master.41984
Message-ID: <20210509210718.1.16C065F4F6D54A86@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210509/ee91eb05/attachment.html>

From no-reply at appveyor.com  Sun May  9 23:47:37 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 09 May 2021 23:47:37 +0000
Subject: Build completed: openssl master.41985
Message-ID: <20210509234737.1.AAD7C8769E8D362C@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210509/7f7f5fb9/attachment.html>

From pauli at openssl.org  Mon May 10 01:05:45 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Mon, 10 May 2021 01:05:45 +0000
Subject: [openssl]  master update
Message-ID: <1620608745.704891.28713.nullmailer@dev.openssl.org>

The branch master has been updated
       via  333b31e3000ff009cdc48bf45d9af687031f7688 (commit)
      from  8be513ae46765ab4c4c3e244640652c24633288d (commit)


- Log -----------------------------------------------------------------
commit 333b31e3000ff009cdc48bf45d9af687031f7688
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 10:47:37 2021 +1000

    checksum fix
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15209)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips-sources.checksums | 2 +-
 providers/fips.checksum          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 49535d99e5..da684b0718 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -31,7 +31,7 @@ fdabbeafcb4b351a13ec92f04a4427ff94e51909d3773e02ff526b4d77ded8dc  crypto/asn1_ds
 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a  crypto/bn/asm/alpha-mont.pl
 0070595128b250b9ebdebe48ce53d2d27ca16ec4f7c6c8bd169ab2e4a913b2d1  crypto/bn/asm/armv4-gf2m.pl
 8c1c53a725b8a4f92b8a353bfeeb393be94198df41c912e3270f9e654417b250  crypto/bn/asm/armv4-mont.pl
-320a3feafffafc05a00a56202958abc258cff596c602604d6c878fa0ca3023d6  crypto/bn/asm/armv8-mont.pl
+8d6192337fedb0012764229d600634f8357c3b74fd38bcbfe8b86ddc6ca96ea2  crypto/bn/asm/armv8-mont.pl
 cb4ad7b7461fcb8e2a0d52881158d0211b79544842d4eae36fc566869a2d62c8  crypto/bn/asm/bn-586.pl
 636da7e2a66272a81f9c99e90b36c6f132ad6236c739e8b9f2e7315f30b72edd  crypto/bn/asm/c64xplus-gf2m.pl
 c86664fb974362ee52a454c83c2c4b23fd5b7d64b3c9e23ef1e0dfd130a46ee5  crypto/bn/asm/co-586.pl
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 2f3dff8cfc..c4d76e1822 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-5a2795b0bfeec67d234e9cf05bbac1571f205ba2da7e378e81b6e105fec1c85b  providers/fips-sources.checksums
+14ae4fff4bd856c7e146d65b63880ff152276fe35b0f1f4ed5f24eb6e97e7b44  providers/fips-sources.checksums

From openssl at openssl.org  Mon May 10 01:12:13 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 10 May 2021 01:12:13 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-asm
Message-ID: <1620609133.782963.2105608.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm

Commit log since last time:

8be513ae46 Mark pop/clear error stack in der2key_decode_p8
f7f0632b01 BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
1064616012 Optimize RSA on armv8
f0f4a46c4f FIPS checksums update
e70abb8b4c Test oct2point for hybrid point encoding of (0, y)
56f0237938 Avoid division by zero in hybrid point encoding
32b1da718d tasn_dec: use do/while around statement macros
ab9d1af955 80-test_cmp_http.t: Improve fuzzing exclusion pattern
b33cf20263 ssl.h.in: Fix deprecation exclusion for SRP-related declarations
4d49b68504 Crypto: Add deprecation compatibility declarations for SHA* message digest functions
0a8a6afdfb Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
bea31afef0 DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
0f4fb64785 apps/mac: Add digest and cipher command line options
29f5727b83 apps/mac: avoid need for two ^D when using stdin from a terminal
68f3fb0514 apps: remove initial newline from mac output
a1230dea4d apps: add mac, cipher and digest arguments to the kdf applet.
839261592c Remove unused code from the fips module
0d40ca47bd bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
531df8185f BIO_printf.pod: Clarify that output is always null terminated.
9b53932b6f FIPS checksum update
4ed1f0bc70 provider: use a read lock when looking for a provider
2876528de5 doc: document the new ossl_provider_clear_all_operation_bits() function
ced7df2638 test: add a provider load/unload cache flush test.
0090e50890 provider: flush the store cache when providers are loaded/unloaded.
43d7856499 Updated gost-engine to latest commit from master branch
c9f18e5990 Unify parameter types in documentation
f71a745358 Fixes #14662. Return all EC parameters even for named curves
592ea4ba94 Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
6d1bb1fffd make update
848af5e8fe Drop libimplementations.a
5a86dac862 Rename files in providers/implementations/signatures
28a8d07d7f changes: add note about application output formatting differences.
22d1138fe2 Avoid sending alerts after shutdown
021521aa91 Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
bfe2fcc840 evp_extra_test: Avoid potential double free of params
6ef2f71ac7 Clarify where dispatch functions/ids are defined
6d418dbcd3 Clarify two comments (typos) in fipsprov.c
4c8e6f7d20 Prepare for 3.0 alpha 17
d0c041b13a Prepare for release of 3.0 alpha 16
aff636a489 Update copyright year
6269fedffb Update the FIPS checksums
d105a24c89 Add some tests for -inform/keyform enforcement
bee3f38905 Document the behavior of the -inform and related options
3d1becd42a provider-storemgmt: Document the input-type and properties parameters.
0b294f5647 Update gost-engine to make it compatible with the added params
d382e79632 Make the -inform option to be respected if possible
b86fa8c556 try to document changes in salt handling for the 'enc' command
c4c8791e14 change salt handling, way 1
a35536b52d coverity: fix 1478169: dereference after NULL check
08a337fac6 Remove all trace of FIPS_mode functions

Build log ended with (last 100 lines):

25-test_pkcs7.t .................... ok
25-test_req.t ...................... ok
25-test_rusext.t ................... ok
25-test_sid.t ...................... ok
25-test_verify.t ................... ok
25-test_verify_store.t ............. ok
25-test_x509.t ..................... ok
30-test_acvp.t ..................... skipped: ACVP is not supported by this test
30-test_aesgcm.t ................... ok
30-test_afalg.t .................... ok
30-test_defltfips.t ................ ok
30-test_engine.t ................... ok
30-test_evp.t ...................... ok
30-test_evp_extra.t ................ ok
30-test_evp_fetch_prov.t ........... ok
30-test_evp_kdf.t .................. ok
30-test_evp_libctx.t ............... ok
30-test_evp_pkey_dparam.t .......... ok
30-test_evp_pkey_provided.t ........ ok
30-test_pbelu.t .................... ok
30-test_pkey_meth.t ................ ok
30-test_pkey_meth_kdf.t ............ ok
30-test_provider_status.t .......... skipped: provider_status is not supported by this test
40-test_rehash.t ................... ok
60-test_x509_check_cert_pkey.t ..... ok
60-test_x509_dup_cert.t ............ ok
60-test_x509_store.t ............... ok
60-test_x509_time.t ................ ok
61-test_bio_prefix.t ............... ok
61-test_bio_readbuffer.t ........... ok
65-test_cmp_asn.t .................. ok
65-test_cmp_client.t ............... ok
65-test_cmp_ctx.t .................. ok
65-test_cmp_hdr.t .................. ok
65-test_cmp_msg.t .................. ok
65-test_cmp_protect.t .............. ok
65-test_cmp_server.t ............... ok
65-test_cmp_status.t ............... ok
65-test_cmp_vfy.t .................. ok
66-test_ossl_store.t ............... ok
70-test_asyncio.t .................. ok
70-test_bad_dtls.t ................. ok
70-test_clienthello.t .............. ok
70-test_comp.t ..................... ok
70-test_key_share.t ................ ok
70-test_packet.t ................... ok
70-test_recordlen.t ................ ok
70-test_renegotiation.t ............ ok
70-test_servername.t ............... ok
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
80-test_cmp_http.t ................. skipped: These tests are not supported in a fuzz build

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
make[1]: *** wait: No child processes.  Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: *** wait: No child processes.  Stop.
make: *** [Makefile:3155: tests] Terminated

From shane.lontis at oracle.com  Mon May 10 03:26:56 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Mon, 10 May 2021 03:26:56 +0000
Subject: [openssl]  master update
Message-ID: <1620617216.933492.32020.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021 (commit)
      from  333b31e3000ff009cdc48bf45d9af687031f7688 (commit)


- Log -----------------------------------------------------------------
commit d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Wed May 5 16:58:37 2021 +1000

    Fix i2d_PKCS8PrivateKey_nid_bio() regression.
    
    This method ignores the nid and could end up saving out the private key unencrypted
    
    In earlier alpha releases OSSL_num_encoders() returned 0 for this test
    case, which then meant that the legacy path was run, and the key was
    then correctly encrypted.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15152)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pem/pem_pk8.c   |  8 +++++++-
 test/evp_extra_test2.c | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 86a66b586c..5e28907be3 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -93,7 +93,13 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
         }
     }
 
-    if (OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
+    /*
+     * NOTE: There is no attempt to do a EVP_CIPHER_fetch() using the nid,
+     * since the nid is a PBE algorithm which can't be fetched currently.
+     * (e.g. NID_pbe_WithSHA1And2_Key_TripleDES_CBC). Just use the legacy
+     * path if the NID is passed.
+     */
+    if (nid == -1 && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
         ret = 1;
         if (enc != NULL) {
             ret = 0;
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 6d5303ab9d..2e5861c77f 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -290,6 +290,40 @@ done:
     return ret;
 }
 
+#ifndef OPENSSL_NO_DES
+static int test_pkcs8key_nid_bio(void)
+{
+    int ret;
+    const int nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    static const char pwd[] = "PASSWORD";
+    EVP_PKEY *pkey = NULL, *pkey_dec = NULL;
+    BIO *in = NULL, *enc_bio = NULL;
+    char *enc_data = NULL;
+    long enc_datalen = 0;
+    OSSL_PROVIDER *provider = NULL;
+
+    ret = TEST_ptr(provider = OSSL_PROVIDER_load(NULL, "default"))
+          && TEST_ptr(enc_bio = BIO_new(BIO_s_mem()))
+          && TEST_ptr(in = BIO_new_mem_buf(kExampleRSAKeyPKCS8,
+                                           sizeof(kExampleRSAKeyPKCS8)))
+          && TEST_ptr(pkey = d2i_PrivateKey_ex_bio(in, NULL, NULL, NULL))
+          && TEST_int_eq(i2d_PKCS8PrivateKey_nid_bio(enc_bio, pkey, nid,
+                                                     pwd, sizeof(pwd) - 1,
+                                                     NULL, NULL), 1)
+          && TEST_int_gt(enc_datalen = BIO_get_mem_data(enc_bio, &enc_data), 0)
+          && TEST_ptr(pkey_dec = d2i_PKCS8PrivateKey_bio(enc_bio, NULL, NULL,
+                                                         (void *)pwd))
+          && TEST_true(EVP_PKEY_eq(pkey, pkey_dec));
+
+    EVP_PKEY_free(pkey_dec);
+    EVP_PKEY_free(pkey);
+    BIO_free(in);
+    BIO_free(enc_bio);
+    OSSL_PROVIDER_unload(provider);
+    return ret;
+}
+#endif /* OPENSSL_NO_DES */
+
 static int test_alternative_default(void)
 {
     OSSL_LIB_CTX *oldctx;
@@ -727,6 +761,9 @@ int setup_tests(void)
     ADD_TEST(test_pkey_todata_null);
     ADD_TEST(test_pkey_export_null);
     ADD_TEST(test_pkey_export);
+#ifndef OPENSSL_NO_DES
+    ADD_TEST(test_pkcs8key_nid_bio);
+#endif
     return 1;
 }
 

From no-reply at appveyor.com  Mon May 10 08:20:46 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 10 May 2021 08:20:46 +0000
Subject: Build failed: openssl master.41988
Message-ID: <20210510082046.1.2634312FBB3CEDA4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210510/9ca3033e/attachment.html>

From openssl at openssl.org  Mon May 10 11:13:08 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Mon, 10 May 2021 11:13:08 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-ec2m
Message-ID: <1620645188.557615.3188256.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec2m

Commit log since last time:

8be513ae46 Mark pop/clear error stack in der2key_decode_p8
f7f0632b01 BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
1064616012 Optimize RSA on armv8
f0f4a46c4f FIPS checksums update
e70abb8b4c Test oct2point for hybrid point encoding of (0, y)
56f0237938 Avoid division by zero in hybrid point encoding
32b1da718d tasn_dec: use do/while around statement macros
ab9d1af955 80-test_cmp_http.t: Improve fuzzing exclusion pattern
b33cf20263 ssl.h.in: Fix deprecation exclusion for SRP-related declarations
4d49b68504 Crypto: Add deprecation compatibility declarations for SHA* message digest functions
0a8a6afdfb Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
bea31afef0 DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
0f4fb64785 apps/mac: Add digest and cipher command line options
29f5727b83 apps/mac: avoid need for two ^D when using stdin from a terminal
68f3fb0514 apps: remove initial newline from mac output
a1230dea4d apps: add mac, cipher and digest arguments to the kdf applet.
839261592c Remove unused code from the fips module
0d40ca47bd bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
531df8185f BIO_printf.pod: Clarify that output is always null terminated.
9b53932b6f FIPS checksum update
4ed1f0bc70 provider: use a read lock when looking for a provider
2876528de5 doc: document the new ossl_provider_clear_all_operation_bits() function
ced7df2638 test: add a provider load/unload cache flush test.
0090e50890 provider: flush the store cache when providers are loaded/unloaded.
43d7856499 Updated gost-engine to latest commit from master branch
c9f18e5990 Unify parameter types in documentation
f71a745358 Fixes #14662. Return all EC parameters even for named curves
592ea4ba94 Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
6d1bb1fffd make update
848af5e8fe Drop libimplementations.a
5a86dac862 Rename files in providers/implementations/signatures
28a8d07d7f changes: add note about application output formatting differences.
22d1138fe2 Avoid sending alerts after shutdown
021521aa91 Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
bfe2fcc840 evp_extra_test: Avoid potential double free of params
6ef2f71ac7 Clarify where dispatch functions/ids are defined
6d418dbcd3 Clarify two comments (typos) in fipsprov.c
4c8e6f7d20 Prepare for 3.0 alpha 17
d0c041b13a Prepare for release of 3.0 alpha 16
aff636a489 Update copyright year
6269fedffb Update the FIPS checksums
d105a24c89 Add some tests for -inform/keyform enforcement
bee3f38905 Document the behavior of the -inform and related options
3d1becd42a provider-storemgmt: Document the input-type and properties parameters.
0b294f5647 Update gost-engine to make it compatible with the added params
d382e79632 Make the -inform option to be respected if possible
b86fa8c556 try to document changes in salt handling for the 'enc' command
c4c8791e14 change salt handling, way 1
a35536b52d coverity: fix 1478169: dereference after NULL check
08a337fac6 Remove all trace of FIPS_mode functions

Build log ended with (last 100 lines):

70-test_servername.t ............... ok
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok
80-test_cmp_http.t ................. skipped: These tests are not supported in a fuzz build

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
30-test_evp.t                    (Wstat: 1280 Tests: 66 Failed: 5)
  Failed tests:  25-29
  Non-zero exit status: 5
Files=235, Tests=2606, 877 wallclock secs (71.23 usr  1.29 sys + 768.27 cusr 62.17 csys = 902.96 CPU)
Result: FAIL
make[1]: *** [Makefile:3167: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m'
make: *** [Makefile:3164: tests] Error 2

From no-reply at appveyor.com  Mon May 10 11:21:33 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 10 May 2021 11:21:33 +0000
Subject: Build completed: openssl master.41989
Message-ID: <20210510112133.1.DB311A0172DB19D5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210510/51f40093/attachment.html>

From no-reply at appveyor.com  Mon May 10 17:34:14 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 10 May 2021 17:34:14 +0000
Subject: Build failed: openssl pr-15108.41992
Message-ID: <20210510173414.1.57D487A33ED199D3@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210510/2973dc83/attachment.html>

From no-reply at appveyor.com  Mon May 10 20:21:35 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 10 May 2021 20:21:35 +0000
Subject: Build completed: openssl master.41993
Message-ID: <20210510202135.1.99E7682E657D5F6A@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210510/9c16b64f/attachment-0001.html>

From openssl at openssl.org  Tue May 11 01:40:36 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Tue, 11 May 2021 01:40:36 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
 enable-fuzz-afl no-shared no-module
Message-ID: <1620697236.021364.543310.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module

Commit log since last time:

8be513ae46 Mark pop/clear error stack in der2key_decode_p8
f7f0632b01 BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
1064616012 Optimize RSA on armv8
f0f4a46c4f FIPS checksums update
e70abb8b4c Test oct2point for hybrid point encoding of (0, y)
56f0237938 Avoid division by zero in hybrid point encoding
32b1da718d tasn_dec: use do/while around statement macros
ab9d1af955 80-test_cmp_http.t: Improve fuzzing exclusion pattern
b33cf20263 ssl.h.in: Fix deprecation exclusion for SRP-related declarations
4d49b68504 Crypto: Add deprecation compatibility declarations for SHA* message digest functions
0a8a6afdfb Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
bea31afef0 DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
0f4fb64785 apps/mac: Add digest and cipher command line options
29f5727b83 apps/mac: avoid need for two ^D when using stdin from a terminal
68f3fb0514 apps: remove initial newline from mac output
a1230dea4d apps: add mac, cipher and digest arguments to the kdf applet.
839261592c Remove unused code from the fips module
0d40ca47bd bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
531df8185f BIO_printf.pod: Clarify that output is always null terminated.
9b53932b6f FIPS checksum update
4ed1f0bc70 provider: use a read lock when looking for a provider
2876528de5 doc: document the new ossl_provider_clear_all_operation_bits() function
ced7df2638 test: add a provider load/unload cache flush test.
0090e50890 provider: flush the store cache when providers are loaded/unloaded.
43d7856499 Updated gost-engine to latest commit from master branch
c9f18e5990 Unify parameter types in documentation
f71a745358 Fixes #14662. Return all EC parameters even for named curves
592ea4ba94 Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
6d1bb1fffd make update
848af5e8fe Drop libimplementations.a
5a86dac862 Rename files in providers/implementations/signatures
28a8d07d7f changes: add note about application output formatting differences.
22d1138fe2 Avoid sending alerts after shutdown
021521aa91 Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
bfe2fcc840 evp_extra_test: Avoid potential double free of params
6ef2f71ac7 Clarify where dispatch functions/ids are defined
6d418dbcd3 Clarify two comments (typos) in fipsprov.c
4c8e6f7d20 Prepare for 3.0 alpha 17
d0c041b13a Prepare for release of 3.0 alpha 16
aff636a489 Update copyright year
6269fedffb Update the FIPS checksums
d105a24c89 Add some tests for -inform/keyform enforcement
bee3f38905 Document the behavior of the -inform and related options
3d1becd42a provider-storemgmt: Document the input-type and properties parameters.
0b294f5647 Update gost-engine to make it compatible with the added params
d382e79632 Make the -inform option to be respected if possible
b86fa8c556 try to document changes in salt handling for the 'enc' command
c4c8791e14 change salt handling, way 1
a35536b52d coverity: fix 1478169: dereference after NULL check
08a337fac6 Remove all trace of FIPS_mode functions

From openssl at openssl.org  Tue May 11 06:07:24 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Tue, 11 May 2021 06:07:24 +0000
Subject: SUCCESSFUL build of OpenSSL branch master with options -d
 --strict-warnings no-multiblock
Message-ID: <1620713244.069175.1023751.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-multiblock

Commit log since last time:

8be513ae46 Mark pop/clear error stack in der2key_decode_p8
f7f0632b01 BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
1064616012 Optimize RSA on armv8
f0f4a46c4f FIPS checksums update
e70abb8b4c Test oct2point for hybrid point encoding of (0, y)
56f0237938 Avoid division by zero in hybrid point encoding
32b1da718d tasn_dec: use do/while around statement macros
ab9d1af955 80-test_cmp_http.t: Improve fuzzing exclusion pattern
b33cf20263 ssl.h.in: Fix deprecation exclusion for SRP-related declarations
4d49b68504 Crypto: Add deprecation compatibility declarations for SHA* message digest functions
0a8a6afdfb Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
bea31afef0 DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
0f4fb64785 apps/mac: Add digest and cipher command line options
29f5727b83 apps/mac: avoid need for two ^D when using stdin from a terminal
68f3fb0514 apps: remove initial newline from mac output
a1230dea4d apps: add mac, cipher and digest arguments to the kdf applet.
839261592c Remove unused code from the fips module
0d40ca47bd bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
531df8185f BIO_printf.pod: Clarify that output is always null terminated.
9b53932b6f FIPS checksum update
4ed1f0bc70 provider: use a read lock when looking for a provider
2876528de5 doc: document the new ossl_provider_clear_all_operation_bits() function
ced7df2638 test: add a provider load/unload cache flush test.
0090e50890 provider: flush the store cache when providers are loaded/unloaded.
43d7856499 Updated gost-engine to latest commit from master branch
c9f18e5990 Unify parameter types in documentation
f71a745358 Fixes #14662. Return all EC parameters even for named curves
592ea4ba94 Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
6d1bb1fffd make update
848af5e8fe Drop libimplementations.a
5a86dac862 Rename files in providers/implementations/signatures
28a8d07d7f changes: add note about application output formatting differences.
22d1138fe2 Avoid sending alerts after shutdown
021521aa91 Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
bfe2fcc840 evp_extra_test: Avoid potential double free of params
6ef2f71ac7 Clarify where dispatch functions/ids are defined
6d418dbcd3 Clarify two comments (typos) in fipsprov.c
4c8e6f7d20 Prepare for 3.0 alpha 17
d0c041b13a Prepare for release of 3.0 alpha 16
aff636a489 Update copyright year
6269fedffb Update the FIPS checksums
d105a24c89 Add some tests for -inform/keyform enforcement
bee3f38905 Document the behavior of the -inform and related options
3d1becd42a provider-storemgmt: Document the input-type and properties parameters.
0b294f5647 Update gost-engine to make it compatible with the added params
d382e79632 Make the -inform option to be respected if possible
b86fa8c556 try to document changes in salt handling for the 'enc' command
c4c8791e14 change salt handling, way 1
a35536b52d coverity: fix 1478169: dereference after NULL check
08a337fac6 Remove all trace of FIPS_mode functions

From tomas at openssl.org  Tue May 11 08:03:15 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 11 May 2021 08:03:15 +0000
Subject: [openssl]  master update
Message-ID: <1620720195.482065.17859.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f1a45f68bcdceaa2944d078cc65ffb0b3845c43e (commit)
      from  d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021 (commit)


- Log -----------------------------------------------------------------
commit f1a45f68bcdceaa2944d078cc65ffb0b3845c43e
Author: David CARLIER <devnexen at gmail.com>
Date:   Mon Apr 19 21:26:50 2021 +0100

    armcap: fix Mac M1 SHA512 support.
    
    The SIGILL catch/trap works however disabled purposely for Darwin,
     thus relying on native api instead.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14935)

-----------------------------------------------------------------------

Summary of changes:
 crypto/armcap.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/crypto/armcap.c b/crypto/armcap.c
index dc2326f8f6..28cadfbb2e 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -13,6 +13,9 @@
 #include <setjmp.h>
 #include <signal.h>
 #include <openssl/crypto.h>
+#ifdef __APPLE__
+#include <sys/sysctl.h>
+#endif
 #include "internal/cryptlib.h"
 
 #include "arm_arch.h"
@@ -135,7 +138,8 @@ void OPENSSL_cpuid_setup(void)
         return;
     }
 
-# if defined(__APPLE__) && !defined(__aarch64__)
+# if defined(__APPLE__)
+#   if !defined(__aarch64__)
     /*
      * Capability probing by catching SIGILL appears to be problematic
      * on iOS. But since Apple universe is "monocultural", it's actually
@@ -151,6 +155,15 @@ void OPENSSL_cpuid_setup(void)
      * Unified code works because it never triggers SIGILL on Apple
      * devices...
      */
+#   else
+    {
+        unsigned int sha512;
+        size_t len = sizeof(sha512);
+
+        if (sysctlbyname("hw.optional.armv8_2_sha512", &sha512, &len, NULL, 0) == 0 && sha512 == 1)
+            OPENSSL_armcap_P |= ARMV8_SHA512;
+    }
+#   endif
 # endif
 
     OPENSSL_armcap_P = 0;

From pauli at openssl.org  Tue May 11 08:15:43 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 11 May 2021 08:15:43 +0000
Subject: [openssl]  master update
Message-ID: <1620720943.157348.23228.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a7a7e6e3a647688be389b7d9c977b7fc74142fca (commit)
      from  f1a45f68bcdceaa2944d078cc65ffb0b3845c43e (commit)


- Log -----------------------------------------------------------------
commit a7a7e6e3a647688be389b7d9c977b7fc74142fca
Author: Pauli <pauli at openssl.org>
Date:   Sat May 8 22:05:45 2021 +1000

    Reduce the runtime/output from the gmdiff test
    
    Reduce from 1e6 iterations to 1e3.  Add additional cases to cover the same
    range although most intermediate values will be skipped.
    
    Fixes #15185
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15202)

-----------------------------------------------------------------------

Summary of changes:
 test/gmdifftest.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/test/gmdifftest.c b/test/gmdifftest.c
index 0d9b71a5c0..028816f6de 100644
--- a/test/gmdifftest.c
+++ b/test/gmdifftest.c
@@ -49,10 +49,12 @@ static int check_time(long offset)
 
 static int test_gmtime(int offset)
 {
-    return check_time(offset) &&
-           check_time(-offset) &&
-           check_time(offset * 1000L) &&
-           check_time(-offset * 1000L);
+    return check_time(offset)
+           && check_time(-offset)
+           && check_time(offset * 1000L)
+           && check_time(-offset * 1000L)
+           && check_time(offset * 1000000L)
+           && check_time(-offset * 1000000L);
 }
 
 int setup_tests(void)
@@ -60,6 +62,6 @@ int setup_tests(void)
     if (sizeof(time_t) < 8)
         TEST_info("Skipping; time_t is less than 64-bits");
     else
-        ADD_ALL_TESTS_NOSUBTEST(test_gmtime, 1000000);
+        ADD_ALL_TESTS_NOSUBTEST(test_gmtime, 1000);
     return 1;
 }

From pauli at openssl.org  Tue May 11 09:10:10 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 11 May 2021 09:10:10 +0000
Subject: [openssl]  master update
Message-ID: <1620724210.775498.7212.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f60e35d01e8b0116c53575774dbf26dcd2d2311d (commit)
      from  a7a7e6e3a647688be389b7d9c977b7fc74142fca (commit)


- Log -----------------------------------------------------------------
commit f60e35d01e8b0116c53575774dbf26dcd2d2311d
Author: Michael Richardson <mcr at sandelman.ca>
Date:   Wed Apr 14 11:44:41 2021 -0400

    reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14877)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/asn1_gen.c           | 3 ++-
 doc/man3/ASN1_generate_nconf.pod | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 3c003ee103..8c3a2bd970 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -10,6 +10,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
+#include "e_os.h" /* strncasecmp() */
 
 #define ASN1_GEN_FLAG           0x10000
 #define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
@@ -564,7 +565,7 @@ static int asn1_str2tag(const char *tagstr, int len)
 
     tntmp = tnst;
     for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
-        if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0))
+        if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0))
             return tntmp->tag;
     }
 
diff --git a/doc/man3/ASN1_generate_nconf.pod b/doc/man3/ASN1_generate_nconf.pod
index bf22e3624c..256ed9f99c 100644
--- a/doc/man3/ASN1_generate_nconf.pod
+++ b/doc/man3/ASN1_generate_nconf.pod
@@ -42,8 +42,9 @@ I<value> and I<modifier> are explained below.
 
 =head2 Supported Types
 
-The supported types are listed below. Unless otherwise specified
-only the B<ASCII> format is permissible.
+The supported types are listed below.
+Case is not significant in the type names.
+Unless otherwise specified only the B<ASCII> format is permissible.
 
 =over 4
 

From beldmit at gmail.com  Tue May 11 10:13:29 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Tue, 11 May 2021 10:13:29 +0000
Subject: [openssl]  master update
Message-ID: <1620728009.049009.9556.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6dbb277627de86578577185084378135605d2df1 (commit)
      from  f60e35d01e8b0116c53575774dbf26dcd2d2311d (commit)


- Log -----------------------------------------------------------------
commit 6dbb277627de86578577185084378135605d2df1
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Tue May 4 20:47:42 2021 +0200

    Tests for creating req from PKCS8 keys with extra attrs
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15142)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/25-test_req.t |  25 ++++++++++++++++++++++++-
 test/testrsa_withattrs.der | Bin 0 -> 1277 bytes
 test/testrsa_withattrs.pem |  29 +++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 test/testrsa_withattrs.der
 create mode 100644 test/testrsa_withattrs.pem

diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 30c1c43a7f..0fcb56a46a 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -73,7 +73,7 @@ subtest "generating alt certificate requests with RSA" => sub {
 
 
 subtest "generating certificate requests with RSA" => sub {
-    plan tests => 3;
+    plan tests => 7;
 
     SKIP: {
         skip "RSA is not supported by this OpenSSL build", 2
@@ -97,6 +97,29 @@ subtest "generating certificate requests with RSA" => sub {
                     "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
            "Verifying signature on request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
+                    "-key", srctop_file("test", "testrsa_withattrs.pem")])),
+           "Generating request from a key with extra attributes - PEM");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
+           "Verifying signature on request from a key with extra attributes - PEM");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq_withattrs_der.pem", "-utf8",
+                    "-key", srctop_file("test", "testrsa_withattrs.der"),
+	            "-keyform", "DER"])),
+           "Generating request from a key with extra attributes - PEM");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
+           "Verifying signature on request from a key with extra attributes - PEM");
     }
 };
 
diff --git a/test/testrsa_withattrs.der b/test/testrsa_withattrs.der
new file mode 100644
index 0000000000..811e1e0bcb
Binary files /dev/null and b/test/testrsa_withattrs.der differ
diff --git a/test/testrsa_withattrs.pem b/test/testrsa_withattrs.pem
new file mode 100644
index 0000000000..42d0a3c51c
--- /dev/null
+++ b/test/testrsa_withattrs.pem
@@ -0,0 +1,29 @@
+-----BEGIN PRIVATE KEY-----
+MIIE+QIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDsh7QWxhftrqng
+RC3Ms+HxH2NFCX1sRoiIV4cYK2z0DQdEiNpFdpHlcs3weTuudcpr8XursodVFMTB
+eHjROhgwO/LT9xReEUiaoHJgfv6KcKcxEvntCjQkzGhkw03OH5VYdtTRAbwpwcYt
+groPiZ2STINpQOmFabzai+K+3rddwTGkkca3C5kY7KOMlnt9IuvmycksRqH6MPKz
+P5QbztlgY95rtra+OEzKLYQ1ux6hkaUlpxT5eGKfzYdccwKJWa0dUXyT/8F6rpTm
+Zbz3BxdKGAWMywaTfh5ywhNmVNTeIumxIRc3+PInn0rqKTaDrWylxiBdb3t27HxQ
+InDZmPwdAgMBAAECggEBAMTRrzN8JxEq1ES/tvStgodoPOyHlwxwLNB3NP0RtZnm
+9XM8BZTjs0egnmlKGDV14riruuMGrcJIg+kR3EcN9m68k7V51kLoUugINuTBCAIe
+96DIT5vFb9pnFT8znRy1/0obp787mF2O1t+r9jNTqgDBFmCRGUBg2jtpR4bYQPEL
+ZjXMDPcsmOlmbBdsyQvjlOHqXjCoUWwOCBEZdtaLzxaOPrBW5Jh2h3Xz1pV3NdZ/
+xufAYRhpJamPNiSipRehBZAeQP2ZAyHj/5x3tgEcA+C04Ki8NvuwJx/6T/lGKD+1
+x3DKsniNi6fEbGlpST/Zp1GY4WyVPcrLa8JxyO+UagECgYEA+gvBBI+LSK5enPXu
+WooEQP17fKzdZG7Cic8TfTPbtBIcXjNQFLHjFoBNk+TBFCjZma7L+fEcKcDm+Bg1
+qa4xihOP6BoQqHXZZNZ+9ZU96MPmI9Zb60CMG9lM1VVhSqrm2n3Q+tefod/a2bQk
+oz8QsdpsUFqVFCF5l+Tb6lp2QN0CgYEA8imPEml6LG35snBY1H6t0ASCHT1oFdHP
+o01WKQas/tuLO+pMfZrA0zLZBExxZuUJloC6COsTcOrlK+hGM60Ab6TgSPbUvYqH
+8yMV7SYLvheEngqIiFExmHg79mxnys3Rgv9KMxAV2Ip2wBrBMwUOaURU9pUKXlIN
+xiaUuevSVEECgYEA0Dbrcs3JUSuKM7AC3DfjlO6/XrFf5hrpOfJKq058m/Uc1EBs
+Zd8/V2RdtVKeiRf/Ix9QUYA6UHaGnn8iaHpaXD0v7zmNN4pzDaojrIKrO+GtCZid
+kEd+pE4N0fO4AYJQnA567/aPwi7zQaflfl6smz1kRoE3dLzvUNHNYtgTcq0CgYAm
+Op1VgMVCwlHK86VyVlVGI5AO4aTO3QJ0ez8A1wb0bOA8Iy7UHVwXe017Oj4kyj+L
+POMhiUrWZp6rIc4DVmpdNaAapKzNB1OS9JT/jSQJbFkJQgxvyLGVqlV8/3wbLgbH
+MVobWYy5VJKOnSqmzUOLJrhq/PhYD4gRIgIUn7/igQKBgQCptqrREOq9fXDEpozC
+39TL4vDrKJWpB1uK6pBEjgEVD/+tcfziVN40j5hnNFDUu/8kxxp9/4w8mPjdJ0CF
+hWIvrXasjnnFehy6IewWCljNH5CfOM64rDoXaF+ESIM4rLBHbQ8KYvaKkMjOcdNB
+JG1sRWVU01AwEhnvxS1zbyBtiqA4MDYGCCqFAwIJAwgBMSoEKBqiSOXm8r5I7hEA
++gglN/s0bbRCnzopEhuEorpcnDXrktVtjQrmMi0=
+-----END PRIVATE KEY-----

From dev at ddvo.net  Tue May 11 10:51:08 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 11 May 2021 10:51:08 +0000
Subject: [openssl]  master update
Message-ID: <1620730268.663246.20102.nullmailer@dev.openssl.org>

The branch master has been updated
       via  56784203ec2e4c8d94fccb25b956e21331b800b1 (commit)
       via  f925315203f77d0241183ccabfc784d259b0a152 (commit)
      from  6dbb277627de86578577185084378135605d2df1 (commit)


- Log -----------------------------------------------------------------
commit 56784203ec2e4c8d94fccb25b956e21331b800b1
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Apr 14 18:29:22 2021 +0200

    Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/14695)

commit f925315203f77d0241183ccabfc784d259b0a152
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Mar 20 13:49:08 2021 +0100

    Add convenience functions and macros for asymmetric key generation
    
    Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
    Also export auxiliary function OSSL_EC_curve_nid2name()
    and improve deprecation info on RSA and EC key generation/management functions.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/14695)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                         | 14 ++++-
 NEWS.md                                            |  1 +
 crypto/conf/conf_def.c                             |  3 +-
 crypto/ec/ec_backend.c                             |  2 +-
 crypto/evp/ctrl_params_translate.c                 |  6 +--
 crypto/evp/ec_support.c                            |  2 +-
 crypto/evp/evp_lib.c                               | 60 ++++++++++++++++++++++
 crypto/evp/pmeth_gn.c                              |  6 +--
 crypto/evp/pmeth_lib.c                             |  6 +--
 doc/build.info                                     | 12 ++---
 doc/man3/EC_GROUP_new.pod                          | 10 +++-
 doc/man3/EC_KEY_new.pod                            | 16 ++++--
 doc/man3/EVP_PKEY_CTX_set_params.pod               |  6 +--
 doc/man3/{EVP_PKEY_gen.pod => EVP_PKEY_keygen.pod} | 31 ++++++++---
 doc/man3/RSA_generate_key.pod                      | 59 +++++++++++----------
 doc/man3/RSA_new.pod                               |  7 +++
 doc/man7/EVP_PKEY-DH.pod                           |  6 +--
 doc/man7/EVP_PKEY-DSA.pod                          |  4 +-
 doc/man7/EVP_PKEY-EC.pod                           |  9 +++-
 doc/man7/EVP_PKEY-RSA.pod                          | 12 +++--
 doc/man7/EVP_PKEY-X25519.pod                       | 20 ++------
 doc/man7/crypto.pod                                |  2 +-
 include/crypto/ec.h                                |  1 -
 include/crypto/evp.h                               |  2 +-
 include/openssl/ec.h                               |  6 ++-
 include/openssl/evp.h                              | 10 ++--
 include/openssl/rsa.h                              |  3 ++
 providers/fips-sources.checksums                   | 10 ++--
 providers/fips.checksum                            |  2 +-
 test/acvp_test.c                                   | 34 ++----------
 test/dsatest.c                                     |  6 +--
 test/endecode_test.c                               |  2 +-
 test/endecoder_legacy_test.c                       |  2 +-
 test/evp_libctx_test.c                             |  7 +--
 test/threadstest.c                                 | 23 +++------
 util/libcrypto.num                                 |  4 +-
 util/other.syms                                    |  2 +
 37 files changed, 245 insertions(+), 163 deletions(-)
 rename doc/man3/{EVP_PKEY_gen.pod => EVP_PKEY_keygen.pod} (84%)

diff --git a/CHANGES.md b/CHANGES.md
index 69863b27da..80a7bc7075 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -405,6 +405,12 @@ OpenSSL 3.0
 
    *Dmitry Belyavskiy*
 
+ * Added convenience functions for generating asymmetric key pairs:
+   The 'quick' one-shot (yet somewhat limited) function L<EVP_PKEY_Q_keygen(3)>
+   and macros for the most common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)>.
+
+   *David von Oheimb*
+
  * All of the low-level EC_KEY functions have been deprecated including:
 
    EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
@@ -429,7 +435,8 @@ OpenSSL 3.0
    Applications that need to implement an EC_KEY_METHOD need to consider
    implementation of the functionality in a special provider.
    For replacement of the functions manipulating the EC_KEY objects
-   see the EVP_PKEY-EC(7) manual page.
+   see the L<EVP_PKEY-EC(7)> manual page.
+   A simple way of generating EC keys is L<EVP_EC_gen(3)>.
 
    Additionally functions that read and write EC_KEY objects such as
    o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
@@ -825,7 +832,7 @@ OpenSSL 3.0
 
  * All of the low-level RSA functions have been deprecated including:
 
-   RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
+   RSA_new, RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
    RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
    RSA_generate_multi_prime_key, RSA_X931_derive_ex, RSA_X931_generate_key_ex,
    RSA_check_key, RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
@@ -858,6 +865,9 @@ OpenSSL 3.0
    time.  Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
    L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
    L<EVP_PKEY_decrypt(3)>.
+   For replacement of the functions manipulating the RSA objects
+   see the L<EVP_PKEY-RSA(7)> manual page.
+   A simple way of generating RSA keys is L<EVP_RSA_gen(3)>.
 
    All of these low-level RSA functions have been deprecated without
    replacement:
diff --git a/NEWS.md b/NEWS.md
index c5811b9bde..3193ce6149 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -26,6 +26,7 @@ OpenSSL 3.0
     RC4, RC5, and DES to the legacy provider.
   * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
     provider.
+  * Added convenience functions for generating asymmetric key pairs.
   * Deprecated the `OCSP_REQ_CTX` type and functions.
   * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions.
   * Deprecated the `RSA` and `RSA_METHOD` types and functions.
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index ea6b5bf244..25fcc0400c 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -11,8 +11,8 @@
 
 #include <stdio.h>
 #include <string.h>
+#include "e_os.h" /* strcasecmp and struct stat */
 #ifdef __TANDEM
-# include <strings.h> /* strcasecmp */
 # include <sys/types.h> /* needed for stat.h */
 # include <sys/stat.h> /* struct stat */
 #endif
@@ -28,7 +28,6 @@
 # include <sys/stat.h>
 # ifdef _WIN32
 #  define stat    _stat
-#  define strcasecmp _stricmp
 # endif
 #endif
 
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index 6acfa21f69..defcb649fb 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -328,7 +328,7 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
 
     if (curve_nid != NID_undef) {
         /* Named curve */
-        const char *curve_name = ossl_ec_curve_nid2name(curve_nid);
+        const char *curve_name = OSSL_EC_curve_nid2name(curve_nid);
 
         if (curve_name == NULL
             || !ossl_param_build_set_utf8_string(tmpl, params,
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index f48e723c33..f47209ae83 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1482,7 +1482,7 @@ static int get_payload_group_name(enum state state,
             if (grp != NULL)
                 nid = EC_GROUP_get_curve_name(grp);
             if (nid != NID_undef)
-                ctx->p2 = (char *)ossl_ec_curve_nid2name(nid);
+                ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid);
         }
         break;
 #endif
@@ -2623,9 +2623,9 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
     return 1;
 }
 
-int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
+int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
 {
-    return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, params);
+    return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params);
 }
 
 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
index 24337a5eac..8550be65e7 100644
--- a/crypto/evp/ec_support.c
+++ b/crypto/evp/ec_support.c
@@ -115,7 +115,7 @@ static const EC_NAME2NID curve_list[] = {
     {"SM2", NID_sm2 },
 };
 
-const char *ossl_ec_curve_nid2name(int nid)
+const char *OSSL_EC_curve_nid2name(int nid)
 {
     size_t i;
 
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 842ee51b8d..dfc4059d76 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -14,11 +14,14 @@
 #include "internal/deprecated.h"
 
 #include <stdio.h>
+#include <string.h>
+#include "e_os.h" /* strcasecmp */
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/params.h>
 #include <openssl/core_names.h>
+#include <openssl/rsa.h>
 #include <openssl/dh.h>
 #include <openssl/ec.h>
 #include "crypto/evp.h"
@@ -27,6 +30,7 @@
 #include "evp_local.h"
 
 #if !defined(FIPS_MODULE)
+
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
     return evp_cipher_param_to_asn1_ex(c, type, NULL);
@@ -1111,3 +1115,59 @@ int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen)
         return -1;
     return 1;
 }
+
+/*
+ * evp_pkey_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX>
+ * while providing a generic way of generating a new asymmetric key pair
+ * of algorithm type I<name> (e.g., C<RSA> or C<EC>).
+ * The library context I<libctx> and property query I<propq>
+ * are used when fetching algorithms from providers.
+ * The I<params> specify algorithm-specific parameters
+ * such as the RSA modulus size or the name of an EC curve.
+ */
+static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name,
+                                 const char *propq, const OSSL_PARAM *params)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq);
+
+    if (ctx != NULL
+            && EVP_PKEY_keygen_init(ctx) > 0
+            && EVP_PKEY_CTX_set_params(ctx, params))
+        (void)EVP_PKEY_generate(ctx, &pkey);
+
+    EVP_PKEY_CTX_free(ctx);
+    return pkey;
+}
+
+EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
+                            const char *type, ...)
+{
+    va_list args;
+    size_t bits;
+    char *name;
+    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    EVP_PKEY *ret = NULL;
+
+    va_start(args, type);
+
+    if (strcasecmp(type, "RSA") == 0) {
+        bits = va_arg(args, size_t);
+        params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
+    } else if (strcasecmp(type, "EC") == 0) {
+        name = va_arg(args, char *);
+        params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+                                                     name, 0);
+    } else if (strcasecmp(type, "ED25519") != 0
+               && strcasecmp(type, "X25519") != 0
+               && strcasecmp(type, "ED448") != 0
+               && strcasecmp(type, "X448") != 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
+        goto end;
+    }
+    ret = evp_pkey_keygen(libctx, type, propq, params);
+
+ end:
+    va_end(args);
+    return ret;
+}
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index e184db26a0..94499b1d45 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -123,7 +123,7 @@ static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
     return ctx->pkey_gencb(ctx);
 }
 
-int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 {
     int ret = 0;
     OSSL_CALLBACK cb;
@@ -262,7 +262,7 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
         return -1;
     }
-    return EVP_PKEY_gen(ctx, ppkey);
+    return EVP_PKEY_generate(ctx, ppkey);
 }
 
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
@@ -271,7 +271,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
         return -1;
     }
-    return EVP_PKEY_gen(ctx, ppkey);
+    return EVP_PKEY_generate(ctx, ppkey);
 }
 
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index d09b39b7d5..7d7bed965d 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -652,7 +652,7 @@ int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype)
     return EVP_KEYMGMT_is_a(ctx->keymgmt, keytype);
 }
 
-int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
+int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
 {
     switch (evp_pkey_ctx_state(ctx)) {
     case EVP_PKEY_STATE_PROVIDER:
@@ -735,7 +735,7 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
 }
 
 #ifndef FIPS_MODULE
-const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
+const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)
 {
     void *provctx;
 
@@ -772,7 +772,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
     return NULL;
 }
 
-const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx)
+const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx)
 {
     void *provctx;
 
diff --git a/doc/build.info b/doc/build.info
index 8ee9ca10e3..ec3baa2373 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -1206,10 +1206,6 @@ DEPEND[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
 GENERATE[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
 DEPEND[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
 GENERATE[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
-DEPEND[html/man3/EVP_PKEY_gen.html]=man3/EVP_PKEY_gen.pod
-GENERATE[html/man3/EVP_PKEY_gen.html]=man3/EVP_PKEY_gen.pod
-DEPEND[man/man3/EVP_PKEY_gen.3]=man3/EVP_PKEY_gen.pod
-GENERATE[man/man3/EVP_PKEY_gen.3]=man3/EVP_PKEY_gen.pod
 DEPEND[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
 GENERATE[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
 DEPEND[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod
@@ -1230,6 +1226,10 @@ DEPEND[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod
 GENERATE[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod
 DEPEND[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod
 GENERATE[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod
+DEPEND[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod
+GENERATE[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod
+DEPEND[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod
+GENERATE[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod
 DEPEND[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod
 GENERATE[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod
 DEPEND[man/man3/EVP_PKEY_meth_get_count.3]=man3/EVP_PKEY_meth_get_count.pod
@@ -2999,12 +2999,12 @@ html/man3/EVP_PKEY_derive.html \
 html/man3/EVP_PKEY_encapsulate.html \
 html/man3/EVP_PKEY_encrypt.html \
 html/man3/EVP_PKEY_fromdata.html \
-html/man3/EVP_PKEY_gen.html \
 html/man3/EVP_PKEY_get_default_digest_nid.html \
 html/man3/EVP_PKEY_get_field_type.html \
 html/man3/EVP_PKEY_get_group_name.html \
 html/man3/EVP_PKEY_gettable_params.html \
 html/man3/EVP_PKEY_is_a.html \
+html/man3/EVP_PKEY_keygen.html \
 html/man3/EVP_PKEY_meth_get_count.html \
 html/man3/EVP_PKEY_meth_new.html \
 html/man3/EVP_PKEY_new.html \
@@ -3586,12 +3586,12 @@ man/man3/EVP_PKEY_derive.3 \
 man/man3/EVP_PKEY_encapsulate.3 \
 man/man3/EVP_PKEY_encrypt.3 \
 man/man3/EVP_PKEY_fromdata.3 \
-man/man3/EVP_PKEY_gen.3 \
 man/man3/EVP_PKEY_get_default_digest_nid.3 \
 man/man3/EVP_PKEY_get_field_type.3 \
 man/man3/EVP_PKEY_get_group_name.3 \
 man/man3/EVP_PKEY_gettable_params.3 \
 man/man3/EVP_PKEY_is_a.3 \
+man/man3/EVP_PKEY_keygen.3 \
 man/man3/EVP_PKEY_meth_get_count.3 \
 man/man3/EVP_PKEY_meth_new.3 \
 man/man3/EVP_PKEY_new.3 \
diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod
index 48b6aa7843..f45c5ac8d2 100644
--- a/doc/man3/EC_GROUP_new.pod
+++ b/doc/man3/EC_GROUP_new.pod
@@ -20,8 +20,9 @@ EC_GROUP_set_curve_GFp,
 EC_GROUP_get_curve_GFp,
 EC_GROUP_set_curve_GF2m,
 EC_GROUP_get_curve_GF2m,
-EC_get_builtin_curves - Functions for creating and destroying EC_GROUP
-objects
+EC_get_builtin_curves,
+OSSL_EC_curve_nid2name -
+Functions for creating and destroying EC_GROUP objects
 
 =head1 SYNOPSIS
 
@@ -52,6 +53,7 @@ objects
                                              ECPKPARAMETERS *params);
 
  size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+ const char *OSSL_EC_curve_nid2name(int nid);
 
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
@@ -173,6 +175,8 @@ in the EC_GROUP is public anyway, this function is unnecessary.
 Its use can be safely replaced with EC_GROUP_free().
 If I<group> is NULL nothing is done.
 
+OSSL_EC_curve_nid2name() converts a curve I<nid> into the corresponding name.
+
 =head1 RETURN VALUES
 
 All EC_GROUP_new* functions return a pointer to the newly constructed group, or
@@ -184,6 +188,8 @@ available.
 EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(),
 EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.
 
+OSSL_EC_curve_nid2name() returns a character string constant, or NULL on error.
+
 =head1 SEE ALSO
 
 L<crypto(7)>, L<EC_GROUP_copy(3)>,
diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod
index a572e490e1..a816a0745d 100644
--- a/doc/man3/EC_KEY_new.pod
+++ b/doc/man3/EC_KEY_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EVP_EC_gen,
 EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex,
 EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
 EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
@@ -20,6 +21,8 @@ EC_KEY objects
 
  #include <openssl/ec.h>
 
+ EVP_PKEY *EVP_EC_gen(const char *curve);
+
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
@@ -65,8 +68,11 @@ L<openssl_user_macros(7)>:
 
 =head1 DESCRIPTION
 
-All of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_new(3)> and L<EVP_PKEY_free(3)>.
+EVP_EC_gen() generates a new EC key pair on the given I<curve>.
+
+All of the functions described below are deprecated.
+Applications should instead use EVP_EC_gen(), L<EVP_PKEY_Q_keygen(3)>, or
+L<EVP_PKEY_keygen_init(3)> and L<EVP_PKEY_keygen(3)>.
 
 An EC_KEY represents a public key and, optionally, the associated private
 key.
@@ -152,7 +158,6 @@ EC_KEY_decoded_from_explicit_params() returns 1 if the group of the I<key> was
 decoded from data with explicitly encoded group parameters, -1 if the I<key>
 is NULL or the group parameters are missing, and 0 otherwise.
 
-Although deprecated in OpenSSL 3.0 and should no longer be used,
 EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator
 for faster point multiplication. See also L<EC_POINT_add(3)>.
 Modern versions should instead switch to named curves which OpenSSL has
@@ -208,6 +213,7 @@ of the buffer or 0 on error.
 
 =head1 SEE ALSO
 
+L<EVP_PKEY_Q_keygen(3)>
 L<crypto(7)>, L<EC_GROUP_new(3)>,
 L<EC_GROUP_copy(3)>, L<EC_POINT_new(3)>,
 L<EC_POINT_add(3)>,
@@ -217,7 +223,9 @@ L<OSSL_LIB_CTX(3)>
 
 =head1 HISTORY
 
-All of these functions were deprecated in OpenSSL 3.0.
+EVP_EC_gen() was added in OpenSSL 3.0.
+All other functions described here were deprecated in OpenSSL 3.0.
+For replacement see L<EVP_PKEY-EC(7)>.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/EVP_PKEY_CTX_set_params.pod b/doc/man3/EVP_PKEY_CTX_set_params.pod
index b4959c6f44..feafe97204 100644
--- a/doc/man3/EVP_PKEY_CTX_set_params.pod
+++ b/doc/man3/EVP_PKEY_CTX_set_params.pod
@@ -12,10 +12,10 @@ EVP_PKEY_CTX_gettable_params
 
  #include <openssl/evp.h>
 
- int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
- const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
+ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx);
  int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
- const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx);
+ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx);
 
 =head1 DESCRIPTION
 
diff --git a/doc/man3/EVP_PKEY_gen.pod b/doc/man3/EVP_PKEY_keygen.pod
similarity index 84%
rename from doc/man3/EVP_PKEY_gen.pod
rename to doc/man3/EVP_PKEY_keygen.pod
index 979de8601e..08d2b1db0f 100644
--- a/doc/man3/EVP_PKEY_gen.pod
+++ b/doc/man3/EVP_PKEY_keygen.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_gen,
+EVP_PKEY_Q_keygen,
+EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_generate,
 EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
 EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
 EVP_PKEY_CTX_get_app_data,
@@ -14,9 +15,12 @@ EVP_PKEY_paramgen, EVP_PKEY_keygen
 
  #include <openssl/evp.h>
 
+ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
+                             const char *type, ...);
+
  int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
  int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
  int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 
@@ -57,16 +61,16 @@ After initialization, generation parameters may be provided with
 L<EVP_PKEY_CTX_ctrl(3)> or L<EVP_PKEY_CTX_set_params(3)>, or any other
 function described in those manuals.
 
-EVP_PKEY_gen() performs the generation operation, the resulting key
+EVP_PKEY_generate() performs the generation operation, the resulting key
 parameters or key are written to I<*ppkey>.  If I<*ppkey> is NULL when this
 function is called, it will be allocated, and should be freed by the caller
 when no longer useful, using L<EVP_PKEY_free(3)>.
 
 EVP_PKEY_paramgen() and EVP_PKEY_keygen() do exactly the same thing as
-EVP_PKEY_gen(), after checking that the corresponding EVP_PKEY_paramgen_init()
+EVP_PKEY_generate(), after checking that the corresponding EVP_PKEY_paramgen_init()
 or EVP_PKEY_keygen_init() was used to initialize I<ctx>.
 These are older functions that are kept for backward compatibility.
-It is safe to use EVP_PKEY_gen() instead.
+It is safe to use EVP_PKEY_generate() instead.
 
 The function EVP_PKEY_set_cb() sets the key or parameter generation callback
 to I<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
@@ -87,6 +91,18 @@ and retrieve an opaque pointer. This can be used to set some application
 defined value which can be retrieved in the callback: for example a handle
 which is used to update a "progress dialog".
 
+EVP_PKEY_Q_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX> while
+providing a 'quick' but limited way of generating a new asymmetric key pair.
+It provides shorthands for simple and common cases of key generation.
+As usual, the library context I<libctx> and property query I<propq>
+can be given for fetching algorithms from providers.
+If I<type> is C<RSA>,
+a B<size_t> parameter must be given to specify the size of the RSA key.
+If I<type> is C<EC>,
+a string parameter must be given to specify the name of the EC curve.
+If I<type> is C<X25519>, C<X448>, C<ED25519>, or C<ED448>
+no further parameter is needed.
+
 =head1 RETURN VALUES
 
 EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
@@ -94,6 +110,8 @@ EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
 In particular a return value of -2 indicates the operation is not supported by
 the public key algorithm.
 
+EVP_PKEY_Q_keygen() returns an B<EVP_PKEY>, or NULL on failure.
+
 =head1 NOTES
 
 After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
@@ -187,6 +205,7 @@ Example of generation callback for OpenSSL public key implementations:
 
 =head1 SEE ALSO
 
+L<EVP_RSA_gen(3)>, L<EVP_EC_gen(3)>,
 L<EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)>,
@@ -203,7 +222,7 @@ EVP_PKEY_CTX_get_cb(), EVP_PKEY_CTX_get_keygen_info(),
 EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() were added in
 OpenSSL 1.0.0.
 
-EVP_PKEY_gen() was added in OpenSSL 3.0.
+EVP_PKEY_Q_keygen() and EVP_PKEY_generate() were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod
index f8d4ba1484..7e96360ab8 100644
--- a/doc/man3/RSA_generate_key.pod
+++ b/doc/man3/RSA_generate_key.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EVP_RSA_gen,
 RSA_generate_key_ex, RSA_generate_key,
 RSA_generate_multi_prime_key - generate RSA key pair
 
@@ -9,6 +10,8 @@ RSA_generate_multi_prime_key - generate RSA key pair
 
  #include <openssl/rsa.h>
 
+ EVP_PKEY *EVP_RSA_gen(unsigned int bits);
+
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
@@ -16,44 +19,42 @@ L<openssl_user_macros(7)>:
  int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
  int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
 
-Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining
-B<OPENSSL_API_COMPAT> with a suitable version value, see
-L<openssl_user_macros(7)>:
+Deprecated since OpenSSL 0.9.8:
 
  RSA *RSA_generate_key(int bits, unsigned long e,
                        void (*callback)(int, int, void *), void *cb_arg);
 
 =head1 DESCRIPTION
 
-All of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_keygen_init(3)> and
-L<EVP_PKEY_keygen(3)>.
+EVP_RSA_gen() generates a new RSA key pair with modulus size I<bits>.
+
+All of the functions described below are deprecated.
+Applications should instead use EVP_RSA_gen(), L<EVP_PKEY_Q_keygen(3)>, or
+L<EVP_PKEY_keygen_init(3)> and L<EVP_PKEY_keygen(3)>.
 
 RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the
-B<RSA> structure provided in B<rsa>. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key_ex().
+B<RSA> structure provided in I<rsa>.
 
 RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores
-it in the B<RSA> structure provided in B<rsa>. The number of primes is given by
-the B<primes> parameter. The random number generator must be seeded when
-calling RSA_generate_multi_prime_key().
+it in the B<RSA> structure provided in I<rsa>. The number of primes is given by
+the I<primes> parameter.
 If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
 external circumstances (see L<RAND(7)>), the operation will fail.
 
-The modulus size will be of length B<bits>, the number of primes to form the
-modulus will be B<primes>, and the public exponent will be B<e>. Key sizes
-with B<num> E<lt> 1024 should be considered insecure. The exponent is an odd
+The modulus size will be of length I<bits>, the number of primes to form the
+modulus will be I<primes>, and the public exponent will be I<e>. Key sizes
+with I<num> E<lt> 1024 should be considered insecure. The exponent is an odd
 number, typically 3, 17 or 65537.
 
 In order to maintain adequate security level, the maximum number of permitted
-B<primes> depends on modulus bit length:
+I<primes> depends on modulus bit length:
 
    <1024 | >=1024 | >=4096 | >=8192
    ------+--------+--------+-------
      2   |   3    |   4    |   5
 
 A callback function may be used to provide feedback about the
-progress of the key generation. If B<cb> is not B<NULL>, it
+progress of the key generation. If I<cb> is not NULL, it
 will be called as follows using the BN_GENCB_call() function
 described on the L<BN_generate_prime(3)> page.
 
@@ -71,42 +72,44 @@ described in L<BN_generate_prime(3)>.
 =item *
 
 When the n-th randomly generated prime is rejected as not
-suitable for the key, B<BN_GENCB_call(cb, 2, n)> is called.
+suitable for the key, I<BN_GENCB_call(cb, 2, n)> is called.
 
 =item *
 
-When a random p has been found with p-1 relatively prime to B<e>,
-it is called as B<BN_GENCB_call(cb, 3, 0)>.
+When a random p has been found with p-1 relatively prime to I<e>,
+it is called as I<BN_GENCB_call(cb, 3, 0)>.
 
 =back
 
 The process is then repeated for prime q and other primes (if any)
-with B<BN_GENCB_call(cb, 3, i)> where B<i> indicates the i-th prime.
+with I<BN_GENCB_call(cb, 3, i)> where I<i> indicates the i-th prime.
 
 =head1 RETURN VALUES
 
+EVP_RSA_gen() returns an I<EVP_PKEY> or NULL on failure.
+
 RSA_generate_multi_prime_key() returns 1 on success or 0 on error.
 RSA_generate_key_ex() returns 1 on success or 0 on error.
 The error codes can be obtained by L<ERR_get_error(3)>.
 
 RSA_generate_key() returns a pointer to the RSA structure or
-B<NULL> if the key generation fails.
+NULL if the key generation fails.
 
 =head1 BUGS
 
-B<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
+I<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
 
 =head1 SEE ALSO
 
-L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<BN_generate_prime(3)>,
-L<RAND(7)>
+L<EVP_PKEY_Q_keygen(3)>
+L<BN_generate_prime(3)>, L<ERR_get_error(3)>,
+L<RAND_bytes(3)>, L<RAND(7)>
 
 =head1 HISTORY
 
-All of these functions were deprecated in OpenSSL 3.0.
-
-RSA_generate_key() was deprecated in OpenSSL 0.9.8; use
-RSA_generate_key_ex() instead.
+EVP_RSA_gen() was added in OpenSSL 3.0.
+All other functions described here were deprecated in OpenSSL 3.0.
+For replacement see L<EVP_PKEY-RSA(7)>.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/RSA_new.pod b/doc/man3/RSA_new.pod
index 8c2651fe59..1396a66335 100644
--- a/doc/man3/RSA_new.pod
+++ b/doc/man3/RSA_new.pod
@@ -8,6 +8,8 @@ RSA_new, RSA_free - allocate and free RSA objects
 
  #include <openssl/rsa.h>
 
+Deprecated since OpenSSL 3.0:
+
  RSA *RSA_new(void);
 
  void RSA_free(RSA *rsa);
@@ -35,6 +37,11 @@ L<ERR_get_error(3)>,
 L<RSA_generate_key(3)>,
 L<RSA_new_method(3)>
 
+=head1 HISTORY
+
+All functions described here were deprecated in OpenSSL 3.0.
+For replacement see EVP_PKEY-RSA(7).
+
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod
index c5ba90ec8c..9da5d9c6ef 100644
--- a/doc/man7/EVP_PKEY-DH.pod
+++ b/doc/man7/EVP_PKEY-DH.pod
@@ -154,7 +154,7 @@ A B<DH> key can be generated with a named safe prime group by calling:
 
     EVP_PKEY_keygen_init(pctx);
     EVP_PKEY_CTX_set_params(pctx, params);
-    EVP_PKEY_gen(pctx, &pkey);
+    EVP_PKEY_generate(pctx, &pkey);
     ...
     EVP_PKEY_free(key);
     EVP_PKEY_CTX_free(pctx);
@@ -179,7 +179,7 @@ B<DHX> domain parameters can be generated according to B<FIPS 186-4> by calling:
     params[5] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(pctx, params);
 
-    EVP_PKEY_gen(pctx, &param_key);
+    EVP_PKEY_generate(pctx, &param_key);
 
     EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
     ...
@@ -192,7 +192,7 @@ A B<DH> key can be generated using domain parameters by calling:
     EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
 
     EVP_PKEY_keygen_init(gctx);
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
     ...
     EVP_PKEY_free(key);
diff --git a/doc/man7/EVP_PKEY-DSA.pod b/doc/man7/EVP_PKEY-DSA.pod
index 119d4b893a..6a335510d3 100644
--- a/doc/man7/EVP_PKEY-DSA.pod
+++ b/doc/man7/EVP_PKEY-DSA.pod
@@ -54,7 +54,7 @@ The B<DSA> domain parameters can be generated by calling:
     params[4] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(pctx, params);
 
-    EVP_PKEY_gen(pctx, &param_key);
+    EVP_PKEY_generate(pctx, &param_key);
     EVP_PKEY_CTX_free(pctx);
 
     EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
@@ -66,7 +66,7 @@ A B<DSA> key can be generated using domain parameters by calling:
 
     gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
     EVP_PKEY_keygen_init(gctx);
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
     EVP_PKEY_CTX_free(gctx);
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
 
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
index 839d18a894..6dfc1f16ae 100644
--- a/doc/man7/EVP_PKEY-EC.pod
+++ b/doc/man7/EVP_PKEY-EC.pod
@@ -159,6 +159,10 @@ An B<EVP_PKEY> context can be obtained by calling:
 An B<EVP_PKEY> ECDSA or ECDH key can be generated with a "P-256" named group by
 calling:
 
+    pkey = EVP_EC_gen("P-256");
+
+or like this:
+
     EVP_PKEY *key = NULL;
     OSSL_PARAM params[2];
     EVP_PKEY_CTX *gctx =
@@ -171,7 +175,7 @@ calling:
     params[1] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(gctx, params);
 
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
 
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
     ...
@@ -201,7 +205,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a
     params[2] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(gctx, params);
 
-    EVP_PKEY_gen(gctx, &key);
+    EVP_PKEY_generate(gctx, &key);
     EVP_PKEY_print_private(bio_out, key, 0, NULL);
     ...
     EVP_PKEY_free(key);
@@ -209,6 +213,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a
 
 =head1 SEE ALSO
 
+L<EVP_EC_gen(3)>,
 L<EVP_KEYMGMT(3)>,
 L<EVP_PKEY(3)>,
 L<provider-keymgmt(7)>,
diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod
index 428aa613a2..ec1e5777d7 100644
--- a/doc/man7/EVP_PKEY-RSA.pod
+++ b/doc/man7/EVP_PKEY-RSA.pod
@@ -202,14 +202,18 @@ An B<EVP_PKEY> context can be obtained by calling:
     EVP_PKEY_CTX *pctx =
         EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
 
-An B<RSA> key can be generated like this:
+An B<RSA> key can be generated simply like this:
+
+    pkey = EVP_RSA_gen(4096);
+
+or like this:
 
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *pctx =
         EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
 
     EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_gen(pctx, &pkey);
+    EVP_PKEY_generate(pctx, &pkey);
     EVP_PKEY_CTX_free(pctx);
 
 An B<RSA> key can be generated with key generation parameters:
@@ -227,13 +231,13 @@ An B<RSA> key can be generated with key generation parameters:
     params[2] = OSSL_PARAM_construct_end();
     EVP_PKEY_CTX_set_params(pctx, params);
 
-    EVP_PKEY_gen(pctx, &pkey);
+    EVP_PKEY_generate(pctx, &pkey);
     EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
     EVP_PKEY_CTX_free(pctx);
 
 =head1 SEE ALSO
 
-L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
+L<EVP_RSA_gen(3)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
 
 =head1 COPYRIGHT
 
diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod
index 6fa75ba3c1..a597bc53be 100644
--- a/doc/man7/EVP_PKEY-X25519.pod
+++ b/doc/man7/EVP_PKEY-X25519.pod
@@ -84,25 +84,11 @@ An B<EVP_PKEY> context can be obtained by calling:
     EVP_PKEY_CTX *pctx =
         EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
 
-An B<ED25519> key can be generated like this:
+An B<X25519> key can be generated like this:
 
-    EVP_PKEY *pkey = NULL;
-    EVP_PKEY_CTX *pctx =
-        EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
-
-    EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_gen(pctx, &pkey);
-    EVP_PKEY_CTX_free(pctx);
-
-An B<X25519> key can be generated in a similar way:
-
-    EVP_PKEY *pkey = NULL;
-    EVP_PKEY_CTX *pctx =
-        EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
+    pkey = EVP_Q_keygen(NULL, NULL, "X25519");
 
-    EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_gen(pctx, &pkey);
-    EVP_PKEY_CTX_free(pctx);
+An B<X448>, B<ED25519>, or B<ED448> key can be generated likewise.
 
 =head1 SEE ALSO
 
diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod
index 0200d0df96..9db62e5aab 100644
--- a/doc/man7/crypto.pod
+++ b/doc/man7/crypto.pod
@@ -422,7 +422,7 @@ For information on the OpenSSL configuration file format see L<config(5)>.
 =head1 ENCODING AND DECODING KEYS
 
 Many algorithms require the use of a key. Keys can be generated dynamically
-using the EVP APIs (for example see L<EVP_PKEY_gen(3)>). However it is often
+using the EVP APIs (for example see L<EVP_PKEY_Q_keygen(3)>). However it is often
 necessary to save or load keys (or their associated parameters) to or from some
 external format such as PEM or DER (see L<openssl-glossary(7)>). OpenSSL uses
 encoders and decoders to perform this task.
diff --git a/include/crypto/ec.h b/include/crypto/ec.h
index 9743dcc3a7..acb14effc9 100644
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@@ -16,7 +16,6 @@
 # include <openssl/opensslconf.h>
 # include <openssl/evp.h>
 
-const char *ossl_ec_curve_nid2name(int nid);
 int ossl_ec_curve_name2nid(const char *name);
 const char *ossl_ec_curve_nid2nist_int(int nid);
 int ossl_ec_curve_nist2nid_int(const char *name);
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index f4b12d1400..96a109e38b 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -904,7 +904,7 @@ int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
                                    const char *name, const char *value);
 
 /* These two must ONLY be called for legacy operations */
-int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
 
 /* This must ONLY be called for legacy EVP_PKEYs */
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 970570c1ed..ad40b9045c 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -84,6 +84,8 @@ typedef enum {
     POINT_CONVERSION_HYBRID = 6
 } point_conversion_form_t;
 
+const char *OSSL_EC_curve_nid2name(int nid);
+
 # ifndef OPENSSL_NO_EC
 #  include <openssl/asn1.h>
 #  include <openssl/symhacks.h>
@@ -1072,7 +1074,7 @@ OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey,
                                                 point_conversion_form_t cform);
 #  endif /*OPENSSL_NO_DEPRECATED_3_0 */
 
-# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
+#  define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
 
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -1544,6 +1546,8 @@ OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify
                                            EC_KEY *eckey));
 #  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
+#  define EVP_EC_gen(curve) \
+    EVP_PKEY_Q_keygen(NULL, NULL, "EC", (char *)(strstr(curve, "")))
 #  define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \
                                           d2i_ECParameters, x)
 
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index c380f2e539..9d4867ea99 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1744,9 +1744,9 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype);
 
 int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
-const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
-const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx);
+const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
+const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx);
 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
                       int cmd, int p1, void *p2);
 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
@@ -1933,11 +1933,13 @@ int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
 int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
 int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
 
+EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
+                            const char *type, ...);
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx);
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 573ba003cc..a55c9727c6 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -245,6 +245,9 @@ OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r);
 OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r);
 # endif  /* !OPENSSL_NO_DEPRECATED_3_0 */
 
+# define EVP_RSA_gen(bits) \
+    EVP_PKEY_Q_keygen(NULL, NULL, "RSA", (size_t)(0 + (bits)))
+
 /* Deprecated version */
 # ifndef OPENSSL_NO_DEPRECATED_0_9_8
 OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index da684b0718..a406564162 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -143,7 +143,7 @@ d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curv
 04f8d52acc6332bdf879bf1684e8c59d2f4d8ca303d16c74d87aab3dd4a94932  crypto/ec/ec2_oct.c
 7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
-8cf8af8e9bfc29e0cdc41720ec4a6d6c74eb5c15a9fc8193f8ec8270c0df1d37  crypto/ec/ec_backend.c
+4ec7fe2efa0e55316ac4bb8507c7a37360339070c406c2623c38c5a541ac65d6  crypto/ec/ec_backend.c
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
@@ -167,10 +167,10 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
 e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5  crypto/evp/digest.c
-87599335b61f97362799170d7b19cbbf775bfecc0fab570b267c7622241cfad8  crypto/evp/ec_support.c
+5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b  crypto/evp/ec_support.c
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
 9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561  crypto/evp/evp_fetch.c
-f975f6ba3aff8130b775f39182fdc783a3ef954402313248edd661d29032aa05  crypto/evp/evp_lib.c
+ce97d3bbaa68d2c3aae7f2c4d8709396ec2f0f131abf2c2584e523585ec89c02  crypto/evp/evp_lib.c
 af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
 896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a  crypto/evp/exchange.c
@@ -184,8 +184,8 @@ ec959b00487bfc51f4cf33c21a60fd8a73087a622504f459ba4cfe48bb0a738c  crypto/evp/mac
 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
 f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5  crypto/evp/p_lib.c
 b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pmeth_check.c
-d22e6f5041a894b7e8433c1be4c5f1bc5897453bcbdd66bbc8cbfba854f7fd74  crypto/evp/pmeth_gn.c
-12b8e891dc2f3a1cf8365d9fddd319343dc229d3e60149c51b5ae9df9b6b504d  crypto/evp/pmeth_lib.c
+ff8a5ff024c228fe714e4cf758260cf9e9c992a9311acb5f96b0f2ed6af1a814  crypto/evp/pmeth_gn.c
+b360a72944bcb8f8ae8bd28d9b8a4a6aa4f39d1402295f84af243d14c3f1898c  crypto/evp/pmeth_lib.c
 52d8ea3b8b3ef52b58306b0fbd4557d682ba69a5384672ba7e1682c9a853f417  crypto/evp/signature.c
 e0a58ecf268c6bec531898d8fe6b148601b0bed8324fa8d5668de643c027606b  crypto/ex_data.c
 ae496cbb92b8664bb729997a241d12cc515a3944d66fe87b0c6e24f1011e061f  crypto/ffc/ffc_backend.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index c4d76e1822..d34f8d6298 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-14ae4fff4bd856c7e146d65b63880ff152276fe35b0f1f4ed5f24eb6e97e7b44  providers/fips-sources.checksums
+d5397de128260293373b9e70152a07e990cf4f98accfe9c69b78aefc782e2e96  providers/fips-sources.checksums
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 0510cc2c05..d400a81174 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -114,7 +114,6 @@ err:
 static int ecdsa_keygen_test(int id)
 {
     int ret = 0;
-    EVP_PKEY_CTX *ctx = NULL;
     EVP_PKEY *pkey = NULL;
     unsigned char *priv = NULL;
     unsigned char *pubx = NULL, *puby = NULL;
@@ -123,10 +122,7 @@ static int ecdsa_keygen_test(int id)
 
     self_test_args.called = 0;
     self_test_args.enable = 1;
-    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
-        || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
         || !TEST_int_ge(self_test_args.called, 3)
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
                                         &priv_len))
@@ -147,7 +143,6 @@ err:
     OPENSSL_free(pubx);
     OPENSSL_free(puby);
     EVP_PKEY_free(pkey);
-    EVP_PKEY_CTX_free(ctx);
     return ret;
 }
 
@@ -251,17 +246,13 @@ err:
 static int ecdsa_siggen_test(int id)
 {
     int ret = 0;
-    EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
     EVP_PKEY *pkey = NULL;
     size_t sig_len = 0, rlen = 0, slen = 0;
     unsigned char *sig = NULL;
     unsigned char *r = NULL, *s = NULL;
     const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
 
-    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
-        || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
         goto err;
 
     if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
@@ -276,8 +267,6 @@ err:
     OPENSSL_free(s);
     OPENSSL_free(sig);
     EVP_PKEY_free(pkey);
-    EVP_PKEY_CTX_free(key_ctx);
-    EVP_PKEY_CTX_free(ctx);
     return ret;
 }
 
@@ -1007,21 +996,6 @@ err:
 #endif /* OPENSSL_NO_DH */
 
 
-static EVP_PKEY *rsa_keygen(int bits)
-{
-    EVP_PKEY *key = NULL;
-    EVP_PKEY_CTX *keygen_ctx = NULL;
-
-    if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
-        || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
-        goto err;
-err:
-    EVP_PKEY_CTX_free(keygen_ctx);
-    return key;
-}
-
 static int rsa_create_pkey(EVP_PKEY **pkey,
                            const unsigned char *n, size_t n_len,
                            const unsigned char *e, size_t e_len,
@@ -1199,7 +1173,7 @@ static int rsa_siggen_test(int id)
     }
     *p++ = OSSL_PARAM_construct_end();
 
-    if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
        || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
        || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
        || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
@@ -1275,7 +1249,7 @@ static int rsa_decryption_primitive_test(int id)
     BN_CTX *bn_ctx = NULL;
     const struct rsa_decrypt_prim_st *tst  = &rsa_decrypt_prim_data[id];
 
-    if (!TEST_ptr(pkey = rsa_keygen(2048))
+    if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
diff --git a/test/dsatest.c b/test/dsatest.c
index 56693dd139..533fba1cbc 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -256,10 +256,10 @@ static int dsa_keygen_test(void)
                                                          sizeof(seed_data)))
         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
                                                              ""))
-        || !TEST_int_gt(EVP_PKEY_gen(pg_ctx, &param_key), 0)
+        || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, &param_key), 0)
         || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
         || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
-        || !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0))
+        || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0))
         goto end;
 
     if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
@@ -313,7 +313,7 @@ static int test_dsa_default_paramgen_validate(int i)
           && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
           && (i == 0
               || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
-          && TEST_int_gt(EVP_PKEY_gen(gen_ctx, &params), 0)
+          && TEST_int_gt(EVP_PKEY_generate(gen_ctx, &params), 0)
           && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
           && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);
 
diff --git a/test/endecode_test.c b/test/endecode_test.c
index df4f92c12c..9d0ebeb7e7 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -81,7 +81,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
            && EVP_PKEY_paramgen_init(ctx) > 0
            && (genparams == NULL
                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
-           && EVP_PKEY_gen(ctx, &pkey) > 0);
+           && EVP_PKEY_generate(ctx, &pkey) > 0);
     EVP_PKEY_CTX_free(ctx);
 
     return pkey;
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 999b791d63..9e54f1f03b 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -249,7 +249,7 @@ static EVP_PKEY *make_key(const char *type,
             || EVP_PKEY_paramgen_init(ctx) <= 0
             || (gen_template_params[0].key != NULL
                 && EVP_PKEY_CTX_set_params(ctx, gen_template_params_noconst) <= 0)
-            || EVP_PKEY_gen(ctx, &template) <= 0))
+            || EVP_PKEY_generate(ctx, &template) <= 0))
         goto end;
     EVP_PKEY_CTX_free(ctx);
 
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index 6dff939467..cb8b3b7fb4 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -488,16 +488,12 @@ static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 {
     int ret = 0;
-    EVP_PKEY_CTX *keygen_ctx = NULL;
     unsigned char *pub_der = NULL;
     const unsigned char *pp = NULL;
     size_t len = 0;
     OSSL_ENCODER_CTX *ectx = NULL;
 
-    if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
-        || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
-        || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
-        || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
+    if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
         || !TEST_ptr(ectx =
                      OSSL_ENCODER_CTX_new_for_pkey(*priv,
                                                    EVP_PKEY_PUBLIC_KEY,
@@ -512,7 +508,6 @@ static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
 err:
     OSSL_ENCODER_CTX_free(ectx);
     OPENSSL_free(pub_der);
-    EVP_PKEY_CTX_free(keygen_ctx);
     return ret;
 }
 
diff --git a/test/threadstest.c b/test/threadstest.c
index b82e16f8c6..9d15a23d96 100644
--- a/test/threadstest.c
+++ b/test/threadstest.c
@@ -16,7 +16,7 @@
 
 #include <string.h>
 #include <openssl/crypto.h>
-#include <openssl/evp.h>
+#include <openssl/rsa.h>
 #include <openssl/aes.h>
 #include <openssl/rsa.h>
 #include "testutil.h"
@@ -291,7 +291,6 @@ static void thread_general_worker(void)
     };
     unsigned int mdoutl;
     int ciphoutl;
-    EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
     int testresult = 0;
     int i, isfips;
@@ -320,18 +319,13 @@ static void thread_general_worker(void)
             goto err;
     }
 
-    pctx = EVP_PKEY_CTX_new_from_name(multi_libctx, "RSA", NULL);
-    if (!TEST_ptr(pctx)
-            || !TEST_int_gt(EVP_PKEY_keygen_init(pctx), 0)
-               /*
-                * We want the test to run quickly - not securely. Therefore we
-                * use an insecure bit length where we can (512). In the FIPS
-                * module though we must use a longer length.
-                */
-            || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx,
-                                                             isfips ? 2048 : 512),
-                                                             0)
-            || !TEST_int_gt(EVP_PKEY_keygen(pctx, &pkey), 0))
+    /*
+     * We want the test to run quickly - not securely.
+     * Therefore we use an insecure bit length where we can (512).
+     * In the FIPS module though we must use a longer length.
+     */
+    pkey = EVP_PKEY_Q_keygen(multi_libctx, NULL, "RSA", isfips ? 2048 : 512);
+    if (!TEST_ptr(pkey))
         goto err;
 
     testresult = 1;
@@ -340,7 +334,6 @@ static void thread_general_worker(void)
     EVP_MD_free(md);
     EVP_CIPHER_CTX_free(cipherctx);
     EVP_CIPHER_free(ciph);
-    EVP_PKEY_CTX_free(pctx);
     EVP_PKEY_free(pkey);
     if (!testresult)
         multi_success = 0;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 019a6ecb52..1820baf4ad 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4413,6 +4413,7 @@ EVP_MAC_init                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_final                           ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_finalXOF                        ?	3_0_0	EXIST::FUNCTION:
+OSSL_EC_curve_nid2name                  ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_supports_digest_nid            ?	3_0_0	EXIST::FUNCTION:
 SRP_VBASE_add0_user                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SRP_user_pwd_new                        ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
@@ -4947,7 +4948,8 @@ OSSL_CMP_exec_GENM_ses                  ?	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_MSG_http_perform               ?	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_MSG_read                       ?	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_MSG_write                      ?	3_0_0	EXIST::FUNCTION:CMP
-EVP_PKEY_gen                            ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_Q_keygen                       ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_generate                       ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_rsa_keygen_bits        ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_rsa_keygen_pubexp      ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_PKEY_CTX_set1_rsa_keygen_pubexp     ?	3_0_0	EXIST::FUNCTION:
diff --git a/util/other.syms b/util/other.syms
index fb8efcb12a..0047905209 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -322,6 +322,7 @@ EVP_VerifyUpdate                        define
 EVP_bf_cfb                              define
 EVP_cast5_cfb                           define
 EVP_cleanup                             define deprecated 1.1.0
+EVP_EC_gen                              define
 EVP_get_digestbynid                     define
 EVP_get_digestbyobj                     define
 EVP_get_macbynid                        define
@@ -329,6 +330,7 @@ EVP_get_macbyobj                        define
 EVP_idea_cfb                            define
 EVP_rc2_cfb                             define
 EVP_rc5_32_12_16_cfb                    define
+EVP_RSA_gen                             define
 EVP_seed_cfb                            define
 EVP_sm4_cfb                             define
 OBJ_cleanup                             define deprecated 1.1.0

From matt at openssl.org  Tue May 11 14:15:08 2021
From: matt at openssl.org (Matt Caswell)
Date: Tue, 11 May 2021 14:15:08 +0000
Subject: [openssl]  master update
Message-ID: <1620742508.584533.18964.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b8be229dab036b26de8830444bf2beb82e71f50e (commit)
       via  c1fb5e072fdeffc5b686e265283f0b31b1c37c3b (commit)
       via  878be71c2d284d1fc4d591fdbbfb14eed63da10f (commit)
       via  fb9b3a7bce236c96d8db37e52db83997b4cb18db (commit)
       via  abaa2dd2981ba3c15456016c6248f539242cfb49 (commit)
       via  8c627075656cf2709680eeb5aa1826f00db2e483 (commit)
       via  3b85bcfa14988cb383d94e5dee16645ce1ad39ed (commit)
       via  7b88c184b66c0d7cfb1f76422448af6a636eea8c (commit)
       via  5442611dffed2c345ef83d494f2ef7ffb9cf3883 (commit)
       via  d0efad482f7d72db3d52bdb0380bd019e6d59de8 (commit)
       via  f12a5690de906c05031f0195b6dec6925ff27231 (commit)
       via  a16d21744df686a7c005d1f129915d9083476e14 (commit)
       via  d07af736de592602f2831f8559d0302cb116e190 (commit)
      from  56784203ec2e4c8d94fccb25b956e21331b800b1 (commit)


- Log -----------------------------------------------------------------
commit b8be229dab036b26de8830444bf2beb82e71f50e
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 7 11:18:57 2021 +0100

    Update FIPS checksums
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit c1fb5e072fdeffc5b686e265283f0b31b1c37c3b
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 7 11:03:59 2021 +0100

    Exclude child provider code from the FIPS module
    
    We don't need the child provider code in the FIPS module so we exclude
    it.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit 878be71c2d284d1fc4d591fdbbfb14eed63da10f
Author: Matt Caswell <matt at openssl.org>
Date:   Wed May 5 14:43:19 2021 +0100

    Update documentation following addition of OSSL_LIB_CTX_new_child()
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit fb9b3a7bce236c96d8db37e52db83997b4cb18db
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 4 17:38:10 2021 +0100

    Add additional testing of child libctx/providers
    
    Add a case where a provider explicitly loads a provider into a child
    libctx where it does not already exist.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit abaa2dd2981ba3c15456016c6248f539242cfb49
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 4 16:23:31 2021 +0100

    Don't convert pre-existing providers into children
    
    If a provider explicitly loads another provider into a child libctx where
    it wasn't previously loaded then we don't start treating it like a child
    if the parent libctx subsequently loads the same provider.
    
    Fixes #14925
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit 8c627075656cf2709680eeb5aa1826f00db2e483
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 29 16:37:42 2021 +0100

    Add support for child provider to up_ref/free their parent
    
    If the ref counts on a child provider change, then this needs to be
    reflected in the parent so we add callbacks to do this.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit 3b85bcfa14988cb383d94e5dee16645ce1ad39ed
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 26 16:00:04 2021 +0100

    Add a test to check that child provider callbacks are working
    
    Write a test to confirm that if a provider is unloaded/loaded into a
    libctx then it is similarly unloaded/loaded from any child libctxs.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit 7b88c184b66c0d7cfb1f76422448af6a636eea8c
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 23 12:08:27 2021 +0100

    Register callbacks with core for child provider creation/deletion
    
    By adding callbacks to the core this will enable (in future commits) the
    ability to add/remove child providers as the providers are added/removed
    from the parent libctx.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit 5442611dffed2c345ef83d494f2ef7ffb9cf3883
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 22 15:58:50 2021 +0100

    Add a test for OSSL_LIB_CTX_new_child()
    
    Check that we can create such a libctx and usable providers are loaded
    into it.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit d0efad482f7d72db3d52bdb0380bd019e6d59de8
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 22 08:31:08 2021 +0100

    Modify the legacy provider to use OSSL_LIB_CTX_new_child()
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit f12a5690de906c05031f0195b6dec6925ff27231
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Apr 21 16:51:41 2021 +0100

    Add the concept of a child OSSL_LIB_CTX
    
    Add a child OSSL_LIB_CTX that will mirror the providers loaded into the
    parent libctx. This is useful for providers that want to use algorithms
    from other providers and just need to inherit the providers used by the
    application.
    
    Fixes #14925
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit a16d21744df686a7c005d1f129915d9083476e14
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 26 11:35:17 2021 +0100

    Add the ability for ex_data to have a priority
    
    Where an object has multiple ex_data associated with it, then we free that
    ex_data in order of priority (high priority first).
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

commit d07af736de592602f2831f8559d0302cb116e190
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 22 09:43:22 2021 +0100

    Only load the config file into the default libctx if necessary
    
    There is no need to load providers from the config file into the default
    libctx, if the current libctx that we are using isn't the default libctx.
    This avoids some deadlock situations.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14991)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bss_core.c                       |   1 +
 crypto/build.info                           |   2 +-
 crypto/context.c                            |  34 ++-
 crypto/core_namemap.c                       |   1 +
 crypto/encode_decode/decoder_meth.c         |   1 +
 crypto/encode_decode/encoder_meth.c         |   1 +
 crypto/evp/evp_fetch.c                      |   2 +
 crypto/ex_data.c                            |  62 +++--
 crypto/initthread.c                         |   1 +
 crypto/property/defn_cache.c                |   1 +
 crypto/property/property.c                  |   1 +
 crypto/property/property_string.c           |   1 +
 crypto/provider.c                           |   7 +-
 crypto/provider_child.c                     | 330 ++++++++++++++++++++++
 crypto/provider_conf.c                      |   4 +-
 crypto/provider_core.c                      | 409 ++++++++++++++++++++++++++--
 crypto/rand/rand_lib.c                      |   1 +
 crypto/self_test_core.c                     |   1 +
 crypto/store/store_meth.c                   |   1 +
 doc/internal/man3/ossl_lib_ctx_get_data.pod |  14 +-
 doc/internal/man3/ossl_provider_new.pod     |  53 +++-
 doc/man3/OSSL_LIB_CTX.pod                   |  56 +++-
 doc/man3/OSSL_PROVIDER.pod                  |  10 +-
 doc/man7/provider-base.pod                  |  54 ++++
 include/internal/core.h                     |   1 +
 include/internal/cryptlib.h                 |  12 +-
 include/internal/provider.h                 |  19 +-
 include/openssl/core_dispatch.h             |  27 ++
 include/openssl/crypto.h.in                 |   6 +-
 include/openssl/provider.h                  |   1 +
 providers/fips-sources.checksums            |  26 +-
 providers/fips.checksum                     |   2 +-
 providers/fips/fipsprov.c                   |   1 +
 providers/implementations/rands/crngt.c     |   1 +
 providers/implementations/rands/drbg.c      |   1 +
 providers/legacyprov.c                      |   7 +-
 test/bio_core_test.c                        |   2 +-
 test/context_internal_test.c                |   1 +
 test/p_test.c                               |  80 +++++-
 test/provider_internal_test.c               |   2 +-
 test/provider_test.c                        | 158 ++++++++++-
 test/recipes/04-test_provider.t             |   7 +-
 util/libcrypto.num                          |   2 +
 43 files changed, 1298 insertions(+), 106 deletions(-)
 create mode 100644 crypto/provider_child.c

diff --git a/crypto/bio/bss_core.c b/crypto/bio/bss_core.c
index 2baabe614e..89b1ef7395 100644
--- a/crypto/bio/bss_core.c
+++ b/crypto/bio/bss_core.c
@@ -30,6 +30,7 @@ static void *bio_core_globals_new(OSSL_LIB_CTX *ctx)
 }
 
 static const OSSL_LIB_CTX_METHOD bio_core_globals_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     bio_core_globals_new,
     bio_core_globals_free,
 };
diff --git a/crypto/build.info b/crypto/build.info
index ffcc2b0183..ed4581eef5 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -99,7 +99,7 @@ $UTIL_COMMON=\
 SOURCE[../libcrypto]=$UTIL_COMMON \
         mem.c mem_sec.c \
         cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
-        o_fopen.c getenv.c o_init.c init.c trace.c provider.c \
+        o_fopen.c getenv.c o_init.c init.c trace.c provider.c provider_child.c \
         punycode.c
 SOURCE[../providers/libfips.a]=$UTIL_COMMON
 
diff --git a/crypto/context.c b/crypto/context.c
index 4ea949970a..1e0dfa8e01 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -13,6 +13,7 @@
 #include "internal/property.h"
 #include "internal/core.h"
 #include "internal/bio.h"
+#include "internal/provider.h"
 
 struct ossl_lib_ctx_onfree_list_st {
     ossl_lib_ctx_onfree_fn *fn;
@@ -39,6 +40,7 @@ struct ossl_lib_ctx_st {
     int run_once_done[OSSL_LIB_CTX_MAX_RUN_ONCE];
     int run_once_ret[OSSL_LIB_CTX_MAX_RUN_ONCE];
     struct ossl_lib_ctx_onfree_list_st *onfreelist;
+    unsigned int ischild:1;
 };
 
 int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx)
@@ -56,6 +58,15 @@ int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx)
     return CRYPTO_THREAD_unlock(ossl_lib_ctx_get_concrete(ctx)->lock);
 }
 
+int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx)
+{
+    ctx = ossl_lib_ctx_get_concrete(ctx);
+
+    if (ctx == NULL)
+        return 0;
+    return ctx->ischild;
+}
+
 static int context_init(OSSL_LIB_CTX *ctx)
 {
     size_t i;
@@ -185,7 +196,8 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_new(void)
 }
 
 #ifndef FIPS_MODULE
-OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_DISPATCH *in)
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle,
+                                             const OSSL_DISPATCH *in)
 {
     OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
 
@@ -200,6 +212,23 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_DISPATCH *in)
     return ctx;
 }
 
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle,
+                                     const OSSL_DISPATCH *in)
+{
+    OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new_from_dispatch(handle, in);
+
+    if (ctx == NULL)
+        return NULL;
+
+    if (!ossl_provider_init_as_child(ctx, handle, in)) {
+        OSSL_LIB_CTX_free(ctx);
+        return NULL;
+    }
+    ctx->ischild = 1;
+
+    return ctx;
+}
+
 int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file)
 {
     return CONF_modules_load_file_ex(ctx, config_file, NULL, 0) > 0;
@@ -305,7 +334,8 @@ static int ossl_lib_ctx_init_index(OSSL_LIB_CTX *ctx, int static_index,
     idx = ossl_crypto_get_ex_new_index_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, 0,
                                           (void *)meth,
                                           ossl_lib_ctx_generic_new,
-                                          NULL, ossl_lib_ctx_generic_free);
+                                          NULL, ossl_lib_ctx_generic_free,
+                                          meth->priority);
     if (idx < 0)
         return 0;
 
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index 1009fb1e94..5bb0f09ec7 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -87,6 +87,7 @@ static void stored_namemap_free(void *vnamemap)
 }
 
 static const OSSL_LIB_CTX_METHOD stored_namemap_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     stored_namemap_new,
     stored_namemap_free,
 };
diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c
index 7f8a365b66..7a271f7408 100644
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -76,6 +76,7 @@ static void *decoder_store_new(OSSL_LIB_CTX *ctx)
 
 
 static const OSSL_LIB_CTX_METHOD decoder_store_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     decoder_store_new,
     decoder_store_free,
 };
diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c
index de0a66578c..bb319460b9 100644
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -76,6 +76,7 @@ static void *encoder_store_new(OSSL_LIB_CTX *ctx)
 
 
 static const OSSL_LIB_CTX_METHOD encoder_store_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     encoder_store_new,
     encoder_store_free,
 };
diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c
index 266f657ff2..6c701bf1e2 100644
--- a/crypto/evp/evp_fetch.c
+++ b/crypto/evp/evp_fetch.c
@@ -35,6 +35,8 @@ static void *evp_method_store_new(OSSL_LIB_CTX *ctx)
 
 
 static const OSSL_LIB_CTX_METHOD evp_method_store_method = {
+    /* We want evp_method_store to be cleaned up before the provider store */
+    OSSL_LIB_CTX_METHOD_PRIORITY_2,
     evp_method_store_new,
     evp_method_store_free,
 };
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 4a0efbdb18..40223f06e4 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <stdlib.h>
 #include "crypto/cryptlib.h"
 #include "internal/thread_once.h"
 
@@ -141,7 +142,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
                                     long argl, void *argp,
                                     CRYPTO_EX_new *new_func,
                                     CRYPTO_EX_dup *dup_func,
-                                    CRYPTO_EX_free *free_func)
+                                    CRYPTO_EX_free *free_func,
+                                    int priority)
 {
     int toret = -1;
     EX_CALLBACK *a;
@@ -176,6 +178,7 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
     a->new_func = new_func;
     a->dup_func = dup_func;
     a->free_func = free_func;
+    a->priority = priority;
 
     if (!sk_EX_CALLBACK_push(ip->meth, NULL)) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
@@ -195,7 +198,7 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
                             CRYPTO_EX_free *free_func)
 {
     return ossl_crypto_get_ex_new_index_ex(NULL, class_index, argl, argp,
-                                           new_func, dup_func, free_func);
+                                           new_func, dup_func, free_func, 0);
 }
 
 /*
@@ -331,6 +334,27 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
     return toret;
 }
 
+struct ex_callback_entry {
+    const EX_CALLBACK *excb;
+    int index;
+};
+
+static int ex_callback_compare(const void *a, const void *b)
+{
+    const struct ex_callback_entry *ap = (const struct ex_callback_entry *)a;
+    const struct ex_callback_entry *bp = (const struct ex_callback_entry *)b;
+
+    if (ap->excb == bp->excb)
+        return 0;
+
+    if (ap->excb == NULL)
+        return 1;
+    if (bp->excb == NULL)
+        return -1;
+    if (ap->excb->priority == bp->excb->priority)
+        return 0;
+    return ap->excb->priority > bp->excb->priority ? -1 : 1;
+}
 
 /*
  * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
@@ -341,9 +365,9 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
     int mx, i;
     EX_CALLBACKS *ip;
     void *ptr;
-    EX_CALLBACK *f;
-    EX_CALLBACK *stack[10];
-    EX_CALLBACK **storage = NULL;
+    const EX_CALLBACK *f;
+    struct ex_callback_entry stack[10];
+    struct ex_callback_entry *storage = NULL;
     OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ad->ctx);
 
     if (global == NULL)
@@ -360,23 +384,23 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
         else
             storage = OPENSSL_malloc(sizeof(*storage) * mx);
         if (storage != NULL)
-            for (i = 0; i < mx; i++)
-                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+            for (i = 0; i < mx; i++) {
+                storage[i].excb = sk_EX_CALLBACK_value(ip->meth, i);
+                storage[i].index = i;
+            }
     }
     CRYPTO_THREAD_unlock(global->ex_data_lock);
 
-    for (i = 0; i < mx; i++) {
-        if (storage != NULL)
-            f = storage[i];
-        else {
-            if (!CRYPTO_THREAD_write_lock(global->ex_data_lock))
-                continue;
-            f = sk_EX_CALLBACK_value(ip->meth, i);
-            CRYPTO_THREAD_unlock(global->ex_data_lock);
-        }
-        if (f != NULL && f->free_func != NULL) {
-            ptr = CRYPTO_get_ex_data(ad, i);
-            f->free_func(obj, ptr, ad, i, f->argl, f->argp);
+    if (storage != NULL) {
+        /* Sort according to priority. High priority first */
+        qsort(storage, mx, sizeof(*storage), ex_callback_compare);
+        for (i = 0; i < mx; i++) {
+            f = storage[i].excb;
+
+            if (f != NULL && f->free_func != NULL) {
+                ptr = CRYPTO_get_ex_data(ad, storage[i].index);
+                f->free_func(obj, ptr, ad, storage[i].index, f->argl, f->argp);
+            }
         }
     }
 
diff --git a/crypto/initthread.c b/crypto/initthread.c
index 0740668071..fec3213047 100644
--- a/crypto/initthread.c
+++ b/crypto/initthread.c
@@ -278,6 +278,7 @@ static void thread_event_ossl_ctx_free(void *tlocal)
 }
 
 static const OSSL_LIB_CTX_METHOD thread_event_ossl_ctx_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     thread_event_ossl_ctx_new,
     thread_event_ossl_ctx_free,
 };
diff --git a/crypto/property/defn_cache.c b/crypto/property/defn_cache.c
index 6c6503bdcc..8007599526 100644
--- a/crypto/property/defn_cache.c
+++ b/crypto/property/defn_cache.c
@@ -63,6 +63,7 @@ static void *property_defns_new(OSSL_LIB_CTX *ctx) {
 }
 
 static const OSSL_LIB_CTX_METHOD property_defns_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     property_defns_new,
     property_defns_free,
 };
diff --git a/crypto/property/property.c b/crypto/property/property.c
index 2b841a2204..da6bc84e27 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -94,6 +94,7 @@ static void *ossl_ctx_global_properties_new(OSSL_LIB_CTX *ctx)
 
 
 static const OSSL_LIB_CTX_METHOD ossl_ctx_global_properties_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     ossl_ctx_global_properties_new,
     ossl_ctx_global_properties_free,
 };
diff --git a/crypto/property/property_string.c b/crypto/property/property_string.c
index 90bb322faa..9eb55cb461 100644
--- a/crypto/property/property_string.c
+++ b/crypto/property/property_string.c
@@ -105,6 +105,7 @@ err:
 }
 
 static const OSSL_LIB_CTX_METHOD property_string_data_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     property_string_data_new,
     property_string_data_free,
 };
diff --git a/crypto/provider.c b/crypto/provider.c
index bdff44afb9..766086a47b 100644
--- a/crypto/provider.c
+++ b/crypto/provider.c
@@ -23,7 +23,7 @@ OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name,
         && (prov = ossl_provider_new(libctx, name, NULL, 0)) == NULL)
         return NULL;
 
-    if (!ossl_provider_activate(prov, retain_fallbacks)) {
+    if (!ossl_provider_activate(prov, retain_fallbacks, 1)) {
         ossl_provider_free(prov);
         return NULL;
     }
@@ -88,6 +88,11 @@ void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov)
     return ossl_provider_prov_ctx(prov);
 }
 
+const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov)
+{
+    return ossl_provider_get0_dispatch(prov);
+}
+
 int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
 {
     return ossl_provider_self_test(prov);
diff --git a/crypto/provider_child.c b/crypto/provider_child.c
new file mode 100644
index 0000000000..0ca61c0686
--- /dev/null
+++ b/crypto/provider_child.c
@@ -0,0 +1,330 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/crypto.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/provider.h>
+#include "internal/provider.h"
+#include "internal/cryptlib.h"
+
+DEFINE_STACK_OF(OSSL_PROVIDER)
+
+struct child_prov_globals {
+    const OSSL_CORE_HANDLE *handle;
+    const OSSL_CORE_HANDLE *curr_prov;
+    unsigned int isinited:1;
+    CRYPTO_RWLOCK *lock;
+    OSSL_FUNC_core_get_libctx_fn *c_get_libctx;
+    OSSL_FUNC_provider_register_child_cb_fn *c_provider_register_child_cb;
+    OSSL_FUNC_provider_deregister_child_cb_fn *c_provider_deregister_child_cb;
+    OSSL_FUNC_provider_name_fn *c_prov_name;
+    OSSL_FUNC_provider_get0_provider_ctx_fn *c_prov_get0_provider_ctx;
+    OSSL_FUNC_provider_get0_dispatch_fn *c_prov_get0_dispatch;
+    OSSL_FUNC_provider_up_ref_fn *c_prov_up_ref;
+    OSSL_FUNC_provider_free_fn *c_prov_free;
+};
+
+static void *child_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
+{
+    return OPENSSL_zalloc(sizeof(struct child_prov_globals));
+}
+
+static void child_prov_ossl_ctx_free(void *vgbl)
+{
+    struct child_prov_globals *gbl = vgbl;
+
+    gbl->c_provider_deregister_child_cb(gbl->handle);
+    CRYPTO_THREAD_lock_free(gbl->lock);
+    OPENSSL_free(gbl);
+}
+
+static const OSSL_LIB_CTX_METHOD child_prov_ossl_ctx_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
+    child_prov_ossl_ctx_new,
+    child_prov_ossl_ctx_free,
+};
+
+static OSSL_provider_init_fn ossl_child_provider_init;
+
+static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle,
+                                    const OSSL_DISPATCH *in,
+                                    const OSSL_DISPATCH **out,
+                                    void **provctx)
+{
+    OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
+    OSSL_LIB_CTX *ctx;
+    struct child_prov_globals *gbl;
+
+    for (; in->function_id != 0; in++) {
+        switch (in->function_id) {
+        case OSSL_FUNC_CORE_GET_LIBCTX:
+            c_get_libctx = OSSL_FUNC_core_get_libctx(in);
+            break;
+        default:
+            /* Just ignore anything we don't understand */
+            break;
+        }
+    }
+
+    if (c_get_libctx == NULL)
+        return 0;
+
+    /*
+     * We need an OSSL_LIB_CTX but c_get_libctx returns OPENSSL_CORE_CTX. We are
+     * a built-in provider and so we can get away with this cast. Normal
+     * providers can't do this.
+     */
+    ctx = (OSSL_LIB_CTX *)c_get_libctx(handle);
+
+    gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
+                                &child_prov_ossl_ctx_method);
+    if (gbl == NULL)
+        return 0;
+
+    *provctx = gbl->c_prov_get0_provider_ctx(gbl->curr_prov);
+    *out = gbl->c_prov_get0_dispatch(gbl->curr_prov);
+
+    return 1;
+}
+
+static int provider_create_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
+{
+    OSSL_LIB_CTX *ctx = cbdata;
+    struct child_prov_globals *gbl;
+    const char *provname;
+    OSSL_PROVIDER *cprov;
+    int ret = 0;
+
+    gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
+                                &child_prov_ossl_ctx_method);
+    if (gbl == NULL)
+        return 0;
+
+    /*
+     * If !gbl->isinited, then we are still initing and we already hold the
+     * lock - so don't take it again.
+     */
+    if (gbl->isinited && !CRYPTO_THREAD_write_lock(gbl->lock))
+        return 0;
+
+    provname = gbl->c_prov_name(prov);
+
+    /*
+     * We're operating under a lock so we can store the "current" provider in
+     * the global data.
+     */
+    gbl->curr_prov = prov;
+
+    if ((cprov = ossl_provider_find(ctx, provname, 1)) != NULL) {
+        /*
+        * We free the newly created ref. We rely on the provider sticking around
+        * in the provider store.
+        */
+        ossl_provider_free(cprov);
+
+        /*
+         * The provider already exists. It could be an unused built-in, or a
+         * previously created child, or it could have been explicitly loaded. If
+         * explicitly loaded it cannot be converted to a child and we ignore it
+         * - i.e. we don't start treating it like a child.
+         */
+        if (!ossl_provider_convert_to_child(cprov, prov,
+                                            ossl_child_provider_init))
+            goto err;
+    } else {
+        /*
+         * Create it - passing 1 as final param so we don't try and recursively
+         * init children
+         */
+        if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init,
+                                       1)) == NULL)
+            goto err;
+
+        /*
+        * We free the newly created ref. We rely on the provider sticking around
+        * in the provider store.
+        */
+        ossl_provider_free(cprov);
+
+        if (!ossl_provider_activate(cprov, 0, 0))
+            goto err;
+
+        if (!ossl_provider_set_child(cprov, prov)) {
+            ossl_provider_deactivate(cprov);
+            goto err;
+        }
+    }
+
+    ret = 1;
+ err:
+    if (gbl->isinited)
+        CRYPTO_THREAD_unlock(gbl->lock);
+    return ret;
+}
+
+static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
+{
+    OSSL_LIB_CTX *ctx = cbdata;
+    struct child_prov_globals *gbl;
+    const char *provname;
+    OSSL_PROVIDER *cprov;
+
+    gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
+                                &child_prov_ossl_ctx_method);
+    if (gbl == NULL)
+        return 0;
+
+    provname = gbl->c_prov_name(prov);
+    cprov = ossl_provider_find(ctx, provname, 1);
+    if (cprov == NULL)
+        return 0;
+    /*
+     * ossl_provider_find ups the ref count, so we free it again here. We can
+     * rely on the provider store reference count.
+     */
+    ossl_provider_free(cprov);
+    if (ossl_provider_is_child(cprov)
+            && !ossl_provider_deactivate(cprov))
+        return 0;
+
+    return 1;
+}
+
+int ossl_provider_init_child_providers(OSSL_LIB_CTX *ctx)
+{
+    struct child_prov_globals *gbl;
+
+    /* Should never happen */
+    if (ctx == NULL)
+        return 0;
+
+    gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
+                                &child_prov_ossl_ctx_method);
+    if (gbl == NULL)
+        return 0;
+
+    if (!CRYPTO_THREAD_read_lock(gbl->lock))
+        return 0;
+    if (gbl->isinited) {
+        CRYPTO_THREAD_unlock(gbl->lock);
+        return 1;
+    }
+    CRYPTO_THREAD_unlock(gbl->lock);
+
+    if (!CRYPTO_THREAD_write_lock(gbl->lock))
+        return 0;
+    if (!gbl->isinited) {
+        if (!gbl->c_provider_register_child_cb(gbl->handle,
+                                               provider_create_child_cb,
+                                               provider_remove_child_cb,
+                                               ctx)) {
+            CRYPTO_THREAD_unlock(gbl->lock);
+            return 0;
+        }
+        gbl->isinited = 1;
+    }
+    CRYPTO_THREAD_unlock(gbl->lock);
+
+    return 1;
+}
+
+int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
+                                const OSSL_CORE_HANDLE *handle,
+                                const OSSL_DISPATCH *in)
+{
+    struct child_prov_globals *gbl;
+
+    if (ctx == NULL)
+        return 0;
+
+    gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
+                                &child_prov_ossl_ctx_method);
+    if (gbl == NULL)
+        return 0;
+
+    gbl->handle = handle;
+    for (; in->function_id != 0; in++) {
+        switch (in->function_id) {
+        case OSSL_FUNC_CORE_GET_LIBCTX:
+            gbl->c_get_libctx = OSSL_FUNC_core_get_libctx(in);
+            break;
+        case OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB:
+            gbl->c_provider_register_child_cb
+                = OSSL_FUNC_provider_register_child_cb(in);
+            break;
+        case OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB:
+            gbl->c_provider_deregister_child_cb
+                = OSSL_FUNC_provider_deregister_child_cb(in);
+            break;
+        case OSSL_FUNC_PROVIDER_NAME:
+            gbl->c_prov_name = OSSL_FUNC_provider_name(in);
+            break;
+        case OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX:
+            gbl->c_prov_get0_provider_ctx
+                = OSSL_FUNC_provider_get0_provider_ctx(in);
+            break;
+        case OSSL_FUNC_PROVIDER_GET0_DISPATCH:
+            gbl->c_prov_get0_dispatch = OSSL_FUNC_provider_get0_dispatch(in);
+            break;
+        case OSSL_FUNC_PROVIDER_UP_REF:
+            gbl->c_prov_up_ref
+                = OSSL_FUNC_provider_up_ref(in);
+            break;
+        case OSSL_FUNC_PROVIDER_FREE:
+            gbl->c_prov_free = OSSL_FUNC_provider_free(in);
+            break;
+        default:
+            /* Just ignore anything we don't understand */
+            break;
+        }
+    }
+
+    if (gbl->c_get_libctx == NULL
+            || gbl->c_provider_register_child_cb == NULL
+            || gbl->c_prov_name == NULL
+            || gbl->c_prov_get0_provider_ctx == NULL
+            || gbl->c_prov_get0_dispatch == NULL
+            || gbl->c_prov_up_ref == NULL
+            || gbl->c_prov_free == NULL)
+        return 0;
+
+    gbl->lock = CRYPTO_THREAD_lock_new();
+    if (gbl->lock == NULL)
+        return 0;
+
+    return 1;
+}
+
+int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate)
+{
+    struct child_prov_globals *gbl;
+
+    gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
+                                OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
+                                &child_prov_ossl_ctx_method);
+    if (gbl == NULL)
+        return 0;
+
+    return gbl->c_prov_up_ref(ossl_provider_get_parent(prov), activate);
+}
+
+int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate)
+{
+    struct child_prov_globals *gbl;
+
+    gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
+                                OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
+                                &child_prov_ossl_ctx_method);
+    if (gbl == NULL)
+        return 0;
+
+    return gbl->c_prov_free(ossl_provider_get_parent(prov), deactivate);
+}
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index a04a7aa553..5725ef3c63 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -45,6 +45,8 @@ static void prov_conf_ossl_ctx_free(void *vpcgbl)
 }
 
 static const OSSL_LIB_CTX_METHOD provider_conf_ossl_ctx_method = {
+    /* Must be freed before the provider store is freed */
+    OSSL_LIB_CTX_METHOD_PRIORITY_2,
     prov_conf_ossl_ctx_new,
     prov_conf_ossl_ctx_free,
 };
@@ -162,7 +164,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
     ok = provider_conf_params(prov, NULL, value, cnf);
 
     if (ok && activate) {
-        if (!ossl_provider_activate(prov, 0)) {
+        if (!ossl_provider_activate(prov, 0, 1)) {
             ok = 0;
         } else {
             if (pcgbl->activated_providers == NULL)
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index c419e6f644..f0b429d986 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -22,6 +22,7 @@
 #include "internal/provider.h"
 #include "internal/refcount.h"
 #include "internal/bio.h"
+#include "internal/core.h"
 #include "provider_local.h"
 #ifndef FIPS_MODULE
 # include <openssl/self_test.h>
@@ -41,6 +42,16 @@ typedef struct {
 } INFOPAIR;
 DEFINE_STACK_OF(INFOPAIR)
 
+#ifndef FIPS_MODULE
+typedef struct {
+    OSSL_PROVIDER *prov;
+    int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata);
+    void (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata);
+    void *cbdata;
+} OSSL_PROVIDER_CHILD_CB;
+DEFINE_STACK_OF(OSSL_PROVIDER_CHILD_CB)
+#endif
+
 struct provider_store_st;        /* Forward declaration */
 
 struct ossl_provider_st {
@@ -48,6 +59,9 @@ struct ossl_provider_st {
     unsigned int flag_initialized:1;
     unsigned int flag_activated:1;
     unsigned int flag_fallback:1; /* Can be used as fallback */
+#ifndef FIPS_MODULE
+    unsigned int flag_couldbechild:1;
+#endif
 
     /* Getting and setting the flags require synchronization */
     CRYPTO_RWLOCK *flag_lock;
@@ -91,8 +105,15 @@ struct ossl_provider_st {
     size_t operation_bits_sz;
     CRYPTO_RWLOCK *opbits_lock;
 
+#ifndef FIPS_MODULE
+    /* Whether this provider is the child of some other provider */
+    const OSSL_CORE_HANDLE *handle;
+    unsigned int ischild:1;
+#endif
+
     /* Provider side data */
     void *provctx;
+    const OSSL_DISPATCH *dispatch;
 };
 DEFINE_STACK_OF(OSSL_PROVIDER)
 
@@ -111,7 +132,9 @@ static int ossl_provider_cmp(const OSSL_PROVIDER * const *a,
  */
 
 struct provider_store_st {
+    OSSL_LIB_CTX *libctx;
     STACK_OF(OSSL_PROVIDER) *providers;
+    STACK_OF(OSSL_PROVIDER_CHILD_CB) *child_cbs;
     CRYPTO_RWLOCK *default_path_lock;
     CRYPTO_RWLOCK *lock;
     char *default_path;
@@ -132,6 +155,13 @@ static void provider_deactivate_free(OSSL_PROVIDER *prov)
     ossl_provider_free(prov);
 }
 
+#ifndef FIPS_MODULE
+static void ossl_provider_child_cb_free(OSSL_PROVIDER_CHILD_CB *cb)
+{
+    OPENSSL_free(cb);
+}
+#endif
+
 static void provider_store_free(void *vstore)
 {
     struct provider_store_st *store = vstore;
@@ -141,6 +171,10 @@ static void provider_store_free(void *vstore)
     store->freeing = 1;
     OPENSSL_free(store->default_path);
     sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free);
+#ifndef FIPS_MODULE
+    sk_OSSL_PROVIDER_CHILD_CB_pop_free(store->child_cbs,
+                                       ossl_provider_child_cb_free);
+#endif
     CRYPTO_THREAD_lock_free(store->default_path_lock);
     CRYPTO_THREAD_lock_free(store->lock);
     OPENSSL_free(store);
@@ -154,10 +188,14 @@ static void *provider_store_new(OSSL_LIB_CTX *ctx)
     if (store == NULL
         || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL
         || (store->default_path_lock = CRYPTO_THREAD_lock_new()) == NULL
+#ifndef FIPS_MODULE
+        || (store->child_cbs = sk_OSSL_PROVIDER_CHILD_CB_new_null()) == NULL
+#endif
         || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) {
         provider_store_free(store);
         return NULL;
     }
+    store->libctx = ctx;
     store->use_fallbacks = 1;
 
     for (p = ossl_predefined_providers; p->name != NULL; p++) {
@@ -189,6 +227,8 @@ static void *provider_store_new(OSSL_LIB_CTX *ctx)
 }
 
 static const OSSL_LIB_CTX_METHOD provider_store_method = {
+    /* Needs to be freed before the child provider data is freed */
+    OSSL_LIB_CTX_METHOD_PRIORITY_1,
     provider_store_new,
     provider_store_free,
 };
@@ -233,8 +273,13 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
          * Make sure any providers are loaded from config before we try to find
          * them.
          */
-        if (!noconfig)
-            OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+        if (!noconfig) {
+            if (ossl_lib_ctx_is_default(libctx))
+                OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+            if (ossl_lib_ctx_is_child(libctx)
+                    && !ossl_provider_init_child_providers(libctx))
+                return NULL;
+        }
 #endif
 
         tmpl.name = (char *)name;
@@ -274,6 +319,9 @@ static OSSL_PROVIDER *provider_new(const char *name,
     }
 
     prov->init_function = init_function;
+#ifndef FIPS_MODULE
+    prov->flag_couldbechild = 1;
+#endif
     return prov;
 }
 
@@ -283,9 +331,38 @@ int ossl_provider_up_ref(OSSL_PROVIDER *prov)
 
     if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0)
         return 0;
+
+#ifndef FIPS_MODULE
+    if (prov->ischild) {
+        if (!ossl_provider_up_ref_parent(prov, 0)) {
+            ossl_provider_free(prov);
+            return 0;
+        }
+    }
+#endif
+
     return ref;
 }
 
+#ifndef FIPS_MODULE
+static int provider_up_ref_intern(OSSL_PROVIDER *prov, int activate)
+{
+    if (activate)
+        return ossl_provider_activate(prov, 0, 1);
+
+    return ossl_provider_up_ref(prov);
+}
+
+static int provider_free_intern(OSSL_PROVIDER *prov, int deactivate)
+{
+    if (deactivate)
+        return ossl_provider_deactivate(prov);
+
+    ossl_provider_free(prov);
+    return 1;
+}
+#endif
+
 OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name,
                                  OSSL_provider_init_fn *init_function,
                                  int noconfig)
@@ -361,8 +438,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
          */
         if (ref == 0) {
             if (prov->flag_initialized) {
-                if (prov->teardown != NULL)
-                    prov->teardown(prov->provctx);
+                ossl_provider_teardown(prov);
 #ifndef OPENSSL_NO_ERR
 # ifndef FIPS_MODULE
                 if (prov->error_strings != NULL) {
@@ -397,6 +473,11 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
 #endif
             OPENSSL_free(prov);
         }
+#ifndef FIPS_MODULE
+        else if (prov->ischild) {
+            ossl_provider_free_parent(prov, 0);
+        }
+#endif
     }
 }
 
@@ -580,6 +661,10 @@ static int provider_init(OSSL_PROVIDER *prov, int flag_lock)
         goto end;
     }
     prov->provctx = tmp_provctx;
+    prov->dispatch = provider_dispatch;
+#ifndef FIPS_MODULE
+    prov->flag_couldbechild = 0;
+#endif
 
     for (; provider_dispatch->function_id != 0; provider_dispatch++) {
         switch (provider_dispatch->function_id) {
@@ -685,17 +770,49 @@ static int provider_init(OSSL_PROVIDER *prov, int flag_lock)
 static int provider_deactivate(OSSL_PROVIDER *prov)
 {
     int count;
+    struct provider_store_st *store;
 
     if (!ossl_assert(prov != NULL))
         return -1;
 
-    if (!CRYPTO_THREAD_write_lock(prov->flag_lock))
+    store = get_provider_store(prov->libctx);
+    if (store == NULL)
+        return -1;
+
+    if (!CRYPTO_THREAD_read_lock(store->lock))
         return -1;
+    if (!CRYPTO_THREAD_write_lock(prov->flag_lock)) {
+        CRYPTO_THREAD_unlock(store->lock);
+        return -1;
+    }
 
-    if ((count = --prov->activatecnt) < 1)
+#ifndef FIPS_MODULE
+    if (prov->activatecnt == 2 && prov->ischild) {
+        /*
+         * We have had a direct activation in this child libctx so we need to
+         * now down the ref count in the parent provider.
+         */
+        ossl_provider_free_parent(prov, 1);
+    }
+#endif
+
+    if ((count = --prov->activatecnt) < 1) {
         prov->flag_activated = 0;
+#ifndef FIPS_MODULE
+        {
+            int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
+            OSSL_PROVIDER_CHILD_CB *child_cb;
+
+            for (i = 0; i < max; i++) {
+                child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
+                child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata);
+            }
+        }
+#endif
+    }
 
     CRYPTO_THREAD_unlock(prov->flag_lock);
+    CRYPTO_THREAD_unlock(store->lock);
 
     /* We don't deinit here, that's done in ossl_provider_free() */
     return count;
@@ -705,22 +822,64 @@ static int provider_deactivate(OSSL_PROVIDER *prov)
  * Activate a provider.
  * Return -1 on failure and the activation count on success
  */
-static int provider_activate(OSSL_PROVIDER *prov, int flag_lock)
+static int provider_activate(OSSL_PROVIDER *prov, int lock, int upcalls)
 {
-    int count;
+    int count = -1;
 
-    if (provider_init(prov, flag_lock)) {
-        if (flag_lock && !CRYPTO_THREAD_write_lock(prov->flag_lock))
+    if (provider_init(prov, lock)) {
+        int ret = 1;
+        struct provider_store_st *store;
+
+        store = get_provider_store(prov->libctx);
+        if (store == NULL)
             return -1;
-        count = ++prov->activatecnt;
-        prov->flag_activated = 1;
-        if (flag_lock)
-            CRYPTO_THREAD_unlock(prov->flag_lock);
 
-        return count;
+        if (lock && !CRYPTO_THREAD_read_lock(store->lock))
+            return -1;
+
+        if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) {
+            CRYPTO_THREAD_unlock(store->lock);
+            return -1;
+        }
+
+#ifndef FIPS_MODULE
+        if (prov->ischild && upcalls)
+            ret = ossl_provider_up_ref_parent(prov, 1);
+#endif
+
+        if (ret) {
+            count = ++prov->activatecnt;
+            prov->flag_activated = 1;
+
+#ifndef FIPS_MODULE
+            if (prov->activatecnt == 1) {
+                OSSL_PROVIDER_CHILD_CB *child_cb;
+                int i, max;
+
+                max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
+                for (i = 0; i < max; i++) {
+                    /*
+                     * This is newly activated (activatecnt == 1), so we need to
+                     * create child providers as necessary.
+                     */
+                    child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs,
+                                                               i);
+                    ret &= child_cb->create_cb((OSSL_CORE_HANDLE *)prov,
+                                               child_cb->cbdata);
+                }
+            }
+#endif
+        }
+
+        if (lock) {
+            CRYPTO_THREAD_unlock(prov->flag_lock);
+            CRYPTO_THREAD_unlock(store->lock);
+        }
+        if (!ret)
+            return -1;
     }
 
-    return -1;
+    return count;
 }
 
 static int provider_flush_store_cache(const OSSL_PROVIDER *prov)
@@ -741,13 +900,14 @@ static int provider_flush_store_cache(const OSSL_PROVIDER *prov)
     return 1;
 }
 
-int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks)
+int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks,
+                           int upcalls)
 {
     int count;
 
     if (prov == NULL)
         return 0;
-    if ((count = provider_activate(prov, 1)) > 0) {
+    if ((count = provider_activate(prov, 1, upcalls)) > 0) {
         if (!retain_fallbacks) {
             if (!CRYPTO_THREAD_write_lock(prov->store->lock)) {
                 provider_deactivate(prov);
@@ -808,9 +968,12 @@ static void provider_activate_fallbacks(struct provider_store_st *store)
         OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(store->providers, i);
 
         if (ossl_provider_up_ref(prov)) {
-            if (prov->flag_fallback) {
-                if (provider_activate(prov, 1) > 0)
-                    activated_fallback_count++;
+            if (CRYPTO_THREAD_write_lock(prov->flag_lock)) {
+                if (prov->flag_fallback) {
+                    if (provider_activate(prov, 0, 0) > 0)
+                        activated_fallback_count++;
+                }
+                CRYPTO_THREAD_unlock(prov->flag_lock);
             }
             ossl_provider_free(prov);
         }
@@ -842,7 +1005,11 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
      * Make sure any providers are loaded from config before we try to use
      * them.
      */
-    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+    if (ossl_lib_ctx_is_default(ctx))
+        OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+    if (ossl_lib_ctx_is_child(ctx)
+            && !ossl_provider_init_child_providers(ctx))
+        return 0;
 #endif
 
     if (store == NULL)
@@ -879,7 +1046,7 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
              * It's already activated, but we up the activated count to ensure
              * it remains activated until after we've called the user callback.
              */
-            if (provider_activate(prov, 0) < 0) {
+            if (provider_activate(prov, 0, 1) < 0) {
                 ossl_provider_free(prov);
                 CRYPTO_THREAD_unlock(prov->flag_lock);
                 goto err_unlock;
@@ -988,6 +1155,14 @@ void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov)
     return NULL;
 }
 
+const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov)
+{
+    if (prov != NULL)
+        return prov->dispatch;
+
+    return NULL;
+}
+
 OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov)
 {
     return prov != NULL ? prov->libctx : NULL;
@@ -996,7 +1171,11 @@ OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov)
 /* Wrappers around calls to the provider */
 void ossl_provider_teardown(const OSSL_PROVIDER *prov)
 {
-    if (prov->teardown != NULL)
+    if (prov->teardown != NULL
+#ifndef FIPS_MODULE
+            && !prov->ischild
+#endif
+       )
         prov->teardown(prov->provctx);
 }
 
@@ -1131,6 +1310,171 @@ int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum,
     return 1;
 }
 
+#ifndef FIPS_MODULE
+const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov)
+{
+    return prov->handle;
+}
+
+int ossl_provider_is_child(const OSSL_PROVIDER *prov)
+{
+    return prov->ischild;
+}
+
+int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle)
+{
+    prov->handle = handle;
+    prov->ischild = 1;
+
+    return 1;
+}
+
+int ossl_provider_convert_to_child(OSSL_PROVIDER *prov,
+                                   const OSSL_CORE_HANDLE *handle,
+                                   OSSL_provider_init_fn *init_function)
+{
+    int flush = 0;
+
+    if (!CRYPTO_THREAD_write_lock(prov->store->lock))
+        return 0;
+    if (!CRYPTO_THREAD_write_lock(prov->flag_lock)) {
+        CRYPTO_THREAD_unlock(prov->store->lock);
+        return 0;
+    }
+    /*
+     * The provider could be in one of three states: (1) Already a child,
+     * (2) Not a child (but eligible to be one), or (3) Not a child (not
+     * eligible to be one).
+     */
+    if (prov->flag_couldbechild) {
+        ossl_provider_set_child(prov, handle);
+        prov->init_function = init_function;
+    }
+    if (prov->ischild && provider_activate(prov, 0, 0)) {
+        flush = 1;
+        prov->store->use_fallbacks = 0;
+    }
+
+    CRYPTO_THREAD_unlock(prov->flag_lock);
+    CRYPTO_THREAD_unlock(prov->store->lock);
+
+    if (flush)
+        provider_flush_store_cache(prov);
+
+    /*
+     * We report success whether or not the provider was eligible for conversion
+     * to a child. If its not elgibile then it has already been loaded as a non
+     * child provider and we should keep it like that.
+     */
+    return 1;
+}
+
+static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle,
+                                           int (*create_cb)(
+                                               const OSSL_CORE_HANDLE *provider,
+                                               void *cbdata),
+                                           void (*remove_cb)(
+                                               const OSSL_CORE_HANDLE *provider,
+                                               void *cbdata),
+                                           void *cbdata)
+{
+    /*
+     * This is really an OSSL_PROVIDER that we created and cast to
+     * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back.
+     */
+    OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle;
+    OSSL_PROVIDER *prov;
+    OSSL_LIB_CTX *libctx = thisprov->libctx;
+    struct provider_store_st *store = NULL;
+    int ret = 0, i, max;
+    OSSL_PROVIDER_CHILD_CB *child_cb;
+
+    if ((store = get_provider_store(libctx)) == NULL)
+        return 0;
+
+    child_cb = OPENSSL_malloc(sizeof(*child_cb));
+    if (child_cb == NULL)
+        return 0;
+    child_cb->prov = thisprov;
+    child_cb->create_cb = create_cb;
+    child_cb->remove_cb = remove_cb;
+    child_cb->cbdata = cbdata;
+
+    if (!CRYPTO_THREAD_write_lock(store->lock)) {
+        OPENSSL_free(child_cb);
+        return 0;
+    }
+    max = sk_OSSL_PROVIDER_num(store->providers);
+    for (i = 0; i < max; i++) {
+        prov = sk_OSSL_PROVIDER_value(store->providers, i);
+        /*
+         * We require register_child_cb to be called during a provider init
+         * function. The currently initing provider will never be activated yet
+         * and we we should not attempt to aquire the flag_lock for it.
+         */
+        if (prov == thisprov)
+            continue;
+        if (!CRYPTO_THREAD_read_lock(prov->flag_lock))
+            break;
+        /*
+         * We hold the lock while calling the user callback. This means that the
+         * user callback must be short and simple and not do anything likely to
+         * cause a deadlock.
+         */
+        if (prov->flag_activated
+                && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata))
+            break;
+        CRYPTO_THREAD_unlock(prov->flag_lock);
+    }
+    if (i == max) {
+        /* Success */
+        ret = sk_OSSL_PROVIDER_CHILD_CB_push(store->child_cbs, child_cb);
+    }
+    if (i != max || ret <= 0) {
+        /* Failed during creation. Remove everything we just added */
+        for (; i >= 0; i--) {
+            prov = sk_OSSL_PROVIDER_value(store->providers, i);
+            remove_cb((OSSL_CORE_HANDLE *)prov, cbdata);
+        }
+        OPENSSL_free(child_cb);
+        ret = 0;
+    }
+    CRYPTO_THREAD_unlock(store->lock);
+
+    return ret;
+}
+
+static void ossl_provider_deregister_child_cb(const OSSL_CORE_HANDLE *handle)
+{
+    /*
+     * This is really an OSSL_PROVIDER that we created and cast to
+     * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back.
+     */
+    OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle;
+    OSSL_LIB_CTX *libctx = thisprov->libctx;
+    struct provider_store_st *store = NULL;
+    int i, max;
+    OSSL_PROVIDER_CHILD_CB *child_cb;
+
+    if ((store = get_provider_store(libctx)) == NULL)
+        return;
+
+    if (!CRYPTO_THREAD_write_lock(store->lock))
+        return;
+    max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
+    for (i = 0; i < max; i++) {
+        child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
+        if (child_cb->prov == thisprov) {
+            /* Found an entry */
+            sk_OSSL_PROVIDER_CHILD_CB_delete(store->child_cbs, i);
+            OPENSSL_free(child_cb);
+            break;
+        }
+    }
+    CRYPTO_THREAD_unlock(store->lock);
+}
+#endif
+
 /*-
  * Core functions for the provider
  * ===============================
@@ -1348,7 +1692,22 @@ static const OSSL_DISPATCH core_dispatch_[] = {
     { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED,
         (void (*)(void))CRYPTO_secure_allocated },
     { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse },
-
+#ifndef FIPS_MODULE
+    { OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB,
+        (void (*)(void))ossl_provider_register_child_cb },
+    { OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB,
+        (void (*)(void))ossl_provider_deregister_child_cb },
+    { OSSL_FUNC_PROVIDER_NAME,
+        (void (*)(void))OSSL_PROVIDER_name },
+    { OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX,
+        (void (*)(void))OSSL_PROVIDER_get0_provider_ctx },
+    { OSSL_FUNC_PROVIDER_GET0_DISPATCH,
+        (void (*)(void))OSSL_PROVIDER_get0_dispatch },
+    { OSSL_FUNC_PROVIDER_UP_REF,
+        (void (*)(void))provider_up_ref_intern },
+    { OSSL_FUNC_PROVIDER_FREE,
+        (void (*)(void))provider_free_intern },
+#endif
     { 0, NULL }
 };
 static const OSSL_DISPATCH *core_dispatch = core_dispatch_;
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index f6c5bc15ee..bdf5f71f44 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -486,6 +486,7 @@ static void rand_ossl_ctx_free(void *vdgbl)
 }
 
 static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     rand_ossl_ctx_new,
     rand_ossl_ctx_free,
 };
diff --git a/crypto/self_test_core.c b/crypto/self_test_core.c
index a4f6c9ab2a..341af7b194 100644
--- a/crypto/self_test_core.c
+++ b/crypto/self_test_core.c
@@ -46,6 +46,7 @@ static void self_test_set_callback_free(void *stcb)
 }
 
 static const OSSL_LIB_CTX_METHOD self_test_set_callback_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     self_test_set_callback_new,
     self_test_set_callback_free,
 };
diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c
index a2ab341fe9..7bf0a329ce 100644
--- a/crypto/store/store_meth.c
+++ b/crypto/store/store_meth.c
@@ -81,6 +81,7 @@ static void *loader_store_new(OSSL_LIB_CTX *ctx)
 
 
 static const OSSL_LIB_CTX_METHOD loader_store_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     loader_store_new,
     loader_store_free,
 };
diff --git a/doc/internal/man3/ossl_lib_ctx_get_data.pod b/doc/internal/man3/ossl_lib_ctx_get_data.pod
index b79e93d848..6b80aa011e 100644
--- a/doc/internal/man3/ossl_lib_ctx_get_data.pod
+++ b/doc/internal/man3/ossl_lib_ctx_get_data.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-ossl_lib_ctx_get_data, ossl_lib_ctx_run_once, ossl_lib_ctx_onfree
+ossl_lib_ctx_get_data, ossl_lib_ctx_run_once, ossl_lib_ctx_onfree,
+ossl_lib_ctx_is_child
 - internal OSSL_LIB_CTX routines
 
 =head1 SYNOPSIS
@@ -11,6 +12,7 @@ ossl_lib_ctx_get_data, ossl_lib_ctx_run_once, ossl_lib_ctx_onfree
  #include "internal/cryptlib.h"
 
  typedef struct ossl_lib_ctx_method {
+     int priority;
      void *(*new_func)(OSSL_LIB_CTX *ctx);
      void (*free_func)(void *);
  } OSSL_LIB_CTX_METHOD;
@@ -22,6 +24,8 @@ ossl_lib_ctx_get_data, ossl_lib_ctx_run_once, ossl_lib_ctx_onfree
                            ossl_lib_ctx_run_once_fn run_once_fn);
  int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn);
 
+ int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx);
+
 =head1 DESCRIPTION
 
 Internally, the OpenSSL library context B<OSSL_LIB_CTX> is implemented
@@ -53,6 +57,9 @@ using ossl_lib_ctx_onfree. This associates an "on free" routine I<onfreefn> with
 the library context I<ctx>. When I<ctx> is freed all associated "on free"
 routines are called.
 
+ossl_lib_ctx_is_child() returns 1 if this library context is a child and 0
+otherwise.
+
 =head1 RETURN VALUES
 
 ossl_lib_ctx_get_data() returns a pointer on success, or NULL on
@@ -86,8 +93,13 @@ and a destructor to an index.
  /*
   * Include a reference to this in the methods table in context.c 
   * OSSL_LIB_CTX_FOO_INDEX should be added to internal/cryptlib.h
+  * Priorities can be OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
+  * OSSL_LIB_CTX_METHOD_PRIORITY_1, OSSL_LIB_CTX_METHOD_PRIORITY_2, etc.
+  * Default priority is low (0). The higher the priority the earlier the
+  * method's destructor will be called when the library context is cleaned up.
   */
  const OSSL_LIB_CTX_METHOD foo_method = {
+     OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
      foo_new,
      foo_free
  };
diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod
index e83869a9de..ff347bad3f 100644
--- a/doc/internal/man3/ossl_provider_new.pod
+++ b/doc/internal/man3/ossl_provider_new.pod
@@ -5,7 +5,10 @@
 ossl_provider_find, ossl_provider_new, ossl_provider_up_ref,
 ossl_provider_free,
 ossl_provider_set_fallback, ossl_provider_set_module_path,
-ossl_provider_add_parameter,
+ossl_provider_add_parameter, ossl_provider_set_child, ossl_provider_get_parent,
+ossl_provider_up_ref_parent, ossl_provider_free_parent,
+ossl_provider_get0_dispatch, ossl_provider_init_child_providers,
+ossl_provider_init_as_child,
 ossl_provider_activate, ossl_provider_deactivate, ossl_provider_available,
 ossl_provider_ctx,
 ossl_provider_doall_activated,
@@ -37,11 +40,19 @@ ossl_provider_get_capabilities
  int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name,
                                  const char *value);
 
+ /* Child Providers */
+ int ossl_provider_set_child(OSSL_PROVIDER *prov,
+                             const OSSL_CORE_HANDLE *handle);
+ const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov);
+ int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate);
+ int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate);
+
  /*
   * Activate the Provider
   * If the Provider is a module, the module will be loaded
   */
- int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks);
+ int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks,
+                            int upcalls);
  int ossl_provider_deactivate(OSSL_PROVIDER *prov);
  /* Check if provider is available (activated) */
  int ossl_provider_available(OSSL_PROVIDER *prov);
@@ -49,6 +60,8 @@ ossl_provider_get_capabilities
  /* Return pointer to the provider's context */
  void *ossl_provider_ctx(const OSSL_PROVIDER *prov);
 
+ const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov);
+
  /* Iterate over all loaded providers */
  int ossl_provider_doall_activated(OSSL_LIB_CTX *,
                                    int (*cb)(OSSL_PROVIDER *provider,
@@ -82,6 +95,12 @@ ossl_provider_get_capabilities
                                       int *result);
  int ossl_provider_clear_all_operation_bits(OSSL_LIB_CTX *libctx);
 
+ int ossl_provider_init_child_providers(OSSL_LIB_CTX *ctx);
+ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
+                                 const OSSL_CORE_HANDLE *handle,
+                                 const OSSL_DISPATCH *in);
+
+
 =head1 DESCRIPTION
 
 I<OSSL_PROVIDER> is a type that holds all the necessary information
@@ -162,6 +181,19 @@ provider will use the name to find the value it wants.
 Only text parameters can be given, and it's up to the provider to
 interpret them.
 
+ossl_provider_set_child() marks this provider as a child of a provider in the
+parent library context. I<handle> is the B<OSSL_CORE_HANDLE> object passed to
+the provider's B<OSSL_provider_init> function.
+
+ossl_provider_get_parent() obtains the handle on the parent provider.
+
+ossl_provider_up_ref_parent() increases the reference count on the parent
+provider. If I<activate> is nonzero then the parent provider is also activated.
+
+ossl_provider_free_parent() decreases the reference count on the parent
+provider. If I<deactivate> is nonzero then the parent provider is also
+deactivated.
+
 ossl_provider_activate() "activates" the provider for the given
 provider object I<prov> by incrementing its activation count, flagging
 it as activated, and initializing it if it isn't already initialized.
@@ -184,7 +216,9 @@ be located in that module, and called.
 =back
 
 If I<retain_fallbacks> is zero, fallbacks are disabled.  If it is nonzero,
-fallbacks are left unchanged.
+fallbacks are left unchanged. If I<upcalls> is nonzero then, if this is a child
+provider, upcalls to the parent libctx will be made to inform it of an
+up-ref.
 
 ossl_provider_deactivate() "deactivates" the provider for the given
 provider object I<prov> by decrementing its activation count.  When
@@ -198,6 +232,10 @@ ossl_provider_ctx() returns a context created by the provider.
 Outside of the provider, it's completely opaque, but it needs to be
 passed back to some of the provider functions.
 
+ossl_provider_get0_dispatch() returns the dispatch table that the provider
+initially returned in the I<out> parameter of its B<OSSL_provider_init>
+function.
+
 ossl_provider_doall_activated() iterates over all the currently
 "activated" providers, and calls I<cb> for each of them.
 If no providers have been "activated" yet, it tries to activate all
@@ -253,6 +291,15 @@ I<*result> to 1 or 0 accorddingly.
 ossl_provider_clear_all_operation_bits() clears all of the operation bits
 to (0) for all providers in the library context I<libctx>.
 
+ossl_provider_init_child_providers() registers the callbacks required to
+receive notifications about loading and unloading of providers in the parent
+library context.
+
+ossl_provider_init_as_child() stores in the library context I<ctx> references to
+the necessary upcalls for managing child providers. The I<handle> and I<in>
+parameters are the B<OSSL_CORE_HANDLE> and B<OSSL_DISPATCH> pointers that were
+passed to the provider's B<OSSL_provider_init> function.
+
 =head1 NOTES
 
 Locating a provider module happens as follows:
diff --git a/doc/man3/OSSL_LIB_CTX.pod b/doc/man3/OSSL_LIB_CTX.pod
index 9796c8575c..57037e2ba6 100644
--- a/doc/man3/OSSL_LIB_CTX.pod
+++ b/doc/man3/OSSL_LIB_CTX.pod
@@ -3,8 +3,8 @@
 =head1 NAME
 
 OSSL_LIB_CTX, OSSL_LIB_CTX_new, OSSL_LIB_CTX_new_from_dispatch,
-OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config, OSSL_LIB_CTX_get0_global_default,
-OSSL_LIB_CTX_set0_default
+OSSL_LIB_CTX_new_child, OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config,
+OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default
 - OpenSSL library context
 
 =head1 SYNOPSIS
@@ -14,7 +14,10 @@ OSSL_LIB_CTX_set0_default
  typedef struct ossl_lib_ctx_st OSSL_LIB_CTX;
 
  OSSL_LIB_CTX *OSSL_LIB_CTX_new(void);
- OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_DISPATCH *in);
+ OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle,
+                                              const OSSL_DISPATCH *in);
+ OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle,
+                                      const OSSL_DISPATCH *in);
  int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
  void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx);
  OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
@@ -36,10 +39,49 @@ OSSL_LIB_CTX_new() creates a new OpenSSL library context.
 
 OSSL_LIB_CTX_new_from_dispatch() creates a new OpenSSL library context
 initialised to use callbacks from the OSSL_DISPATCH structure. This is primarily
-useful for provider authors. The dispatch structure passed should be the same
-one as passed to a provider's OSSL_provider_init function in the I<in> argument.
-Some OpenSSL functions, such as L<BIO_new_from_core_bio(3)>, require the library
-context to be created in this way in order to work.
+useful for provider authors. The I<handle> and dispatch structure arguments
+passed should be the same ones as passed to a provider's
+OSSL_provider_init function. Some OpenSSL functions, such as
+L<BIO_new_from_core_bio(3)>, require the library context to be created in this
+way in order to work.
+
+OSSL_LIB_CTX_new_child() is only useful to provider authors and does the same
+thing as OSSL_LIB_CTX_new_from_dispatch() except that it additionally links the
+new library context to the application library context. The new library context
+is a full library context in its own right, but will have all the same providers
+available to it that are available in the application library context (without
+having to reload them). If the application loads or unloads providers from the
+application library context then this will be automatically mirrored in the
+child library context.
+
+In addition providers that are not loaded in the parent library context can be
+explicitly loaded into the child library context independently from the parent
+library context. Providers loaded independently in this way will not be mirrored
+in the parent library context and will not be affected if the parent library
+context subsequently loads the same provider.
+
+A provider may call the function L<OSSL_PROVIDER_load(3)> with the child library
+context as required. If the provider already exists due to it being mirrored
+from the parent library context then it will remain available and its reference
+count will be increased. If L<OSSL_PROVIDER_load(3)> is called in this way then
+L<OSSL_PROVIDER_unload(3)> should be subsequently called to decrement the
+reference count. L<OSSL_PROVIDER_unload(3)> must not be called for a provider in
+the child library context that did not have an earlier L<OSSL_PROVIDER_load(3)>
+call for that provider in that child library context.
+
+OSSL_LIB_CTX_new_child() must only be called from within the scope of a
+provider's B<OSSL_provider_init> function (see L<provider-base(7)>). Calling it
+outside of that function may succeed but may not correctly mirror all providers
+and is considered undefined behaviour. When called from within the scope of a
+provider's B<OSSL_provider_init> function the currently initialising provider is
+not yet available in the application's library context and therefore will
+similarly not yet be available in the newly constructed child library context.
+As soon as the B<OSSL_provider_init> function returns then the new provider is
+available in the application's library context and will be similarly mirrored in
+the child library context. Since the current provider is still initialising
+the provider should not attempt to perform fetches, or call any function that
+performs a fetch using the child library context until after the initialisation
+function has completed.
 
 OSSL_LIB_CTX_load_config() loads a configuration file using the given C<ctx>.
 This can be used to associate a library context with providers that are loaded
diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod
index d5317ee3f5..391084e68e 100644
--- a/doc/man3/OSSL_PROVIDER.pod
+++ b/doc/man3/OSSL_PROVIDER.pod
@@ -7,8 +7,9 @@ OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
 OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
 OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
 OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation,
-OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name,
-OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test
+OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch,
+OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name, OSSL_PROVIDER_get_capabilities,
+OSSL_PROVIDER_self_test
 - provider routines
 
 =head1 SYNOPSIS
@@ -39,6 +40,7 @@ OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test
                                       int operation_id,
                                       const OSSL_ALGORITHM *algs);
  void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
+ const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov);
 
  int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name,
                                ossl_provider_init_fn *init_fn);
@@ -130,6 +132,10 @@ OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
 provider. The provider context is an opaque handle set by the provider itself
 and is passed back to the provider by libcrypto in various function calls.
 
+OSSL_PROVIDER_get0_dispatch() returns the provider's dispatch table as it was
+returned in the I<out> parameter from the provider's init function. See
+L<provider-base(7)>.
+
 If it is permissible to cache references to this array then I<*no_store> is set
 to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
 have a short lifetime.
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index c07f9fddf6..fe48beb1d1 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -80,6 +80,21 @@ provider-base
  void cleanup_nonce(const OSSL_CORE_HANDLE *handle,
                     unsigned char *buf, size_t len);
 
+ /* Functions for querying the providers in the application library context */
+ int provider_register_child_cb(const OSSL_CORE_HANDLE *handle,
+                     int (*create_cb)(const OSSL_CORE_HANDLE *provider,
+                                      void *cbdata),
+                     int (*remove_cb)(const OSSL_CORE_HANDLE *provider,
+                                      void *cbdata),
+                     void *cbdata);
+ void provider_deregister_child_cb(const OSSL_CORE_HANDLE *handle);
+ const char *provider_name(const OSSL_CORE_HANDLE *prov);
+ void *provider_get0_provider_ctx(const OSSL_CORE_HANDLE *prov);
+ const OSSL_DISPATCH *provider_get0_dispatch(const OSSL_CORE_HANDLE *prov);
+ int provider_up_ref(const OSSL_CORE_HANDLE *prov, int activate);
+ int provider_free(const OSSL_CORE_HANDLE *prov, int deactivate);
+
+
  /* Functions offered by the provider to libcrypto */
  void provider_teardown(void *provctx);
  const OSSL_ITEM *provider_gettable_params(void *provctx);
@@ -260,6 +275,45 @@ cleanup_nonce() is used to clean up and free the buffer returned by
 get_nonce().  The nonce pointer returned by get_nonce() is passed in
 B<buf> and its length in B<len>.
 
+provider_register_child_cb() registers callbacks for being informed about the
+loading and unloading of providers in the application's library context.
+I<handle> is this provider's handle and I<cbdata> is this provider's data
+that will be passed back to the callbacks. It returns 1 on success or 0
+otherwise.
+
+I<create_cb> is a callback that will be called when a new provider is loaded
+into the application's library context. It is also called for any providers that
+are already loaded at the point that this callback is registered. The callback
+is passed the handle being used for the new provider being loadded and this
+provider's data in I<cbdata>. It should return 1 on success  or 0 on failure.
+
+I<remove_cb> is a callback that will be called when a new provider is unloaded
+from the application's library context. It is passed the handle being used for
+the provider being unloaded and this provider's data in I<cbdata>. It should
+return 1 on success  or 0 on failure.
+
+provider_deregister_child_cb() unregisters callbacks previously registered via
+provider_register_child_cb(). If provider_register_child_cb() has been called
+then provider_deregister_child_cb() should be called at or before the point that
+this provider's teardown function is called.
+
+provider_name() returns a string giving the name of the provider identified by
+I<handle>.
+
+provider_get0_provider_ctx() returns the provider context that is associated
+with the provider identified by I<prov>.
+
+provider_get0_dispatch() gets the dispatch table registered by the provider
+identified by I<prov> when it initialised.
+
+provider_up_ref() increments the reference count on the provider I<prov>. If
+I<activate> is nonzero then the provider is also loaded if it is not already
+loaded. It returns 1 on success or 0 on failure.
+
+provider_free() decrements the reference count on the provider I<prov>. If
+I<deactivate> is nonzero then the provider is also unloaded if it is not
+already loaded. It returns 1 on success or 0 on failure.
+
 =head2 Provider functions
 
 provider_teardown() is called when a provider is shut down and removed
diff --git a/include/internal/core.h b/include/internal/core.h
index 68b3943679..091b4b2d04 100644
--- a/include/internal/core.h
+++ b/include/internal/core.h
@@ -64,5 +64,6 @@ char *ossl_algorithm_get1_first_name(const OSSL_ALGORITHM *algo);
 __owur int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx);
 __owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx);
 int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx);
+int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx);
 
 #endif
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index d583153b89..d943419a52 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -120,6 +120,7 @@ size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t);
 struct ex_callback_st {
     long argl;                  /* Arbitrary long */
     void *argp;                 /* Arbitrary void * */
+    int priority;               /* Priority ordering for freeing */
     CRYPTO_EX_new *new_func;
     CRYPTO_EX_free *free_func;
     CRYPTO_EX_dup *dup_func;
@@ -164,9 +165,15 @@ typedef struct ossl_ex_data_global_st {
 # define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX      15
 # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX           16
 # define OSSL_LIB_CTX_BIO_CORE_INDEX                17
-# define OSSL_LIB_CTX_MAX_INDEXES                   18
+# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX          18
+# define OSSL_LIB_CTX_MAX_INDEXES                   19
+
+# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY       0
+# define OSSL_LIB_CTX_METHOD_PRIORITY_1             1
+# define OSSL_LIB_CTX_METHOD_PRIORITY_2             2
 
 typedef struct ossl_lib_ctx_method {
+    int priority;
     void *(*new_func)(OSSL_LIB_CTX *ctx);
     void (*free_func)(void *);
 } OSSL_LIB_CTX_METHOD;
@@ -196,7 +203,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
                                     long argl, void *argp,
                                     CRYPTO_EX_new *new_func,
                                     CRYPTO_EX_dup *dup_func,
-                                    CRYPTO_EX_free *free_func);
+                                    CRYPTO_EX_free *free_func,
+                                    int priority);
 int ossl_crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx);
 
 /* Function for simple binary search */
diff --git a/include/internal/provider.h b/include/internal/provider.h
index 64fe2f1178..5b0af7a335 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -42,6 +42,15 @@ int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path);
 int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name,
                                 const char *value);
 
+int ossl_provider_is_child(const OSSL_PROVIDER *prov);
+int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle);
+int ossl_provider_convert_to_child(OSSL_PROVIDER *prov,
+                                   const OSSL_CORE_HANDLE *handle,
+                                   OSSL_provider_init_fn *init_function);
+const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov);
+int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate);
+int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate);
+
 /* Disable fallback loading */
 int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx);
 
@@ -49,7 +58,8 @@ int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx);
  * Activate the Provider
  * If the Provider is a module, the module will be loaded
  */
-int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks);
+int ossl_provider_activate(OSSL_PROVIDER *prov, int retain_fallbacks,
+                           int upcalls);
 int ossl_provider_deactivate(OSSL_PROVIDER *prov);
 /* Check if the provider is available (activated) */
 int ossl_provider_available(OSSL_PROVIDER *prov);
@@ -69,6 +79,7 @@ const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov);
 const char *ossl_provider_module_name(const OSSL_PROVIDER *prov);
 const char *ossl_provider_module_path(const OSSL_PROVIDER *prov);
 void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov);
+const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov);
 OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov);
 
 /* Thin wrappers around calls to the provider */
@@ -96,6 +107,12 @@ int ossl_provider_clear_all_operation_bits(OSSL_LIB_CTX *libctx);
 /* Configuration */
 void ossl_provider_add_conf_module(void);
 
+/* Child providers */
+int ossl_provider_init_child_providers(OSSL_LIB_CTX *ctx);
+int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
+                                const OSSL_CORE_HANDLE *handle,
+                                const OSSL_DISPATCH *in);
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index d088a66f30..5c453eaac0 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -183,6 +183,33 @@ OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle,
 OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle,
                                           unsigned char *buf, size_t len))
 
+/* Functions to access the core's providers */
+#define OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB   105
+#define OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB 106
+#define OSSL_FUNC_PROVIDER_NAME                107
+#define OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX   108
+#define OSSL_FUNC_PROVIDER_GET0_DISPATCH       109
+#define OSSL_FUNC_PROVIDER_UP_REF              110
+#define OSSL_FUNC_PROVIDER_FREE                111
+
+OSSL_CORE_MAKE_FUNC(int, provider_register_child_cb,
+                    (const OSSL_CORE_HANDLE *handle,
+                     int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata),
+                     int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata),
+                     void *cbdata))
+OSSL_CORE_MAKE_FUNC(void, provider_deregister_child_cb,
+                    (const OSSL_CORE_HANDLE *handle))
+OSSL_CORE_MAKE_FUNC(const char *, provider_name,
+                    (const OSSL_CORE_HANDLE *prov))
+OSSL_CORE_MAKE_FUNC(void *, provider_get0_provider_ctx,
+                    (const OSSL_CORE_HANDLE *prov))
+OSSL_CORE_MAKE_FUNC(const OSSL_DISPATCH *, provider_get0_dispatch,
+                    (const OSSL_CORE_HANDLE *prov))
+OSSL_CORE_MAKE_FUNC(int, provider_up_ref,
+                    (const OSSL_CORE_HANDLE *prov, int activate))
+OSSL_CORE_MAKE_FUNC(int, provider_free,
+                    (const OSSL_CORE_HANDLE *prov, int deactivate))
+
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN           1024
 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
index e868172acc..724e2ca5da 100644
--- a/include/openssl/crypto.h.in
+++ b/include/openssl/crypto.h.in
@@ -37,6 +37,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
 # include <openssl/types.h>
 # include <openssl/opensslconf.h>
 # include <openssl/cryptoerr.h>
+# include <openssl/core.h>
 
 # ifdef CHARSET_EBCDIC
 #  include <openssl/ebcdic.h>
@@ -517,7 +518,10 @@ CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
 int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
 
 OSSL_LIB_CTX *OSSL_LIB_CTX_new(void);
-OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_DISPATCH *in);
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle,
+                                             const OSSL_DISPATCH *in);
+OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle,
+                                     const OSSL_DISPATCH *in);
 int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
 void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
diff --git a/include/openssl/provider.h b/include/openssl/provider.h
index 56b430710f..e66d5324af 100644
--- a/include/openssl/provider.h
+++ b/include/openssl/provider.h
@@ -44,6 +44,7 @@ const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
 void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
                                      int operation_id, const OSSL_ALGORITHM *algs);
 void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
+const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov);
 
 /* Add a built in providers */
 int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *, const char *name,
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index a406564162..72d4f9cf28 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -97,10 +97,10 @@ ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05  crypto/bn/rsaz
 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea  crypto/bsearch.c
 c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
 35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c  crypto/cmac/cmac.c
-f63058e3d3df38f44856f062b7e67d58681488dbe7f27d90979cc4afdfe4a395  crypto/context.c
+b352903e60908dc7287051983e2068508715b4d9f3f46575540295010908bfa0  crypto/context.c
 0a27ead487bd4775cece449dab53ca5aa9d1997012c85b1dcd2178d3b851dd94  crypto/core_algorithm.c
 2185a7d136ee77725fc1b8a6b401bebceeeddc067eea0482e0ab2916ce550e78  crypto/core_fetch.c
-66d5fa1814ec1c80c1635dad5d4311722d20890afe44133f958a4be4447b8252  crypto/core_namemap.c
+9e0912561955172067e70ebb1913c4d9de35de612789e91f7f61180ca03b4ad8  crypto/core_namemap.c
 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3  crypto/cpuid.c
 7c5237bdc26eca21d4ccb25f13569e217103fe21574157b813c2aecd05983472  crypto/cryptlib.c
 53529f4e0575dd83b45a53e852fcec512ada53dd6979268e473885f139b8e0b9  crypto/ctype.c
@@ -169,7 +169,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5  crypto/evp/digest.c
 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b  crypto/evp/ec_support.c
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
-9b4956b5c28db987001b33421aacf3b9f352181f874c768ad1b034e083483561  crypto/evp/evp_fetch.c
+4518be2a70f28492668fe1ad6464593ff0db227ab75536bc5dc5a9c0da135800  crypto/evp/evp_fetch.c
 ce97d3bbaa68d2c3aae7f2c4d8709396ec2f0f131abf2c2584e523585ec89c02  crypto/evp/evp_lib.c
 af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
@@ -187,7 +187,7 @@ b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pme
 ff8a5ff024c228fe714e4cf758260cf9e9c992a9311acb5f96b0f2ed6af1a814  crypto/evp/pmeth_gn.c
 b360a72944bcb8f8ae8bd28d9b8a4a6aa4f39d1402295f84af243d14c3f1898c  crypto/evp/pmeth_lib.c
 52d8ea3b8b3ef52b58306b0fbd4557d682ba69a5384672ba7e1682c9a853f417  crypto/evp/signature.c
-e0a58ecf268c6bec531898d8fe6b148601b0bed8324fa8d5668de643c027606b  crypto/ex_data.c
+b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac  crypto/ex_data.c
 ae496cbb92b8664bb729997a241d12cc515a3944d66fe87b0c6e24f1011e061f  crypto/ffc/ffc_backend.c
 ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc_dh.c
 8390c3015b5bb7f65a5cde533390788e7e61e381823c58c2e7caf8e50ca63a3b  crypto/ffc/ffc_key_generate.c
@@ -196,7 +196,7 @@ a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52  crypto/ffc/ffc
 887357f0422954f2ecb855d468ad2456a76372dc401301ba284c0fd8c6b5092e  crypto/ffc/ffc_params_generate.c
 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
 c193773792bec29c791e84d150ffe5ef25f53cb02e23f0e12e9000234b4322e5  crypto/hmac/hmac.c
-7000ba81f54c1d516a536bc6e96ad3729e3b5b15740006c2e22f0b76606042d6  crypto/initthread.c
+271083f71a1ce24988a0932f73c0221260591823afd495bf2ae8d11e8469b659  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d  crypto/modes/asm/aes-gcm-armv8_64.pl
@@ -228,13 +228,13 @@ c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb  crypto/param_b
 1164175c2259bc104ec315d39a4f80fa67604f40e55036044d18ccf94da71a76  crypto/params_dup.c
 d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_from_text.c
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
-098d0722daac442b8b6a6fc0aa6c4a4c49f9329426c3e2db9ebf71fe32376e4c  crypto/property/defn_cache.c
-87cb2235e335046e04a563551cceb452e2eaf338123f482e76a037e4ffae0902  crypto/property/property.c
+2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3  crypto/property/defn_cache.c
+85b314961fa249dcaa2847294d1903447a3f5f73c0dd5ab10f7cd9641c925219  crypto/property/property.c
 51bc907d992893f03f35774178d2c8dc98cf3cf9503ff839ee1561640e6b274a  crypto/property/property_parse.c
-4941717698573a86d589fbec5002471cb4011e9a1840111a3ddccecc861a3af5  crypto/property/property_string.c
-8bf84eeb85a16128170eb295c77245c8ba4ecf25fa4d2be907a612245e4b8b24  crypto/provider_core.c
+e703fec7e28de11c89e131503eb75095472e8c03563105ca8767c34db22a105c  crypto/property/property_string.c
+c9d4d0adb3313c5c90c7db9bce9af59d02efc5fe8181c18a778625b1cc296d6f  crypto/provider_core.c
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
-4fec006dc82d1bc5c03aa1b6d011b670bed67fad12b73823eb6767afc4f241f3  crypto/rand/rand_lib.c
+14341361b4308fe1528b11a9f88edff037b10b51e9e7aa29b70b43a4e3be3d59  crypto/rand/rand_lib.c
 f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde  crypto/rand/rand_meth.c
 a6841319cb6e9970a3c3f8adb619086310e4b56d1f52448ef2e2caaeface4146  crypto/rsa/rsa_backend.c
 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e  crypto/rsa/rsa_chk.c
@@ -325,7 +325,7 @@ d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/comm
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3  providers/common/securitycheck.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
-fd92f958755683dda449a45f82ecdff342574a9536f6e8727decf5be9a5b747a  providers/fips/fipsprov.c
+5c31ba4eedb31e2509288be50280e0df58faa86fe4b5e99a1167a53fd6f3bd0f  providers/fips/fipsprov.c
 c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
 fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
 08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
@@ -382,8 +382,8 @@ c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87  providers/impl
 f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/implementations/macs/gmac_prov.c
 35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf  providers/implementations/macs/hmac_prov.c
 e42823cce1d08d9cb6cb32cc6b913241573c2cbbd856ff77a331b0956ee5aa02  providers/implementations/macs/kmac_prov.c
-dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064  providers/implementations/rands/crngt.c
-c7a811a8b2911ec76faf985145a445b81d19c57f5457dad203b39f1da48e6c1b  providers/implementations/rands/drbg.c
+bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c  providers/implementations/rands/crngt.c
+080afdc1704ad2a53cfbd54060b8b4f86a110ce48663fe86f2480d05aff00a15  providers/implementations/rands/drbg.c
 3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed  providers/implementations/rands/drbg_ctr.c
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index d34f8d6298..a02e185df1 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-d5397de128260293373b9e70152a07e990cf4f98accfe9c69b78aefc782e2e96  providers/fips-sources.checksums
+25ebfe80438755a6a997fd7b76a2d30725c7be0ae73b9378d0daf5e444453afa  providers/fips-sources.checksums
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 841c80bab7..7998d55d9a 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -96,6 +96,7 @@ static void fips_prov_ossl_ctx_free(void *fgbl)
 }
 
 static const OSSL_LIB_CTX_METHOD fips_prov_ossl_ctx_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     fips_prov_ossl_ctx_new,
     fips_prov_ossl_ctx_free,
 };
diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c
index f1b31df101..87902c995c 100644
--- a/providers/implementations/rands/crngt.c
+++ b/providers/implementations/rands/crngt.c
@@ -83,6 +83,7 @@ static void *rand_crng_ossl_ctx_new(OSSL_LIB_CTX *ctx)
 }
 
 static const OSSL_LIB_CTX_METHOD rand_crng_ossl_ctx_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     rand_crng_ossl_ctx_new,
     rand_crng_ossl_ctx_free,
 };
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 461d641273..81343fbd52 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -303,6 +303,7 @@ static void prov_drbg_nonce_ossl_ctx_free(void *vdngbl)
 }
 
 static const OSSL_LIB_CTX_METHOD drbg_nonce_ossl_ctx_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     prov_drbg_nonce_ossl_ctx_new,
     prov_drbg_nonce_ossl_ctx_free,
 };
diff --git a/providers/legacyprov.c b/providers/legacyprov.c
index 852f6a4e91..1f137a721f 100644
--- a/providers/legacyprov.c
+++ b/providers/legacyprov.c
@@ -178,13 +178,8 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
 {
     OSSL_LIB_CTX *libctx = NULL;
 
-    /*
-     * We do not need to use any up-calls provided by libcrypto, so we ignore
-     * the "in" dispatch table.
-     */
-
     if ((*provctx = ossl_prov_ctx_new()) == NULL
-        || (libctx = OSSL_LIB_CTX_new()) == NULL) {
+        || (libctx = OSSL_LIB_CTX_new_child(handle, in)) == NULL) {
         OSSL_LIB_CTX_free(libctx);
         legacy_teardown(*provctx);
         *provctx = NULL;
diff --git a/test/bio_core_test.c b/test/bio_core_test.c
index 9ec8af9b8f..ae326cef92 100644
--- a/test/bio_core_test.c
+++ b/test/bio_core_test.c
@@ -55,7 +55,7 @@ static const OSSL_DISPATCH biocbs[] = {
 static int test_bio_core(void)
 {
     BIO *cbio = NULL, *cbiobad = NULL;
-    OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(biocbs);
+    OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(NULL, biocbs);
     int testresult = 0;
     OSSL_CORE_BIO corebio;
     const char *msg = "Hello world";
diff --git a/test/context_internal_test.c b/test/context_internal_test.c
index 46afd9f521..4c02f601cc 100644
--- a/test/context_internal_test.c
+++ b/test/context_internal_test.c
@@ -39,6 +39,7 @@ static void foo_free(void *ptr)
     OPENSSL_free(ptr);
 }
 static const OSSL_LIB_CTX_METHOD foo_method = {
+    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     foo_new,
     foo_free
 };
diff --git a/test/p_test.c b/test/p_test.c
index 6f55abda01..8c7bdaf7b8 100644
--- a/test/p_test.c
+++ b/test/p_test.c
@@ -30,11 +30,16 @@
 #include <openssl/core.h>
 #include <openssl/core_dispatch.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/provider.h>
 
 typedef struct p_test_ctx {
     char *thisfile;
     char *thisfunc;
     const OSSL_CORE_HANDLE *handle;
+    OSSL_LIB_CTX *libctx;
+    OSSL_PROVIDER *deflt;
 } P_TEST_CTX;
 
 static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL;
@@ -46,6 +51,7 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error;
 /* Tell the core what params we provide and what type they are */
 static const OSSL_PARAM p_param_types[] = {
     { "greeting", OSSL_PARAM_UTF8_STRING, NULL, 0, 0 },
+    { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0},
     { NULL, 0, NULL, 0, 0 }
 };
 
@@ -109,6 +115,47 @@ static int p_get_params(void *provctx, OSSL_PARAM params[])
                 strcpy(p->data, buf);
             else
                 ok = 0;
+        } else if (strcmp(p->key, "digest-check") == 0) {
+            unsigned int digestsuccess = 0;
+
+            /*
+             * Test we can use an algorithm from another provider. We're using
+             * legacy to check that legacy is actually available and we haven't
+             * just fallen back to default.
+             */
+#ifdef PROVIDER_INIT_FUNCTION_NAME
+            EVP_MD *md4 = EVP_MD_fetch(ctx->libctx, "MD4", NULL);
+            EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+            const char *msg = "Hello world";
+            unsigned char out[16];
+
+            /*
+             * We should have the default provider available that we loaded
+             * ourselves, and the base and legacy providers which we inherit
+             * from the parent libctx. We should also have "this" provider
+             * available.
+             */
+            if (OSSL_PROVIDER_available(ctx->libctx, "default")
+                    && OSSL_PROVIDER_available(ctx->libctx, "base")
+                    && OSSL_PROVIDER_available(ctx->libctx, "legacy")
+                    && OSSL_PROVIDER_available(ctx->libctx, "p_test")
+                    && md4 != NULL
+                    && mdctx != NULL) {
+                if (EVP_DigestInit_ex(mdctx, md4, NULL)
+                        && EVP_DigestUpdate(mdctx, (const unsigned char *)msg,
+                                            strlen(msg))
+                        &&EVP_DigestFinal(mdctx, out, NULL))
+                    digestsuccess = 1;
+            }
+            EVP_MD_CTX_free(mdctx);
+            EVP_MD_free(md4);
+#endif
+            if (p->data_size >= sizeof(digestsuccess)) {
+                *(unsigned int *)p->data = digestsuccess;
+                p->return_size = sizeof(digestsuccess);
+            } else {
+                ok = 0;
+            }
         }
     }
     return ok;
@@ -130,6 +177,8 @@ static const OSSL_ITEM *p_get_reason_strings(void *_)
 {
     static const OSSL_ITEM reason_strings[] = {
         {1, "dummy reason string"},
+        {2, "Can't create child library context"},
+        {3, "Can't load default provider"},
         {0, NULL}
     };
 
@@ -146,11 +195,12 @@ static const OSSL_DISPATCH p_test_table[] = {
 };
 
 int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
-                       const OSSL_DISPATCH *in,
+                       const OSSL_DISPATCH *oin,
                        const OSSL_DISPATCH **out,
                        void **provctx)
 {
     P_TEST_CTX *ctx;
+    const OSSL_DISPATCH *in = oin;
 
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
@@ -191,6 +241,30 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
     ctx->thisfile = strdup(OPENSSL_FILE);
     ctx->thisfunc = strdup(OPENSSL_FUNC);
     ctx->handle = handle;
+#ifdef PROVIDER_INIT_FUNCTION_NAME
+    /* We only do this if we are linked with libcrypto */
+    ctx->libctx = OSSL_LIB_CTX_new_child(handle, oin);
+    if (ctx->libctx == NULL) {
+        /* We set error "2" for a failure to create the child libctx*/
+        p_set_error(ERR_LIB_PROV, 2, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc,
+                    NULL);
+        p_teardown(ctx);
+        return 0;
+    }
+    /*
+     * "default" has not been loaded into the parent libctx. We should be able
+     * to explicitly load it as a non-child provider.
+     */
+    ctx->deflt = OSSL_PROVIDER_load(ctx->libctx, "default");
+    if (ctx->deflt == NULL
+            || !OSSL_PROVIDER_available(ctx->libctx, "default")) {
+        /* We set error "3" for a failure to load the default provider */
+        p_set_error(ERR_LIB_PROV, 3, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc,
+                    NULL);
+        p_teardown(ctx);
+        return 0;
+    }
+#endif
 
     /*
      * Set a spurious error to check error handling works correctly. This will
@@ -207,6 +281,10 @@ static void p_teardown(void *provctx)
 {
     P_TEST_CTX *ctx = (P_TEST_CTX *)provctx;
 
+#ifdef PROVIDER_INIT_FUNCTION_NAME
+    OSSL_PROVIDER_unload(ctx->deflt);
+    OSSL_LIB_CTX_free(ctx->libctx);
+#endif
     free(ctx->thisfile);
     free(ctx->thisfunc);
     free(ctx);
diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c
index 7bf2b8e272..2341dd3dac 100644
--- a/test/provider_internal_test.c
+++ b/test/provider_internal_test.c
@@ -26,7 +26,7 @@ static int test_provider(OSSL_PROVIDER *prov, const char *expected_greeting)
     int ret = 0;
 
     ret =
-        TEST_true(ossl_provider_activate(prov, 0))
+        TEST_true(ossl_provider_activate(prov, 0, 1))
         && TEST_true(ossl_provider_get_params(prov, greeting_request))
         && TEST_ptr(greeting = greeting_request[0].data)
         && TEST_size_t_gt(greeting_request[0].data_size, 0)
diff --git a/test/provider_test.c b/test/provider_test.c
index d89611b9b2..4d8dbaee6f 100644
--- a/test/provider_test.c
+++ b/test/provider_test.c
@@ -19,26 +19,88 @@ static OSSL_PARAM greeting_request[] = {
     { NULL, 0, NULL, 0, 0 }
 };
 
-static int test_provider(OSSL_LIB_CTX **libctx, const char *name)
+static unsigned int digestsuccess = 0;
+static OSSL_PARAM digest_check[] = {
+    { "digest-check", OSSL_PARAM_UNSIGNED_INTEGER, &digestsuccess,
+      sizeof(digestsuccess) },
+    { NULL, 0, NULL, 0, 0 }
+};
+
+static int test_provider(OSSL_LIB_CTX **libctx, const char *name,
+                         OSSL_PROVIDER *legacy)
 {
     OSSL_PROVIDER *prov = NULL;
     const char *greeting = NULL;
     char expected_greeting[256];
     int ok = 0;
     long err;
+    int dolegacycheck = (legacy != NULL);
+    OSSL_PROVIDER *deflt = NULL, *base = NULL;
 
     BIO_snprintf(expected_greeting, sizeof(expected_greeting),
                  "Hello OpenSSL %.20s, greetings from %s!",
                  OPENSSL_VERSION_STR, name);
 
-    if (!TEST_ptr(prov = OSSL_PROVIDER_load(*libctx, name))
-            || !TEST_true(OSSL_PROVIDER_get_params(prov, greeting_request))
+    /*
+        * Check that it is possible to have a built-in provider mirrored in
+        * a child lib ctx.
+        */
+    if (!TEST_ptr(base = OSSL_PROVIDER_load(*libctx, "base")))
+        goto err;
+    if (!TEST_ptr(prov = OSSL_PROVIDER_load(*libctx, name)))
+        goto err;
+    if (dolegacycheck) {
+        if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
+                || !TEST_true(digestsuccess))
+            goto err;
+    }
+    if (!TEST_true(OSSL_PROVIDER_get_params(prov, greeting_request))
             || !TEST_ptr(greeting = greeting_request[0].data)
             || !TEST_size_t_gt(greeting_request[0].data_size, 0)
-            || !TEST_str_eq(greeting, expected_greeting)
-            || !TEST_true(OSSL_PROVIDER_unload(prov)))
+            || !TEST_str_eq(greeting, expected_greeting))
+        goto err;
+
+    /* Make sure we got the error we were expecting */
+    err = ERR_peek_last_error();
+    if (!TEST_int_gt(err, 0)
+            || !TEST_int_eq(ERR_GET_REASON(err), 1))
         goto err;
 
+    OSSL_PROVIDER_unload(legacy);
+    legacy = NULL;
+
+    if (dolegacycheck) {
+        /* Legacy provider should also be unloaded from child libctx */
+        if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
+                || !TEST_false(digestsuccess))
+            goto err;
+        /*
+         * Loading the legacy provider again should make it available again in
+         * the child libctx. Loading and unloading the default provider should
+         * have no impact on the child because the child loads it explicitly
+         * before this point.
+         */
+        legacy = OSSL_PROVIDER_load(*libctx, "legacy");
+        deflt = OSSL_PROVIDER_load(*libctx, "default");
+        if (!TEST_ptr(deflt)
+                || !TEST_true(OSSL_PROVIDER_available(*libctx, "default")))
+            goto err;
+        OSSL_PROVIDER_unload(deflt);
+        deflt = NULL;
+        if (!TEST_ptr(legacy)
+                || !TEST_false(OSSL_PROVIDER_available(*libctx, "default"))
+                || !TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
+                || !TEST_true(digestsuccess))
+        goto err;
+        OSSL_PROVIDER_unload(legacy);
+        legacy = NULL;
+    }
+
+    if (!TEST_true(OSSL_PROVIDER_unload(base)))
+        goto err;
+    base = NULL;
+    if (!TEST_true(OSSL_PROVIDER_unload(prov)))
+        goto err;
     prov = NULL;
 
     /*
@@ -48,16 +110,14 @@ static int test_provider(OSSL_LIB_CTX **libctx, const char *name)
     OSSL_LIB_CTX_free(*libctx);
     *libctx = NULL;
 
-    /* Make sure we got the error we were expecting */
-    err = ERR_peek_last_error();
-    if (!TEST_int_gt(err, 0)
-            || !TEST_int_eq(ERR_GET_REASON(err), 1))
-        goto err;
-
     /* We print out all the data to make sure it can still be accessed */
     ERR_print_errors_fp(stderr);
     ok = 1;
  err:
+    OSSL_PROVIDER_unload(base);
+    OSSL_PROVIDER_unload(deflt);
+    OSSL_PROVIDER_unload(legacy);
+    legacy = NULL;
     OSSL_PROVIDER_unload(prov);
     OSSL_LIB_CTX_free(*libctx);
     *libctx = NULL;
@@ -74,13 +134,42 @@ static int test_builtin_provider(void)
         TEST_ptr(libctx)
         && TEST_true(OSSL_PROVIDER_add_builtin(libctx, name,
                                                PROVIDER_INIT_FUNCTION_NAME))
-        && test_provider(&libctx, name);
+        && test_provider(&libctx, name, NULL);
 
     OSSL_LIB_CTX_free(libctx);
 
     return ok;
 }
 
+/* Test relies on fetching the MD4 digest from the legacy provider */
+#ifndef OPENSSL_NO_MD4
+static int test_builtin_provider_with_child(void)
+{
+    OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
+    const char *name = "p_test";
+    OSSL_PROVIDER *legacy;
+
+    if (!TEST_ptr(libctx))
+        return 0;
+
+    legacy = OSSL_PROVIDER_load(libctx, "legacy");
+    if (legacy == NULL) {
+        /*
+         * In this case we assume we've been built with "no-legacy" and skip
+         * this test (there is no OPENSSL_NO_LEGACY)
+         */
+        return 1;
+    }
+
+    if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, name,
+                                             PROVIDER_INIT_FUNCTION_NAME)))
+        return 0;
+
+    /* test_provider will free libctx and unload legacy as part of the test */
+    return test_provider(&libctx, name, legacy);
+}
+#endif
+
 #ifndef NO_PROVIDER_MODULE
 static int test_loaded_provider(void)
 {
@@ -91,15 +180,54 @@ static int test_loaded_provider(void)
         return 0;
 
     /* test_provider will free libctx as part of the test */
-    return test_provider(&libctx, name);
+    return test_provider(&libctx, name, NULL);
 }
 #endif
 
+typedef enum OPTION_choice {
+    OPT_ERR = -1,
+    OPT_EOF = 0,
+    OPT_LOADED,
+    OPT_TEST_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS *test_get_options(void)
+{
+    static const OPTIONS test_options[] = {
+        OPT_TEST_OPTIONS_DEFAULT_USAGE,
+        { "loaded", OPT_LOADED, '-', "Run test with a loaded provider" },
+        { NULL }
+    };
+    return test_options;
+}
+
 int setup_tests(void)
 {
-    ADD_TEST(test_builtin_provider);
+    OPTION_CHOICE o;
+    int loaded = 0;
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_TEST_CASES:
+            break;
+        case OPT_LOADED:
+            loaded = 1;
+            break;
+        default:
+            return 0;
+        }
+    }
+
+    if (!loaded) {
+        ADD_TEST(test_builtin_provider);
+#ifndef OPENSSL_NO_MD4
+        ADD_TEST(test_builtin_provider_with_child);
+#endif
+    }
 #ifndef NO_PROVIDER_MODULE
-    ADD_TEST(test_loaded_provider);
+    else {
+        ADD_TEST(test_loaded_provider);
+    }
 #endif
     return 1;
 }
diff --git a/test/recipes/04-test_provider.t b/test/recipes/04-test_provider.t
index 9195a424cd..44274f8f07 100644
--- a/test/recipes/04-test_provider.t
+++ b/test/recipes/04-test_provider.t
@@ -8,11 +8,14 @@
 
 use strict;
 use OpenSSL::Test qw(:DEFAULT bldtop_dir);
-use OpenSSL::Test::Simple;
 use OpenSSL::Test::Utils;
 
 setup("test_provider");
 
+plan tests => 2;
+
+ok(run(test(['provider_test'])), "provider_test");
+
 $ENV{"OPENSSL_MODULES"} = bldtop_dir("test");
 
-simple_test("test_provider", "provider_test");
+ok(run(test(['provider_test', '-loaded'])), "provider_test -loaded");
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1820baf4ad..a99b5aa047 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5402,3 +5402,5 @@ BIO_new_from_core_bio                   ?	3_0_0	EXIST::FUNCTION:
 BIO_new_ex                              ?	3_0_0	EXIST::FUNCTION:
 BIO_s_core                              ?	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_from_dispatch          ?	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_new_child                  ?	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get0_dispatch             ?	3_0_0	EXIST::FUNCTION:

From no-reply at appveyor.com  Tue May 11 15:31:23 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 11 May 2021 15:31:23 +0000
Subject: Build failed: openssl master.42000
Message-ID: <20210511153123.1.6FF69035436879FB@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210511/9a4c6417/attachment.html>

From tomas at openssl.org  Tue May 11 16:27:32 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 11 May 2021 16:27:32 +0000
Subject: [openssl]  master update
Message-ID: <1620750452.468803.7032.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c7978e506b2d1300accd9e696656f9cc94196e6d (commit)
      from  b8be229dab036b26de8830444bf2beb82e71f50e (commit)


- Log -----------------------------------------------------------------
commit c7978e506b2d1300accd9e696656f9cc94196e6d
Author: Xiaofei Bai <xiaofei.bai at arm.com>
Date:   Mon May 10 09:12:22 2021 +0000

    Fix missing $CPUIDDEF in libdefault.a
    
    This fixes a build error caused by missing $CPUIDDEF when
    compiling libdefault.a, and some functions(like armv8_aes_gcm_encrypt)
    become undefined.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15215)

-----------------------------------------------------------------------

Summary of changes:
 crypto/build.info | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/build.info b/crypto/build.info
index ed4581eef5..9d8eda2884 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -81,6 +81,7 @@ ENDIF
 # Implementations are now spread across several libraries, so the CPUID define
 # need to be applied to all affected libraries and modules.
 DEFINE[../providers/libcommon.a]=$CPUIDDEF
+DEFINE[../providers/libdefault.a]=$CPUIDDEF
 
 # The Core
 $CORE_COMMON=provider_core.c provider_predefined.c \

From no-reply at appveyor.com  Tue May 11 18:20:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 11 May 2021 18:20:02 +0000
Subject: Build completed: openssl master.42001
Message-ID: <20210511182002.1.C1D2B81C49EED27E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210511/98dde3e6/attachment.html>

From dev at ddvo.net  Tue May 11 19:25:30 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 11 May 2021 19:25:30 +0000
Subject: [openssl]  master update
Message-ID: <1620761130.991036.8744.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c6b72390721622bad4815e912f005e7add940e92 (commit)
      from  c7978e506b2d1300accd9e696656f9cc94196e6d (commit)


- Log -----------------------------------------------------------------
commit c6b72390721622bad4815e912f005e7add940e92
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 10 16:27:13 2021 +0200

    80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!
    
    This now correctly fixes #14966.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15217)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/80-test_cmp_http.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index 5b9796e6ee..7bb720a823 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations');
 use lib bldtop_dir('.');
 
 plan skip_all => "These tests are not supported in a fuzz build"
-    if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|fuzz-afl/;
+    if config('options') =~ /-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION|enable-fuzz-afl/;
 
 plan skip_all => "These tests are not supported in a no-cmp build"
     if disabled("cmp");

From pauli at openssl.org  Wed May 12 01:14:26 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 12 May 2021 01:14:26 +0000
Subject: [openssl]  master update
Message-ID: <1620782066.013188.11752.nullmailer@dev.openssl.org>

The branch master has been updated
       via  842d61b5177bb57b7de374a3f25adc9e07e269d8 (commit)
       via  0df56c30f7ad1d29bac5ed2546069402d6219c15 (commit)
       via  4885ecffc7857a3eb4ef580763b1200cbaf9f45e (commit)
       via  54e1c14a29ef338a60ef180e213ffaeb3010f798 (commit)
       via  b0f6402bf41a66ebfa13e98bb96763d01bb27d2f (commit)
      from  c6b72390721622bad4815e912f005e7add940e92 (commit)


- Log -----------------------------------------------------------------
commit 842d61b5177bb57b7de374a3f25adc9e07e269d8
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 11:14:02 2021 +1000

    Checksum update
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>

commit 0df56c30f7ad1d29bac5ed2546069402d6219c15
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 14:13:30 2021 +1000

    evp: fix return code check.
    
    The return from evp_do_md_getparams() is 0 for failure and -1 for not being
    a provided algorithm.  The code in evp_md_cache_constants() failed to check
    the return code properly.  In this case it was harmless but better to fix it.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15208)

commit 4885ecffc7857a3eb4ef580763b1200cbaf9f45e
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 10:24:13 2021 +1000

    coverity: fix 1484542 dereference after null check
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15208)

commit 54e1c14a29ef338a60ef180e213ffaeb3010f798
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 10:18:07 2021 +1000

    coverity: fix 1484540 resource leak
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15208)

commit b0f6402bf41a66ebfa13e98bb96763d01bb27d2f
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 10:17:38 2021 +1000

    coverity: fix 1484539 resource leak
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15208)

-----------------------------------------------------------------------

Summary of changes:
 apps/kdf.c                       | 3 ++-
 apps/mac.c                       | 3 ++-
 crypto/evp/digest.c              | 2 +-
 crypto/evp/evp_lib.c             | 6 ++----
 providers/fips-sources.checksums | 4 ++--
 providers/fips.checksum          | 2 +-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/apps/kdf.c b/apps/kdf.c
index 7b016051f1..c4892ed20e 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -52,13 +52,14 @@ static char *alloc_kdf_algorithm_name(STACK_OF(OPENSSL_STRING) **optp,
                                       const char *name, const char *arg)
 {
     size_t len = strlen(name) + strlen(arg) + 2;
-    char *res = app_malloc(len, "algorithm name");
+    char *res;
 
     if (*optp == NULL)
         *optp = sk_OPENSSL_STRING_new_null();
     if (*optp == NULL)
         return NULL;
 
+    res = app_malloc(len, "algorithm name");
     BIO_snprintf(res, len, "%s:%s", name, arg);
     if (sk_OPENSSL_STRING_push(*optp, res))
         return res;
diff --git a/apps/mac.c b/apps/mac.c
index ca02a781e5..5f80ca22c7 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -56,13 +56,14 @@ static char *alloc_mac_algorithm_name(STACK_OF(OPENSSL_STRING) **optp,
                                       const char *name, const char *arg)
 {
     size_t len = strlen(name) + strlen(arg) + 2;
-    char *res = app_malloc(len, "algorithm name");
+    char *res;
 
     if (*optp == NULL)
         *optp = sk_OPENSSL_STRING_new_null();
     if (*optp == NULL)
         return NULL;
 
+    res = app_malloc(len, "algorithm name");
     BIO_snprintf(res, len, "%s:%s", name, arg);
     if (sk_OPENSSL_STRING_push(*optp, res))
         return res;
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index e584bd8b2b..25ce609854 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -882,7 +882,7 @@ static int evp_md_cache_constants(EVP_MD *md)
     params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT,
                                          &algid_absent);
     params[4] = OSSL_PARAM_construct_end();
-    ok = evp_do_md_getparams(md, params);
+    ok = evp_do_md_getparams(md, params) > 0;
     if (mdsize > INT_MAX || blksz > INT_MAX)
         ok = 0;
     if (ok) {
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index dfc4059d76..e2ac6af895 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -358,7 +358,7 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher)
     params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK,
                                          &multiblock);
     params[8] = OSSL_PARAM_construct_end();
-    ok = evp_do_ciph_getparams(cipher, params);
+    ok = evp_do_ciph_getparams(cipher, params) > 0;
     if (ok) {
         cipher->block_size = blksz;
         cipher->iv_len = ivlen;
@@ -372,10 +372,8 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher)
             cipher->flags |= EVP_CIPH_FLAG_CTS;
         if (multiblock)
             cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;
-        /* Provided implementations may have a custom cipher_cipher */
-        if (cipher->prov != NULL && cipher->ccipher != NULL)
+        if (cipher->ccipher != NULL)
             cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
-        /* Provided implementations may also have custom ASN1 algorithm parameters */
         if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher),
                                     OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS))
             cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1;
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 72d4f9cf28..dfcfb83178 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -166,11 +166,11 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
-e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5  crypto/evp/digest.c
+3c8e633beeb9b79cac2f068de248b7f1ad55910d2e2ff10b2b3694daae552436  crypto/evp/digest.c
 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b  crypto/evp/ec_support.c
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
 4518be2a70f28492668fe1ad6464593ff0db227ab75536bc5dc5a9c0da135800  crypto/evp/evp_fetch.c
-ce97d3bbaa68d2c3aae7f2c4d8709396ec2f0f131abf2c2584e523585ec89c02  crypto/evp/evp_lib.c
+1a168c88f1ee61d0f0c94ea72e220f913526a09fc09b8ba1706eb126e948699c  crypto/evp/evp_lib.c
 af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
 896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a  crypto/evp/exchange.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index a02e185df1..2a2fc21d65 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-25ebfe80438755a6a997fd7b76a2d30725c7be0ae73b9378d0daf5e444453afa  providers/fips-sources.checksums
+4d519901583d7281047570278c491370463f04412f648f2862d41d04a99ad4e8  providers/fips-sources.checksums

From pauli at openssl.org  Wed May 12 04:51:45 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 12 May 2021 04:51:45 +0000
Subject: [openssl]  master update
Message-ID: <1620795105.437904.20516.nullmailer@dev.openssl.org>

The branch master has been updated
       via  de3379c94133b5152c344a2cf9d9d3f89a35ee20 (commit)
       via  8975b76efa73dfb68780f5e5751424ec5e427bdc (commit)
      from  842d61b5177bb57b7de374a3f25adc9e07e269d8 (commit)


- Log -----------------------------------------------------------------
commit de3379c94133b5152c344a2cf9d9d3f89a35ee20
Author: EasySec <easy.sec at free.fr>
Date:   Wed May 5 17:59:29 2021 +0200

    find-doc-nits fix courtesy Rich Salz
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11481)

commit 8975b76efa73dfb68780f5e5751424ec5e427bdc
Author: EasySec <easy.sec at free.fr>
Date:   Tue Apr 7 16:59:47 2020 +0200

    use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11481)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_sessions.pod | 2 +-
 util/find-doc-nits            | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/man3/SSL_CTX_sessions.pod b/doc/man3/SSL_CTX_sessions.pod
index 5c28ebc272..0347b700f4 100644
--- a/doc/man3/SSL_CTX_sessions.pod
+++ b/doc/man3/SSL_CTX_sessions.pod
@@ -8,7 +8,7 @@ SSL_CTX_sessions - access internal session cache
 
  #include <openssl/ssl.h>
 
- struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
 
 =head1 DESCRIPTION
 
diff --git a/util/find-doc-nits b/util/find-doc-nits
index 60a2b8c6a0..a5ea78706d 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -351,6 +351,7 @@ sub name_synopsis {
 
         my $sym;
         my $is_prototype = 1;
+        $line =~ s/LHASH_OF\([^)]+\)/int/g;
         $line =~ s/STACK_OF\([^)]+\)/int/g;
         $line =~ s/SPARSE_ARRAY_OF\([^)]+\)/int/g;
         $line =~ s/__declspec\([^)]+\)//;

From pauli at openssl.org  Wed May 12 05:06:45 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 12 May 2021 05:06:45 +0000
Subject: [openssl]  master update
Message-ID: <1620796005.838716.14432.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7303c5821779613e9a7fe239990662f80284a693 (commit)
      from  de3379c94133b5152c344a2cf9d9d3f89a35ee20 (commit)


- Log -----------------------------------------------------------------
commit 7303c5821779613e9a7fe239990662f80284a693
Author: Job Snijders <job at sobornost.net>
Date:   Sun May 9 20:24:29 2021 +0000

    Add OID for RPKI id-ct-signedChecklist
    
    References: draft-ietf-sidrops-rpki-rsc - Resource Public Key Infrastructure
    (RPKI) object profile for Signed Checklist (RSC)
    
    OID listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)'
    https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
    
    CLA: Trivial
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15207)

-----------------------------------------------------------------------

Summary of changes:
 crypto/objects/obj_dat.h   | 15 ++++++++++-----
 crypto/objects/obj_mac.num |  1 +
 crypto/objects/objects.txt |  1 +
 fuzz/oids.txt              |  1 +
 include/openssl/obj_mac.h  |  4 ++++
 5 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 3ce82bf4e6..5d638fb05d 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[8065] = {
+static const unsigned char so[8076] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1114,9 +1114,10 @@ static const unsigned char so[8065] = {
     0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0B,       /* [ 8037] OBJ_signedObject */
     0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0D,       /* [ 8045] OBJ_rpkiNotify */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x2F,  /* [ 8053] OBJ_id_ct_geofeedCSVwithCRLF */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x30,  /* [ 8064] OBJ_id_ct_signedChecklist */
 };
 
-#define NUM_NID 1247
+#define NUM_NID 1248
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2365,9 +2366,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"signedObject", "Signed Object", NID_signedObject, 8, &so[8037]},
     {"rpkiNotify", "RPKI Notify", NID_rpkiNotify, 8, &so[8045]},
     {"id-ct-geofeedCSVwithCRLF", "id-ct-geofeedCSVwithCRLF", NID_id_ct_geofeedCSVwithCRLF, 11, &so[8053]},
+    {"id-ct-signedChecklist", "id-ct-signedChecklist", NID_id_ct_signedChecklist, 11, &so[8064]},
 };
 
-#define NUM_SN 1238
+#define NUM_SN 1239
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2984,6 +2986,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1234,    /* "id-ct-routeOriginAuthz" */
     1236,    /* "id-ct-rpkiGhostbusters" */
     1235,    /* "id-ct-rpkiManifest" */
+    1247,    /* "id-ct-signedChecklist" */
     1060,    /* "id-ct-xml" */
     1108,    /* "id-dsa-with-sha3-224" */
     1109,    /* "id-dsa-with-sha3-256" */
@@ -3609,7 +3612,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1238
+#define NUM_LN 1239
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -4244,6 +4247,7 @@ static const unsigned int ln_objs[NUM_LN] = {
     1234,    /* "id-ct-routeOriginAuthz" */
     1236,    /* "id-ct-rpkiGhostbusters" */
     1235,    /* "id-ct-rpkiManifest" */
+    1247,    /* "id-ct-signedChecklist" */
     1060,    /* "id-ct-xml" */
      408,    /* "id-ecPublicKey" */
      508,    /* "id-hex-multipart-message" */
@@ -4851,7 +4855,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      125,    /* "zlib compression" */
 };
 
-#define NUM_OBJ 1109
+#define NUM_OBJ 1110
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -5891,6 +5895,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     1236,    /* OBJ_id_ct_rpkiGhostbusters       1 2 840 113549 1 9 16 1 35 */
     1237,    /* OBJ_id_ct_resourceTaggedAttest   1 2 840 113549 1 9 16 1 36 */
     1246,    /* OBJ_id_ct_geofeedCSVwithCRLF     1 2 840 113549 1 9 16 1 47 */
+    1247,    /* OBJ_id_ct_signedChecklist        1 2 840 113549 1 9 16 1 48 */
      212,    /* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
      213,    /* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
      214,    /* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 5b89b7b84a..c626558ad5 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1244,3 +1244,4 @@ rpkiManifest		1243
 signedObject		1244
 rpkiNotify		1245
 id_ct_geofeedCSVwithCRLF		1246
+id_ct_signedChecklist		1247
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 6fde1ca116..51dba7dcf3 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -281,6 +281,7 @@ id-smime-ct 28		: id-ct-xml
 id-smime-ct 35		: id-ct-rpkiGhostbusters
 id-smime-ct 36		: id-ct-resourceTaggedAttest
 id-smime-ct 47		: id-ct-geofeedCSVwithCRLF
+id-smime-ct 48		: id-ct-signedChecklist
 
 # S/MIME Attributes
 id-smime-aa 1		: id-smime-aa-receiptRequest
diff --git a/fuzz/oids.txt b/fuzz/oids.txt
index 8ca5291a01..f0dbc30fc3 100644
--- a/fuzz/oids.txt
+++ b/fuzz/oids.txt
@@ -1110,3 +1110,4 @@ OBJ_rpkiManifest="\x2B\x06\x01\x05\x05\x07\x30\x0A"
 OBJ_signedObject="\x2B\x06\x01\x05\x05\x07\x30\x0B"
 OBJ_rpkiNotify="\x2B\x06\x01\x05\x05\x07\x30\x0D"
 OBJ_id_ct_geofeedCSVwithCRLF="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x2F"
+OBJ_id_ct_signedChecklist="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x30"
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 9e9e3ab22f..0e86027667 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -882,6 +882,10 @@
 #define NID_id_ct_geofeedCSVwithCRLF            1246
 #define OBJ_id_ct_geofeedCSVwithCRLF            OBJ_id_smime_ct,47L
 
+#define SN_id_ct_signedChecklist                "id-ct-signedChecklist"
+#define NID_id_ct_signedChecklist               1247
+#define OBJ_id_ct_signedChecklist               OBJ_id_smime_ct,48L
+
 #define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
 #define NID_id_smime_aa_receiptRequest          212
 #define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L

From pauli at openssl.org  Wed May 12 07:12:50 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 12 May 2021 07:12:50 +0000
Subject: [openssl]  master update
Message-ID: <1620803570.441456.8991.nullmailer@dev.openssl.org>

The branch master has been updated
       via  ab6db11e63485e8dc17f768f9be35a9120f20c91 (commit)
       via  4da44374d1d5cb1142107385a7f7bdc9e9f48afc (commit)
      from  7303c5821779613e9a7fe239990662f80284a693 (commit)


- Log -----------------------------------------------------------------
commit ab6db11e63485e8dc17f768f9be35a9120f20c91
Author: Pauli <pauli at openssl.org>
Date:   Tue May 4 08:59:01 2021 +1000

    Run-checker converted to GitHub Actions
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15129)

commit 4da44374d1d5cb1142107385a7f7bdc9e9f48afc
Author: Pauli <pauli at openssl.org>
Date:   Fri May 7 13:26:44 2021 +1000

    coveralls: fix comment to indicate daily not weekly
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15129)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/coveralls.yml         |   2 +-
 .github/workflows/run-checker-ci.yml    |  38 +++++++++
 .github/workflows/run-checker-daily.yml | 134 ++++++++++++++++++++++++++++++++
 .github/workflows/run-checker-merge.yml |  31 ++++++++
 4 files changed, 204 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/run-checker-ci.yml
 create mode 100644 .github/workflows/run-checker-daily.yml
 create mode 100644 .github/workflows/run-checker-merge.yml

diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml
index 758ed9b581..c6e4f76bfc 100644
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -1,6 +1,6 @@
 name: Coverage
 
-#Run once a week
+#Run once a day
 on:
   schedule:
     - cron:  '49 0 * * *'
diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml
new file mode 100644
index 0000000000..d89c7740e1
--- /dev/null
+++ b/.github/workflows/run-checker-ci.yml
@@ -0,0 +1,38 @@
+
+# Jobs run per pull request submission
+name: Run-checker CI
+on: [pull_request]
+jobs:
+  run-checker:
+    strategy:
+      fail-fast: false
+      matrix:
+        opt: [
+          no-cmp,
+          no-cms,
+          no-ct,
+          no-dtls,
+          no-ec,
+          no-legacy,
+          no-siv,
+          no-sock,
+          no-srp,
+          no-srtp,
+          enable-ssl-trace,
+          no-tests,
+          no-threads,
+          no-tls,
+          no-tls1_3,
+          enable-trace,
+          no-ts,
+          no-ui,
+        ]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout at v2
+    - name: config
+      run: CC=clang ./config --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
+    - name: make
+      run: make -s -j4
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
new file mode 100644
index 0000000000..9f0bc37db2
--- /dev/null
+++ b/.github/workflows/run-checker-daily.yml
@@ -0,0 +1,134 @@
+name: Run-checker daily
+# Jobs run daily
+
+on:
+  schedule:
+    - cron: '0 6 * * *'
+jobs:
+  run-checker:
+    strategy:
+      fail-fast: false
+      matrix:
+        opt: [
+          386,
+          enable-acvp-tests,
+          no-afalgeng,
+          no-aria,
+          no-asan,
+          no-asm,
+          no-async,
+          no-autoalginit,
+          no-autoerrinit,
+          no-autoload-config,
+          no-bf,
+          no-blake2,
+          no-buildtest-c++,
+          no-bulk,
+          no-cached-fetch,
+          no-camellia,
+          no-capieng,
+          no-cast,
+          no-chacha,
+          no-cmac,
+          no-comp,
+          enable-crypto-mdebug,
+          no-crypto-mdebug,
+          enable-crypto-mdebug-backtrace,
+          no-crypto-mdebug-backtrace,
+          no-deprecated,
+          no-des,
+          no-devcryptoeng,
+          no-dh,
+          no-dsa,
+          no-dtls1,
+          no-dtls1_2,
+          no-dtls1_2-method,
+          no-dtls1-method,
+          no-ec2m,
+          no-ecdh,
+          no-ecdsa,
+          enable-ec_nistp_64_gcc_128,
+          no-ec_nistp_64_gcc_128,
+          enable-egd,
+          no-egd,
+          no-engine,
+          no-external-tests,
+          enable-fips,
+          enable-fips enable-acvp-tests,
+          enable-fips no-tls1_3,
+          no-fuzz-afl,
+          no-fuzz-libfuzzer,
+          no-gost,
+          enable-heartbeats,
+          no-heartbeats,
+          no-hw,
+          no-hw-padlock,
+          no-idea,
+          no-ktls,
+          no-makedepend,
+          enable-md2,
+          no-md2,
+          no-md4,
+          no-mdc2,
+          no-module,
+          no-msan,
+          no-multiblock,
+          no-nextprotoneg,
+          no-ocb,
+          no-ocsp,
+          no-padlockeng,
+          no-pic,
+          no-pinshared,
+          no-poly1305,
+          no-posix-io,
+          no-psk,
+          no-rc2,
+          no-rc4,
+          enable-rc5,
+          no-rc5,
+          no-rdrand,
+          no-rfc3779,
+          no-ripemd,
+          no-rmd160,
+          no-scrypt,
+          no-sctp,
+          no-secure-memory,
+          no-seed,
+          no-shared,
+          no-siphash,
+          no-sm2,
+          no-sm3,
+          no-sm4,
+          no-sse2,
+          no-ssl,
+          no-ssl3,
+          no-ssl3-method,
+          no-ssl-trace,
+          no-static-engine no-shared,
+          no-stdio,
+          no-tls1,
+          no-tls1_1,
+          no-tls1_1-method,
+          no-tls1_2,
+          no-tls1_2-method,
+          no-tls1-method,
+          no-trace,
+          no-ubsan,
+          no-ui-console,
+          enable-unit-test,
+          no-uplink,
+          no-weak-ssl-ciphers,
+          no-whirlpool,
+          no-zlib,
+          enable-zlib-dynamic,
+          no-zlib-dynamic,
+        ]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout at v2
+    - name: config
+      run: CC=clang ./config --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
+    - name: make
+      run: make -s -j4
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml
new file mode 100644
index 0000000000..179d5dc0c0
--- /dev/null
+++ b/.github/workflows/run-checker-merge.yml
@@ -0,0 +1,31 @@
+name: Run-checker merge
+# Jobs run per merge to master
+
+on: [push]
+jobs:
+  run-checker:
+    strategy:
+      fail-fast: false
+      matrix:
+        opt: [
+          enable-asan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT,
+          no-dgram,
+          no-dso,
+          no-dynamic-engine,
+          no-engine no-shared,
+          no-err,
+          no-filenames,
+          enable-ubsan no-asm -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment,
+          no-unit-test,
+          enable-weak-ssl-ciphers,
+          enable-zlib,
+        ]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout at v2
+    - name: config
+      run: CC=clang ./config --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
+    - name: make
+      run: make -s -j4
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}

From pauli at openssl.org  Wed May 12 08:21:25 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 12 May 2021 08:21:25 +0000
Subject: [openssl]  master update
Message-ID: <1620807685.997367.23494.nullmailer@dev.openssl.org>

The branch master has been updated
       via  63ac53aa51f326f6599573f597957be7114ec139 (commit)
       via  5725ab808713abd79fc49d70a9f4ac79a83d3103 (commit)
       via  1f12bf71fecf77c3d0def0fd4211be1dc85a53a1 (commit)
      from  ab6db11e63485e8dc17f768f9be35a9120f20c91 (commit)


- Log -----------------------------------------------------------------
commit 63ac53aa51f326f6599573f597957be7114ec139
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 18:20:55 2021 +1000

    Checksum update
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>

commit 5725ab808713abd79fc49d70a9f4ac79a83d3103
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 11 17:45:10 2021 +1000

    property: add test case for setting default user properties before fetching
    
    Shamelessly culled from #15218.
    
    Co-authored-by: Dr Paul Dale <pauli at openssl.org>
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15222)

commit 1f12bf71fecf77c3d0def0fd4211be1dc85a53a1
Author: Pauli <pauli at openssl.org>
Date:   Tue May 11 09:48:22 2021 +1000

    property: create property names more eagerly.
    
    User defined property names were not created before the first fetch.  The
    rationale for this was to only maintain the user names defined by providers.
    This was intended to prevent malicious memory use attacks.
    
    Not being able to specify a default query before the first fetch is wrong.  This
    changes the behaviour of the property query parsing to always create property
    names.
    
    Fixes #15218
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15222)

-----------------------------------------------------------------------

Summary of changes:
 crypto/property/property_parse.c |   4 +-
 providers/fips-sources.checksums |   2 +-
 providers/fips.checksum          |   2 +-
 test/build.info                  |   6 +-
 test/recipes/03-test_property.t  |  17 +++--
 test/user_property_test.c        | 132 +++++++++++++++++++++++++++++++++++++++
 6 files changed, 154 insertions(+), 9 deletions(-)
 create mode 100644 test/user_property_test.c

diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c
index a41d6331b1..dfae76518f 100644
--- a/crypto/property/property_parse.c
+++ b/crypto/property/property_parse.c
@@ -407,12 +407,12 @@ OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s,
         if (match_ch(&s, '-')) {
             prop->oper = PROPERTY_OVERRIDE;
             prop->optional = 0;
-            if (!parse_name(ctx, &s, 0, &prop->name_idx))
+            if (!parse_name(ctx, &s, 1, &prop->name_idx))
                 goto err;
             goto skip_value;
         }
         prop->optional = match_ch(&s, '?');
-        if (!parse_name(ctx, &s, 0, &prop->name_idx))
+        if (!parse_name(ctx, &s, 1, &prop->name_idx))
             goto err;
 
         if (match_ch(&s, '=')) {
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index dfcfb83178..13b1d901ca 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -230,7 +230,7 @@ d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3  crypto/property/defn_cache.c
 85b314961fa249dcaa2847294d1903447a3f5f73c0dd5ab10f7cd9641c925219  crypto/property/property.c
-51bc907d992893f03f35774178d2c8dc98cf3cf9503ff839ee1561640e6b274a  crypto/property/property_parse.c
+a46f67bd5b1f6a6567a71aa42753708f1180d1c85007d1038fa11bb207781d1a  crypto/property/property_parse.c
 e703fec7e28de11c89e131503eb75095472e8c03563105ca8767c34db22a105c  crypto/property/property_string.c
 c9d4d0adb3313c5c90c7db9bce9af59d02efc5fe8181c18a778625b1cc296d6f  crypto/provider_core.c
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 2a2fc21d65..99a3468e9b 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-4d519901583d7281047570278c491370463f04412f648f2862d41d04a99ad4e8  providers/fips-sources.checksums
+b388b982a3a40d326d76d89e0776aefea46084f936f1aed03293e057d5f2a6de  providers/fips-sources.checksums
diff --git a/test/build.info b/test/build.info
index 2279b4e14d..842a7bbe35 100644
--- a/test/build.info
+++ b/test/build.info
@@ -56,7 +56,7 @@ IF[{- !$disabled{tests} -}]
           sysdefaulttest errtest ssl_ctx_test gosttest \
           context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
           keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
-          bio_readbuffer_test
+          bio_readbuffer_test user_property_test
 
   IF[{- !$disabled{'deprecated-3.0'} -}]
     PROGRAMS{noinst}=enginetest
@@ -129,6 +129,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[tls13ccstest]=../include ../apps/include
   DEPEND[tls13ccstest]=../libcrypto ../libssl libtestutil.a
 
+  SOURCE[user_property_test]=user_property_test.c
+  INCLUDE[user_property_test]=../include ../apps/include
+  DEPEND[user_property_test]=../libcrypto libtestutil.a
+
   SOURCE[evp_test]=evp_test.c
   INCLUDE[evp_test]=../include ../apps/include
   DEPEND[evp_test]=../libcrypto libtestutil.a
diff --git a/test/recipes/03-test_property.t b/test/recipes/03-test_property.t
index 2654215619..f11602873e 100644
--- a/test/recipes/03-test_property.t
+++ b/test/recipes/03-test_property.t
@@ -1,12 +1,21 @@
 #! /usr/bin/env perl
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
-# Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
-use OpenSSL::Test::Simple;
+use strict;
+use warnings;
 
-simple_test("test_property", "property_test");
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+setup('test_property');
+
+plan tests => 2;
+
+ok(run(test(["property_test"])), "running property_test");
+
+ok(run(test(["user_property_test"])), "running user_property_test");
diff --git a/test/user_property_test.c b/test/user_property_test.c
new file mode 100644
index 0000000000..7b7ab62832
--- /dev/null
+++ b/test/user_property_test.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/provider.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "testutil.h"
+
+#define MYPROPERTIES "foo.bar=yes"
+
+static OSSL_FUNC_provider_query_operation_fn testprov_query;
+static OSSL_FUNC_digest_get_params_fn tmpmd_get_params;
+static OSSL_FUNC_digest_digest_fn tmpmd_digest;
+
+static int tmpmd_get_params(OSSL_PARAM params[])
+{
+    OSSL_PARAM *p = NULL;
+
+    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, 1))
+        return 0;
+
+    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, 1))
+        return 0;
+
+    return 1;
+}
+
+static int tmpmd_digest(void *provctx, const unsigned char *in, size_t inl,
+                 unsigned char *out, size_t *outl, size_t outsz)
+{
+    return 0;
+}
+
+static const OSSL_DISPATCH testprovmd_functions[] = {
+    { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))tmpmd_get_params },
+    { OSSL_FUNC_DIGEST_DIGEST, (void (*)(void))tmpmd_digest },
+    { 0, NULL }
+};
+
+static const OSSL_ALGORITHM testprov_digests[] = {
+    { "testprovmd", MYPROPERTIES, testprovmd_functions },
+    { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM *testprov_query(void *provctx,
+                                          int operation_id,
+                                          int *no_cache)
+{
+    *no_cache = 0;
+    return operation_id == OSSL_OP_DIGEST ? testprov_digests : NULL;
+}
+
+static const OSSL_DISPATCH testprov_dispatch_table[] = {
+    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))testprov_query },
+    { 0, NULL }
+};
+
+static int testprov_provider_init(const OSSL_CORE_HANDLE *handle,
+                                  const OSSL_DISPATCH *in,
+                                  const OSSL_DISPATCH **out,
+                                  void **provctx)
+{
+    *provctx = (void *)handle;
+    *out = testprov_dispatch_table;
+    return 1;
+}
+
+enum {
+    DEFAULT_PROPS_FIRST = 0,
+    DEFAULT_PROPS_AFTER_LOAD,
+    DEFAULT_PROPS_AFTER_FETCH,
+    DEFAULT_PROPS_FINAL
+};
+
+static int test_default_props_and_providers(int propsorder)
+{
+    OSSL_LIB_CTX *libctx;
+    OSSL_PROVIDER *testprov = NULL;
+    EVP_MD *testprovmd = NULL;
+    int res = 0;
+
+    if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())
+            || !TEST_true(OSSL_PROVIDER_add_builtin(libctx, "testprov",
+                                                    testprov_provider_init)))
+        goto err;
+
+    if (propsorder == DEFAULT_PROPS_FIRST
+            && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES)))
+        goto err;
+
+    if (!TEST_ptr(testprov = OSSL_PROVIDER_load(libctx, "testprov")))
+        goto err;
+
+    if (propsorder == DEFAULT_PROPS_AFTER_LOAD
+            && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES)))
+        goto err;
+
+    if (!TEST_ptr(testprovmd = EVP_MD_fetch(libctx, "testprovmd", NULL)))
+        goto err;
+
+    if (propsorder == DEFAULT_PROPS_AFTER_FETCH) {
+        if (!TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES)))
+            goto err;
+        EVP_MD_free(testprovmd);
+        if (!TEST_ptr(testprovmd = EVP_MD_fetch(libctx, "testprovmd", NULL)))
+            goto err;
+    }
+
+    res = 1;
+ err:
+    EVP_MD_free(testprovmd);
+    OSSL_PROVIDER_unload(testprov);
+    OSSL_LIB_CTX_free(libctx);
+    return res;
+}
+
+int setup_tests(void)
+{
+    ADD_ALL_TESTS(test_default_props_and_providers, DEFAULT_PROPS_FINAL);
+    return 1;
+}

From pauli at openssl.org  Wed May 12 08:42:02 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 12 May 2021 08:42:02 +0000
Subject: [openssl]  master update
Message-ID: <1620808922.405261.27803.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b5d984bf67ba7bb5723a61f73cca89c1f86009ce (commit)
       via  482e6693b436e2de31a7c20d03fc73398b04767f (commit)
       via  4966411789f9337b311eacb5c45ddd3e750d4c17 (commit)
       via  b33774137202aff34a91a8caf47cc74cc35386de (commit)
      from  63ac53aa51f326f6599573f597957be7114ec139 (commit)


- Log -----------------------------------------------------------------
commit b5d984bf67ba7bb5723a61f73cca89c1f86009ce
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 15:55:13 2021 +1000

    apps: make list -help not continue with listing
    
    All the commands return after printing their help.  List doesn't.
    This brings them in line.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15211)

commit 482e6693b436e2de31a7c20d03fc73398b04767f
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 12:12:38 2021 +1000

    apps: change list command to only list fetchable algorithms.
    
    The -propquery option will work with this change.  By default the output will
    be the same.
    
    Also address some inconsistencies in the code with respects to error checking.
    
    Fixes #15196
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15211)

commit 4966411789f9337b311eacb5c45ddd3e750d4c17
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 13:05:08 2021 +1000

    encoder: add a _name() function for encoders and decoders
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15211)

commit b33774137202aff34a91a8caf47cc74cc35386de
Author: Pauli <pauli at openssl.org>
Date:   Mon May 10 12:57:33 2021 +1000

    doc: document the encoder and decoder name functions
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15211)

-----------------------------------------------------------------------

Summary of changes:
 apps/list.c                          | 144 +++++++++++++++++++++++++----------
 crypto/encode_decode/decoder_meth.c  |  10 +++
 crypto/encode_decode/encoder_local.h |   1 +
 crypto/encode_decode/encoder_meth.c  |  10 +++
 doc/man3/OSSL_DECODER.pod            |  10 +++
 doc/man3/OSSL_ENCODER.pod            |  10 +++
 include/openssl/decoder.h            |   1 +
 include/openssl/encoder.h            |   1 +
 util/libcrypto.num                   |   2 +
 9 files changed, 147 insertions(+), 42 deletions(-)

diff --git a/apps/list.c b/apps/list.c
index a8646addb1..bf7c9b1049 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -29,6 +29,41 @@
 static int verbose = 0;
 static const char *select_name = NULL;
 
+/* Checks to see if algorithms are fetchable */
+#define IS_FETCHABLE(type, TYPE)                                \
+    static int is_ ## type ## _fetchable(const TYPE *alg)       \
+    {                                                           \
+        TYPE *impl;                                             \
+        const char *propq = app_get0_propq();                   \
+        const char *name = TYPE ## _name(alg);                  \
+                                                                \
+        ERR_set_mark();                                         \
+        impl = TYPE ## _fetch(NULL, name, propq);               \
+        ERR_pop_to_mark();                                      \
+        if (impl == NULL)                                       \
+            return 0;                                           \
+        TYPE ## _free(impl);                                    \
+        return 1;                                               \
+    }
+IS_FETCHABLE(cipher, EVP_CIPHER)
+IS_FETCHABLE(digest, EVP_MD)
+IS_FETCHABLE(mac, EVP_MAC)
+IS_FETCHABLE(kdf, EVP_KDF)
+IS_FETCHABLE(rand, EVP_RAND)
+IS_FETCHABLE(keymgmt, EVP_KEYMGMT)
+IS_FETCHABLE(signature, EVP_SIGNATURE)
+IS_FETCHABLE(kem, EVP_KEM)
+IS_FETCHABLE(asym_cipher, EVP_ASYM_CIPHER)
+IS_FETCHABLE(keyexch, EVP_KEYEXCH)
+IS_FETCHABLE(decoder, OSSL_DECODER)
+IS_FETCHABLE(encoder, OSSL_ENCODER)
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+static int include_legacy(void)
+{
+    return app_get0_propq() == NULL;
+}
+
 static void legacy_cipher_fn(const EVP_CIPHER *c,
                              const char *from, const char *to, void *arg)
 {
@@ -46,6 +81,7 @@ static void legacy_cipher_fn(const EVP_CIPHER *c,
         BIO_printf(arg, "  %s => %s\n", from, to);
     }
 }
+#endif
 
 DEFINE_STACK_OF(EVP_CIPHER)
 static int cipher_cmp(const EVP_CIPHER * const *a,
@@ -64,7 +100,8 @@ static void collect_ciphers(EVP_CIPHER *cipher, void *stack)
 {
     STACK_OF(EVP_CIPHER) *cipher_stack = stack;
 
-    if (sk_EVP_CIPHER_push(cipher_stack, cipher) > 0)
+    if (is_cipher_fetchable(cipher)
+            && sk_EVP_CIPHER_push(cipher_stack, cipher) > 0)
         EVP_CIPHER_up_ref(cipher);
 }
 
@@ -77,8 +114,12 @@ static void list_ciphers(void)
         BIO_printf(bio_err, "ERROR: Memory allocation\n");
         return;
     }
-    BIO_printf(bio_out, "Legacy:\n");
-    EVP_CIPHER_do_all_sorted(legacy_cipher_fn, bio_out);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    if (include_legacy()) {
+        BIO_printf(bio_out, "Legacy:\n");
+        EVP_CIPHER_do_all_sorted(legacy_cipher_fn, bio_out);
+    }
+#endif
 
     BIO_printf(bio_out, "Provided:\n");
     EVP_CIPHER_do_all_provided(NULL, collect_ciphers, ciphers);
@@ -116,7 +157,8 @@ static void list_ciphers(void)
     sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_free);
 }
 
-static void list_md_fn(const EVP_MD *m,
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+static void legacy_md_fn(const EVP_MD *m,
                        const char *from, const char *to, void *arg)
 {
     if (m != NULL) {
@@ -129,6 +171,7 @@ static void list_md_fn(const EVP_MD *m,
         BIO_printf((BIO *)arg, "  %s => %s\n", from, to);
     }
 }
+#endif
 
 DEFINE_STACK_OF(EVP_MD)
 static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b)
@@ -142,12 +185,13 @@ static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b)
     return ret;
 }
 
-static void collect_digests(EVP_MD *md, void *stack)
+static void collect_digests(EVP_MD *digest, void *stack)
 {
     STACK_OF(EVP_MD) *digest_stack = stack;
 
-    if (sk_EVP_MD_push(digest_stack, md) > 0)
-        EVP_MD_up_ref(md);
+    if (is_digest_fetchable(digest)
+            && sk_EVP_MD_push(digest_stack, digest) > 0)
+        EVP_MD_up_ref(digest);
 }
 
 static void list_digests(void)
@@ -159,8 +203,12 @@ static void list_digests(void)
         BIO_printf(bio_err, "ERROR: Memory allocation\n");
         return;
     }
-    BIO_printf(bio_out, "Legacy:\n");
-    EVP_MD_do_all_sorted(list_md_fn, bio_out);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    if (include_legacy()) {
+        BIO_printf(bio_out, "Legacy:\n");
+        EVP_MD_do_all_sorted(legacy_md_fn, bio_out);
+    }
+#endif
 
     BIO_printf(bio_out, "Provided:\n");
     EVP_MD_do_all_provided(NULL, collect_digests, digests);
@@ -213,7 +261,8 @@ static void collect_macs(EVP_MAC *mac, void *stack)
 {
     STACK_OF(EVP_MAC) *mac_stack = stack;
 
-    if (sk_EVP_MAC_push(mac_stack, mac) > 0)
+    if (is_mac_fetchable(mac)
+            && sk_EVP_MAC_push(mac_stack, mac) > 0)
         EVP_MAC_up_ref(mac);
 }
 
@@ -280,8 +329,9 @@ static void collect_kdfs(EVP_KDF *kdf, void *stack)
 {
     STACK_OF(EVP_KDF) *kdf_stack = stack;
 
-    sk_EVP_KDF_push(kdf_stack, kdf);
-    EVP_KDF_up_ref(kdf);
+    if (is_kdf_fetchable(kdf)
+            && sk_EVP_KDF_push(kdf_stack, kdf) > 0)
+        EVP_KDF_up_ref(kdf);
 }
 
 static void list_kdfs(void)
@@ -348,8 +398,9 @@ static void collect_rands(EVP_RAND *rand, void *stack)
 {
     STACK_OF(EVP_RAND) *rand_stack = stack;
 
-    sk_EVP_RAND_push(rand_stack, rand);
-    EVP_RAND_up_ref(rand);
+    if (is_rand_fetchable(rand)
+            && sk_EVP_RAND_push(rand_stack, rand) > 0)
+        EVP_RAND_up_ref(rand);
 }
 
 static void list_random_generators(void)
@@ -476,8 +527,9 @@ static void collect_encoders(OSSL_ENCODER *encoder, void *stack)
 {
     STACK_OF(OSSL_ENCODER) *encoder_stack = stack;
 
-    sk_OSSL_ENCODER_push(encoder_stack, encoder);
-    OSSL_ENCODER_up_ref(encoder);
+    if (is_encoder_fetchable(encoder)
+            && sk_OSSL_ENCODER_push(encoder_stack, encoder) > 0)
+        OSSL_ENCODER_up_ref(encoder);
 }
 
 static void list_encoders(void)
@@ -543,8 +595,9 @@ static void collect_decoders(OSSL_DECODER *decoder, void *stack)
 {
     STACK_OF(OSSL_DECODER) *decoder_stack = stack;
 
-    sk_OSSL_DECODER_push(decoder_stack, decoder);
-    OSSL_DECODER_up_ref(decoder);
+    if (is_decoder_fetchable(decoder)
+            && sk_OSSL_DECODER_push(decoder_stack, decoder) > 0)
+        OSSL_DECODER_up_ref(decoder);
 }
 
 static void list_decoders(void)
@@ -608,8 +661,9 @@ static void collect_keymanagers(EVP_KEYMGMT *km, void *stack)
 {
     STACK_OF(EVP_KEYMGMT) *km_stack = stack;
 
-    sk_EVP_KEYMGMT_push(km_stack, km);
-    EVP_KEYMGMT_up_ref(km);
+    if (is_keymgmt_fetchable(km)
+            && sk_EVP_KEYMGMT_push(km_stack, km) > 0)
+        EVP_KEYMGMT_up_ref(km);
 }
 
 static void list_keymanagers(void)
@@ -669,12 +723,13 @@ static int signature_cmp(const EVP_SIGNATURE * const *a,
     return ret;
 }
 
-static void collect_signatures(EVP_SIGNATURE *km, void *stack)
+static void collect_signatures(EVP_SIGNATURE *sig, void *stack)
 {
-    STACK_OF(EVP_SIGNATURE) *km_stack = stack;
+    STACK_OF(EVP_SIGNATURE) *sig_stack = stack;
 
-    sk_EVP_SIGNATURE_push(km_stack, km);
-    EVP_SIGNATURE_up_ref(km);
+    if (is_signature_fetchable(sig)
+            && sk_EVP_SIGNATURE_push(sig_stack, sig) > 0)
+        EVP_SIGNATURE_up_ref(sig);
 }
 
 static void list_signatures(void)
@@ -731,12 +786,13 @@ static int kem_cmp(const EVP_KEM * const *a,
     return ret;
 }
 
-static void collect_kem(EVP_KEM *km, void *stack)
+static void collect_kem(EVP_KEM *kem, void *stack)
 {
-    STACK_OF(EVP_KEM) *km_stack = stack;
+    STACK_OF(EVP_KEM) *kem_stack = stack;
 
-    sk_EVP_KEM_push(km_stack, km);
-    EVP_KEM_up_ref(km);
+    if (is_kem_fetchable(kem)
+            && sk_EVP_KEM_push(kem_stack, kem) > 0)
+        EVP_KEM_up_ref(kem);
 }
 
 static void list_kems(void)
@@ -792,12 +848,13 @@ static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a,
     return ret;
 }
 
-static void collect_asymciph(EVP_ASYM_CIPHER *km, void *stack)
+static void collect_asymciph(EVP_ASYM_CIPHER *asym_cipher, void *stack)
 {
-    STACK_OF(EVP_ASYM_CIPHER) *km_stack = stack;
+    STACK_OF(EVP_ASYM_CIPHER) *asym_cipher_stack = stack;
 
-    sk_EVP_ASYM_CIPHER_push(km_stack, km);
-    EVP_ASYM_CIPHER_up_ref(km);
+    if (is_asym_cipher_fetchable(asym_cipher)
+            && sk_EVP_ASYM_CIPHER_push(asym_cipher_stack, asym_cipher) > 0)
+        EVP_ASYM_CIPHER_up_ref(asym_cipher);
 }
 
 static void list_asymciphers(void)
@@ -856,12 +913,13 @@ static int kex_cmp(const EVP_KEYEXCH * const *a,
     return ret;
 }
 
-static void collect_kex(EVP_KEYEXCH *ke, void *stack)
+static void collect_kex(EVP_KEYEXCH *kex, void *stack)
 {
     STACK_OF(EVP_KEYEXCH) *kex_stack = stack;
 
-    sk_EVP_KEYEXCH_push(kex_stack, ke);
-    EVP_KEYEXCH_up_ref(ke);
+    if (is_keyexch_fetchable(kex)
+            && sk_EVP_KEYEXCH_push(kex_stack, kex) > 0)
+        EVP_KEYEXCH_up_ref(kex);
 }
 
 static void list_keyexchanges(void)
@@ -1012,33 +1070,35 @@ static void list_options_for_command(const char *command)
 static int is_md_available(const char *name)
 {
     EVP_MD *md;
+    const char *propq = app_get0_propq();
 
     /* Look through providers' digests */
     ERR_set_mark();
-    md = EVP_MD_fetch(NULL, name, NULL);
+    md = EVP_MD_fetch(NULL, name, propq);
     ERR_pop_to_mark();
     if (md != NULL) {
         EVP_MD_free(md);
         return 1;
     }
 
-    return (get_digest_from_engine(name) == NULL) ? 0 : 1;
+    return propq != NULL || get_digest_from_engine(name) == NULL ? 0 : 1;
 }
 
 static int is_cipher_available(const char *name)
 {
     EVP_CIPHER *cipher;
+    const char *propq = app_get0_propq();
 
     /* Look through providers' ciphers */
     ERR_set_mark();
-    cipher = EVP_CIPHER_fetch(NULL, name, NULL);
+    cipher = EVP_CIPHER_fetch(NULL, name, propq);
     ERR_pop_to_mark();
     if (cipher != NULL) {
         EVP_CIPHER_free(cipher);
         return 1;
     }
 
-    return (get_cipher_from_engine(name) == NULL) ? 0 : 1;
+    return propq != NULL || get_cipher_from_engine(name) == NULL ? 0 : 1;
 }
 
 static void list_type(FUNC_TYPE ft, int one)
@@ -1084,7 +1144,7 @@ static void list_pkey(void)
 #ifndef OPENSSL_NO_DEPRECATED_3_0
     int i;
 
-    if (select_name == NULL) {
+    if (select_name == NULL && include_legacy()) {
         BIO_printf(bio_out, "Legacy:\n");
         for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
             const EVP_PKEY_ASN1_METHOD *ameth;
@@ -1121,7 +1181,7 @@ static void list_pkey_meth(void)
     size_t i;
     size_t meth_count = EVP_PKEY_meth_get_count();
 
-    if (select_name == NULL) {
+    if (select_name == NULL && include_legacy()) {
         BIO_printf(bio_out, "Legacy:\n");
         for (i = 0; i < meth_count; i++) {
             const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
@@ -1500,7 +1560,7 @@ opthelp:
             return 1;
         case OPT_HELP:
             opt_help(list_options);
-            break;
+            return 0;
         case OPT_ONE:
             one = 1;
             break;
diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c
index 7a271f7408..48a52c9612 100644
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -58,6 +58,7 @@ void OSSL_DECODER_free(OSSL_DECODER *decoder)
     CRYPTO_DOWN_REF(&decoder->base.refcnt, &ref, decoder->base.lock);
     if (ref > 0)
         return;
+    OPENSSL_free(decoder->base.name);
     ossl_provider_free(decoder->base.prov);
     CRYPTO_THREAD_lock_free(decoder->base.lock);
     OPENSSL_free(decoder);
@@ -169,6 +170,10 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef,
     if ((decoder = ossl_decoder_new()) == NULL)
         return NULL;
     decoder->base.id = id;
+    if ((decoder->base.name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
+        OSSL_DECODER_free(decoder);
+        return NULL;
+    }
     decoder->base.propdef = algodef->property_definition;
     decoder->base.description = algodef->algorithm_description;
 
@@ -426,6 +431,11 @@ int OSSL_DECODER_number(const OSSL_DECODER *decoder)
     return decoder->base.id;
 }
 
+const char *OSSL_DECODER_name(const OSSL_DECODER *decoder)
+{
+    return decoder->base.name;
+}
+
 const char *OSSL_DECODER_description(const OSSL_DECODER *decoder)
 {
     return decoder->base.description;
diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h
index c58362ae02..d53f760379 100644
--- a/crypto/encode_decode/encoder_local.h
+++ b/crypto/encode_decode/encoder_local.h
@@ -19,6 +19,7 @@
 struct ossl_endecode_base_st {
     OSSL_PROVIDER *prov;
     int id;
+    char *name;
     const char *propdef;
     const char *description;
 
diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c
index bb319460b9..3b2bc2d83e 100644
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -58,6 +58,7 @@ void OSSL_ENCODER_free(OSSL_ENCODER *encoder)
     CRYPTO_DOWN_REF(&encoder->base.refcnt, &ref, encoder->base.lock);
     if (ref > 0)
         return;
+    OPENSSL_free(encoder->base.name);
     ossl_provider_free(encoder->base.prov);
     CRYPTO_THREAD_lock_free(encoder->base.lock);
     OPENSSL_free(encoder);
@@ -169,6 +170,10 @@ static void *encoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef,
     if ((encoder = ossl_encoder_new()) == NULL)
         return NULL;
     encoder->base.id = id;
+    if ((encoder->base.name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
+        OSSL_ENCODER_free(encoder);
+        return NULL;
+    }
     encoder->base.propdef = algodef->property_definition;
     encoder->base.description = algodef->algorithm_description;
 
@@ -438,6 +443,11 @@ int OSSL_ENCODER_number(const OSSL_ENCODER *encoder)
     return encoder->base.id;
 }
 
+const char *OSSL_ENCODER_name(const OSSL_ENCODER *encoder)
+{
+    return encoder->base.name;
+}
+
 const char *OSSL_ENCODER_description(const OSSL_ENCODER *encoder)
 {
     return encoder->base.description;
diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod
index 45a97454e9..fed0da27f8 100644
--- a/doc/man3/OSSL_DECODER.pod
+++ b/doc/man3/OSSL_DECODER.pod
@@ -10,6 +10,7 @@ OSSL_DECODER_provider,
 OSSL_DECODER_properties,
 OSSL_DECODER_is_a,
 OSSL_DECODER_number,
+OSSL_DECODER_name,
 OSSL_DECODER_description,
 OSSL_DECODER_do_all_provided,
 OSSL_DECODER_names_do_all,
@@ -31,6 +32,7 @@ OSSL_DECODER_get_params
  const char *OSSL_DECODER_properties(const OSSL_DECODER *decoder);
  int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name);
  int OSSL_DECODER_number(const OSSL_DECODER *decoder);
+ const char *OSSL_DECODER_name(const OSSL_DECODER *decoder);
  const char *OSSL_DECODER_description(const OSSL_DECODER *decoder);
  void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx,
                                    void (*fn)(OSSL_DECODER *decoder, void *arg),
@@ -74,6 +76,8 @@ of an algorithm that's identifiable with I<name>.
 OSSL_DECODER_number() returns the internal dynamic number assigned
 to the given I<decoder>.
 
+OSSL_DECODER_number() returns the name used to fetch the given I<decoder>.
+
 OSSL_DECODER_description() returns a description of the I<decoder>, meant
 for display and human consumption.  The description is at the discretion
 of the I<decoder> implementation.
@@ -113,6 +117,12 @@ otherwise 0.
 
 OSSL_DECODER_number() returns an integer.
 
+OSSL_DECODER_name() returns the algorithm name from the provided
+implementation for the given I<decoder>. Note that the I<decoder> may have
+multiple synonyms associated with it. In this case the first name from the
+algorithm definition is returned. Ownership of the returned string is retained
+by the I<decoder> object and should not be freed by the caller.
+
 OSSL_DECODER_description() returns a pointer to a decription, or NULL if
 there isn't one.
 
diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod
index abaee0f997..9ad335653e 100644
--- a/doc/man3/OSSL_ENCODER.pod
+++ b/doc/man3/OSSL_ENCODER.pod
@@ -10,6 +10,7 @@ OSSL_ENCODER_provider,
 OSSL_ENCODER_properties,
 OSSL_ENCODER_is_a,
 OSSL_ENCODER_number,
+OSSL_ENCODER_name,
 OSSL_ENCODER_description,
 OSSL_ENCODER_do_all_provided,
 OSSL_ENCODER_names_do_all,
@@ -31,6 +32,7 @@ OSSL_ENCODER_get_params
  const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder);
  int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name);
  int OSSL_ENCODER_number(const OSSL_ENCODER *encoder);
+ const char *OSSL_ENCODER_name(const OSSL_ENCODER *encoder);
  const char *OSSL_ENCODER_description(const OSSL_ENCODER *encoder);
  void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx,
                                    void (*fn)(OSSL_ENCODER *encoder, void *arg),
@@ -74,6 +76,8 @@ algorithm that's identifiable with I<name>.
 OSSL_ENCODER_number() returns the internal dynamic number assigned to
 the given I<encoder>.
 
+OSSL_ENCODER_number() returns the name used to fetch the given I<encoder>.
+
 OSSL_ENCODER_description() returns a description of the I<loader>, meant
 for display and human consumption.  The description is at the discretion of the
 I<loader> implementation.
@@ -114,6 +118,12 @@ otherwise 0.
 
 OSSL_ENCODER_number() returns an integer.
 
+OSSL_ENCODER_name() returns the algorithm name from the provided
+implementation for the given I<encoder>. Note that the I<encoder> may have
+multiple synonyms associated with it. In this case the first name from the
+algorithm definition is returned. Ownership of the returned string is retained
+by the I<encoder> object and should not be freed by the caller.
+
 OSSL_ENCODER_description() returns a pointer to a decription, or NULL if
 there isn't one.
 
diff --git a/include/openssl/decoder.h b/include/openssl/decoder.h
index 974fbb02ad..afe4988fdb 100644
--- a/include/openssl/decoder.h
+++ b/include/openssl/decoder.h
@@ -34,6 +34,7 @@ void OSSL_DECODER_free(OSSL_DECODER *encoder);
 const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *encoder);
 const char *OSSL_DECODER_properties(const OSSL_DECODER *encoder);
 int OSSL_DECODER_number(const OSSL_DECODER *encoder);
+const char *OSSL_DECODER_name(const OSSL_DECODER *decoder);
 const char *OSSL_DECODER_description(const OSSL_DECODER *decoder);
 int OSSL_DECODER_is_a(const OSSL_DECODER *encoder, const char *name);
 
diff --git a/include/openssl/encoder.h b/include/openssl/encoder.h
index c51bd02a2b..4e2c5fe23c 100644
--- a/include/openssl/encoder.h
+++ b/include/openssl/encoder.h
@@ -34,6 +34,7 @@ void OSSL_ENCODER_free(OSSL_ENCODER *encoder);
 const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder);
 const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder);
 int OSSL_ENCODER_number(const OSSL_ENCODER *encoder);
+const char *OSSL_ENCODER_name(const OSSL_ENCODER *kdf);
 const char *OSSL_ENCODER_description(const OSSL_ENCODER *kdf);
 int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name);
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a99b5aa047..857ed43a52 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5341,6 +5341,8 @@ X509_REQ_new_ex                         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_dup                            ?	3_0_0	EXIST::FUNCTION:
 RSA_PSS_PARAMS_dup                      ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_derive_set_peer_ex             ?	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_name                       ?	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_name                       ?	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_description                ?	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_description                ?	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_LOADER_description           ?	3_0_0	EXIST::FUNCTION:

From tomas at openssl.org  Wed May 12 11:12:10 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 12 May 2021 11:12:10 +0000
Subject: [openssl]  master update
Message-ID: <1620817930.191768.11018.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6a2ab4a9c81c676570e849e474ce64f8c2dee2a9 (commit)
      from  b5d984bf67ba7bb5723a61f73cca89c1f86009ce (commit)


- Log -----------------------------------------------------------------
commit 6a2ab4a9c81c676570e849e474ce64f8c2dee2a9
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 10 16:51:39 2021 +0200

    Allow arbitrary digests with ECDSA and DSA
    
    Unless the FIPS security check is enabled we allow arbitrary digests
    with ECDSA and DSA.
    
    Fixes #14696
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15220)

-----------------------------------------------------------------------

Summary of changes:
 providers/common/digest_to_nid.c                |  2 +-
 providers/common/include/prov/securitycheck.h   |  1 +
 providers/common/securitycheck.c                |  4 ++--
 providers/fips-sources.checksums                |  8 ++++----
 providers/fips.checksum                         |  2 +-
 providers/implementations/signature/dsa_sig.c   |  4 ++--
 providers/implementations/signature/ecdsa_sig.c |  2 +-
 providers/implementations/signature/rsa_sig.c   |  8 ++++----
 test/recipes/30-test_evp_data/evppkey_ecdsa.txt | 12 +++++++-----
 9 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/providers/common/digest_to_nid.c b/providers/common/digest_to_nid.c
index 96c5e4e38b..49af04ad2a 100644
--- a/providers/common/digest_to_nid.c
+++ b/providers/common/digest_to_nid.c
@@ -34,7 +34,7 @@ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len)
 }
 
 /*
- * Retrieve one of the FIPs approved hash algorithms by nid.
+ * Retrieve one of the FIPS approved hash algorithms by nid.
  * See FIPS 180-4 "Secure Hash Standard" and FIPS 202 - SHA-3.
  */
 int ossl_digest_get_approved_nid(const EVP_MD *md)
diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h
index 7635c24973..4a7f85f711 100644
--- a/providers/common/include/prov/securitycheck.h
+++ b/providers/common/include/prov/securitycheck.h
@@ -16,6 +16,7 @@ int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign);
 int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh);
 
 int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md);
+/* With security check enabled it can return -1 to indicate disallowed md */
 int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
                                            int sha1_allowed);
 
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 4f36ce4593..699ada7c52 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -231,8 +231,8 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
 
 # if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
     if (ossl_securitycheck_enabled(ctx)) {
-        if (mdnid == NID_sha1 && !sha1_allowed)
-            mdnid = NID_undef;
+        if (mdnid == NID_undef || (mdnid == NID_sha1 && !sha1_allowed))
+            mdnid = -1; /* disallowed by security checks */
     }
 # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
     return mdnid;
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 13b1d901ca..dd8ae28a44 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -323,7 +323,7 @@ d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/comm
 71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0  providers/common/provider_err.c
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
-494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3  providers/common/securitycheck.c
+ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e  providers/common/securitycheck.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
 5c31ba4eedb31e2509288be50280e0df58faa86fe4b5e99a1167a53fd6f3bd0f  providers/fips/fipsprov.c
 c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
@@ -388,10 +388,10 @@ bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c  providers/impl
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16  providers/implementations/rands/test_rng.c
-a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/implementations/signature/dsa_sig.c
-1edce687e950bec7c289cdac7c4c455e195942ccddfc38af0344277421afcc0f  providers/implementations/signature/ecdsa_sig.c
+3a9dfbf5dcb9e1955f12f71f1ca086dded771b262d6d61bab2874f48260f702a  providers/implementations/signature/dsa_sig.c
+0ff792c30ba26f2d8f4d1c14b999f7183dcd928537f950a23573f0b65359b2f4  providers/implementations/signature/ecdsa_sig.c
 8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa_sig.c
 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy_sig.c
-25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa_sig.c
+40322e8782474a35f02fa350b43439a56124e680a1d24556b2a66310ed2e9e2e  providers/implementations/signature/rsa_sig.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
 85a9701b05ab8dfea42550fbc5e4d9f4011d08ccc64829648fc12091cc1133f5  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 99a3468e9b..642611c889 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-b388b982a3a40d326d76d89e0776aefea46084f936f1aed03293e057d5f2a6de  providers/fips-sources.checksums
+90d4616e33b95990f96dd2cb1798cae41e6591d5cb55a4f589307908fa699587  providers/fips-sources.checksums
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index dde689903d..23e000db4c 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -131,11 +131,11 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
                                                             sha1_allowed);
         size_t mdname_len = strlen(mdname);
 
-        if (md == NULL || md_nid == NID_undef) {
+        if (md == NULL || md_nid < 0) {
             if (md == NULL)
                 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
                                "%s could not be fetched", mdname);
-            if (md_nid == NID_undef)
+            if (md_nid < 0)
                 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
                                "digest=%s", mdname);
             if (mdname_len >= sizeof(ctx->mdname))
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 8c4648106f..a4297d1903 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -227,7 +227,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
     sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
     md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
                                                     sha1_allowed);
-    if (md_nid == NID_undef) {
+    if (md_nid < 0) {
         ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
                        "digest=%s", mdname);
         EVP_MD_free(md);
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 16025bffc0..abd3b1a77b 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -289,13 +289,13 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
         size_t mdname_len = strlen(mdname);
 
         if (md == NULL
-            || md_nid == NID_undef
+            || md_nid <= 0
             || !rsa_check_padding(ctx, mdname, NULL, md_nid)
             || mdname_len >= sizeof(ctx->mdname)) {
             if (md == NULL)
                 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
                                "%s could not be fetched", mdname);
-            if (md_nid == NID_undef)
+            if (md_nid <= 0)
                 ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
                                "digest=%s", mdname);
             if (mdname_len >= sizeof(ctx->mdname))
@@ -344,9 +344,9 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
         return 0;
     }
     /* The default for mgf1 is SHA1 - so allow SHA1 */
-    if ((mdnid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, 1)) == NID_undef
+    if ((mdnid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, 1)) <= 0
         || !rsa_check_padding(ctx, NULL, mdname, mdnid)) {
-        if (mdnid == NID_undef)
+        if (mdnid <= 0)
             ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
                            "digest=%s", mdname);
         EVP_MD_free(md);
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index 9297bb2d21..f36982845d 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -97,11 +97,6 @@ Key = P-256-PUBLIC
 Input = "Hello World"
 Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
 
-# Invalid digest
-DigestVerify = MD5
-Key = P-256-PUBLIC
-Result = DIGESTVERIFYINIT_ERROR
-
 # Oneshot tests
 OneShotDigestVerify = SHA256
 Key = P-256-PUBLIC
@@ -214,3 +209,10 @@ Securitycheck = 1
 Ctrl = digest:SHA1
 Input = "0123456789ABCDEF1234"
 Result = PKEY_CTRL_ERROR
+
+# Invalid non-approved digest
+Availablein = fips
+DigestVerify = MD5
+Securitycheck = 1
+Key = P-256-PUBLIC
+Result = DIGESTVERIFYINIT_ERROR

From tomas at openssl.org  Wed May 12 11:24:01 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 12 May 2021 11:24:01 +0000
Subject: [openssl]  master update
Message-ID: <1620818641.495488.13877.nullmailer@dev.openssl.org>

The branch master has been updated
       via  202cbdd2fc37257870eeb61629d8d4d6709df7f1 (commit)
      from  6a2ab4a9c81c676570e849e474ce64f8c2dee2a9 (commit)


- Log -----------------------------------------------------------------
commit 202cbdd2fc37257870eeb61629d8d4d6709df7f1
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 5 19:01:44 2021 +0200

    A few cleanups of the provider build.infos
    
    Remove a TODO that is no longer relevant and
    drop some more non-fips sources from the fips checksums.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15191)

-----------------------------------------------------------------------

Summary of changes:
 crypto/whrlpool/build.info                         |  2 +-
 providers/common/der/build.info                    | 14 ++++++--------
 providers/fips-sources.checksums                   |  2 --
 providers/fips.checksum                            |  2 +-
 providers/fips.module.sources                      |  3 ---
 providers/implementations/encode_decode/build.info |  6 ------
 providers/implementations/signature/build.info     | 10 +++++-----
 7 files changed, 13 insertions(+), 26 deletions(-)

diff --git a/crypto/whrlpool/build.info b/crypto/whrlpool/build.info
index 88f0c7bd3a..ab6cef2945 100644
--- a/crypto/whrlpool/build.info
+++ b/crypto/whrlpool/build.info
@@ -30,4 +30,4 @@ ENDIF
 GENERATE[wp-mmx.s]=asm/wp-mmx.pl
 DEPEND[wp-mmx.s]=../perlasm/x86asm.pl
 
-GENERATE[wp-x86_64.s]=asm/wp-x86_64.pl
\ No newline at end of file
+GENERATE[wp-x86_64.s]=asm/wp-x86_64.pl
diff --git a/providers/common/der/build.info b/providers/common/der/build.info
index b9fe4552d7..35c6787e98 100644
--- a/providers/common/der/build.info
+++ b/providers/common/der/build.info
@@ -13,8 +13,8 @@ DEPEND[$DER_DIGESTS_H]=oids_to_c.pm
 $DER_RSA_H=../include/prov/der_rsa.h
 $DER_RSA_GEN=der_rsa_gen.c
 $DER_RSA_AUX=der_rsa_key.c der_rsa_sig.c
-$DER_RSA_COMMON=$DER_RSA_GEN der_rsa_sig.c
-$DER_RSA_FIPSABLE=der_rsa_key.c
+$DER_RSA_COMMON=$DER_RSA_GEN der_rsa_key.c
+$DER_RSA_FIPSABLE=der_rsa_sig.c
 
 GENERATE[$DER_RSA_GEN]=der_rsa_gen.c.in
 DEPEND[$DER_RSA_GEN]=oids_to_c.pm
@@ -97,9 +97,6 @@ ENDIF
 
 #----- Conclusion
 
-# TODO(3.0) $COMMON should go to libcommon.a, but this currently leads
-# to linking conflicts, so we add it to libfips.a and libdefault.a for
-# the moment being
 $COMMON= $DER_RSA_COMMON $DER_DIGESTS_GEN $DER_WRAP_GEN
 
 IF[{- !$disabled{dsa} -}]
@@ -112,8 +109,9 @@ IF[{- !$disabled{ec} -}]
 ENDIF
 
 IF[{- !$disabled{sm2} -}]
-  $COMMON = $COMMON $DER_SM2_GEN $DER_SM2_AUX
+  $NONFIPS = $NONFIPS $DER_SM2_GEN $DER_SM2_AUX
 ENDIF
 
-SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE
-SOURCE[../../libdefault.a]=$COMMON $DER_RSA_FIPSABLE
+SOURCE[../../libcommon.a]= $COMMON
+SOURCE[../../libfips.a]= $DER_RSA_FIPSABLE
+SOURCE[../../libdefault.a]= $DER_RSA_FIPSABLE $NONFIPS
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index dd8ae28a44..a127b70ef4 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -316,8 +316,6 @@ b8f2f94daeaf20c636c90e386284c246cfded0c8275411fa02fe68b534520b95  providers/comm
 f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1  providers/common/der/der_ecx_key.c
 3ba47f32b30f5540a34b3a8df7a4fd966aab9abcbb2b643af75a83a9ccda1df0  providers/common/der/der_rsa_key.c
 7e8d579986f53eaf1875d677e5cf4adfd4ccf79db0275368f6cac580ab6007ca  providers/common/der/der_rsa_sig.c
-9c9572d26ec41df0418547352dbdef353ecf9a2a633889dc494084ee9fe6b1d3  providers/common/der/der_sm2_key.c
-390b2b6ba321bddc416688d4a51d9e04db7d84d4f398947d496d043e8fb22a01  providers/common/der/der_sm2_sig.c
 d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/common/digest_to_nid.c
 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143  providers/common/provider_ctx.c
 71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0  providers/common/provider_err.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 642611c889..65860fc8fc 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-90d4616e33b95990f96dd2cb1798cae41e6591d5cb55a4f589307908fa699587  providers/fips-sources.checksums
+685bc28466bcc7a645e423f4994d0f6d33d32368859ffdd9e42c2983934bffbb  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 7be12dc42e..8ea9df0973 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -321,9 +321,6 @@ providers/common/der/der_ecx_key.c
 providers/common/der/der_rsa_gen.c.in
 providers/common/der/der_rsa_key.c
 providers/common/der/der_rsa_sig.c
-providers/common/der/der_sm2_gen.c.in
-providers/common/der/der_sm2_key.c
-providers/common/der/der_sm2_sig.c
 providers/common/der/der_wrap_gen.c.in
 providers/common/digest_to_nid.c
 providers/common/provider_ctx.c
diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info
index 06fe6aa462..537d393261 100644
--- a/providers/implementations/encode_decode/build.info
+++ b/providers/implementations/encode_decode/build.info
@@ -3,12 +3,6 @@
 
 $ENCODER_GOAL=../../libdefault.a
 $DECODER_GOAL=../../libdefault.a
-$RSA_GOAL=../../libdefault.a
-$FFC_GOAL=../../libdefault.a
-$DH_GOAL=../../libdefault.a
-$DSA_GOAL=../../libdefault.a
-$ECX_GOAL=../../libdefault.a
-$EC_GOAL=../../libdefault.a
 
 SOURCE[$ENCODER_GOAL]=endecoder_common.c
 
diff --git a/providers/implementations/signature/build.info b/providers/implementations/signature/build.info
index 539a57e24b..fd3be7f3b9 100644
--- a/providers/implementations/signature/build.info
+++ b/providers/implementations/signature/build.info
@@ -21,10 +21,10 @@ ENDIF
 
 SOURCE[$RSA_GOAL]=rsa_sig.c
 
-DEPEND[rsa.o]=../../common/include/prov/der_rsa.h
-DEPEND[dsa.o]=../../common/include/prov/der_dsa.h
-DEPEND[ecdsa.o]=../../common/include/prov/der_ec.h
-DEPEND[eddsa.o]=../../common/include/prov/der_ecx.h
-DEPEND[sm2sig.o]=../../common/include/prov/der_sm2.h
+DEPEND[rsa_sig.o]=../../common/include/prov/der_rsa.h
+DEPEND[dsa_sig.o]=../../common/include/prov/der_dsa.h
+DEPEND[ecdsa_sig.o]=../../common/include/prov/der_ec.h
+DEPEND[eddsa_sig.o]=../../common/include/prov/der_ecx.h
+DEPEND[sm2_sig.o]=../../common/include/prov/der_sm2.h
 
 SOURCE[$MAC_GOAL]=mac_legacy_sig.c

From dev at ddvo.net  Wed May 12 13:12:17 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Wed, 12 May 2021 13:12:17 +0000
Subject: [openssl]  master update
Message-ID: <1620825137.625008.3923.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8f965908a53b4f0c5a735739e8a273a3a33a976e (commit)
       via  4329f361ce75973ceca9d440e8430580ee515070 (commit)
      from  202cbdd2fc37257870eeb61629d8d4d6709df7f1 (commit)


- Log -----------------------------------------------------------------
commit 8f965908a53b4f0c5a735739e8a273a3a33a976e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 5 00:09:43 2021 +0200

    HTTP client: Minimal changes that include the improved API
    
    This is a minimal version of pull request #15053 including all the
    proposed improvements to the HTTP client API and its documentation
    but only those code adaptations strictly needed for it.
    
    The proposed new features include
    * support for persistent connections (keep-alive),
    * generalization to arbitrary request and response types, and
    * support for streaming BIOs for request and response data.
    
    The related API changes include:
    * Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
      OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
    * Split the timeout functionality accordingly and improve default behavior.
    * Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15147)

commit 4329f361ce75973ceca9d440e8430580ee515070
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri May 7 17:16:48 2021 +0200

    Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()
    
    ASN1_item_d2i_bio(): Do not report errors in queue on BIO input being NULL
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15147)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                      |  18 ++-
 apps/lib/apps.c                 |  33 +++--
 crypto/asn1/a_d2i_fp.c          |   2 +
 crypto/asn1/a_i2d_fp.c          |  18 +++
 crypto/cmp/cmp_http.c           |  30 +++--
 crypto/http/http_client.c       | 243 +++++++++++++++++------------------
 crypto/http/http_local.h        |  15 ---
 crypto/ocsp/ocsp_http.c         |  25 ++--
 crypto/x509/x_all.c             |  14 ++-
 doc/build.info                  |   6 +
 doc/man1/openssl-cmp.pod.in     |  12 +-
 doc/man3/ASN1_item_d2i_bio.pod  |  45 +++++++
 doc/man3/OCSP_sendreq_new.pod   |  46 +++----
 doc/man3/OSSL_HTTP_REQ_CTX.pod  | 157 ++++++++++++++++-------
 doc/man3/OSSL_HTTP_transfer.pod | 272 ++++++++++++++++++++++------------------
 doc/man3/X509_load_http.pod     |   2 +-
 include/crypto/httperr.h        |   2 +-
 include/openssl/asn1.h.in       |   3 +-
 include/openssl/cmp.h.in        |  40 +++---
 include/openssl/http.h          |  81 ++++++------
 include/openssl/httperr.h       |   2 +
 include/openssl/ocsp.h.in       |  30 ++---
 test/cmp_ctx_test.c             |   7 +-
 test/http_test.c                |  38 +++---
 util/libcrypto.num              |  16 ++-
 util/missingcrypto.txt          |   1 -
 util/other.syms                 |   3 +-
 27 files changed, 673 insertions(+), 488 deletions(-)
 create mode 100644 doc/man3/ASN1_item_d2i_bio.pod

diff --git a/CHANGES.md b/CHANGES.md
index 80a7bc7075..e4e33e4e88 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -358,18 +358,20 @@ OpenSSL 3.0
  * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
    OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
    OCSP_REQ_CTX_i2d() and its special form OCSP_REQ_CTX_set1_req(),
-   OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
+   OCSP_REQ_CTX_nbio(),
+   OCSP_REQ_CTX_nbio_d2i() and its special form OCSP_sendreq_nbio(),
    OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length().  These
    were used to collect all necessary data to form a HTTP request, and to
    perform the HTTP transfer with that request.  With OpenSSL 3.0, the
    type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
    with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(),
    OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(),
-   OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(),
-   OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and
+   OSSL_HTTP_REQ_CTX_set1_req(),
+   OSSL_HTTP_REQ_CTX_nbio(), OSSL_HTTP_REQ_CTX_nbio_d2i(),
+   OSSL_HTTP_REQ_CTX_get0_mem_bio(), and
    OSSL_HTTP_REQ_CTX_set_max_response_length().
 
-   *Rich Salz and Richard Levitte*
+   *Rich Salz, Richard Levitte, and David von Oheimb*
 
  * Deprecated `X509_http_nbio()` and `X509_CRL_http_nbio()`,
    which are superseded by `X509_load_http()` and `X509_CRL_load_http()`.
@@ -812,8 +814,12 @@ OpenSSL 3.0
    *David von Oheimb, Martin Peylo*
 
  * Generalized the HTTP client code from `crypto/ocsp/` into `crpyto/http/`.
-   The legacy OCSP-focused and only partly documented API is retained for
-   backward compatibility. See L<OSSL_CMP_MSG_http_perform(3)> etc. for details.
+   It supports arbitrary request and response content types, GET redirection,
+   TLS, connections via HTTP(S) proxies, connections and exchange via
+   user-defined BIOs (allowing implicit connections), persistent connections,
+   and timeout checks.  See L<OSSL_HTTP_transfer(3)> etc. for details.
+   The legacy OCSP-focused (and only partly documented) API
+   is retained for backward compatibility, while most of it is deprecated.
 
    *David von Oheimb*
 
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index f0a9ffc93a..67e089bcd4 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2479,6 +2479,7 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
     char *server;
     char *port;
     int use_ssl;
+    BIO *mem;
     ASN1_VALUE *resp = NULL;
 
     if (url == NULL || it == NULL) {
@@ -2500,10 +2501,13 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
     info.use_proxy = proxy != NULL;
     info.timeout = timeout;
     info.ssl_ctx = ssl_ctx;
-    resp = OSSL_HTTP_get_asn1(url, proxy, no_proxy,
-                              NULL, NULL, app_http_tls_cb, &info,
-                              headers, 0 /* maxline */, 0 /* max_resp_len */,
-                              timeout, expected_content_type, it);
+    mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
+                        app_http_tls_cb, &info, 0 /* buf_size */, headers,
+                        expected_content_type, 1 /* expect_asn1 */,
+                        HTTP_DEFAULT_MAX_RESP_LEN, timeout);
+    resp = ASN1_item_d2i_bio(it, mem, NULL);
+    BIO_free(mem);
+
  end:
     OPENSSL_free(server);
     OPENSSL_free(port);
@@ -2520,18 +2524,27 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
                                long timeout, const ASN1_ITEM *rsp_it)
 {
     APP_HTTP_TLS_INFO info;
+    BIO *rsp, *req_mem = ASN1_item_i2d_mem_bio(req_it, req);
+    ASN1_VALUE *res;
 
+    if (req_mem == NULL)
+        return NULL;
     info.server = host;
     info.port = port;
     info.use_proxy = proxy != NULL;
     info.timeout = timeout;
     info.ssl_ctx = ssl_ctx;
-    return OSSL_HTTP_post_asn1(host, port, path, ssl_ctx != NULL,
-                               proxy, no_proxy,
-                               NULL, NULL, app_http_tls_cb, &info,
-                               headers, content_type, req, req_it,
-                               0 /* maxline */,
-                               0 /* max_resp_len */, timeout, NULL, rsp_it);
+    rsp = OSSL_HTTP_transfer(NULL, host, port, path, ssl_ctx != NULL,
+                             proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
+                             app_http_tls_cb, &info,
+                             0 /* buf_size */, headers, content_type, req_mem,
+                             NULL /* expected_ct */, 1 /* expect_asn1 */,
+                             HTTP_DEFAULT_MAX_RESP_LEN, timeout,
+                             0 /* keep_alive */);
+    BIO_free(req_mem);
+    res = ASN1_item_d2i_bio(rsp_it, rsp, NULL);
+    BIO_free(rsp);
+    return res;
 }
 
 #endif
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index b6faa0f2ae..2c7acb34e0 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -62,6 +62,8 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
     void *ret = NULL;
     int len;
 
+    if (in == NULL)
+        return NULL;
     len = asn1_d2i_read_bio(in, &b);
     if (len < 0)
         goto err;
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
index efc839e615..482ee627b1 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -109,3 +109,21 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x)
     OPENSSL_free(b);
     return ret;
 }
+
+BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val)
+{
+    BIO *res;
+
+    if (it == NULL || val == NULL) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if ((res = BIO_new(BIO_s_mem())) == NULL)
+        return NULL;
+    if (ASN1_item_i2d_bio(it, res, val) <= 0) {
+        BIO_free(res);
+        res = NULL;
+    }
+    return res;
+}
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c
index 215c47c7c5..a358622feb 100644
--- a/crypto/cmp/cmp_http.c
+++ b/crypto/cmp/cmp_http.c
@@ -37,9 +37,11 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
 {
     char server_port[32] = { '\0' };
     STACK_OF(CONF_VALUE) *headers = NULL;
-    const char *const content_type_pkix = "application/pkixcmp";
+    const char content_type_pkix[] = "application/pkixcmp";
     int tls_used;
-    OSSL_CMP_MSG *res;
+    const ASN1_ITEM *it = ASN1_ITEM_rptr(OSSL_CMP_MSG);
+    BIO *req_mem, *rsp;
+    OSSL_CMP_MSG *res = NULL;
 
     if (ctx == NULL || req == NULL) {
         ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
@@ -48,6 +50,8 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
 
     if (!X509V3_add_value("Pragma", "no-cache", &headers))
         return NULL;
+    if ((req_mem = ASN1_item_i2d_mem_bio(it, (const ASN1_VALUE *)req)) == NULL)
+        goto err;
 
     if (ctx->serverPort != 0)
         BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort);
@@ -55,15 +59,21 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
     tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL;
     ossl_cmp_log2(DEBUG, ctx, "connecting to CMP server %s%s",
                   ctx->server, tls_used ? " using TLS" : "");
-    res = (OSSL_CMP_MSG *)
-        OSSL_HTTP_post_asn1(ctx->server, server_port, ctx->serverPath,
-                            tls_used, ctx->proxy, ctx->no_proxy, NULL, NULL,
-                            ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx),
-                            headers, content_type_pkix, (const ASN1_VALUE *)req,
-                            ASN1_ITEM_rptr(OSSL_CMP_MSG),
-                            0, 0, ctx->msg_timeout, content_type_pkix,
-                            ASN1_ITEM_rptr(OSSL_CMP_MSG));
+    rsp = OSSL_HTTP_transfer(NULL, ctx->server, server_port,
+                             ctx->serverPath, tls_used,
+                             ctx->proxy, ctx->no_proxy,
+                             NULL /* bio */, NULL /* rbio */,
+                             ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx),
+                             0 /* buf_size */, headers,
+                             content_type_pkix, req_mem,
+                             content_type_pkix, 1 /* expect_asn1 */,
+                             HTTP_DEFAULT_MAX_RESP_LEN,
+                             ctx->msg_timeout, 0 /* keep_alive */);
+    BIO_free(req_mem);
+    res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL);
+    BIO_free(rsp);
     ossl_cmp_debug(ctx, "disconnected from CMP server");
+ err:
     sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
     return res;
 }
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index bf2e3b54c7..c32b352137 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -48,12 +48,14 @@ struct ossl_http_req_ctx_st {
     BIO *rbio;                  /* BIO to read response from */
     BIO *mem;                   /* Memory BIO response is built into */
     int method_POST;            /* HTTP method is "POST" (else "GET") */
-    const char *expected_ct;    /* expected Content-Type, or NULL */
+    char *expected_ct;          /* expected Content-Type, or NULL */
     int expect_asn1;            /* response must be ASN.1-encoded */
     long len_to_send;           /* number of bytes in request still to send */
     unsigned long resp_len;     /* length of response */
     unsigned long max_resp_len; /* Maximum length of response */
-    time_t max_time;            /* Maximum end time of the transfer, or 0 */
+    int keep_alive;             /* Persistent conn. 0=no, 1=prefer, 2=require */
+    time_t max_time;            /* Maximum end time of current transfer, or 0 */
+    time_t max_total_time;      /* Maximum end time of total transfer, or 0 */
     char *redirection_url;      /* Location given with HTTP status 301/302 */
 };
 
@@ -72,10 +74,7 @@ struct ossl_http_req_ctx_st {
 #define OHS_DONE           (8 | OHS_NOREAD) /* Completed */
 #define OHS_HTTP_HEADER    (9 | OHS_NOREAD) /* Headers set, w/o final \r\n */
 
-OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
-                                         int maxline, unsigned long max_resp_len,
-                                         int timeout, const char *expected_ct,
-                                         int expect_asn1)
+OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int maxline)
 {
     OSSL_HTTP_REQ_CTX *rctx;
 
@@ -95,11 +94,8 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
         OPENSSL_free(rctx);
         return NULL;
     }
-    rctx->expected_ct = expected_ct;
-    rctx->expect_asn1 = expect_asn1;
     rctx->resp_len = 0;
-    OSSL_HTTP_REQ_CTX_set_max_response_length(rctx, max_resp_len);
-    rctx->max_time = timeout > 0 ? time(NULL) + timeout : 0;
+    rctx->max_resp_len = HTTP_DEFAULT_MAX_RESP_LEN;
     /* everything else is 0, e.g. rctx->len_to_send, or NULL, e.g. rctx->mem  */
     return rctx;
 }
@@ -110,6 +106,7 @@ void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx)
         return;
     BIO_free(rctx->mem); /* this may indirectly call ERR_clear_error() */
     OPENSSL_free(rctx->readbuf);
+    OPENSSL_free(rctx->expected_ct);
     OPENSSL_free(rctx);
 }
 
@@ -122,6 +119,15 @@ BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx)
     return rctx->mem;
 }
 
+size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx)
+{
+    if (rctx == NULL) {
+        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    return rctx->resp_len;
+}
+
 void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
                                                unsigned long len)
 {
@@ -201,6 +207,36 @@ int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
     return 1;
 }
 
+int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx,
+                                   const char *content_type, int asn1,
+                                   int timeout, int keep_alive)
+{
+    if (rctx == NULL) {
+        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (keep_alive != 0
+            && rctx->state != OHS_ERROR && rctx->state != OHS_HEADERS) {
+        /* Cannot anymore set keep-alive in request header */
+        ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    OPENSSL_free(rctx->expected_ct);
+    rctx->expected_ct = NULL;
+    if (content_type != NULL
+            && (rctx->expected_ct = OPENSSL_strdup(content_type)) == NULL)
+        return 0;
+
+    rctx->expect_asn1 = asn1;
+    if (timeout >= 0)
+        rctx->max_time = timeout > 0 ? time(NULL) + timeout : 0;
+    else
+        rctx->max_time = rctx->max_total_time;
+    rctx->keep_alive = keep_alive;
+    return 1;
+}
+
 static int ossl_http_req_ctx_set_content(OSSL_HTTP_REQ_CTX *rctx,
                                          const char *content_type, BIO *req_mem)
 {
@@ -228,26 +264,8 @@ static int ossl_http_req_ctx_set_content(OSSL_HTTP_REQ_CTX *rctx,
         && BIO_write(rctx->mem, req, req_len) == (int)req_len;
 }
 
-BIO *ossl_http_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val)
-{
-    BIO *res;
-
-    if (it == NULL || val == NULL) {
-        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-
-    if ((res = BIO_new(BIO_s_mem())) == NULL)
-        return NULL;
-    if (ASN1_item_i2d_bio(it, res, val) <= 0) {
-        BIO_free(res);
-        res = NULL;
-    }
-    return res;
-}
-
 int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
-                               const ASN1_ITEM *it, ASN1_VALUE *req)
+                               const ASN1_ITEM *it, const ASN1_VALUE *req)
 {
     BIO *mem;
     int res;
@@ -257,7 +275,7 @@ int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type
         return 0;
     }
 
-    res = (mem = ossl_http_asn1_item2bio(it, req)) != NULL
+    res = (mem = ASN1_item_i2d_mem_bio(it, req)) != NULL
         && ossl_http_req_ctx_set_content(rctx, content_type, mem);
     BIO_free(mem);
     return res;
@@ -289,14 +307,13 @@ static int OSSL_HTTP_REQ_CTX_add1_headers(OSSL_HTTP_REQ_CTX *rctx,
  * If !use_http_proxy then the 'server' and 'port' parameters are ignored.
  * If req_mem == NULL then use GET and ignore content_type, else POST.
  */
-OSSL_HTTP_REQ_CTX
+static OSSL_HTTP_REQ_CTX
 *ossl_http_req_ctx_new(BIO *wbio, BIO *rbio, int use_http_proxy,
                        const char *server, const char *port,
                        const char *path,
                        const STACK_OF(CONF_VALUE) *headers,
                        const char *content_type, BIO *req_mem,
-                       int maxline, unsigned long max_resp_len,
-                       int timeout,
+                       int maxline, int timeout,
                        const char *expected_ct, int expect_asn1)
 {
     OSSL_HTTP_REQ_CTX *rctx;
@@ -307,14 +324,14 @@ OSSL_HTTP_REQ_CTX
     }
     /* remaining parameters are checked indirectly by the functions called */
 
-    if ((rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, maxline, max_resp_len, timeout,
-                                      expected_ct, expect_asn1))
+    if ((rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, maxline))
         == NULL)
         return NULL;
-
     if (OSSL_HTTP_REQ_CTX_set_request_line(rctx, req_mem != NULL,
                                            use_http_proxy ? server : NULL, port,
                                            path)
+        && OSSL_HTTP_REQ_CTX_set_expected(rctx, expected_ct, expect_asn1,
+                                          timeout, 0)
         && OSSL_HTTP_REQ_CTX_add1_headers(rctx, headers, server)
         && (req_mem == NULL
             || ossl_http_req_ctx_set_content(rctx, content_type, req_mem)))
@@ -588,6 +605,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
                                    rctx->expected_ct, value);
                     return 0;
                 }
+                OPENSSL_free(rctx->expected_ct);
                 rctx->expected_ct = NULL; /* content-type has been found */
             }
             if (strcasecmp(key, "Content-Length") == 0) {
@@ -688,6 +706,20 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
     }
 }
 
+int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx,
+                               ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    const unsigned char *p;
+    int rv;
+
+    *pval = NULL;
+    if ((rv = OSSL_HTTP_REQ_CTX_nbio(rctx)) != 1)
+        return rv;
+    *pval = ASN1_item_d2i(NULL, &p, BIO_get_mem_data(rctx->mem, &p), it);
+    return *pval != NULL;
+
+}
+
 #ifndef OPENSSL_NO_SOCK
 
 /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */
@@ -723,20 +755,12 @@ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */,
 }
 #endif /* OPENSSL_NO_SOCK */
 
-static ASN1_VALUE *BIO_mem_d2i(BIO *mem, const ASN1_ITEM *it)
+int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx)
 {
-    const unsigned char *p;
-    ASN1_VALUE *resp;
-
-    if (mem == NULL)
-        return NULL;
-
-    if ((resp = ASN1_item_d2i(NULL, &p, BIO_get_mem_data(mem, &p), it)) == NULL)
-        ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR);
-    return resp;
+    return rctx != NULL && rctx->keep_alive != 0;
 }
 
-static BIO *ossl_http_req_ctx_transfer(OSSL_HTTP_REQ_CTX *rctx)
+BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx)
 {
     int rv;
 
@@ -767,17 +791,6 @@ static BIO *ossl_http_req_ctx_transfer(OSSL_HTTP_REQ_CTX *rctx)
     return rctx->mem;
 }
 
-/* Exchange ASN.1-encoded request and response via HTTP on (non-)blocking BIO */
-ASN1_VALUE *OSSL_HTTP_REQ_CTX_sendreq_d2i(OSSL_HTTP_REQ_CTX *rctx,
-                                          const ASN1_ITEM *it)
-{
-    if (rctx == NULL || it == NULL) {
-        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    return BIO_mem_d2i(ossl_http_req_ctx_transfer(rctx), it);
-}
-
 static int update_timeout(int timeout, time_t start_time)
 {
     long elapsed_time;
@@ -788,6 +801,15 @@ static int update_timeout(int timeout, time_t start_time)
     return timeout <= elapsed_time ? -1 : timeout - elapsed_time;
 }
 
+OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
+                                  const char *proxy, const char *no_proxy,
+                                  int use_ssl, BIO *bio, BIO *rbio,
+                                  OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                  int buf_size, int overall_timeout)
+{
+    return NULL; /* TODO(3.0) expand */
+}
+
 /*-
  * Exchange HTTP request and response with the given server.
  * If req_mem == NULL then use GET and ignore content_type, else POST.
@@ -815,16 +837,31 @@ static int update_timeout(int timeout, time_t start_time)
  * The function should return NULL to indicate failure.
  * After disconnect the modified BIO will be deallocated using BIO_free_all().
  */
-BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
+int OSSL_HTTP_set_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
+                          const STACK_OF(CONF_VALUE) *headers,
+                          const char *content_type, BIO *req,
+                          const char *expected_content_type, int expect_asn1,
+                          size_t max_resp_len, int timeout, int keep_alive)
+{
+    return 0; /* TODO(3.0) expand */
+}
+
+BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url)
+{
+    return NULL; /* TODO(3.0) expand */
+}
+
+BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
+                        const char *server, const char *port, const char *path,
                         int use_ssl, const char *proxy, const char *no_proxy,
                         BIO *bio, BIO *rbio,
                         OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                        const STACK_OF(CONF_VALUE) *headers,
+                        int maxline, const STACK_OF(CONF_VALUE) *headers,
                         const char *content_type, BIO *req_mem,
-                        int maxline, unsigned long max_resp_len, int timeout,
                         const char *expected_ct, int expect_asn1,
-                        char **redirection_url)
+                        size_t max_resp_len, int timeout, int keep_alive)
 {
+    char **redirection_url = (char **)prctx; /* TODO(3.0) fix when API approved */
     time_t start_time = timeout > 0 ? time(NULL) : 0;
     BIO *cbio; /* = bio if present, used as connection BIO if rbio is NULL */
     OSSL_HTTP_REQ_CTX *rctx;
@@ -892,12 +929,12 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
     rctx = ossl_http_req_ctx_new(cbio, rbio != NULL ? rbio : cbio,
                                  !use_ssl && proxy != NULL, server, port, path,
                                  headers, content_type, req_mem, maxline,
-                                 max_resp_len, update_timeout(timeout, start_time),
+                                 update_timeout(timeout, start_time),
                                  expected_ct, expect_asn1);
     if (rctx == NULL)
         goto end;
 
-    resp = ossl_http_req_ctx_transfer(rctx);
+    resp = OSSL_HTTP_REQ_CTX_exchange(rctx);
     if (resp == NULL) {
         if (rctx->redirection_url != NULL) {
             if (redirection_url == NULL)
@@ -981,12 +1018,12 @@ static int redirection_ok(int n_redir, const char *old_url, const char *new_url)
 BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                    BIO *bio, BIO *rbio,
                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                   const STACK_OF(CONF_VALUE) *headers,
-                   int maxline, unsigned long max_resp_len, int timeout,
-                   const char *expected_ct, int expect_asn1)
+                   int maxline, const STACK_OF(CONF_VALUE) *headers,
+                   const char *expected_ct, int expect_asn1,
+                   unsigned long max_resp_len, int timeout)
 {
     time_t start_time = timeout > 0 ? time(NULL) : 0;
-    char *current_url, *redirection_url;
+    char *current_url, *redirection_url = NULL;
     int n_redirs = 0;
     char *host;
     char *port;
@@ -1007,13 +1044,13 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
             break;
 
      new_rpath:
-        resp = OSSL_HTTP_transfer(host, port, path, use_ssl, proxy, no_proxy,
+        resp = OSSL_HTTP_transfer((OSSL_HTTP_REQ_CTX **)&redirection_url, /* TODO(3.0) fix when API approved */
+                                  host, port, path, use_ssl, proxy, no_proxy,
                                   bio, rbio,
-                                  bio_update_fn, arg, headers, NULL, NULL,
-                                  maxline, max_resp_len,
-                                  update_timeout(timeout, start_time),
+                                  bio_update_fn, arg, maxline, headers, NULL, NULL,
                                   expected_ct, expect_asn1,
-                                  &redirection_url);
+                                  max_resp_len,
+                                  update_timeout(timeout, start_time), 0);
         OPENSSL_free(path);
         if (resp == NULL && redirection_url != NULL) {
             if (redirection_ok(++n_redirs, current_url, redirection_url)) {
@@ -1038,65 +1075,9 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
     return resp;
 }
 
-/* Get ASN.1-encoded data via HTTP from server at given URL */
-ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
-                               const char *proxy, const char *no_proxy,
-                               BIO *bio, BIO *rbio,
-                               OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                               const STACK_OF(CONF_VALUE) *headers,
-                               int maxline, unsigned long max_resp_len,
-                               int timeout, const char *expected_ct,
-                               const ASN1_ITEM *rsp_it)
+int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok)
 {
-    BIO *mem;
-    ASN1_VALUE *resp = NULL;
-
-    if (url == NULL || rsp_it == NULL) {
-        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    mem = OSSL_HTTP_get(url, proxy, no_proxy, bio, rbio, bio_update_fn,
-                        arg, headers, maxline, max_resp_len, timeout,
-                        expected_ct, 1 /* expect_asn1 */);
-    resp = BIO_mem_d2i(mem /* may be NULL */, rsp_it);
-    BIO_free(mem);
-    return resp;
-}
-
-/* Post ASN.1-encoded request via HTTP to server return ASN.1 response */
-ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
-                                const char *path, int use_ssl,
-                                const char *proxy, const char *no_proxy,
-                                BIO *bio, BIO *rbio,
-                                OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                                const STACK_OF(CONF_VALUE) *headers,
-                                const char *content_type,
-                                const ASN1_VALUE *req, const ASN1_ITEM *req_it,
-                                int maxline, unsigned long max_resp_len,
-                                int timeout, const char *expected_ct,
-                                const ASN1_ITEM *rsp_it)
-{
-    BIO *req_mem;
-    BIO *res_mem;
-    ASN1_VALUE *resp = NULL;
-
-    if (req == NULL) {
-        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    /* remaining parameters are checked indirectly */
-
-    req_mem = ossl_http_asn1_item2bio(req_it, req);
-    res_mem = OSSL_HTTP_transfer(server, port, path, use_ssl, proxy, no_proxy,
-                                 bio, rbio,
-                                 bio_update_fn, arg, headers, content_type,
-                                 req_mem /* may be NULL */, maxline,
-                                 max_resp_len, timeout,
-                                 expected_ct, 1 /* expect_asn1 */, NULL);
-    BIO_free(req_mem);
-    resp = BIO_mem_d2i(res_mem /* may be NULL */, rsp_it);
-    BIO_free(res_mem);
-    return resp;
+    return 0; /* TODO(3.0) expand */
 }
 
 /* BASE64 encoder used for encoding basic proxy authentication credentials */
diff --git a/crypto/http/http_local.h b/crypto/http/http_local.h
index 3164f62a77..16f7f7c8a5 100644
--- a/crypto/http/http_local.h
+++ b/crypto/http/http_local.h
@@ -11,21 +11,6 @@
 #ifndef OSSL_CRYPTO_HTTP_LOCAL_H
 # define OSSL_CRYPTO_HTTP_LOCAL_H
 
-# include <openssl/ocsp.h>
-
-BIO *ossl_http_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
-
-OSSL_HTTP_REQ_CTX
-*ossl_http_req_ctx_new(BIO *wbio, BIO *rbio, int use_http_proxy,
-                       const char *server, const char *port,
-                       const char *path,
-                       const STACK_OF(CONF_VALUE) *headers,
-                       const char *content_type, BIO *req_mem,
-                       int maxline, unsigned long max_resp_len,
-                       int timeout,
-                       const char *expected_content_type,
-                       int expect_asn1);
-
 int ossl_http_use_proxy(const char *no_proxy, const char *server);
 const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
                                   const char *server, int use_ssl);
diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c
index 7a3c19c860..8cf816e53f 100644
--- a/crypto/ocsp/ocsp_http.c
+++ b/crypto/ocsp/ocsp_http.c
@@ -16,17 +16,18 @@
 OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
                                     const OCSP_REQUEST *req, int maxline)
 {
-    OSSL_HTTP_REQ_CTX *rctx = NULL;
+    OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(io, io, maxline);
 
-    if ((rctx = OSSL_HTTP_REQ_CTX_new(io, io,
-                                      maxline, 0 /* default max_resp_len */,
-                                      0 /* no timeout, blocking indefinitely */,
-                                      NULL, 1 /* expect_asn1 */)) == NULL)
+    if (rctx == NULL)
         return NULL;
 
     if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */, NULL, NULL, path))
         goto err;
 
+    if (!OSSL_HTTP_REQ_CTX_set_expected(rctx,
+                                        NULL /* content_type */, 1 /* asn1 */,
+                                        0 /* timeout */, 0 /* keep_alive */))
+        goto err;
     if (req != NULL
         && !OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request",
                                        ASN1_ITEM_rptr(OCSP_REQUEST),
@@ -40,23 +41,19 @@ OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
     return NULL;
 }
 
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx)
-{
-    *presp = (OCSP_RESPONSE *)
-        OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(OCSP_RESPONSE));
-    return *presp != NULL;
-}
-
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
 {
     OCSP_RESPONSE *resp = NULL;
     OSSL_HTTP_REQ_CTX *ctx;
+    BIO *mem;
 
     ctx = OCSP_sendreq_new(b, path, req, -1 /* default max resp line length */);
     if (ctx == NULL)
         return NULL;
-
-    OCSP_sendreq_nbio(&resp, ctx);
+    mem = OSSL_HTTP_REQ_CTX_exchange(ctx);
+    resp = (OCSP_RESPONSE *)
+        ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE), mem, NULL);
+    BIO_free(mem);
 
     /* this indirectly calls ERR_clear_error(): */
     OSSL_HTTP_REQ_CTX_free(ctx);
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 9733597d37..1bd47ce654 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -75,11 +75,15 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
 static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
                                    int timeout, const ASN1_ITEM *it)
 {
-    return OSSL_HTTP_get_asn1(url, NULL, NULL /* no proxy used */, bio,
-                              rbio, NULL /* no callback for SSL/TLS */, NULL,
-                              NULL /* headers */, 1024 /* maxline */,
-                              0 /* max_resp_len */, timeout,
-                              NULL /* expected_content_type */, it);
+    BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
+                             bio, rbio, NULL /* cb */ , NULL /* arg */,
+                             1024 /* buf_size */, NULL /* headers */,
+                             NULL /* expected_ct */, 1 /* expect_asn1 */,
+                             HTTP_DEFAULT_MAX_RESP_LEN, timeout);
+    ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
+
+    BIO_free(mem);
+    return res;
 }
 
 X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
diff --git a/doc/build.info b/doc/build.info
index ec3baa2373..af0e0e0539 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -514,6 +514,10 @@ DEPEND[html/man3/ASN1_generate_nconf.html]=man3/ASN1_generate_nconf.pod
 GENERATE[html/man3/ASN1_generate_nconf.html]=man3/ASN1_generate_nconf.pod
 DEPEND[man/man3/ASN1_generate_nconf.3]=man3/ASN1_generate_nconf.pod
 GENERATE[man/man3/ASN1_generate_nconf.3]=man3/ASN1_generate_nconf.pod
+DEPEND[html/man3/ASN1_item_d2i_bio.html]=man3/ASN1_item_d2i_bio.pod
+GENERATE[html/man3/ASN1_item_d2i_bio.html]=man3/ASN1_item_d2i_bio.pod
+DEPEND[man/man3/ASN1_item_d2i_bio.3]=man3/ASN1_item_d2i_bio.pod
+GENERATE[man/man3/ASN1_item_d2i_bio.3]=man3/ASN1_item_d2i_bio.pod
 DEPEND[html/man3/ASN1_item_sign.html]=man3/ASN1_item_sign.pod
 GENERATE[html/man3/ASN1_item_sign.html]=man3/ASN1_item_sign.pod
 DEPEND[man/man3/ASN1_item_sign.3]=man3/ASN1_item_sign.pod
@@ -2826,6 +2830,7 @@ html/man3/ASN1_STRING_print_ex.html \
 html/man3/ASN1_TIME_set.html \
 html/man3/ASN1_TYPE_get.html \
 html/man3/ASN1_generate_nconf.html \
+html/man3/ASN1_item_d2i_bio.html \
 html/man3/ASN1_item_sign.html \
 html/man3/ASYNC_WAIT_CTX_new.html \
 html/man3/ASYNC_start_job.html \
@@ -3413,6 +3418,7 @@ man/man3/ASN1_STRING_print_ex.3 \
 man/man3/ASN1_TIME_set.3 \
 man/man3/ASN1_TYPE_get.3 \
 man/man3/ASN1_generate_nconf.3 \
+man/man3/ASN1_item_d2i_bio.3 \
 man/man3/ASN1_item_sign.3 \
 man/man3/ASYNC_WAIT_CTX_new.3 \
 man/man3/ASYNC_start_job.3 \
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 28ea4ee6a5..49105ca315 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -52,6 +52,7 @@ Message transfer options:
 [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
 [B<-no_proxy> I<addresses>]
 [B<-recipient> I<name>]
+[B<-keep_alive> I<value>]
 [B<-msg_timeout> I<seconds>]
 [B<-total_timeout> I<seconds>]
 
@@ -488,11 +489,20 @@ as far as any of those is present, else the NULL-DN as last resort.
 The argument must be formatted as I</type0=value0/type1=value1/type2=...>.
 For details see the description of the B<-subject> option.
 
+=item B<-keep_alive> I<value>
+
+If the given value is 0 then HTTP connections are not kept open
+after receiving a response, which is the default behavior for HTTP 1.0.
+If the value is 1 or 2 then persistent connections are requested.
+If the value is 2 then persistent connections are required,
+i.e., in case the server does not grant them an error occurs.
+The default value is 1, which means preferring to keep the connection open.
+
 =item B<-msg_timeout> I<seconds>
 
 Number of seconds (or 0 for infinite) a CMP request-response message round trip
 is allowed to take before a timeout error is returned.
-Default is 120.
+Default is to use the B<-total_timeout> setting.
 
 =item B<-total_timeout> I<seconds>
 
diff --git a/doc/man3/ASN1_item_d2i_bio.pod b/doc/man3/ASN1_item_d2i_bio.pod
new file mode 100644
index 0000000000..bd3c9b06c2
--- /dev/null
+++ b/doc/man3/ASN1_item_d2i_bio.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+ASN1_item_d2i_bio,
+ASN1_item_i2d_mem_bio
+- decode and encode DER-encoded ASN.1 structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval);
+ BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
+
+=head1 DESCRIPTION
+
+ASN1_item_d2i_bio() decodes the contents of its input BIO I<in>,
+which must be a DER-encoded ASN.1 structure, using the ASN.1 template I<it>
+and places the result in I<*pval> unless I<pval> is NULL.
+If I<in> is NULL it returns NULL, else a pointer to the parsed structure.
+
+ASN1_item_i2d_mem_bio() encodes the given ASN.1 value I<val>
+using the ASN.1 template I<it> and returns the result in a memory BIO.
+
+=head1 RETURN VALUES
+
+ASN1_item_d2i_bio() returns a pointer to an B<ASN1_VALUE> or NULL.
+
+ASN1_item_i2d_mem_bio() returns a pointer to a memory BIO or NULL on error.
+
+=head1 HISTORY
+
+ASN1_item_i2d_mem_bio() was added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod
index 10c6131f86..51469661de 100644
--- a/doc/man3/OCSP_sendreq_new.pod
+++ b/doc/man3/OCSP_sendreq_new.pod
@@ -18,10 +18,7 @@ OCSP_REQ_CTX_set1_req
  #include <openssl/ocsp.h>
 
  OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
-                                     const OCSP_REQUEST *req, int maxline);
-
- int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
-
+                                     const OCSP_REQUEST *req, int buf_size);
  OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
 
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
@@ -29,12 +26,12 @@ B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
 
  typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
+ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
  int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req);
  int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx,
                               const char *name, const char *value);
  void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
- void OCSP_set_max_response_length(OCSP_REQ_CT *rctx,
-                                   unsigned long len);
+ void OCSP_set_max_response_length(OCSP_REQ_CT *rctx, unsigned long len);
  int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
 
 =head1 DESCRIPTION
@@ -42,28 +39,32 @@ L<openssl_user_macros(7)>:
 These functions perform an OCSP POST request / response transfer over HTTP,
 using the HTTP request functions described in L<OSSL_HTTP_REQ_CTX(3)>.
 
-The function OCSP_sendreq_new() builds a complete B<OSSL_HTTP_REQ_CTX>
-structure using connection B<BIO> I<io>, the URL path I<path>, the OCSP
-request I<req>, and with a response header maximum line length of I<maxline>.
-If I<maxline> is zero a default value of 4k is used.
+The function OCSP_sendreq_new() builds a complete B<OSSL_HTTP_REQ_CTX> structure
+with the B<BIO> I<io> to be used for requests and reponse, the URL path I<path>,
+optionally the OCSP request I<req>, and a response header maximum line length
+of I<buf_size>. If I<buf_size> is zero a default value of 4KiB is used.
 The I<req> may be set to NULL and provided later using OCSP_REQ_CTX_set1_req()
-or L<OSSL_HTTP_REQ_CTX_set1_req(3)> .
-
+or L<OSSL_HTTP_REQ_CTX_set1_req(3)>.
 The I<io> and I<path> arguments to OCSP_sendreq_new() correspond to the
 components of the URL.
 For example if the responder URL is C<http://example.com/ocspreq> the BIO
-I<io> should be connected to host C<example.com> on port 80 and I<path>
+I<io> should haven been connected to host C<example.com> on port 80 and I<path>
 should be set to C</ocspreq>.
 
-OCSP_sendreq_nbio() performs I/O on the OCSP request context I<rctx>.
-When the operation is complete it assigns the response, a pointer to a
-B<OCSP_RESPONSE> structure, in I<*presp>.
-
-OCSP_sendreq_bio() is the same as a call to OCSP_sendreq_new() followed by
-OCSP_sendreq_nbio() and then OCSP_REQ_CTX_free() in a single call, with a
+OCSP_sendreq_nbio() attempts to send the request prepared in I<rctx>
+and to gather the response via HTTP, using the BIO I<io> and I<path>
+that were given when calling OCSP_sendreq_new().
+If the operation gets completed it assigns the response,
+a pointer to a B<OCSP_RESPONSE> structure, in I<*presp>.
+The function may need to be called again if its result is -1, which indicates
+L<BIO_should_retry(3)>.  In such a case it is advisable to sleep a little in
+between, using L<BIO_wait(3)> on the read BIO to prevent a busy loop.
+
+OCSP_sendreq_bio() combines OCSP_sendreq_new() with as many calls of
+OCSP_sendreq_nbio() as needed and then OCSP_REQ_CTX_free(), with a
 response header maximum line length 4k. It waits indefinitely on a response.
 It does not support setting a timeout or adding headers and is retained
-for compatibility; use OCSP_sendreq_nbio() instead.
+for compatibility; use L<OSSL_HTTP_transfer(3)> instead.
 
 OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following:
 
@@ -88,15 +89,14 @@ L<OSSL_HTTP_REQ_CTX_set_max_response_length(3)>.
 OCSP_sendreq_new() returns a valid B<OSSL_HTTP_REQ_CTX> structure or NULL
 if an error occurred.
 
-OCSP_sendreq_nbio(), OCSP_REQ_CTX_i2d(), and OCSP_REQ_CTX_set1_req()
-return 1 for success and 0 for failure.
+OCSP_sendreq_nbio() returns 1 for success, 0 on error, -1 if retry is needed.
 
 OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
 responder or NULL if an error occurred.
 
 =head1 SEE ALSO
 
-L<OSSL_HTTP_REQ_CTX(3)>
+L<OSSL_HTTP_REQ_CTX(3)>, L<OSSL_HTTP_transfer(3)>,
 L<OCSP_cert_to_id(3)>,
 L<OCSP_request_add1_nonce(3)>,
 L<OCSP_REQUEST_new(3)>,
diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod
index 8e928f19fa..a09b9b81a9 100644
--- a/doc/man3/OSSL_HTTP_REQ_CTX.pod
+++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod
@@ -7,11 +7,15 @@ OSSL_HTTP_REQ_CTX_new,
 OSSL_HTTP_REQ_CTX_free,
 OSSL_HTTP_REQ_CTX_set_request_line,
 OSSL_HTTP_REQ_CTX_add1_header,
+OSSL_HTTP_REQ_CTX_set_expected,
 OSSL_HTTP_REQ_CTX_set1_req,
 OSSL_HTTP_REQ_CTX_nbio,
-OSSL_HTTP_REQ_CTX_sendreq_d2i,
+OSSL_HTTP_REQ_CTX_nbio_d2i,
+OSSL_HTTP_REQ_CTX_exchange,
 OSSL_HTTP_REQ_CTX_get0_mem_bio,
-OSSL_HTTP_REQ_CTX_set_max_response_length
+OSSL_HTTP_REQ_CTX_get_resp_len,
+OSSL_HTTP_REQ_CTX_set_max_response_length,
+OSSL_HTTP_is_alive
 - HTTP client low-level functions
 
 =head1 SYNOPSIS
@@ -20,11 +24,7 @@ OSSL_HTTP_REQ_CTX_set_max_response_length
 
  typedef struct ossl_http_req_ctx_st OSSL_HTTP_REQ_CTX;
 
- OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
-                                          int maxline, unsigned long max_resp_len,
-                                          int timeout,
-                                          const char *expected_content_type,
-                                          int expect_asn1);
+ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size);
  void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
 
  int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
@@ -33,42 +33,41 @@ OSSL_HTTP_REQ_CTX_set_max_response_length
  int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
                                    const char *name, const char *value);
 
+ int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx,
+                                    const char *content_type, int asn1,
+                                    int timeout, int keep_alive);
  int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
-                                const ASN1_ITEM *it, ASN1_VALUE *req);
+                                const ASN1_ITEM *it, const ASN1_VALUE *req);
  int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx);
- ASN1_VALUE *OSSL_HTTP_REQ_CTX_sendreq_d2i(OSSL_HTTP_REQ_CTX *rctx,
-                                           const ASN1_ITEM *it);
+ int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx,
+                                ASN1_VALUE **pval, const ASN1_ITEM *it);
+ BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx);
 
  BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx);
+ size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx);
  void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
                                                 unsigned long len);
 
+ int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx);
+
 =head1 DESCRIPTION
 
-B<OSSL_HTTP_REQ_CTX> is a context structure for an HTTP request, used to
-collect all the necessary data to perform that request.
+B<OSSL_HTTP_REQ_CTX> is a context structure for an HTTP request and response,
+used to collect all the necessary data to perform that request.
 
 This file documents low-level HTTP functions rarely used directly.  High-level
 HTTP client functions like L<OSSL_HTTP_get(3)> and L<OSSL_HTTP_transfer(3)>
 should be preferred.
 
 OSSL_HTTP_REQ_CTX_new() allocates a new HTTP request context structure,
-which gets populated with the B<BIO> to send the request to (I<wbio>),
-the B<BIO> to read the response from (I<rbio>, which may be equal to I<wbio>),
-the maximum expected response header line length (I<maxline>, where a value <= 0
-indicates that the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB should be used;
-this length is also used as the number of content bytes read at a time),
-the maximum allowed response content length (I<max_resp_len>, where 0 means
-that the B<HTTP_DEFAULT_MAX_RESP_LEN> is used, which currently is 100 KiB),
-a response timeout measure in seconds (I<timeout>,
-where 0 indicates no timeout, i.e., waiting indefinitely),
-the expected MIME content type of the response (I<expected_content_type>,
-which may be NULL for no expectation),
-and a flag indicating that the response is expected to be
-a DER encoded ASN.1 structure (I<expect_asn1>).
+which gets populated with the B<BIO> to write/send the request to (I<wbio>),
+the B<BIO> to read/receive the response from (I<rbio>, which may be equal to
+I<wbio>), and the maximum expected response header line length I<buf_size>.
+A value <= 0 indicates that
+the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB should be used.
+I<buf_size> is also used as the number of content bytes that are read at a time.
 The allocated context structure is also populated with an internal allocated
 memory B<BIO>, which collects the HTTP request and additional headers as text.
-The returned context should only be used for a single HTTP request/response.
 
 OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I<rctx>.
 The I<wbio> and I<rbio> are not free'd and it is up to the application
@@ -87,33 +86,71 @@ For example, to add a C<Host> header for C<example.com> you would call:
 
  OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com");
 
+OSSL_HTTP_REQ_CTX_set_expected() optionally sets in I<rctx> some expectations
+of the HTTP client on the response.
+Due to the structure of an HTTP request, if the I<keep_alive> argument is
+nonzero the function must be used before calling OSSL_HTTP_REQ_CTX_set1_req().
+If the I<content_type> parameter
+is not NULL then the client will check that the given content type string
+is included in the HTTP header of the response and return an error if not.
+If the I<asn1> parameter is nonzero a structure in ASN.1 encoding will be
+expected as the response content and input streaming is disabled.  This means
+that an ASN.1 sequence header is required, its length field is checked, and
+OSSL_HTTP_REQ_CTX_get0_mem_bio() should be used to get the buffered response.
+Else any form of input is allowed without length checks, which is the default.
+In this case the BIO given as I<rbio> argument to OSSL_HTTP_REQ_CTX_new() should
+be used directly to read the response contents, which may support streaming.
+If the I<timeout> parameter is > 0 this indicates the maximum number of seconds
+the subsequent HTTP transfer (sending the request and receiving a response)
+is allowed to take.
+A value <= 0 enables waiting indefinitely, i.e., no timeout can occur.
+This is the default.
+If the I<keep_alive> parameter is 0, which is the default, the connection is not
+kept open after receiving a response. This is the default behavior for HTTP 1.0.
+If the value is 1 or 2 then a persistent connection is requested.
+If the value is 2 then a persistent connection is required,
+i.e., an error occurs in case the server does not grant it.
+
 OSSL_HTTP_REQ_CTX_set1_req() is to be used if and only if the I<method_POST>
-parameter in the OSSL_HTTP_REQ_CTX_set_request_line() call was 1.
+parameter in the OSSL_HTTP_REQ_CTX_set_request_line() call was 1
+and an ASN.1-encoded request should be sent, which does not support streaming.
 It finalizes the HTTP request context by adding the DER encoding of I<req>,
 using the ASN.1 template I<it> to do the encoding.
 The HTTP header C<Content-Length> is filled out with the length of the request.
 If I<content_type> isn't NULL,
-the HTTP header C<Content-Type> is also added with its content as value.
+the HTTP header C<Content-Type> is also added with the given string value.
 All of this ends up in the internal memory B<BIO>.
 
-OSSL_HTTP_REQ_CTX_nbio() attempts to send the request prepared I<rctx>
-and gathering the response via HTTP, using the I<rbio> and I<wbio>
+OSSL_HTTP_REQ_CTX_nbio() attempts to send the request prepared in I<rctx>
+and to gather the response via HTTP, using the I<wbio> and I<rbio>
 that were given when calling OSSL_HTTP_REQ_CTX_new().
-When successful, the contents of the internal memory B<BIO> contains
-the contents of the HTTP response, without the response headers.
-It may need to be called again if its result is -1, which indicates
+The function may need to be called again if its result is -1, which indicates
 L<BIO_should_retry(3)>.  In such a case it is advisable to sleep a little in
-between using L<BIO_wait(3)> on the read BIO to prevent a busy loop.
-
-OSSL_HTTP_REQ_CTX_sendreq_d2i() calls OSSL_HTTP_REQ_CTX_nbio(), possibly
-several times until a timeout is reached, and DER decodes the received
-response using the ASN.1 template I<it>.
+between, using L<BIO_wait(3)> on the read BIO to prevent a busy loop.
+
+OSSL_HTTP_REQ_CTX_nbio_d2i() is like OSSL_HTTP_REQ_CTX_nbio() but on successs
+in addition parses the response, which must be a DER-encoded ASN.1 structure,
+using the ASN.1 template I<it> and places the result in I<*pval>.
+
+OSSL_HTTP_REQ_CTX_exchange() calls OSSL_HTTP_REQ_CTX_nbio() as often as needed
+in order to exchange a request and response or until a timeout is reached.
+If successful and an ASN.1-encoded response was expected, the response contents
+should be read via the BIO returned by OSSL_HTTP_REQ_CTX_get0_mem_bio().
+Else the I<rbio> that was given when calling OSSL_HTTP_REQ_CTX_new()
+represents the current state of reading the response.
+If OSSL_HTTP_REQ_CTX_exchange() was successful, this BIO has been read past the
+end of the response headers, such that the actual response contents can be read
+via this BIO, which may support streaming.
 
 OSSL_HTTP_REQ_CTX_get0_mem_bio() returns the internal memory B<BIO>.
 Before sending the request, this could used to modify the HTTP request text.
 I<Use with caution!>
-After receiving a response via HTTP, the BIO represents
-the current state of reading the response headers and contents.
+After receiving a response via HTTP, the BIO represents the current state of
+reading the response headers. If the response was expected to be ASN.1 encoded,
+its contents can be read via this BIO, which does not support streaming.
+
+OSSL_HTTP_REQ_CTX_get_resp_len() returns the size of the response contents
+in I<rctx> if provided by the server as <Content-Length> header field, else 0.
 
 OSSL_HTTP_REQ_CTX_set_max_response_length() sets the maximum allowed
 response content length for I<rctx> to I<len>. If not set or I<len> is 0
@@ -122,6 +159,18 @@ If the C<Content-Length> header is present and exceeds this value or
 the content is an ASN.1 encoded structure with a length exceeding this value
 or both length indications are present but disagree then an error occurs.
 
+OSSL_HTTP_is_alive() can be used to query if the HTTP connection
+given by I<rctx> is still alive, i.e., has not been closed.
+It returns 0 if I<rctx> is NULL.
+
+If the client application requested or required a persistent connection
+and this was granted by the server, it can keep I<rctx> as long as it wants
+to send further requests and OSSL_HTTP_is_alive() returns nonzero,
+else it should call I<OSSL_HTTP_REQ_CTX_free(rctx)> or L<OSSL_HTTP_close(3)>.
+In case the client application keeps I<rctx> but the connection then dies
+for any reason at the server side, it will notice this obtaining an
+I/O error when trying to send the next request via I<rctx>.
+
 =head1 WARNINGS
 
 The server's response may be unexpected if the hostname that was used to
@@ -155,7 +204,7 @@ and must be done exactly once in that case.
 =back
 
 When the request context is fully prepared, the HTTP exchange may be performed
-with OSSL_HTTP_REQ_CTX_nbio() or OSSL_HTTP_REQ_CTX_sendreq_d2i().
+with OSSL_HTTP_REQ_CTX_nbio() or OSSL_HTTP_REQ_CTX_exchange().
 
 =head1 RETURN VALUES
 
@@ -166,20 +215,36 @@ OSSL_HTTP_REQ_CTX_free() and OSSL_HTTP_REQ_CTX_set_max_response_length()
 do not return values.
 
 OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(),
-OSSL_HTTP_REQ_CTX_set1_req() and OSSL_HTTP_REQ_CTX_nbio
+OSSL_HTTP_REQ_CTX_set1_req(), and OSSL_HTTP_REQ_CTX_set_expected()
 return 1 for success and 0 for failure.
 
-OSSL_HTTP_REQ_CTX_sendreq_d2i() returns a pointer to an B<ASN1_VALUE> for
-success and NULL for failure.
+OSSL_HTTP_REQ_CTX_nbio() and OSSL_HTTP_REQ_CTX_nbio_d2i()
+return 1 for success, 0 on error or redirection, -1 if retry is needed.
 
-OSSL_HTTP_REQ_CTX_get0_mem_bio() returns the internal memory B<BIO>.
+OSSL_HTTP_REQ_CTX_exchange() and OSSL_HTTP_REQ_CTX_get0_mem_bio()
+returns a pointer to a B<BIO> on success and NULL on failure.
+
+OSSL_HTTP_REQ_CTX_get_resp_len() returns the size of the response contents
+or 0 if not available or an error occurred.
+
+OSSL_HTTP_is_alive() returns 1 if its argument is non-NULL
+and the client requested a persistent connection
+and the server did not disagree on keeping the connection open, else 0.
 
 =head1 SEE ALSO
 
 L<BIO_should_retry(3)>,
 L<BIO_wait(3)>,
+L<ASN1_item_d2i_bio(3)>,
+L<ASN1_item_i2d_mem_bio(3)>,
+L<OSSL_HTTP_open(3)>,
 L<OSSL_HTTP_get(3)>,
-L<OSSL_HTTP_transfer(3)>
+L<OSSL_HTTP_transfer(3)>,
+L<OSSL_HTTP_close(3)>
+
+=head1 HISTORY
+
+The functions described here were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod
index d2ff8eeebc..da84789472 100644
--- a/doc/man3/OSSL_HTTP_transfer.pod
+++ b/doc/man3/OSSL_HTTP_transfer.pod
@@ -2,13 +2,15 @@
 
 =head1 NAME
 
+OSSL_HTTP_open,
+OSSL_HTTP_bio_cb_t,
+OSSL_HTTP_proxy_connect,
+OSSL_HTTP_set_request,
+OSSL_HTTP_exchange,
 OSSL_HTTP_get,
-OSSL_HTTP_get_asn1,
-OSSL_HTTP_post_asn1,
 OSSL_HTTP_transfer,
-OSSL_HTTP_bio_cb_t,
-OSSL_HTTP_proxy_connect
-- http client functions
+OSSL_HTTP_close
+-  HTTP client high-level functions
 
 =head1 SYNOPSIS
 
@@ -16,91 +18,53 @@ OSSL_HTTP_proxy_connect
 
  typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg,
                                     int connect, int detail);
+ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
+                                   const char *proxy, const char *no_proxy,
+                                   int use_ssl, BIO *bio, BIO *rbio,
+                                   OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                   int buf_size, int overall_timeout);
+ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
+                             const char *proxyuser, const char *proxypass,
+                             int timeout, BIO *bio_err, const char *prog);
+ int OSSL_HTTP_set_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
+                           const STACK_OF(CONF_VALUE) *headers,
+                           const char *content_type, BIO *req,
+                           const char *expected_content_type, int expect_asn1,
+                           size_t max_resp_len, int timeout, int keep_alive);
+ BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url);
  BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                     BIO *bio, BIO *rbio,
                     OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                    const STACK_OF(CONF_VALUE) *headers,
-                    int maxline, unsigned long max_resp_len, int timeout,
-                    const char *expected_ct, int expect_asn1);
- ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
-                                const char *proxy, const char *no_proxy,
-                                BIO *bio, BIO *rbio,
-                                OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                                const STACK_OF(CONF_VALUE) *headers,
-                                int maxline, unsigned long max_resp_len,
-                                int timeout, const char *expected_ct,
-                                const ASN1_ITEM *rsp_it);
- ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
-                                 const char *path, int use_ssl,
-                                 const char *proxy, const char *no_proxy,
-                                 BIO *bio, BIO *rbio,
-                                 OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                                 const STACK_OF(CONF_VALUE) *headers,
-                                 const char *content_type,
-                                 const ASN1_VALUE *req, const ASN1_ITEM *req_it,
-                                 int maxline, unsigned long max_resp_len,
-                                 int timeout, const char *expected_ct,
-                                 const ASN1_ITEM *rsp_it);
- BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
-                         int use_ssl, const char *proxy, const char *no_proxy,
+                    int buf_size, const STACK_OF(CONF_VALUE) *headers,
+                    const char *expected_content_type, int expect_asn1,
+                    size_t max_resp_len, int timeout);
+ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
+                         const char *server, const char *port,
+                         const char *path, int use_ssl,
+                         const char *proxy, const char *no_proxy,
                          BIO *bio, BIO *rbio,
                          OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                         const STACK_OF(CONF_VALUE) *headers,
-                         const char *content_type, BIO *req_mem,
-                         int maxline, unsigned long max_resp_len, int timeout,
-                         const char *expected_ct, int expect_asn1,
-                         char **redirection_url);
- int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
-                             const char *proxyuser, const char *proxypass,
-                             int timeout, BIO *bio_err, const char *prog);
+                         int buf_size, const STACK_OF(CONF_VALUE) *headers,
+                         const char *content_type, BIO *req,
+                         const char *expected_content_type, int expect_asn1,
+                         size_t max_resp_len, int timeout, int keep_alive);
+ int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok);
 
 =head1 DESCRIPTION
 
-OSSL_HTTP_get() uses HTTP GET to obtain data (of any type) from the given I<url>
-and returns it as a memory BIO.
-If the schema component of the I<url> is C<https> a TLS connection is requested
-and the I<bio_update_fn> parameter, described below, must be provided.
-Any userinfo and fragment components in the I<url> are ignored.
-Any query component is handled as part of the path component.
-
-OSSL_HTTP_get_asn1() is like OSSL_HTTP_get() but in addition
-parses the received contents (e.g., an X.509 certificate)
-as an ASN.1 DER encoded value with the expected structure specified by I<rsp_it>
-and returns it on success as a pointer to I<ASN1_VALUE>.
-
-OSSL_HTTP_post_asn1() is like OSSL_HTTP_get_asn1() but uses the HTTP POST method
-to send a request I<req> with the ASN.1 structure defined in I<req_it> and the
-given I<content_type> to the given I<server> and optional I<port> and I<path>.
-If I<use_ssl> is nonzero a TLS connection is requested and the I<bio_update_fn>
-parameter, described below, must be provided.
+OSSL_HTTP_open() initiates an HTTP session using the I<bio> argument if not
+NULL, else by connecting to a given I<server> optionally via a I<proxy>.
 
-OSSL_HTTP_transfer() exchanges any form of HTTP request and response.
-It implements the core of the functions described above.
-If I<path> parameter is NULL it defaults to "/".
-If I<use_ssl> is nonzero a TLS connection is requested
-and the I<bio_update_fn> parameter, described below, must be provided.
-If I<req_mem> is NULL it uses the HTTP GET method, else it uses HTTP POST to
-send a request with the contents of the memory BIO and optional I<content_type>.
-The optional list I<headers> may contain additional custom HTTP header lines.
-If I<req_mem> is NULL (i.e., the HTTP method is GET) and I<redirection_url>
-is not NULL the latter pointer is used to provide any new location that
-the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND).
-In this case the caller is responsible for deallocating this URL with
-L<OPENSSL_free(3)>.
-
-The above functions have the following parameters in common.
-
-Typically the OpenSSL build supports sockets
-and the I<bio> and I<rbio> parameters are both NULL.
-In this case the client creates a network BIO internally
-for connecting to the given I<server>
-at the specified I<port> (if any, defaulting to 80 for HTTP or 443 for HTTPS),
-optionally via a I<proxy> (respecting I<no_proxy>) as described below.
-Then the client uses this internal BIO for exchanging the request and response.
-If I<bio> is given and I<rbio> is NULL then the client uses this I<bio> instead.
+Typically the OpenSSL build supports sockets and the I<bio> parameter is NULL.
+In this case I<rbio> must be NULL as well, and the
+library creates a network BIO internally for connecting to the given I<server>
+at the specified I<port> if any, defaulting to 80 for HTTP or 443 for HTTPS.
+Then this internal BIO is used for setting up a connection
+and for exchanging one or more request and response.
+If I<bio> is given and I<rbio> is NULL then this I<bio> is used instead.
 If both I<bio> and I<rbio> are given (which may be memory BIOs for instance)
-then no explicit connection is attempted,
-I<bio> is used for writing the request, and I<rbio> for reading the response.
+then no explicit connection is set up, but
+I<bio> is used for writing requests and I<rbio> for reading responses.
 As soon as the client has flushed I<bio> the server must be ready to provide
 a response or indicate a waiting condition via I<rbio>.
 
@@ -121,33 +85,12 @@ Proxying plain HTTP is supported directly,
 while using a proxy for HTTPS connections requires a suitable callback function
 such as OSSL_HTTP_proxy_connect(), described below.
 
-The I<maxline> parameter specifies the response header maximum line length,
-where a value <= 0 indicates that the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB
-should be used.
-This length is also used as the number of content bytes that are read at a time.
-The I<max_resp_len> parameter specifies the maximum response length,
-where 0 indicates B<HTTP_DEFAULT_MAX_RESP_LEN>, which currently is 100 KiB.
-
-An ASN.1-encoded response is expected by OSSL_HTTP_get_asn1() and
-OSSL_HTTP_post_asn1(), while for OSSL_HTTP_get() or OSSL_HTTP_transfer()
-this is only the case if the I<expect_asn1> parameter is nonzero.
-If the response header contains one or more "Content-Length" header lines and/or
-an ASN.1-encoded response is expected, which should include a total length,
-the length indications received are checked for consistency
-and for not exceeding the maximum response length.
-
-If the parameter I<expected_ct>
-is not NULL then the HTTP client checks that the given content type string
-is included in the HTTP header of the response and returns an error if not.
-
-If the I<timeout> parameter is > 0 this indicates the maximum number of seconds
-to wait until the transfer is complete.
-A value of 0 enables waiting indefinitely,
-while a value < 0 immediately leads to a timeout condition.
+If I<use_ssl> is nonzero a TLS connection is requested
+and the I<bio_update_fn> parameter must be provided.
 
-The optional parameter I<bio_update_fn> with its optional argument I<arg> may
-be used to modify the connection BIO used by the HTTP client (and cannot be
-used when both I<bio> and I<rbio> are given).
+The parameter I<bio_update_fn>, which is optional if I<use_ssl> is 0,
+may be used to modify the connection BIO used by the HTTP client,
+but cannot be used when both I<bio> and I<rbio> are given.
 I<bio_update_fn> is a BIO connect/disconnect callback function with prototype
 
  BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
@@ -157,7 +100,7 @@ whereby it may make use of a custom defined argument I<arg>,
 which may for instance refer to an I<SSL_CTX> structure.
 During connection establishment, just after calling BIO_do_connect_retry(),
 the function is invoked with the I<connect> argument being 1 and the I<detail>
-argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled.
+argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled, else 0.
 On disconnect I<connect> is 0 and I<detail> is 1 if no error occurred, else 0.
 For instance, on connect the function may prepend a TLS BIO to implement HTTPS;
 after disconnect it may do some diagnostic output and/or specific cleanup.
@@ -166,10 +109,10 @@ Here is a simple example that supports TLS connections (but not via a proxy):
 
  BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail)
  {
-     SSL_CTX *ctx = (SSL_CTX *)arg;
-
      if (connect && detail) { /* connecting with TLS */
+         SSL_CTX *ctx = (SSL_CTX *)arg;
          BIO *sbio = BIO_new_ssl(ctx, 1);
+
          hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL;
      } else if (!connect && !detail) { /* disconnecting after error */
          /* optionally add diagnostics here */
@@ -179,6 +122,16 @@ Here is a simple example that supports TLS connections (but not via a proxy):
 
 After disconnect the modified BIO will be deallocated using BIO_free_all().
 
+The I<buf_size> parameter specifies the response header maximum line length.
+A value <= 0 indicates that
+the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB should be used.
+I<buf_size> is also used as the number of content bytes that are read at a time.
+
+If the I<overall_timeout> parameter is > 0 this indicates the maximum number of
+seconds the overall HTTP transfer (i.e., connection setup if needed,
+sending requests, and receiving responses) is allowed to take until completion.
+A value <= 0 enables waiting indefinitely, i.e., no timeout.
+
 OSSL_HTTP_proxy_connect() may be used by an above BIO connect callback function
 to set up an SSL/TLS connection via an HTTPS proxy.
 It promotes the given BIO I<bio> representing a connection
@@ -186,11 +139,86 @@ pre-established with a TLS proxy using the HTTP CONNECT method,
 optionally using proxy client credentials I<proxyuser> and I<proxypass>,
 to connect with TLS protection ultimately to I<server> and I<port>.
 If the I<port> argument is NULL or the empty string it defaults to "443".
-The I<timeout> parameter is used as described above.
+If the I<timeout> parameter is > 0 this indicates the maximum number of
+seconds the connection setup is allowed to take.
+A value <= 0 enables waiting indefinitely, i.e., no timeout.
 Since this function is typically called by applications such as
 L<openssl-s_client(1)> it uses the I<bio_err> and I<prog> parameters (unless
 NULL) to print additional diagnostic information in a user-oriented way.
 
+OSSL_HTTP_set_request() sets up in I<rctx> the request header and content data
+and expectations on the response using the following parameters.
+If I<path> is NULL it defaults to "/".
+If I<req> is NULL the HTTP GET method will be used to send the request
+else HTTP POST with the contents of I<req> and optional I<content_type>, where
+the length of the data in I<req> does not need to be determined in advance: the
+BIO will be read on-the-fly while sending the request, which supports streaming.
+The optional list I<headers> may contain additional custom HTTP header lines.
+If the parameter I<expected_content_type>
+is not NULL then the client will check that the given content type string
+is included in the HTTP header of the response and return an error if not.
+If the I<expect_asn1> parameter is nonzero,
+a structure in ASN.1 encoding will be expected as response content.
+The I<max_resp_len> parameter specifies the maximum allowed
+response content length, where the value 0 indicates no limit.
+If the I<timeout> parameter is > 0 this indicates the maximum number of seconds
+the subsequent HTTP transfer (sending the request and receiving a response)
+is allowed to take.
+A value of 0 enables waiting indefinitely, i.e., no timeout.
+A value < 0 indicates that the I<overall_timeout> parameter value given
+when opening the HTTP transfer will be used instead.
+If I<keep_alive> is 0 the connection is not kept open
+after receiving a response, which is the default behavior for HTTP 1.0.
+If the value is 1 or 2 then a persistent connection is requested.
+If the value is 2 then a persistent connection is required,
+i.e., an error occurs in case the server does not grant it.
+
+OSSL_HTTP_exchange() exchanges any form of HTTP request and response
+as specified by I<rctx>, which must include both connection and request data,
+typically set up using OSSL_HTTP_open() and OSSL_HTTP_set_request().
+It implements the core of the functions described below.
+If the HTTP method is GET and I<redirection_url>
+is not NULL the latter pointer is used to provide any new location that
+the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND).
+In this case the function returns NULL and the caller is
+responsible for deallocating the URL with L<OPENSSL_free(3)>.
+If the response header contains one or more "Content-Length" header lines and/or
+an ASN.1-encoded response is expected, which should include a total length,
+the length indications received are checked for consistency
+and for not exceeding any given maximum response length.
+On receiving a response, the function returns the contents as a memory BIO,
+which does not support streaming, in case an ASN.1-encoded response is expected.
+Else it returns directly the read BIO that holds the response contents,
+which allows a response of indefinite length and may support streaming.
+
+OSSL_HTTP_get() uses HTTP GET to obtain data from I<bio> if non-NULL,
+else from the server contained in the I<url>, and returns it as a BIO.
+It supports redirection via HTTP status code 301 or 302.  It is meant for
+transfers with a single round trip, so does not support persistent connections.
+If I<bio> is non-NULL, any host and port components in the I<url> are not used
+for connecting but the hostname is used, as usual, for the C<Host> header.
+Any userinfo and fragment components in the I<url> are ignored.
+Any query component is handled as part of the path component.
+If the scheme component of the I<url> is C<https> a TLS connection is requested
+and the I<bio_update_fn>, as described for OSSL_HTTP_open(), must be provided.
+Also the remaining parameters are interpreted as described for OSSL_HTTP_open()
+and OSSL_HTTP_set_request(), respectively.
+
+OSSL_HTTP_transfer() exchanges an HTTP request and response
+over a connection managed via I<prctx> without supporting redirection.
+It combines OSSL_HTTP_open(), OSSL_HTTP_set_request(), OSSL_HTTP_exchange(),
+and OSSL_HTTP_close().
+If I<prctx> is not NULL it reuses any open connection represented by a non-NULL
+I<*prctx>.  It keeps the connection open if a persistent connection is requested
+or required and this was granted by the server, else it closes the connection
+and assigns NULL to I<*prctx>.
+The remaining parameters are interpreted as described for OSSL_HTTP_open()
+and OSSL_HTTP_set_request(), respectively.
+
+OSSL_HTTP_close() closes the connection and releases I<rctx>.
+The I<ok> parameter is passed to any BIO update function
+given during setup as described above for OSSL_HTTP_open().
+
 =head1 NOTES
 
 The names of the environment variables used by this implementation:
@@ -200,23 +228,29 @@ other HTTP client implementations such as wget, curl, and git.
 
 =head1 RETURN VALUES
 
-On success, OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(), and
-OSSL_HTTP_transfer() return a memory BIO containing the data received via HTTP.
-This must be freed by the caller. On failure, NULL is returned.
+OSSL_HTTP_open() returns on success a B<OSSL_HTTP_REQ_CTX>, else NULL.
+
+OSSL_HTTP_proxy_connect() and OSSL_HTTP_set_request()
+return 1 on success, 0 on error.
+
+On success, OSSL_HTTP_exchange(), OSSL_HTTP_get(), and OSSL_HTTP_transfer()
+return a memory BIO containing the data received if an ASN.1-encoded response
+is expected, else a BIO that may support streaming.
+The BIO must be freed by the caller.
+On failure, they return NULL.
 Failure conditions include connection/transfer timeout, parse errors, etc.
 
-OSSL_HTTP_proxy_connect() returns 1 on success, 0 on error.
+OSSL_HTTP_close() returns 0 if anything went wrong while disconnecting, else 1.
 
 =head1 SEE ALSO
 
-L<OSSL_HTTP_parse_url(3)>
-L<BIO_set_conn_port(3)>
+L<OSSL_HTTP_parse_url(3)>, L<BIO_set_conn_port(3)>
+L<ASN1_item_i2d_mem_bio(3)>, L<ASN1_item_d2i_bio(3)>,
+L<OSSL_HTTP_is_alive(3)>
 
 =head1 HISTORY
 
-OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(),
-OSSL_HTTP_transfer(), and OSSL_HTTP_proxy_connect()
-were added in OpenSSL 3.0.
+All the functions described here were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/X509_load_http.pod b/doc/man3/X509_load_http.pod
index 9e54d31c42..93a63c68cf 100644
--- a/doc/man3/X509_load_http.pod
+++ b/doc/man3/X509_load_http.pod
@@ -49,7 +49,7 @@ Error conditions include connection/transfer timeout, parse errors, etc.
 
 =head1 SEE ALSO
 
-L<OSSL_HTTP_get_asn1(3)>
+L<OSSL_HTTP_get(3)>
 
 =head1 HISTORY
 
diff --git a/include/crypto/httperr.h b/include/crypto/httperr.h
index 648f55c691..c68ca3b0c4 100644
--- a/include/crypto/httperr.h
+++ b/include/crypto/httperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in
index 6a00b3e7f7..0ee82e7d58 100644
--- a/include/openssl/asn1.h.in
+++ b/include/openssl/asn1.h.in
@@ -784,7 +784,7 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
                           in, \
                           CHECKED_PPTR_OF(type, x)))
 
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval);
 int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x);
 
 #  define ASN1_i2d_bio_of(type,i2d,out,x) \
@@ -793,6 +793,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x);
                   CHECKED_PTR_OF(const type, x)))
 
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x);
+BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
 int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index 2591963b6f..352ffcdb2f 100644
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -262,25 +262,29 @@ void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
-/* various CMP options: */
+/* CMP general options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
-#  define OSSL_CMP_OPT_MSG_TIMEOUT 1
-#  define OSSL_CMP_OPT_TOTAL_TIMEOUT 2
-#  define OSSL_CMP_OPT_VALIDITY_DAYS 3
-#  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4
-#  define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5
-#  define OSSL_CMP_OPT_POLICIES_CRITICAL 6
-#  define OSSL_CMP_OPT_POPO_METHOD 7
-#  define OSSL_CMP_OPT_DIGEST_ALGNID 8
-#  define OSSL_CMP_OPT_OWF_ALGNID 9
-#  define OSSL_CMP_OPT_MAC_ALGNID 10
-#  define OSSL_CMP_OPT_REVOCATION_REASON 11
-#  define OSSL_CMP_OPT_IMPLICIT_CONFIRM 12
-#  define OSSL_CMP_OPT_DISABLE_CONFIRM 13
-#  define OSSL_CMP_OPT_UNPROTECTED_SEND 14
-#  define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15
-#  define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16
-#  define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 17
+/* CMP transfer options: */
+#  define OSSL_CMP_OPT_KEEP_ALIVE 10
+#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
+#  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
+/* CMP request options: */
+#  define OSSL_CMP_OPT_VALIDITY_DAYS 20
+#  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
+#  define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22
+#  define OSSL_CMP_OPT_POLICIES_CRITICAL 23
+#  define OSSL_CMP_OPT_POPO_METHOD 24
+#  define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25
+#  define OSSL_CMP_OPT_DISABLE_CONFIRM 26
+#  define OSSL_CMP_OPT_REVOCATION_REASON 27
+/* CMP protection options: */
+#  define OSSL_CMP_OPT_UNPROTECTED_SEND 30
+#  define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31
+#  define OSSL_CMP_OPT_OWF_ALGNID 32
+#  define OSSL_CMP_OPT_MAC_ALGNID 33
+#  define OSSL_CMP_OPT_DIGEST_ALGNID 34
+#  define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35
+#  define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36
 int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
 int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
 /* CMP-specific callback for logging and outputting the error queue: */
diff --git a/include/openssl/http.h b/include/openssl/http.h
index 18d0f13b3e..2140d5d2f8 100644
--- a/include/openssl/http.h
+++ b/include/openssl/http.h
@@ -23,8 +23,6 @@
 extern "C" {
 # endif
 
-typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail);
-
 # define OSSL_HTTP_NAME "http"
 # define OSSL_HTTPS_NAME "https"
 # define OSSL_HTTP_PREFIX OSSL_HTTP_NAME"://"
@@ -38,63 +36,64 @@ typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
 #define HTTP_DEFAULT_MAX_LINE_LENGTH (4 * 1024)
 #define HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
-OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio,
-                                         int maxline, unsigned long max_resp_len,
-                                         int timeout, const char *expected_ct,
-                                         int expect_asn1);
+/* Low-level HTTP API */
+OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size);
 void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
 int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
                                        const char *server, const char *port,
                                        const char *path);
 int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
                                   const char *name, const char *value);
+int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx,
+                                   const char *content_type, int asn1,
+                                   int timeout, int keep_alive);
 int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
-                               const ASN1_ITEM *it, ASN1_VALUE *req);
+                               const ASN1_ITEM *it, const ASN1_VALUE *req);
 int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx);
-ASN1_VALUE *OSSL_HTTP_REQ_CTX_sendreq_d2i(OSSL_HTTP_REQ_CTX *rctx,
-                                          const ASN1_ITEM *it);
+int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx,
+                               ASN1_VALUE **pval, const ASN1_ITEM *it);
+BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx);
 BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx);
+size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx);
 void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
                                                unsigned long len);
+int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx);
 
+/* High-level HTTP API */
+typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail);
+OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
+                                  const char *proxy, const char *no_proxy,
+                                  int use_ssl, BIO *bio, BIO *rbio,
+                                  OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                  int buf_size, int overall_timeout);
+int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
+                            const char *proxyuser, const char *proxypass,
+                            int timeout, BIO *bio_err, const char *prog);
+int OSSL_HTTP_set_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
+                          const STACK_OF(CONF_VALUE) *headers,
+                          const char *content_type, BIO *req,
+                          const char *expected_content_type, int expect_asn1,
+                          size_t max_resp_len, int timeout, int keep_alive);
+BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url);
 BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                    BIO *bio, BIO *rbio,
                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                   const STACK_OF(CONF_VALUE) *headers,
-                   int maxline, unsigned long max_resp_len, int timeout,
-                   const char *expected_ct, int expect_asn1);
-ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
-                               const char *proxy, const char *no_proxy,
-                               BIO *bio, BIO *rbio,
-                               OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                               const STACK_OF(CONF_VALUE) *headers,
-                               int maxline, unsigned long max_resp_len,
-                               int timeout, const char *expected_ct,
-                               const ASN1_ITEM *rsp_it);
-ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
-                                const char *path, int use_ssl,
-                                const char *proxy, const char *no_proxy,
-                                BIO *bio, BIO *rbio,
-                                OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                                const STACK_OF(CONF_VALUE) *headers,
-                                const char *content_type,
-                                const ASN1_VALUE *req, const ASN1_ITEM *req_it,
-                                int maxline, unsigned long max_resp_len,
-                                int timeout, const char *expected_ct,
-                                const ASN1_ITEM *rsp_it);
-BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
-                        int use_ssl, const char *proxy, const char *no_proxy,
+                   int buf_size, const STACK_OF(CONF_VALUE) *headers,
+                   const char *expected_content_type, int expect_asn1,
+                   size_t max_resp_len, int timeout);
+BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
+                        const char *server, const char *port,
+                        const char *path, int use_ssl,
+                        const char *proxy, const char *no_proxy,
                         BIO *bio, BIO *rbio,
                         OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                        const STACK_OF(CONF_VALUE) *headers,
-                        const char *content_type, BIO *req_mem,
-                        int maxline, unsigned long max_resp_len, int timeout,
-                        const char *expected_ct, int expect_asn1,
-                        char **redirection_url);
-int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
-                            const char *proxyuser, const char *proxypass,
-                            int timeout, BIO *bio_err, const char *prog);
+                        int buf_size, const STACK_OF(CONF_VALUE) *headers,
+                        const char *content_type, BIO *req,
+                        const char *expected_content_type, int expect_asn1,
+                        size_t max_resp_len, int timeout, int keep_alive);
+int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok);
 
+/* Auxiliary functions */
 int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
                    char **pport, int *pport_num,
                    char **ppath, char **pquery, char **pfrag);
diff --git a/include/openssl/httperr.h b/include/openssl/httperr.h
index af5717d3dc..b639ef0051 100644
--- a/include/openssl/httperr.h
+++ b/include/openssl/httperr.h
@@ -29,6 +29,7 @@
 # define HTTP_R_ERROR_RECEIVING                           103
 # define HTTP_R_ERROR_SENDING                             102
 # define HTTP_R_FAILED_READING_DATA                       128
+# define HTTP_R_HEADER_PARSE_ERROR                        126
 # define HTTP_R_INCONSISTENT_CONTENT_LENGTH               120
 # define HTTP_R_INVALID_PORT_NUMBER                       123
 # define HTTP_R_INVALID_URL_PATH                          125
@@ -43,6 +44,7 @@
 # define HTTP_R_REDIRECTION_NOT_ENABLED                   116
 # define HTTP_R_RESPONSE_LINE_TOO_LONG                    113
 # define HTTP_R_RESPONSE_PARSE_ERROR                      104
+# define HTTP_R_SERVER_CANCELED_CONNECTION                127
 # define HTTP_R_SOCK_NOT_SUPPORTED                        122
 # define HTTP_R_STATUS_CODE_UNSUPPORTED                   114
 # define HTTP_R_TLS_NOT_ENABLED                           107
diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in
index 83c8a175fe..869c3ad415 100644
--- a/include/openssl/ocsp.h.in
+++ b/include/openssl/ocsp.h.in
@@ -170,34 +170,30 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
 
 DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID)
 
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
 OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
-                                    const OCSP_REQUEST *req, int maxline);
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
+                                    const OCSP_REQUEST *req, int buf_size);
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
 
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
-#   define OCSP_REQ_CTX_new(io, maxline) \
-        OSSL_HTTP_REQ_CTX_new(io, io, maxline, 0, 0, NULL, 1)
-#   define OCSP_REQ_CTX_free(r) \
-        OSSL_HTTP_REQ_CTX_free(r)
+#   define OCSP_REQ_CTX_new(io, buf_size) \
+        OSSL_HTTP_REQ_CTX_new(io, io, buf_size)
+#   define OCSP_REQ_CTX_free OSSL_HTTP_REQ_CTX_free
 #   define OCSP_REQ_CTX_http(rctx, op, path) \
         OSSL_HTTP_REQ_CTX_set_request_line(rctx, strcmp(op, "POST") == 0, \
                                            NULL, NULL, path)
-#   define OCSP_REQ_CTX_add1_header(r, n, v) \
-        OSSL_HTTP_REQ_CTX_add1_header(r, n, v)
+#   define OCSP_REQ_CTX_add1_header OSSL_HTTP_REQ_CTX_add1_header
 #   define OCSP_REQ_CTX_i2d(r, it, req) \
         OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req)
 #   define OCSP_REQ_CTX_set1_req(r, req) \
         OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
-#   define OCSP_REQ_CTX_nbio(r) \
-        OSSL_HTTP_REQ_CTX_nbio(r)
-#   define OCSP_REQ_CTX_nbio_d2i(r, p, i)        \
-        ((*(p) = OSSL_HTTP_REQ_CTX_sendreq_d2i(r, i)) != NULL)
-#   define OCSP_REQ_CTX_get0_mem_bio(r) \
-        OSSL_HTTP_REQ_CTX_get0_mem_bio(r)
-#   define OCSP_set_max_response_length(r, l) \
-        OSSL_HTTP_REQ_CTX_set_max_response_length(r, l)
+#   define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio
+#   define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i
+#   define OCSP_sendreq_nbio(r, p) \
+        OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \
+                                   ASN1_ITEM_rptr(OCSP_RESPONSE))
+#   define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio
+#   define OCSP_set_max_response_length OSSL_HTTP_REQ_CTX_set_max_response_length
 #  endif
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index 2ca2c26dd5..e25aa9ab43 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -717,9 +717,8 @@ void cleanup_tests(void)
     return;
 }
 
-DEFINE_SET_GET_ARG_FN(set, get, option, 16, int)
-/* option == OSSL_CMP_OPT_IGNORE_KEYUSAGE */
-DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, option_16, int, -1, IS_0, \
+DEFINE_SET_GET_ARG_FN(set, get, option, 35, int) /* OPT_IGNORE_KEYUSAGE */
+DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, option_35, int, -1, IS_0, \
                          1 /* true */, DROP)
 
 DEFINE_SET_CB_TEST(log_cb)
@@ -792,7 +791,7 @@ int setup_tests(void)
     ADD_TEST(test_CTX_reinit);
 
     /* various CMP options: */
-    ADD_TEST(test_CTX_set_get_option_16);
+    ADD_TEST(test_CTX_set_get_option_35);
     /* CMP-specific callback for logging and outputting the error queue: */
     ADD_TEST(test_CTX_set_get_log_cb);
     /*
diff --git a/test/http_test.c b/test/http_test.c
index 0a3389c15f..e4209a37c0 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -99,36 +99,38 @@ static int test_http_x509(int do_get)
     X509 *rcert = NULL;
     BIO *wbio = BIO_new(BIO_s_mem());
     BIO *rbio = BIO_new(BIO_s_mem());
+    BIO *rsp, *req = ASN1_item_i2d_mem_bio(x509_it, (ASN1_VALUE *)x509);
     STACK_OF(CONF_VALUE) *headers = NULL;
+    const char content_type[] = "application/x-x509-ca-cert";
     int res = 0;
 
-    if (wbio == NULL || rbio == NULL)
+    if (wbio == NULL || rbio == NULL || req == NULL)
         goto err;
     BIO_set_callback_ex(wbio, http_bio_cb_ex);
     BIO_set_callback_arg(wbio, (char *)rbio);
 
     rpath = RPATH;
-    rcert = (X509 *)
-        (do_get ?
-         OSSL_HTTP_get_asn1("http://"SERVER":"PORT"/"RPATH,
-                            NULL /* proxy */, NULL /* no_proxy */,
-                            wbio, rbio, NULL /* bio_update_fn */, NULL,
-                            headers, 0 /* maxline */,
-                            0 /* max_resp_len */, 0 /* timeout */,
-                            "application/x-x509-ca-cert", x509_it)
-         :
-         OSSL_HTTP_post_asn1(SERVER, PORT, RPATH, 0 /* use_ssl */,
-                             NULL /* proxy */, NULL /* no_proxy */,
-                             wbio, rbio, NULL /* bio_update_fn */, NULL,
-                             headers, "application/x-x509-ca-cert",
-                             (ASN1_VALUE *)x509, x509_it, 0 /* maxline */,
-                             0 /* max_resp_len */, 0 /* timeout */,
-                             "application/x-x509-ca-cert", x509_it)
-         );
+    rsp = do_get ?
+        OSSL_HTTP_get("http://"SERVER":"PORT"/"RPATH,
+                      NULL /* proxy */, NULL /* no_proxy */,
+                      wbio, rbio, NULL /* bio_fn */, NULL /* arg */,
+                      0 /* buf_size */, headers, content_type,
+                      1 /* expect_asn1 */,
+                      HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */)
+        : OSSL_HTTP_transfer(NULL, NULL /* host */, NULL /* port */, RPATH,
+                             0 /* use_ssl */,NULL /* proxy */, NULL /* no_pr */,
+                             wbio, rbio, NULL /* bio_fn */, NULL /* arg */,
+                             0 /* buf_size */, headers, content_type,
+                             req, content_type, 1 /* expect_asn1 */,
+                             HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */,
+                             0 /* keep_alive */);
+    rcert = d2i_X509_bio(rsp, NULL);
+    BIO_free(rsp);
     res = TEST_ptr(rcert) && TEST_int_eq(X509_cmp(x509, rcert), 0);
 
  err:
     X509_free(rcert);
+    BIO_free(req);
     BIO_free(wbio);
     BIO_free(rbio);
     sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 857ed43a52..69b8f63e32 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -614,7 +614,7 @@ UI_get0_result_string                   629	3_0_0	EXIST::FUNCTION:
 TS_RESP_CTX_add_policy                  630	3_0_0	EXIST::FUNCTION:TS
 X509_REQ_dup                            631	3_0_0	EXIST::FUNCTION:
 d2i_DSA_PUBKEY_fp                       633	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
-OSSL_HTTP_REQ_CTX_sendreq_d2i           634	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_exchange              634	3_0_0	EXIST::FUNCTION:
 d2i_X509_REQ_fp                         635	3_0_0	EXIST::FUNCTION:STDIO
 DH_OpenSSL                              636	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 BN_get_rfc3526_prime_8192               637	3_0_0	EXIST::FUNCTION:
@@ -3612,7 +3612,7 @@ EVP_CIPHER_CTX_encrypting               3694	3_0_0	EXIST::FUNCTION:
 EC_KEY_can_sign                         3695	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PEM_write_bio_RSAPublicKey              3696	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_CRL_set1_lastUpdate                3697	3_0_0	EXIST::FUNCTION:
-OCSP_sendreq_nbio                       3698	3_0_0	EXIST::FUNCTION:OCSP
+OSSL_HTTP_REQ_CTX_nbio_d2i              3698	3_0_0	EXIST::FUNCTION:
 PKCS8_encrypt                           3699	3_0_0	EXIST::FUNCTION:
 i2d_PKCS7_fp                            3700	3_0_0	EXIST::FUNCTION:STDIO
 i2d_X509_REQ                            3701	3_0_0	EXIST::FUNCTION:
@@ -4882,11 +4882,17 @@ BIO_socket_wait                         ?	3_0_0	EXIST::FUNCTION:SOCK
 BIO_wait                                ?	3_0_0	EXIST::FUNCTION:
 BIO_do_connect_retry                    ?	3_0_0	EXIST::FUNCTION:
 OSSL_parse_url                          ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_get_resp_len          ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_set_expected          ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_is_alive                      ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_open                          ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_proxy_connect                 ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_set_request                   ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_exchange                      ?	3_0_0	EXIST::FUNCTION:
 OSSL_HTTP_get                           ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_get_asn1                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_post_asn1                     ?	3_0_0	EXIST::FUNCTION:
 OSSL_HTTP_transfer                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_proxy_connect                 ?	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_close                         ?	3_0_0	EXIST::FUNCTION:
+ASN1_item_i2d_mem_bio                   ?	3_0_0	EXIST::FUNCTION:
 ERR_add_error_txt                       ?	3_0_0	EXIST::FUNCTION:
 ERR_add_error_mem_bio                   ?	3_0_0	EXIST::FUNCTION:
 X509_STORE_CTX_print_verify_cb          ?	3_0_0	EXIST::FUNCTION:
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index cb5a9eaa6f..9eefc090f8 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -781,7 +781,6 @@ OCSP_REQ_CTX_get0_mem_bio(3)
 OCSP_REQ_CTX_http(3)
 OCSP_REQ_CTX_new(3)
 OCSP_REQ_CTX_nbio(3)
-OCSP_REQ_CTX_nbio_d2i(3)
 OCSP_REQUEST_add1_ext_i2d(3)
 OCSP_REQUEST_add_ext(3)
 OCSP_REQUEST_delete_ext(3)
diff --git a/util/other.syms b/util/other.syms
index 0047905209..f8fb0d52e2 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -339,8 +339,9 @@ OCSP_REQ_CTX                            datatype deprecated 3.0.0
 OCSP_REQ_CTX_add1_header                define deprecated 3.0.0
 OCSP_REQ_CTX_free                       define deprecated 3.0.0
 OCSP_REQ_CTX_i2d                        define deprecated 3.0.0
-OCSP_set_max_response_length            define deprecated 3.0.0
 OCSP_REQ_CTX_set1_req                   define deprecated 3.0.0
+OCSP_sendreq_nbio                       define deprecated 3.0.0
+OCSP_set_max_response_length            define deprecated 3.0.0
 OPENSSL_FILE                            define
 OPENSSL_FUNC                            define
 OPENSSL_LINE                            define

From kaduk at mit.edu  Wed May 12 16:37:43 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Wed, 12 May 2021 16:37:43 +0000
Subject: [openssl]  master update
Message-ID: <1620837463.319585.32373.nullmailer@dev.openssl.org>

The branch master has been updated
       via  80c25611abd7067815943187f36f5e1879201678 (commit)
       via  e776858bce32d473bd7a69c616ad7f6c2f979dfc (commit)
       via  f84ab284e91991a80191cf0e6d22ddc452043661 (commit)
       via  efe0f315354b020213097885c79ce856a2f5ac68 (commit)
      from  8f965908a53b4f0c5a735739e8a273a3a33a976e (commit)


- Log -----------------------------------------------------------------
commit 80c25611abd7067815943187f36f5e1879201678
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 23:05:22 2021 -0700

    Update expected results for tls13kexmodes tests
    
    One of the scenarios constructed in these tests was erroneously
    producing successful handshakes until the previous commits, but should
    have been failing.  Update our expected behavior to match the
    specification requirements, and adjust the commentary slightly for
    a test case relevant for the other preceding commit.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14749)

commit e776858bce32d473bd7a69c616ad7f6c2f979dfc
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 21:27:49 2021 -0700

    Don't send key_share for PSK-only key exchange
    
    TLS 1.3 allows for the "psk_ke" and "psk_dhe_ke" key-exchange modes.
    Only the latter mode introduces a new ephemeral (Diffie-Hellman)
    key exchange, with the PSK being the only key material used in the
    former case.
    
    It's a compliance requirement of RFC 8446 that the server MUST NOT
    send a KeyShareEntry when using the "psk_ke" mode, but prior to
    this commit we would send a key-share based solely on whether the
    client sent one.  This bug goes unnoticed in our internal test suite
    since openssl communicating with openssl can never negotiate the
    PSK-only key-exchange mode.  However, we should still be compliant
    with the spec, so check whether the DHE mode was offered and don't
    send a key-share if it wasn't.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14749)

commit f84ab284e91991a80191cf0e6d22ddc452043661
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 23:08:10 2021 -0700

    make update
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14749)

commit efe0f315354b020213097885c79ce856a2f5ac68
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 23:03:49 2021 -0700

    Improve RFC 8446 PSK key exchange mode compliance
    
    It's a MUST-level requirement that if the client sends a pre_shared_key
    extension not accompanied by a psk_key_exchange_modes extension, the
    server must abort the handshake.  Prior to this commit the server
    would continue on.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14749)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt               |  1 +
 include/openssl/sslerr.h             |  1 +
 ssl/ssl_err.c                        |  2 ++
 ssl/statem/extensions.c              | 19 ++++++++++++++++++-
 ssl/statem/extensions_srvr.c         |  7 +++++++
 test/recipes/70-test_tls13kexmodes.t | 12 +++++-------
 6 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1391c00a17..9ad6757857 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1361,6 +1361,7 @@ SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
 SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
 SSL_R_MISSING_FATAL:256:missing fatal
 SSL_R_MISSING_PARAMETERS:290:missing parameters
+SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension
 SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
 SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
 SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 87aa4f0d00..a4746d70b5 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -159,6 +159,7 @@
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
 # define SSL_R_MISSING_PARAMETERS                         290
+# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION            310
 # define SSL_R_MISSING_RSA_CERTIFICATE                    168
 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
 # define SSL_R_MISSING_RSA_SIGNING_CERT                   170
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index c15a24f65f..595e9f5ed0 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -237,6 +237,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "missing ecdsa signing cert"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION),
+    "missing psk kex modes extension"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
     "missing rsa certificate"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 2f624c0e64..ee047dc638 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -57,6 +57,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent);
 static int final_early_data(SSL *s, unsigned int context, int sent);
 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
 static int init_post_handshake_auth(SSL *s, unsigned int context);
+static int final_psk(SSL *s, unsigned int context, int sent);
 
 /* Structure to define a built-in extension */
 typedef struct extensions_definition_st {
@@ -381,7 +382,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
         | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
         NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
-        tls_construct_ctos_psk, NULL
+        tls_construct_ctos_psk, final_psk
     }
 };
 
@@ -1676,3 +1677,19 @@ static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context)
 
     return 1;
 }
+
+/*
+ * If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
+ * extension, servers MUST abort the handshake.
+ */
+static int final_psk(SSL *s, unsigned int context, int sent)
+{
+    if (s->server && sent && s->clienthello != NULL
+            && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
+        SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
+                 SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 8462a67c1a..b2d7ff8f39 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1614,6 +1614,13 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
         }
         return EXT_RETURN_NOT_SENT;
     }
+    if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) {
+        /*
+         * PSK ('hit') and explicitly not doing DHE (if the client sent the
+         * DHE option we always take it); don't send key share.
+         */
+        return EXT_RETURN_NOT_SENT;
+    }
 
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
             || !WPACKET_start_sub_packet_u16(pkt)
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t
index 44f29055a2..6385885057 100644
--- a/test/recipes/70-test_tls13kexmodes.t
+++ b/test/recipes/70-test_tls13kexmodes.t
@@ -197,17 +197,14 @@ $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
 plan tests => 11;
 ok(TLSProxy::Message->success(), "Initial connection");
 
-#Test 2: Attempt a resume with no kex modes extension. Should not resume
+#Test 2: Attempt a resume with no kex modes extension. Should fail (server
+#        MUST abort handshake with pre_shared key and no psk_kex_modes)
 $proxy->clear();
 $proxy->clientflags("-sess_in ".$session);
 my $testtype = DELETE_EXTENSION;
 $proxy->filter(\&modify_kex_modes_filter);
 $proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::KEY_SHARE_SRV_EXTENSION
-               | checkhandshake::PSK_CLI_EXTENSION,
-               "Resume with no kex modes");
+ok(TLSProxy::Message->fail(), "Resume with no kex modes");
 
 #Test 3: Attempt a resume with empty kex modes extension. Should fail (empty
 #        extension is invalid)
@@ -245,6 +242,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
                "Resume with non-dhe kex mode");
 
 #Test 6: Attempt a resume with only unrecognised kex modes. Should not resume
+#        but rather fall back to full handshake
 $proxy->clear();
 $proxy->clientflags("-sess_in ".$session);
 $testtype = UNKNOWN_KEX_MODES;
@@ -254,7 +252,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                | checkhandshake::PSK_KEX_MODES_EXTENSION
                | checkhandshake::KEY_SHARE_SRV_EXTENSION
                | checkhandshake::PSK_CLI_EXTENSION,
-               "Resume with empty kex modes");
+               "Resume with unrecognized kex mode");
 
 #Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with
 #        a key_share

From no-reply at appveyor.com  Wed May 12 20:26:43 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 12 May 2021 20:26:43 +0000
Subject: Build failed: openssl master.42010
Message-ID: <20210512202643.1.5BAFC9FD4D419C54@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210512/763df94c/attachment.html>

From kaduk at mit.edu  Wed May 12 22:08:19 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Wed, 12 May 2021 22:08:19 +0000
Subject: [openssl]  master update
Message-ID: <1620857299.993525.23037.nullmailer@dev.openssl.org>

The branch master has been updated
       via  466cab4758289f91215eada905cf334d334830fa (commit)
      from  80c25611abd7067815943187f36f5e1879201678 (commit)


- Log -----------------------------------------------------------------
commit 466cab4758289f91215eada905cf334d334830fa
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Sat May 8 08:49:36 2021 -0700

    apps: improve hygeine for SET_EXPECT macro
    
    Wrap all parameters in parentheses in the expansion, make explicit the
    use of the 'expect' input, wrap the whole expression in parentheses, and
    remove duplicate semicolon.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15203)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/apps.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 67e089bcd4..dafcf419bf 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -847,7 +847,7 @@ static const char *format2string(int format)
 }
 
 /* Set type expectation, but clear it if objects of different types expected. */
-#define SET_EXPECT(val) expect = expect < 0 ? val : (expect == val ? val : 0);
+#define SET_EXPECT(expect, val) ((expect) = (expect) < 0 ? (val) : ((expect) == (val) ? (val) : 0))
 /*
  * Load those types of credentials for which the result pointer is not NULL.
  * Reads from stdio if uri is NULL and maybe_stdin is nonzero.
@@ -889,22 +889,22 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
     if (ppkey != NULL) {
         *ppkey = NULL;
         cnt_expectations++;
-        SET_EXPECT(OSSL_STORE_INFO_PKEY);
+        SET_EXPECT(expect, OSSL_STORE_INFO_PKEY);
     }
     if (ppubkey != NULL) {
         *ppubkey = NULL;
         cnt_expectations++;
-        SET_EXPECT(OSSL_STORE_INFO_PUBKEY);
+        SET_EXPECT(expect, OSSL_STORE_INFO_PUBKEY);
     }
     if (pparams != NULL) {
         *pparams = NULL;
         cnt_expectations++;
-        SET_EXPECT(OSSL_STORE_INFO_PARAMS);
+        SET_EXPECT(expect, OSSL_STORE_INFO_PARAMS);
     }
     if (pcert != NULL) {
         *pcert = NULL;
         cnt_expectations++;
-        SET_EXPECT(OSSL_STORE_INFO_CERT);
+        SET_EXPECT(expect, OSSL_STORE_INFO_CERT);
     }
     if (pcerts != NULL) {
         if (*pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) {
@@ -912,12 +912,12 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
             goto end;
         }
         cnt_expectations++;
-        SET_EXPECT(OSSL_STORE_INFO_CERT);
+        SET_EXPECT(expect, OSSL_STORE_INFO_CERT);
     }
     if (pcrl != NULL) {
         *pcrl = NULL;
         cnt_expectations++;
-        SET_EXPECT(OSSL_STORE_INFO_CRL);
+        SET_EXPECT(expect, OSSL_STORE_INFO_CRL);
     }
     if (pcrls != NULL) {
         if (*pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) {
@@ -925,7 +925,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
             goto end;
         }
         cnt_expectations++;
-        SET_EXPECT(OSSL_STORE_INFO_CRL);
+        SET_EXPECT(expect, OSSL_STORE_INFO_CRL);
     }
     if (cnt_expectations == 0) {
         BIO_printf(bio_err, "Internal error: nothing to load from %s\n",

From no-reply at appveyor.com  Wed May 12 23:19:56 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 12 May 2021 23:19:56 +0000
Subject: Build completed: openssl master.42011
Message-ID: <20210512231956.1.ADBA883ACCB9133B@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210512/0537ac9c/attachment.html>

From shane.lontis at oracle.com  Wed May 12 23:53:13 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Wed, 12 May 2021 23:53:13 +0000
Subject: [openssl]  master update
Message-ID: <1620863593.746027.11869.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b98f752ec330cdc81d1f27a9506e6dcc8c00af5a (commit)
      from  466cab4758289f91215eada905cf334d334830fa (commit)


- Log -----------------------------------------------------------------
commit b98f752ec330cdc81d1f27a9506e6dcc8c00af5a
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Mon May 10 10:27:42 2021 +1000

    Export/import flags for FFC params changed to seperate fields.
    
    An extra field got added to the ffc flags related to FIPS-186-2 key validation, but this field was
    not handled by the export/import since the flags were done as string combinations.
    To keep this consistent with other object flags they are now passed as seperate OSSL_PARAM fields.
    
    Fixes 'no-cached-fetch' build which uses export/import.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15210)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ffc/ffc_backend.c         | 19 ++++++++++++---
 crypto/ffc/ffc_params.c          | 50 +++++++++++++---------------------------
 crypto/ffc/ffc_params_generate.c |  6 ++---
 doc/man7/EVP_PKEY-FFC.pod        | 17 ++++++++++++++
 include/internal/ffc.h           |  7 ++----
 include/openssl/core_names.h     |  9 +++-----
 providers/fips-sources.checksums |  6 ++---
 providers/fips.checksum          |  2 +-
 test/evp_extra_test2.c           | 19 +++------------
 9 files changed, 64 insertions(+), 71 deletions(-)

diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index 43825d9216..27ce15715a 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -80,12 +80,25 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
         if (!ossl_ffc_params_set_seed(ffc, prm->data, prm->data_size))
             goto err;
     }
-    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE);
+    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ);
     if (prm != NULL) {
-        if (prm->data_type != OSSL_PARAM_UTF8_STRING)
+        if (!OSSL_PARAM_get_int(prm, &i))
+            goto err;
+        ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_PQ, i);
+    }
+    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_G);
+    if (prm != NULL) {
+        if (!OSSL_PARAM_get_int(prm, &i))
             goto err;
-        ossl_ffc_params_set_flags(ffc, ossl_ffc_params_flags_from_name(prm->data));
+        ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_G, i);
     }
+    prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY);
+    if (prm != NULL) {
+        if (!OSSL_PARAM_get_int(prm, &i))
+            goto err;
+        ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, i);
+    }
+
     prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
     if (prm != NULL) {
         const OSSL_PARAM *p1;
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 9f52aa35ad..6e025a06be 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -23,7 +23,7 @@ void ossl_ffc_params_init(FFC_PARAMS *params)
     memset(params, 0, sizeof(*params));
     params->pcounter = -1;
     params->gindex = FFC_UNVERIFIABLE_GINDEX;
-    params->flags = FFC_PARAM_FLAG_VALIDATE_ALL;
+    params->flags = FFC_PARAM_FLAG_VALIDATE_PQG;
 }
 
 void ossl_ffc_params_cleanup(FFC_PARAMS *params)
@@ -207,39 +207,11 @@ int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q)
            && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */
 }
 
-static const OSSL_ITEM flag_map[] = {
-    { FFC_PARAM_FLAG_VALIDATE_PQ, OSSL_FFC_PARAM_VALIDATE_PQ },
-    { FFC_PARAM_FLAG_VALIDATE_G, OSSL_FFC_PARAM_VALIDATE_G },
-    { FFC_PARAM_FLAG_VALIDATE_ALL, OSSL_FFC_PARAM_VALIDATE_PQG },
-    { 0, "" }
-};
-
-int ossl_ffc_params_flags_from_name(const char *name)
-{
-    size_t i;
-
-    for (i = 0; i < OSSL_NELEM(flag_map); ++i) {
-        if (strcasecmp(flag_map[i].ptr, name) == 0)
-            return flag_map[i].id;
-    }
-    return NID_undef;
-}
-
-const char *ossl_ffc_params_flags_to_name(int flags)
-{
-    size_t i;
-
-    flags &= FFC_PARAM_FLAG_VALIDATE_ALL;
-    for (i = 0; i < OSSL_NELEM(flag_map); ++i) {
-        if ((int)flag_map[i].id == flags)
-            return flag_map[i].ptr;
-    }
-    return "";
-}
-
 int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
                       OSSL_PARAM params[])
 {
+    int test_flags;
+
     if (ffc == NULL)
         return 0;
 
@@ -279,10 +251,20 @@ int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
                                                  name))
             return 0;
     }
-    if (!ossl_param_build_set_utf8_string(bld, params,
-                                          OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
-                                          ossl_ffc_params_flags_to_name(ffc->flags)))
+    test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0);
+    if (!ossl_param_build_set_int(bld, params,
+                                  OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags))
         return 0;
+    test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_G) != 0);
+    if (!ossl_param_build_set_int(bld, params,
+                                  OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags))
+        return 0;
+    test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) != 0);
+    if (!ossl_param_build_set_int(bld, params,
+                                  OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY,
+                                  test_flags))
+        return 0;
+
     if (ffc->mdname != NULL
         && !ossl_param_build_set_utf8_string(bld, params,
                                              OSSL_PKEY_PARAM_FFC_DIGEST,
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index ee13a07d10..26ab9120c6 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -479,7 +479,7 @@ static const char *default_mdname(size_t N)
  *  For validation one of:
  *   -FFC_PARAM_FLAG_VALIDATE_PQ
  *   -FFC_PARAM_FLAG_VALIDATE_G
- *   -FFC_PARAM_FLAG_VALIDATE_ALL
+ *   -FFC_PARAM_FLAG_VALIDATE_PQG
  *  For generation of p & q:
  *   - This is skipped if p & q are passed in.
  *   - If the seed is passed in then generation of p & q uses this seed (and if
@@ -720,7 +720,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
         goto err;
 
     /* If validating p & q only then skip the g validation test */
-    if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ)
+    if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ)
         goto pass;
 g_only:
     if ((mont = BN_MONT_CTX_new()) == NULL)
@@ -972,7 +972,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
         }
     }
     /* If validating p & q only then skip the g validation test */
-    if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ)
+    if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ)
         goto pass;
 g_only:
     if ((mont = BN_MONT_CTX_new()) == NULL)
diff --git a/doc/man7/EVP_PKEY-FFC.pod b/doc/man7/EVP_PKEY-FFC.pod
index 9de066a865..3ab243f45a 100644
--- a/doc/man7/EVP_PKEY-FFC.pod
+++ b/doc/man7/EVP_PKEY-FFC.pod
@@ -100,6 +100,23 @@ satisfies g = h^j mod p (where g != 1 and "j" is the cofactor).
 
 An optional informational cofactor parameter that should equal to (p - 1) / q.
 
+=item "validate-pq" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_PQ>) <unsigned integer>
+
+=item "validate-g" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_G>) <unsigned integer>
+
+These boolean values are used during FIPS186-4 or FIPS186-2 key validation checks
+(See L<EVP_PKEY_param_check(3)>) to select validation options. By default
+I<validate-pq> and I<validate-g> are both set to 1 to check that p,q and g are
+valid. Either of these may be set to 0 to skip a test, which is mainly useful
+for testing purposes.
+
+=item "validate-legacy" (B<OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY>) <unsigned integer>
+
+This boolean value is used during key validation checks
+(See L<EVP_PKEY_param_check(3)>) to select the validation type. The default
+value of 0 selects FIPS186-4 validation. Setting this value to 1 selects
+FIPS186-2 validation.
+
 =back
 
 =head2 FFC key generation parameters
diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index f0ab31400b..79cb06aba3 100644
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -42,7 +42,7 @@
 /* Validation flags */
 # define FFC_PARAM_FLAG_VALIDATE_PQ    0x01
 # define FFC_PARAM_FLAG_VALIDATE_G     0x02
-# define FFC_PARAM_FLAG_VALIDATE_ALL                                           \
+# define FFC_PARAM_FLAG_VALIDATE_PQG                                           \
     (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G)
 #define FFC_PARAM_FLAG_VALIDATE_LEGACY 0x04
 
@@ -105,7 +105,7 @@ typedef struct ffc_params_st {
     int gindex;
     int h; /* loop counter for unverifiable g */
 
-    unsigned int flags; /* See FFC_PARAM_FLAG_VALIDATE_ALL */
+    unsigned int flags;
     /*
      * The digest to use for generation or validation. If this value is NULL,
      * then the digest is chosen using the value of N.
@@ -209,7 +209,4 @@ const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group);
 int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group);
 #endif
 
-const char *ossl_ffc_params_flags_to_name(int flags);
-int ossl_ffc_params_flags_from_name(const char *name);
-
 #endif /* OSSL_INTERNAL_FFC_H */
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 7ebde7c2a1..c01be930ab 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -294,12 +294,9 @@ extern "C" {
 #define OSSL_PKEY_PARAM_FFC_SEED            "seed"
 #define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
 #define OSSL_PKEY_PARAM_FFC_H               "hindex"
-#define OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE   "valid-type"
-
-/* Diffie-Hellman/DSA Parameters parameter validation types */
-#define OSSL_FFC_PARAM_VALIDATE_PQ          "validate-pq"
-#define OSSL_FFC_PARAM_VALIDATE_G           "validate-g"
-#define OSSL_FFC_PARAM_VALIDATE_PQG         "validate-pqg"
+#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ     "validate-pq"
+#define OSSL_PKEY_PARAM_FFC_VALIDATE_G      "validate-g"
+#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy"
 
 /* Diffie-Hellman params */
 #define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index a127b70ef4..57c66af718 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -188,12 +188,12 @@ ff8a5ff024c228fe714e4cf758260cf9e9c992a9311acb5f96b0f2ed6af1a814  crypto/evp/pme
 b360a72944bcb8f8ae8bd28d9b8a4a6aa4f39d1402295f84af243d14c3f1898c  crypto/evp/pmeth_lib.c
 52d8ea3b8b3ef52b58306b0fbd4557d682ba69a5384672ba7e1682c9a853f417  crypto/evp/signature.c
 b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac  crypto/ex_data.c
-ae496cbb92b8664bb729997a241d12cc515a3944d66fe87b0c6e24f1011e061f  crypto/ffc/ffc_backend.c
+00ca3b72cd56308aabb2826b6a400c675526afa7efca052d39c74b2ac6d137d8  crypto/ffc/ffc_backend.c
 ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc_dh.c
 8390c3015b5bb7f65a5cde533390788e7e61e381823c58c2e7caf8e50ca63a3b  crypto/ffc/ffc_key_generate.c
 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b  crypto/ffc/ffc_key_validate.c
-a87945698684673832fbedb4d01e2f11df58f43f79605a9e6d7136bb15b02e52  crypto/ffc/ffc_params.c
-887357f0422954f2ecb855d468ad2456a76372dc401301ba284c0fd8c6b5092e  crypto/ffc/ffc_params_generate.c
+67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346  crypto/ffc/ffc_params.c
+4c614d354252e2cfdfa2fcb7d2abba0456fcdee3e5ffdcf4d7cec1d6c8c9d1d8  crypto/ffc/ffc_params_generate.c
 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
 c193773792bec29c791e84d150ffe5ef25f53cb02e23f0e12e9000234b4322e5  crypto/hmac/hmac.c
 271083f71a1ce24988a0932f73c0221260591823afd495bf2ae8d11e8469b659  crypto/initthread.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 65860fc8fc..83fe30d81c 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-685bc28466bcc7a645e423f4994d0f6d33d32368859ffdd9e42c2983934bffbb  providers/fips-sources.checksums
+3ea8c9568047f0cf5ca79b8de0b7d4daa76044baa6bfe25a22a7bbfe13186f7c  providers/fips-sources.checksums
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 2e5861c77f..d9d26711ba 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -596,20 +596,6 @@ static int do_check_int(OSSL_PARAM params[], const char *key, int expected)
            && TEST_int_eq(val, expected);
 }
 
-static int do_check_utf8_str(OSSL_PARAM params[], const char *key,
-                             const char *expected)
-{
-    OSSL_PARAM *p;
-    char *bufp = NULL;
-    int ret;
-
-    ret = TEST_ptr(p = OSSL_PARAM_locate(params, key))
-          && TEST_true(OSSL_PARAM_get_utf8_string(p, &bufp, 0))
-          && TEST_str_eq(bufp, expected);
-    OPENSSL_free(bufp);
-    return ret;
-}
-
 static int test_dsa_todata(void)
 {
     EVP_PKEY *pkey = NULL;
@@ -648,8 +634,9 @@ static int test_dsa_todata(void)
         || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_GINDEX, -1)
         || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_PCOUNTER, -1)
         || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_H, 0)
-        || !do_check_utf8_str(to_params, OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
-                              OSSL_FFC_PARAM_VALIDATE_PQG)
+        || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, 1)
+        || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_VALIDATE_G, 1)
+        || !do_check_int(to_params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY, 0)
         || !TEST_ptr_null(OSSL_PARAM_locate(to_params, OSSL_PKEY_PARAM_FFC_SEED)))
         goto err;
 

From openssl at openssl.org  Thu May 13 01:08:47 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 13 May 2021 01:08:47 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-asm
Message-ID: <1620868127.836544.3852800.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm

Commit log since last time:

80c25611ab Update expected results for tls13kexmodes tests
e776858bce Don't send key_share for PSK-only key exchange
f84ab284e9 make update
efe0f31535 Improve RFC 8446 PSK key exchange mode compliance
8f965908a5 HTTP client: Minimal changes that include the improved API
4329f361ce Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()
202cbdd2fc A few cleanups of the provider build.infos
6a2ab4a9c8 Allow arbitrary digests with ECDSA and DSA
b5d984bf67 apps: make list -help not continue with listing
482e6693b4 apps: change list command to only list fetchable algorithms.
4966411789 encoder: add a _name() function for encoders and decoders
b337741372 doc: document the encoder and decoder name functions
63ac53aa51 Checksum update
5725ab8087 property: add test case for setting default user properties before fetching
1f12bf71fe property: create property names more eagerly.
ab6db11e63 Run-checker converted to GitHub Actions
4da44374d1 coveralls: fix comment to indicate daily not weekly
7303c58217 Add OID for RPKI id-ct-signedChecklist
de3379c941 find-doc-nits fix courtesy Rich Salz
8975b76efa use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h
842d61b517 Checksum update
0df56c30f7 evp: fix return code check.
4885ecffc7 coverity: fix 1484542 dereference after null check
54e1c14a29 coverity: fix 1484540 resource leak
b0f6402bf4 coverity: fix 1484539 resource leak
c6b7239072 80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!
c7978e506b Fix missing $CPUIDDEF in libdefault.a
b8be229dab Update FIPS checksums
c1fb5e072f Exclude child provider code from the FIPS module
878be71c2d Update documentation following addition of OSSL_LIB_CTX_new_child()
fb9b3a7bce Add additional testing of child libctx/providers
abaa2dd298 Don't convert pre-existing providers into children
8c62707565 Add support for child provider to up_ref/free their parent
3b85bcfa14 Add a test to check that child provider callbacks are working
7b88c184b6 Register callbacks with core for child provider creation/deletion
5442611dff Add a test for OSSL_LIB_CTX_new_child()
d0efad482f Modify the legacy provider to use OSSL_LIB_CTX_new_child()
f12a5690de Add the concept of a child OSSL_LIB_CTX
a16d21744d Add the ability for ex_data to have a priority
d07af736de Only load the config file into the default libctx if necessary
56784203ec Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
f925315203 Add convenience functions and macros for asymmetric key generation
6dbb277627 Tests for creating req from PKCS8 keys with extra attrs
f60e35d01e reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case
a7a7e6e3a6 Reduce the runtime/output from the gmdiff test
f1a45f68bc armcap: fix Mac M1 SHA512 support.
d29d7a7ff2 Fix i2d_PKCS8PrivateKey_nid_bio() regression.
333b31e300 checksum fix

Build log ended with (last 100 lines):

15-test_rsa.t ...................... ok
15-test_rsaoaep.t .................. ok
15-test_rsapss.t ................... ok
20-test_app.t ...................... ok
20-test_cli_fips.t ................. skipped: Test only supported in a fips build with security checks
20-test_dgst.t ..................... ok
20-test_dhparam.t .................. ok
20-test_dhparam_check.t ............ ok
20-test_enc.t ...................... ok
20-test_enc_more.t ................. ok
20-test_kdf.t ...................... ok
20-test_mac.t ...................... ok
20-test_passwd.t ................... ok
20-test_pkeyutl.t .................. ok
20-test_rand_config.t .............. ok
25-test_crl.t ...................... ok
25-test_d2i.t ...................... ok
25-test_eai_data.t ................. ok
25-test_pkcs7.t .................... ok
25-test_req.t ...................... ok
25-test_rusext.t ................... ok
25-test_sid.t ...................... ok
25-test_verify.t ................... ok
25-test_verify_store.t ............. ok
25-test_x509.t ..................... ok
30-test_acvp.t ..................... skipped: ACVP is not supported by this test
30-test_aesgcm.t ................... ok
30-test_afalg.t .................... ok
30-test_defltfips.t ................ ok
30-test_engine.t ................... ok
30-test_evp.t ...................... ok
30-test_evp_extra.t ................ ok
30-test_evp_fetch_prov.t ........... ok
30-test_evp_kdf.t .................. ok
30-test_evp_libctx.t ............... ok
30-test_evp_pkey_dparam.t .......... ok
30-test_evp_pkey_provided.t ........ ok
30-test_pbelu.t .................... ok
30-test_pkey_meth.t ................ ok
30-test_pkey_meth_kdf.t ............ ok
30-test_provider_status.t .......... skipped: provider_status is not supported by this test
40-test_rehash.t ................... ok
60-test_x509_check_cert_pkey.t ..... ok
60-test_x509_dup_cert.t ............ ok
60-test_x509_store.t ............... ok
60-test_x509_time.t ................ ok
61-test_bio_prefix.t ............... ok
61-test_bio_readbuffer.t ........... ok
65-test_cmp_asn.t .................. ok
65-test_cmp_client.t ............... ok
65-test_cmp_ctx.t .................. ok
65-test_cmp_hdr.t .................. ok
65-test_cmp_msg.t .................. ok
65-test_cmp_protect.t .............. ok
65-test_cmp_server.t ............... ok
65-test_cmp_status.t ............... ok
65-test_cmp_vfy.t .................. ok
66-test_ossl_store.t ............... ok
70-test_asyncio.t .................. ok
70-test_bad_dtls.t ................. ok
70-test_clienthello.t .............. ok
70-test_comp.t ..................... ok
70-test_key_share.t ................ ok
70-test_packet.t ................... ok
70-test_recordlen.t ................ ok
70-test_renegotiation.t ............ ok
70-test_servername.t ............... ok
70-test_sslcbcpadding.t ............ ok
70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok

# 
Killing mock server with pid=384950280-test_cmp_http.t ................. ok
make[1]: *** wait: No child processes.  Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: *** wait: No child processes.  Stop.
make: *** [Makefile:3189: tests] Terminated

From pauli at openssl.org  Thu May 13 01:18:51 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 01:18:51 +0000
Subject: [openssl]  master update
Message-ID: <1620868731.700626.11465.nullmailer@dev.openssl.org>

The branch master has been updated
       via  36c5bb1affc299f94e6f0431f11e90b734eb31f9 (commit)
      from  b98f752ec330cdc81d1f27a9506e6dcc8c00af5a (commit)


- Log -----------------------------------------------------------------
commit 36c5bb1affc299f94e6f0431f11e90b734eb31f9
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 11 13:54:42 2021 -0400

    Fix cut/paste (?) error.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15232)

-----------------------------------------------------------------------

Summary of changes:
 doc/internal/man3/OPENSSL_SA.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/internal/man3/OPENSSL_SA.pod b/doc/internal/man3/OPENSSL_SA.pod
index cc775830e9..c7e62461e5 100644
--- a/doc/internal/man3/OPENSSL_SA.pod
+++ b/doc/internal/man3/OPENSSL_SA.pod
@@ -40,7 +40,7 @@ the processor along
 =end comment
 
 SPARSE_ARRAY_OF() returns the name for a sparse array of the specified
-B<I<TYPE>>.  DEFINE_STACK_OF() creates set of functions for a sparse
+B<I<TYPE>>.  DEFINE_SPARSE_ARRAY_OF() creates set of functions for a sparse
 array of B<I<TYPE>>. This will mean that a pointer to type B<I<TYPE>>
 is stored in each element of a sparse array, the type is referenced by
 B<SPARSE_ARRAY_OF>(B<I<TYPE>>) and each function name begins with

From pauli at openssl.org  Thu May 13 01:45:12 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 01:45:12 +0000
Subject: [openssl]  master update
Message-ID: <1620870312.385365.6695.nullmailer@dev.openssl.org>

The branch master has been updated
       via  307a38fa5fafd715b02f31b2c861b47bd38ed509 (commit)
      from  36c5bb1affc299f94e6f0431f11e90b734eb31f9 (commit)


- Log -----------------------------------------------------------------
commit 307a38fa5fafd715b02f31b2c861b47bd38ed509
Author: Xiaofei Bai <xiaofei.bai at arm.com>
Date:   Tue May 11 05:42:51 2021 +0000

    Add $AESDEF in libdefault.a to fix aes regression
    
    We recently noticed AES algorithms(like aes-xxx-ctr, aes-xxx-gcm,.etc)
    have significant performance regression on x86_64 platform, and it is
    because of the missing AES_ASM macro. This PR is to fix it by applying
    $AESDEF to libdefault.a.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15225)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/build.info | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index cc523c8f4f..66bff1ae73 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -70,6 +70,7 @@ SOURCE[../../providers/libfips.a]=$COMMON
 # need to be applied to all affected libraries and modules.
 DEFINE[../../libcrypto]=$AESDEF
 DEFINE[../../providers/libfips.a]=$AESDEF
+DEFINE[../../providers/libdefault.a]=$AESDEF
 
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 

From pauli at openssl.org  Thu May 13 01:57:10 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 01:57:10 +0000
Subject: [openssl]  master update
Message-ID: <1620871030.685001.9486.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7f24110a005496617110495e826d283900a028b7 (commit)
      from  307a38fa5fafd715b02f31b2c861b47bd38ed509 (commit)


- Log -----------------------------------------------------------------
commit 7f24110a005496617110495e826d283900a028b7
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 11 15:55:13 2021 +0200

    EVP_PKEY-X25519.pod: Correct EVP_PKEY_Q_keygen function name in example
    
    fixup for #14695: Add convenience functions and macros for asymmetric key generation
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15226)

-----------------------------------------------------------------------

Summary of changes:
 doc/man7/EVP_PKEY-X25519.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod
index a597bc53be..509f065c56 100644
--- a/doc/man7/EVP_PKEY-X25519.pod
+++ b/doc/man7/EVP_PKEY-X25519.pod
@@ -86,7 +86,7 @@ An B<EVP_PKEY> context can be obtained by calling:
 
 An B<X25519> key can be generated like this:
 
-    pkey = EVP_Q_keygen(NULL, NULL, "X25519");
+    pkey = EVP_PKEY_Q_keygen(NULL, NULL, "X25519");
 
 An B<X448>, B<ED25519>, or B<ED448> key can be generated likewise.
 

From pauli at openssl.org  Thu May 13 04:22:39 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 04:22:39 +0000
Subject: [openssl]  master update
Message-ID: <1620879759.297176.27855.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9a633a1c97e387157560641c4f7043efe52dba6b (commit)
      from  7f24110a005496617110495e826d283900a028b7 (commit)


- Log -----------------------------------------------------------------
commit 9a633a1c97e387157560641c4f7043efe52dba6b
Author: Pauli <pauli at openssl.org>
Date:   Thu May 13 10:34:42 2021 +1000

    test: fix thread test config file problem
    
    Force the thread test to use the configuration file via a command line arg.
    Use the test library support for libctx creation.
    
    Fixes #15243
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15256)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/90-test_threads.t | 10 ++++++----
 test/threadstest.c             | 15 +++++++++++----
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t
index 53883ee629..a841a4b2f5 100644
--- a/test/recipes/90-test_threads.t
+++ b/test/recipes/90-test_threads.t
@@ -20,13 +20,15 @@ use lib srctop_dir('Configurations');
 use lib bldtop_dir('.');
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $config_path = abs_path(srctop_file("test", $no_fips ? "default.cnf"
+                                                        : "default-and-fips.cnf"));
 
 plan tests => 1;
 
 if ($no_fips) {
-    $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf"));
-    ok(run(test(["threadstest", data_dir()])), "running test_threads");
+    ok(run(test(["threadstest", "-config", $config_path, data_dir()])),
+       "running test_threads");
 } else {
-    $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-fips.cnf"));
-    ok(run(test(["threadstest", "-fips", data_dir()])), "running test_threads");
+    ok(run(test(["threadstest", "-fips", "-config", $config_path, data_dir()])),
+       "running test_threads with FIPS");
 }
diff --git a/test/threadstest.c b/test/threadstest.c
index 9d15a23d96..359b330024 100644
--- a/test/threadstest.c
+++ b/test/threadstest.c
@@ -23,6 +23,7 @@
 
 static int do_fips = 0;
 static char *privkey;
+static char *config_file = NULL;
 
 #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
 
@@ -450,9 +451,10 @@ static int test_multi(int idx)
 #endif
 
     multi_success = 1;
-    multi_libctx = OSSL_LIB_CTX_new();
-    if (!TEST_ptr(multi_libctx))
-        goto err;
+    if (!TEST_true(test_get_libctx(&multi_libctx, NULL, config_file,
+                                   NULL, NULL)))
+        return 0;
+
     prov = OSSL_PROVIDER_load(multi_libctx, (idx == 1) ? "fips" : "default");
     if (!TEST_ptr(prov))
         goto err;
@@ -583,7 +585,7 @@ static int test_multi_default(void)
 typedef enum OPTION_choice {
     OPT_ERR = -1,
     OPT_EOF = 0,
-    OPT_FIPS,
+    OPT_FIPS, OPT_CONFIG_FILE,
     OPT_TEST_ENUM
 } OPTION_CHOICE;
 
@@ -592,6 +594,8 @@ const OPTIONS *test_get_options(void)
     static const OPTIONS options[] = {
         OPT_TEST_OPTIONS_DEFAULT_USAGE,
         { "fips", OPT_FIPS, '-', "Test the FIPS provider" },
+        { "config", OPT_CONFIG_FILE, '<',
+          "The configuration file to use for the libctx" },
         { NULL }
     };
     return options;
@@ -607,6 +611,9 @@ int setup_tests(void)
         case OPT_FIPS:
             do_fips = 1;
             break;
+        case OPT_CONFIG_FILE:
+            config_file = opt_arg();
+            break;
         case OPT_TEST_CASES:
             break;
         default:

From pauli at openssl.org  Thu May 13 07:36:19 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 07:36:19 +0000
Subject: [tools]  master update
Message-ID: <1620891379.238123.10025.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0e935b5510ff4240341205184085f8a93eb36c24 (commit)
      from  ca5cf74927c857e135ec53640b2dcf58740da56e (commit)


- Log -----------------------------------------------------------------
commit 0e935b5510ff4240341205184085f8a93eb36c24
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 11:25:35 2021 +1000

    run-checker: reduce the number of builds
    
    With the addition of most run-checker jobs to GitHub Actions, there is no need
    to continue running these jobs ourselves.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/tools/pull/87)

-----------------------------------------------------------------------

Summary of changes:
 run-checker/run-checker.sh | 29 +----------------------------
 1 file changed, 1 insertion(+), 28 deletions(-)

diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh
index 699f30f..124259f 100755
--- a/run-checker/run-checker.sh
+++ b/run-checker/run-checker.sh
@@ -22,34 +22,7 @@
 
 here=$(cd $(dirname $0); pwd)
 opts=( ''
-no-afalgeng enable-asan no-asm no-async no-autoalginit no-autoerrinit
-no-bf no-blake2 no-camellia no-capieng no-cast no-chacha no-cmac no-cms no-comp
-enable-crypto-mdebug enable-crypto-mdebug-backtrace no-ct no-deprecated no-des
-no-dgram no-dh no-dsa no-dso no-dynamic-engine no-ec no-ec2m no-ecdh
-no-ecdsa enable-ec_nistp_64_gcc_128 enable-egd no-engine 'no-engine no-shared'
-no-err no-filenames
-no-aria no-asan no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng
-no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer
-no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ssl no-ssl-trace no-tests
-no-ubsan no-ui-console no-unit-test no-weak-ssl-ciphers
-no-zlib no-zlib-dynamic
-enable-fuzz-afl enable-fuzz-libfuzzer enable-heartbeats no-hw no-hw-padlock
-no-idea no-makedepend enable-md2 no-md4 no-mdc2 no-gost no-multiblock
-no-nextprotoneg no-ocb no-ocsp no-pic no-poly1305 no-posix-io no-psk no-rc2
-no-rc4 enable-rc5 no-rdrand no-rfc3779 no-ripemd no-rmd160 no-scrypt enable-sctp
-no-seed no-shared no-sock no-srp no-srtp no-sse2 enable-ssl-trace
-no-static-engine no-stdio no-threads no-ts enable-ubsan no-ui
-enable-unit-test no-whirlpool enable-weak-ssl-ciphers enable-zlib
-enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2
-no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method
-no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2
-no-sm3 no-sm4 enable-trace no-legacy no-cached-fetch no-autoload-config
-'no-buildtest-c++' no-bulk no-cmp no-ktls no-module no-padlockeng
-no-pinshared no-secure-memory no-siv no-uplink enable-acvp-tests enable-fips
-'enable-fips no-fips-securitychecks' 'enable-fips enable-acvp-tests'
-'enable-fips no-tls' 'enable-fips no-tls1_1' 'enable-fips no-tls1'
-'enable-fips no-ssl3-method' 'enable-fips no-tls1-method'
-'enable-fips no-tls1_1-method' 'enable-fips no-tls1_3'
+enable-fuzz-afl enable-fuzz-libfuzzer
 )
 
 run-hook () {

From pauli at openssl.org  Thu May 13 08:01:46 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 08:01:46 +0000
Subject: [openssl]  master update
Message-ID: <1620892906.116839.16248.nullmailer@dev.openssl.org>

The branch master has been updated
       via  66ddc0759a435672f1c48b856a0968e7f6e35a82 (commit)
       via  b1423d04cdcad9dbbe2da6e4751f0895112cc977 (commit)
      from  9a633a1c97e387157560641c4f7043efe52dba6b (commit)


- Log -----------------------------------------------------------------
commit 66ddc0759a435672f1c48b856a0968e7f6e35a82
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 14:22:52 2021 +1000

    x509: fix a dangling pointer
    
    If object was pointer was passed and an error occured the object was freed & the
    pointer returned.  Fix this to NULL out the caller's pointer before returning.
    
    Fixes #15115
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15238)

commit b1423d04cdcad9dbbe2da6e4751f0895112cc977
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 14:10:49 2021 +1000

    e_loader_attic: fix a use after free issue
    
    Fixes #15116
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15238)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x_x509.c     | 4 +++-
 engines/e_loader_attic.c | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 529d701bbb..7959ee223f 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -131,8 +131,10 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
     /* Only cache the extensions if the cert object was passed in */
     if (cert != NULL && a != NULL) { /* then cert == *a */
         if (!ossl_x509v3_cache_extensions(cert)) {
-            if (free_on_error)
+            if (free_on_error) {
+                *a = NULL;
                 X509_free(cert);
+            }
             cert = NULL;
         }
     }
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 802b3d9067..4cb98280a5 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -199,6 +199,7 @@ static OSSL_STORE_INFO *new_EMBEDDED(const char *new_pem_name,
         return NULL;
     }
 
+    data->blob = embedded;
     data->pem_name =
         new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
 
@@ -207,7 +208,6 @@ static OSSL_STORE_INFO *new_EMBEDDED(const char *new_pem_name,
         store_info_free(info);
         info = NULL;
     }
-    data->blob = embedded;
 
     return info;
 }

From tomas at openssl.org  Thu May 13 08:25:34 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 08:25:34 +0000
Subject: [openssl]  master update
Message-ID: <1620894334.467730.23466.nullmailer@dev.openssl.org>

The branch master has been updated
       via  91a05d65908c2ee21920d0effbda58b8536c2768 (commit)
       via  16e00da2c9a59e2e3ea774e546bdbe75b238595f (commit)
       via  220927071e91667e58297d24d64e22fa06439a98 (commit)
       via  dea76175581ee827205bc70daa72c1de7872faf6 (commit)
       via  b17e79929819be3093fda576a4b8566c7fc7df70 (commit)
       via  8e782e8b4f8da79713d67446ac179e87201f2a5a (commit)
       via  f3b1e3488cc194b0145b61dbe65b7b0b49a1abc4 (commit)
      from  66ddc0759a435672f1c48b856a0968e7f6e35a82 (commit)


- Log -----------------------------------------------------------------
commit 91a05d65908c2ee21920d0effbda58b8536c2768
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 12 16:14:01 2021 +0200

    Allow diff-fips-checksums in in-tree build
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15229)

commit 16e00da2c9a59e2e3ea774e546bdbe75b238595f
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 12 09:04:59 2021 +0200

    Remove the severity: fips change label if fips checksum unchanged
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15229)

commit 220927071e91667e58297d24d64e22fa06439a98
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 11 18:15:32 2021 +0200

    Set the severity: fips change label if fips checksum changed
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15229)

commit dea76175581ee827205bc70daa72c1de7872faf6
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 11 17:50:13 2021 +0200

    fipsprov: Missing teardown on fips_get_params_from_core() error
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15229)

commit b17e79929819be3093fda576a4b8566c7fc7df70
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 11 17:06:57 2021 +0200

    Add checksums github CI action
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15229)

commit 8e782e8b4f8da79713d67446ac179e87201f2a5a
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 11 16:20:51 2021 +0200

    Add diff-fips-checksums target to compare BLDDIR and SRCDIR checksums
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15229)

commit f3b1e3488cc194b0145b61dbe65b7b0b49a1abc4
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 11 16:07:35 2021 +0200

    Compute the FIPS checksums in $(BLDDIR) and remove it from update target
    
    Add also update-fips-checksums to update the checksums in the
    $(SRCDIR) if the $(SRCDIR) and $(BLDDIR) is different.
    
    The fips-checksums and generate_fips_sources targets are always
    produced (regardless of enable-fips) as nothing else depends on them
    and they are developer targets.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15229)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/checksums.yml   | 69 +++++++++++++++++++++++++++++++++++++++
 Configurations/unix-Makefile.tmpl | 45 +++++++++++++------------
 providers/fips/fipsprov.c         |  2 +-
 3 files changed, 95 insertions(+), 21 deletions(-)
 create mode 100644 .github/workflows/checksums.yml

diff --git a/.github/workflows/checksums.yml b/.github/workflows/checksums.yml
new file mode 100644
index 0000000000..9caf49c9fb
--- /dev/null
+++ b/.github/workflows/checksums.yml
@@ -0,0 +1,69 @@
+name: FIPS Checksums
+on: [pull_request]
+jobs:
+  apply-label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: install unifdef
+        run: |
+            sudo apt-get update
+            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
+      - uses: actions/checkout at v2
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
+      - name: create build dirs
+        run: |
+          mkdir ./build-pristine
+          mkdir ./build
+      - name: config pristine
+        run: ../config enable-fips && perl configdata.pm --dump
+        working-directory: ./build-pristine
+      - name: make build_generated pristine
+        run: make -s build_generated
+        working-directory: ./build-pristine
+      - name: make fips-checksums pristine
+        run: make fips-checksums
+        working-directory: ./build-pristine
+      - uses: actions/checkout at v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          clean: false
+      - name: config
+        run: ../config enable-fips && perl configdata.pm --dump
+        working-directory: ./build
+      - name: make build_generated
+        run: make -s build_generated
+        working-directory: ./build
+      - name: make fips-checksums
+        run: make fips-checksums
+        working-directory: ./build
+      - name: update checksums pristine
+        run: make update-fips-checksums
+        working-directory: ./build-pristine
+      - name: make diff-fips-checksums
+        run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV
+        working-directory: ./build
+      - name: set label
+        if: ${{ env.fips_changed }}
+        uses: actions/github-script at v4
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            github.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['severity: fips change']
+            })
+      - name: remove label
+        if: ${{ env.fips_unchanged }}
+        uses: actions/github-script at v4
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            github.issues.removeLabel({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              name: 'severity: fips change'
+            })
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index c2a0de3a97..9dcc0b0342 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1055,9 +1055,6 @@ uninstall_html_docs:
 # It's important that generate_buildinfo comes after ordinals, as ordinals
 # is sensitive to build.info changes.
 update: generate errors ordinals generate_buildinfo
-{- output_off() if $disabled{fips}; "" -}
-update: fips-checksums
-{- output_on() if $disabled{fips}; "" -}
 
 generate: generate_apps generate_crypto_bn generate_crypto_objects \
           generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids
@@ -1140,9 +1137,8 @@ generate_doc_buildinfo:
                 mv $(SRCDIR)/doc/build.info.new $(SRCDIR)/doc/build.info; \
           fi )
 
-{- output_off() if $disabled{fips}; "" -}
-generate_fips_sources: $(SRCDIR)/providers/fips.module.sources
-$(SRCDIR)/providers/fips.module.sources: \
+generate_fips_sources: providers/fips.module.sources.new
+providers/fips.module.sources.new: \
                 $(SRCDIR)/Configure \
                 {- join(" \\\n" . ' ' x 16,
                         fill_lines(" ", $COLUMNS - 16,
@@ -1171,9 +1167,8 @@ $(SRCDIR)/providers/fips.module.sources: \
 		   crypto/sha/asm/*.pl; do \
 	    echo "$$x"; \
 	  done \
-	) | sort | uniq > $(SRCDIR)/providers/fips.module.sources
+	) | sort | uniq > providers/fips.module.sources.new
 	rm -rf sources-tmp
-{- output_on() if $disabled{fips}; "" -}
 
 # Set to -force to force a rebuild
 ERROR_REBUILD=
@@ -1269,19 +1264,29 @@ tags TAGS: FORCE
 	-ctags -R .
 	-etags `find . -name '*.[ch]' -o -name '*.pm'`
 
-{- output_off() if $disabled{fips}; "" -}
 fips-checksums: generate_fips_sources
-	if which unifdef > /dev/null; then \
-	    ( cd $(SRCDIR) \
-	      && cat providers/fips.module.sources \
-	             | xargs ./util/fips-checksums.sh \
-	             > providers/fips-sources.checksums \
-	      && sha256sum providers/fips-sources.checksums \
-	             > providers/fips.checksum ); \
-	else \
-	    echo >&2 "WARNING: unifdef not in your \$$PATH, FIPS checksums not calculated"; \
-	fi
-{- output_on() if $disabled{fips}; "" -}
+	@which unifdef > /dev/null || \
+	( echo >&2 "ERROR: unifdef not in your \$$PATH, FIPS checksums not calculated"; \
+	  false )
+	( sources=`pwd`/providers/fips.module.sources.new; \
+	  cd $(SRCDIR) \
+	  && cat $$sources \
+	         | xargs ./util/fips-checksums.sh ) \
+	         > providers/fips-sources.checksums.new \
+	&& sha256sum providers/fips-sources.checksums.new \
+	     > providers/fips.checksum.new
+
+$(SRCDIR)/providers/fips.checksum: providers/fips.checksum.new
+	cp -p providers/fips.module.sources.new $(SRCDIR)/providers/fips.module.sources
+	cp -p providers/fips-sources.checksums.new $(SRCDIR)/providers/fips-sources.checksums
+	cp -p providers/fips.checksum.new $(SRCDIR)/providers/fips.checksum
+
+update-fips-checksums: $(SRCDIR)/providers/fips.checksum
+
+diff-fips-checksums: fips-checksums
+	diff -u $(SRCDIR)/providers/fips.module.sources providers/fips.module.sources.new
+	diff -u $(SRCDIR)/providers/fips-sources.checksums providers/fips-sources.checksums.new
+	diff -u $(SRCDIR)/providers/fips.checksum providers/fips.checksum.new
 
 # Release targets (note: only available on Unix) #####################
 
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 7998d55d9a..c28995fc44 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -669,7 +669,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
 
     if (!fips_get_params_from_core(fgbl)) {
         /* Error already raised */
-        return 0;
+        goto err;
     }
     /*
      * Disable the conditional error check if it's disabled in the fips config

From tomas at openssl.org  Thu May 13 09:01:22 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 09:01:22 +0000
Subject: [openssl]  master update
Message-ID: <1620896482.735942.31238.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8f3683cda197cd3df1005dc058a2d57be0b6cc5a (commit)
      from  91a05d65908c2ee21920d0effbda58b8536c2768 (commit)


- Log -----------------------------------------------------------------
commit 8f3683cda197cd3df1005dc058a2d57be0b6cc5a
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 13 10:50:14 2021 +0200

    Remove the .new suffix inside the fips.checksum.new
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15263)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 9dcc0b0342..3f78d6d5de 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1264,7 +1264,7 @@ tags TAGS: FORCE
 	-ctags -R .
 	-etags `find . -name '*.[ch]' -o -name '*.pm'`
 
-fips-checksums: generate_fips_sources
+providers/fips.checksum.new: generate_fips_sources
 	@which unifdef > /dev/null || \
 	( echo >&2 "ERROR: unifdef not in your \$$PATH, FIPS checksums not calculated"; \
 	  false )
@@ -1274,7 +1274,9 @@ fips-checksums: generate_fips_sources
 	         | xargs ./util/fips-checksums.sh ) \
 	         > providers/fips-sources.checksums.new \
 	&& sha256sum providers/fips-sources.checksums.new \
-	     > providers/fips.checksum.new
+	     | sed -e 's|\.new||' > providers/fips.checksum.new
+
+fips-checksums: providers/fips.checksum.new
 
 $(SRCDIR)/providers/fips.checksum: providers/fips.checksum.new
 	cp -p providers/fips.module.sources.new $(SRCDIR)/providers/fips.module.sources

From dev at ddvo.net  Thu May 13 09:39:40 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Thu, 13 May 2021 09:39:40 +0000
Subject: [openssl]  master update
Message-ID: <1620898780.741913.9797.nullmailer@dev.openssl.org>

The branch master has been updated
       via  ce70766cb22f2ff88d21d5f60f47cfb4d126ca61 (commit)
       via  c612c7a455d9b3ea602c87fe720d09535f1f6e37 (commit)
      from  8f3683cda197cd3df1005dc058a2d57be0b6cc5a (commit)


- Log -----------------------------------------------------------------
commit ce70766cb22f2ff88d21d5f60f47cfb4d126ca61
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Apr 16 17:52:22 2021 +0200

    Makefile: Make sure providers/fipsmodule.cnf is re-built also for run_tests
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14901)

commit c612c7a455d9b3ea602c87fe720d09535f1f6e37
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Apr 16 17:51:55 2021 +0200

    Makefile: Simplify use of run_tests
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14901)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl | 11 ++++-------
 providers/build.info              |  2 +-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 3f78d6d5de..c07f8dd748 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -506,7 +506,8 @@ build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) build_docs
 all: build_sw build_docs
 
 test: tests
-{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils
+{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils run_tests
+run_tests:
 	@ : {- output_off() if $disabled{tests}; "" -}
 	( SRCTOP=$(SRCDIR) \
 	  BLDTOP=$(BLDDIR) \
@@ -520,8 +521,7 @@ test: tests
 
 list-tests:
 	@ : {- output_off() if $disabled{tests}; "" -}
-	@SRCTOP="$(SRCDIR)" \
-	 $(PERL) $(SRCDIR)/test/run_tests.pl list
+	$(MAKE) run_tests TESTS=list
 	@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
 	@echo "Tests are not supported with your chosen Configure options"
 	@ : {- output_on() if !$disabled{tests}; "" -}
@@ -1254,10 +1254,7 @@ ordinals: build_generated
                 $(SSLHEADERS)
 
 test_ordinals:
-	( cd test; \
-	  SRCTOP=../$(SRCDIR) \
-	  BLDTOP=../$(BLDDIR) \
-	    $(PERL) ../$(SRCDIR)/test/run_tests.pl test_ordinals )
+	$(MAKE) run_tests TESTS=test_ordinals
 
 tags TAGS: FORCE
 	rm -f TAGS tags
diff --git a/providers/build.info b/providers/build.info
index 065b570253..e9ec4cf646 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -119,7 +119,7 @@ IF[{- !$disabled{fips} -}]
   # the generated commands in build templates are expected to catch that,
   # and thereby keep control over the exact output file location.
   IF[{- !$disabled{tests} -}]
-    DEPEND[|tests|]=fipsmodule.cnf
+    DEPEND[|run_tests|]=fipsmodule.cnf
     GENERATE[fipsmodule.cnf]=../apps/openssl fipsinstall \
           -module providers/$(FIPSMODULENAME) -provider_name fips \
           -mac_name HMAC -section_name fips_sect

From tomas at openssl.org  Thu May 13 09:42:10 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 09:42:10 +0000
Subject: [openssl]  master update
Message-ID: <1620898930.469811.11514.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9ce2ef9ba084ec9548b6d219687b24590f87eb1b (commit)
      from  ce70766cb22f2ff88d21d5f60f47cfb4d126ca61 (commit)


- Log -----------------------------------------------------------------
commit 9ce2ef9ba084ec9548b6d219687b24590f87eb1b
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 13 11:34:53 2021 +0200

    The FIPS Checksums job must be run on pull_request_target
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15265)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/checksums.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/checksums.yml b/.github/workflows/checksums.yml
index 9caf49c9fb..3b28d4e23b 100644
--- a/.github/workflows/checksums.yml
+++ b/.github/workflows/checksums.yml
@@ -1,5 +1,5 @@
 name: FIPS Checksums
-on: [pull_request]
+on: [pull_request_target]
 jobs:
   apply-label:
     runs-on: ubuntu-latest

From tomas at openssl.org  Thu May 13 10:14:21 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 10:14:21 +0000
Subject: [openssl]  master update
Message-ID: <1620900861.487869.23162.nullmailer@dev.openssl.org>

The branch master has been updated
       via  ca6197ca3c1a18be004c447cf4bf5a1a40d7dd19 (commit)
      from  9ce2ef9ba084ec9548b6d219687b24590f87eb1b (commit)


- Log -----------------------------------------------------------------
commit ca6197ca3c1a18be004c447cf4bf5a1a40d7dd19
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 13 12:05:36 2021 +0200

    Ensure the pristine checksums are not recomputed
    
    When switching between the pristine and PR checkouts we must
    ensure the pristine checksums are not recomputed.
    
    Also ignore errors (such as trying to remove a label that
    is not set) when setting or removing labels.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15266)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/checksums.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/checksums.yml b/.github/workflows/checksums.yml
index 3b28d4e23b..5f444b639b 100644
--- a/.github/workflows/checksums.yml
+++ b/.github/workflows/checksums.yml
@@ -38,13 +38,14 @@ jobs:
         run: make fips-checksums
         working-directory: ./build
       - name: update checksums pristine
-        run: make update-fips-checksums
+        run: touch providers/fips.checksum.new && make update-fips-checksums
         working-directory: ./build-pristine
       - name: make diff-fips-checksums
         run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV
         working-directory: ./build
       - name: set label
         if: ${{ env.fips_changed }}
+        continue-on-error: true
         uses: actions/github-script at v4
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
@@ -57,6 +58,7 @@ jobs:
             })
       - name: remove label
         if: ${{ env.fips_unchanged }}
+        continue-on-error: true
         uses: actions/github-script at v4
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}

From beldmit at gmail.com  Thu May 13 10:25:01 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Thu, 13 May 2021 10:25:01 +0000
Subject: [openssl]  master update
Message-ID: <1620901501.350284.26198.nullmailer@dev.openssl.org>

The branch master has been updated
       via  4639772523e5cb979722483b9374e0c275afde7d (commit)
       via  6581b17dedb77112fca328a09d6073723a013727 (commit)
      from  ca6197ca3c1a18be004c447cf4bf5a1a40d7dd19 (commit)


- Log -----------------------------------------------------------------
commit 4639772523e5cb979722483b9374e0c275afde7d
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Fri May 7 17:36:42 2021 +0200

    clarification about the DES status
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15197)

commit 6581b17dedb77112fca328a09d6073723a013727
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Fri May 7 17:16:29 2021 +0200

    Enumerating the legacy provider's cipher algorithms
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15197)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/EVP_des_cbc.pod          |  4 ++++
 doc/man3/EVP_desx_cbc.pod         |  4 ++++
 doc/man7/OSSL_PROVIDER-legacy.pod | 26 ++++++++++++++++++++++++++
 3 files changed, 34 insertions(+)

diff --git a/doc/man3/EVP_des_cbc.pod b/doc/man3/EVP_des_cbc.pod
index d00179eacb..bcae9d7a4e 100644
--- a/doc/man3/EVP_des_cbc.pod
+++ b/doc/man3/EVP_des_cbc.pod
@@ -54,6 +54,10 @@ EVP_des_ofb()
 DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit
 shift and OFB modes.
 
+None of these algorithms are provided by the OpenSSL default provider.
+To use them it is necessary to load either the OpenSSL legacy provider or another
+implementation.
+
 =item EVP_des_ede(),
 EVP_des_ede_cbc(),
 EVP_des_ede_cfb(),
diff --git a/doc/man3/EVP_desx_cbc.pod b/doc/man3/EVP_desx_cbc.pod
index c9e250f34c..2a41e08898 100644
--- a/doc/man3/EVP_desx_cbc.pod
+++ b/doc/man3/EVP_desx_cbc.pod
@@ -23,6 +23,10 @@ All modes below use a key length of 128 bits and acts on blocks of 128-bits.
 
 The DES-X algorithm in CBC mode.
 
+This algorithm is not provided by the OpenSSL default provider.
+To use it is necessary to load either the OpenSSL legacy provider or another
+implementation.
+
 =back
 
 =head1 RETURN VALUES
diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod
index 36aeafec94..86ac3fa9a0 100644
--- a/doc/man7/OSSL_PROVIDER-legacy.pod
+++ b/doc/man7/OSSL_PROVIDER-legacy.pod
@@ -52,6 +52,32 @@ The OpenSSL legacy provider supports these operations and algorithms:
 
 =back
 
+=head2 Symmetric Ciphers
+
+Not all of these symmetric cipher algorithms are enabled by default.
+
+=over 4
+
+=item Blowfish
+
+=item CAST
+
+=item DES
+
+=item IDEA
+
+=item RC2
+
+=item RC4
+
+=item RC5
+
+Disabled by default. Use I<enable-rc5> config option to enable.
+
+=item SEED
+
+=back
+
 =begin comment
 
 When algorithms for other operations start appearing, the

From openssl at openssl.org  Thu May 13 10:29:41 2021
From: openssl at openssl.org (OpenSSL run-checker)
Date: Thu, 13 May 2021 10:29:41 +0000
Subject: Still FAILED build of OpenSSL branch master with options -d
 --strict-warnings no-ec2m
Message-ID: <1620901781.855385.778651.nullmailer@run.openssl.org>

Platform and configuration command:

$ uname -a
Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-ec2m

Commit log since last time:

80c25611ab Update expected results for tls13kexmodes tests
e776858bce Don't send key_share for PSK-only key exchange
f84ab284e9 make update
efe0f31535 Improve RFC 8446 PSK key exchange mode compliance
8f965908a5 HTTP client: Minimal changes that include the improved API
4329f361ce Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()
202cbdd2fc A few cleanups of the provider build.infos
6a2ab4a9c8 Allow arbitrary digests with ECDSA and DSA
b5d984bf67 apps: make list -help not continue with listing
482e6693b4 apps: change list command to only list fetchable algorithms.
4966411789 encoder: add a _name() function for encoders and decoders
b337741372 doc: document the encoder and decoder name functions
63ac53aa51 Checksum update
5725ab8087 property: add test case for setting default user properties before fetching
1f12bf71fe property: create property names more eagerly.
ab6db11e63 Run-checker converted to GitHub Actions
4da44374d1 coveralls: fix comment to indicate daily not weekly
7303c58217 Add OID for RPKI id-ct-signedChecklist
de3379c941 find-doc-nits fix courtesy Rich Salz
8975b76efa use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h
842d61b517 Checksum update
0df56c30f7 evp: fix return code check.
4885ecffc7 coverity: fix 1484542 dereference after null check
54e1c14a29 coverity: fix 1484540 resource leak
b0f6402bf4 coverity: fix 1484539 resource leak
c6b7239072 80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!
c7978e506b Fix missing $CPUIDDEF in libdefault.a
b8be229dab Update FIPS checksums
c1fb5e072f Exclude child provider code from the FIPS module
878be71c2d Update documentation following addition of OSSL_LIB_CTX_new_child()
fb9b3a7bce Add additional testing of child libctx/providers
abaa2dd298 Don't convert pre-existing providers into children
8c62707565 Add support for child provider to up_ref/free their parent
3b85bcfa14 Add a test to check that child provider callbacks are working
7b88c184b6 Register callbacks with core for child provider creation/deletion
5442611dff Add a test for OSSL_LIB_CTX_new_child()
d0efad482f Modify the legacy provider to use OSSL_LIB_CTX_new_child()
f12a5690de Add the concept of a child OSSL_LIB_CTX
a16d21744d Add the ability for ex_data to have a priority
d07af736de Only load the config file into the default libctx if necessary
56784203ec Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
f925315203 Add convenience functions and macros for asymmetric key generation
6dbb277627 Tests for creating req from PKCS8 keys with extra attrs
f60e35d01e reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case
a7a7e6e3a6 Reduce the runtime/output from the gmdiff test
f1a45f68bc armcap: fix Mac M1 SHA512 support.
d29d7a7ff2 Fix i2d_PKCS8PrivateKey_nid_bio() regression.
333b31e300 checksum fix

Build log ended with (last 100 lines):

70-test_sslcertstatus.t ............ ok
70-test_sslextension.t ............. ok
70-test_sslmessages.t .............. ok
70-test_sslrecords.t ............... ok
70-test_sslsessiontick.t ........... ok
70-test_sslsigalgs.t ............... ok
70-test_sslsignature.t ............. ok
70-test_sslskewith0p.t ............. ok
70-test_sslversions.t .............. ok
70-test_sslvertol.t ................ ok
70-test_tls13alerts.t .............. ok
70-test_tls13cookie.t .............. ok
70-test_tls13downgrade.t ........... ok
70-test_tls13hrr.t ................. ok
70-test_tls13kexmodes.t ............ ok
70-test_tls13messages.t ............ ok
70-test_tls13psk.t ................. ok
70-test_tlsextms.t ................. ok
70-test_verify_extra.t ............. ok
70-test_wpacket.t .................. ok
71-test_ssl_ctx.t .................. ok
80-test_ca.t ....................... ok
80-test_cipherbytes.t .............. ok
80-test_cipherlist.t ............... ok
80-test_ciphername.t ............... ok

# 
Killing mock server with pid=76905280-test_cmp_http.t ................. ok

# 80-test_cms.t ...................... ok
80-test_cmsapi.t ................... ok
80-test_ct.t ....................... ok
80-test_dane.t ..................... ok
80-test_dtls.t ..................... ok
80-test_dtls_mtu.t ................. ok
80-test_dtlsv1listen.t ............. ok
80-test_http.t ..................... ok
80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
80-test_ssl_new.t .................. ok
80-test_ssl_old.t .................. ok
80-test_ssl_test_ctx.t ............. ok
80-test_sslcorrupt.t ............... ok
80-test_tsa.t ...................... ok
80-test_x509aux.t .................. ok
81-test_cmp_cli.t .................. ok
90-test_asn1_time.t ................ ok
90-test_async.t .................... ok
90-test_bio_enc.t .................. ok
90-test_bio_memleak.t .............. ok
90-test_constant_time.t ............ ok
90-test_fatalerr.t ................. ok
90-test_fipsload.t ................. skipped: Test is disabled with disabled fips
90-test_gmdiff.t ................... ok
90-test_gost.t ..................... ok
90-test_ige.t ...................... ok
90-test_includes.t ................. ok
90-test_memleak.t .................. ok
90-test_overhead.t ................. ok
90-test_secmem.t ................... ok
90-test_shlibload.t ................ ok
90-test_srp.t ...................... ok
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
90-test_tls13ccs.t ................. ok
90-test_tls13encryption.t .......... ok
90-test_tls13secrets.t ............. ok
90-test_v3name.t ................... ok
91-test_pkey_check.t ............... ok
95-test_external_gost_engine.t ..... skipped: No external tests in this configuration
95-test_external_krb5.t ............ skipped: No external tests in this configuration
95-test_external_pyca.t ............ skipped: No external tests in this configuration
99-test_ecstress.t ................. ok
99-test_fuzz_asn1.t ................ ok
99-test_fuzz_asn1parse.t ........... ok
99-test_fuzz_bignum.t .............. ok
99-test_fuzz_bndiv.t ............... ok
99-test_fuzz_client.t .............. ok
99-test_fuzz_cmp.t ................. ok
99-test_fuzz_cms.t ................. ok
99-test_fuzz_conf.t ................ ok
99-test_fuzz_crl.t ................. ok
99-test_fuzz_ct.t .................. ok
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok

Test Summary Report
-------------------
30-test_evp.t                    (Wstat: 1280 Tests: 66 Failed: 5)
  Failed tests:  25-29
  Non-zero exit status: 5
Files=235, Tests=2613, 700 wallclock secs (11.81 usr  1.09 sys + 636.65 cusr 63.67 csys = 713.22 CPU)
Result: FAIL
make[1]: *** [Makefile:3178: _tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-ec2m'
make: *** [Makefile:3175: tests] Error 2

From tomas at openssl.org  Thu May 13 11:04:10 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 11:04:10 +0000
Subject: [openssl]  master update
Message-ID: <1620903850.605554.5174.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a3c86ce9e8923bb7e5ba3e69eae17aac04dbc76d (commit)
      from  4639772523e5cb979722483b9374e0c275afde7d (commit)


- Log -----------------------------------------------------------------
commit a3c86ce9e8923bb7e5ba3e69eae17aac04dbc76d
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 13 12:51:14 2021 +0200

    update-fips-checksums: Make the dependency on source list work
    
    Also clean the generated checksums with make clean
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15267)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index c07f8dd748..935210941f 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -569,6 +569,7 @@ clean: libclean
 	$(RM) core
 	$(RM) tags TAGS doc-nits cmd-nits md-nits
 	$(RM) -r test/test-runs
+	$(RM) providers/fips*.new
 	$(RM) openssl.pc libcrypto.pc libssl.pc
 	-find . -type l \! -name '.*' -exec $(RM) {} \;
 
@@ -1261,7 +1262,7 @@ tags TAGS: FORCE
 	-ctags -R .
 	-etags `find . -name '*.[ch]' -o -name '*.pm'`
 
-providers/fips.checksum.new: generate_fips_sources
+providers/fips.checksum.new: providers/fips.module.sources.new
 	@which unifdef > /dev/null || \
 	( echo >&2 "ERROR: unifdef not in your \$$PATH, FIPS checksums not calculated"; \
 	  false )

From tomas at openssl.org  Thu May 13 11:19:56 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 11:19:56 +0000
Subject: [openssl]  master update
Message-ID: <1620904796.186231.9718.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e9fe0f7e9df7e0909ca52a024b889e48616a29d9 (commit)
       via  3c39bd9b89198c6b3834c369c7da6f582788f645 (commit)
      from  a3c86ce9e8923bb7e5ba3e69eae17aac04dbc76d (commit)


- Log -----------------------------------------------------------------
commit e9fe0f7e9df7e0909ca52a024b889e48616a29d9
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri May 7 17:44:26 2021 +0200

    Replace EVP_PKEY_supports_digest_nid
    
    The EVP_PKEY_supports_digest_nid() is renamed to
    EVP_PKEY_digestsign_supports_digest() and implemented
    via EVP_DigestSignInit_ex().
    
    Fixes #14343
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15198)

commit 3c39bd9b89198c6b3834c369c7da6f582788f645
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri May 7 16:56:34 2021 +0200

    Drop ASN1_PKEY_CTRL_SUPPORTS_MD_NID
    
    This is a legacy ASN1_PKEY_CTRL that was added after
    1.1.1 and is not needed.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15198)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/p_lib.c                               | 28 ++++++-------
 doc/build.info                                   | 12 +++---
 doc/man3/EVP_PKEY_ASN1_METHOD.pod                |  1 -
 doc/man3/EVP_PKEY_digestsign_supports_digest.pod | 44 ++++++++++++++++++++
 doc/man3/EVP_PKEY_get_default_digest_nid.pod     |  2 +-
 doc/man3/EVP_PKEY_supports_digest_nid.pod        | 53 ------------------------
 include/openssl/evp.h                            |  6 +--
 ssl/t1_lib.c                                     | 13 +++---
 util/libcrypto.num                               |  2 +-
 9 files changed, 76 insertions(+), 85 deletions(-)
 create mode 100644 doc/man3/EVP_PKEY_digestsign_supports_digest.pod
 delete mode 100644 doc/man3/EVP_PKEY_supports_digest_nid.pod

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 5cfc7405f3..6a8dc9bbbb 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1335,23 +1335,21 @@ int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *gname, size_t gname_sz,
                                           gname, gname_sz, gname_len);
 }
 
-int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid)
+int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
+                                        const char *name, const char *propq)
 {
-    int rv, default_nid;
+    int rv;
+    EVP_MD_CTX *ctx = NULL;
 
-    rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SUPPORTS_MD_NID, nid, NULL);
-    if (rv == -2) {
-        /*
-         * If there is a mandatory default digest and this isn't it, then
-         * the answer is 'no'.
-         */
-        rv = EVP_PKEY_get_default_digest_nid(pkey, &default_nid);
-        if (rv == 2)
-            return (nid == default_nid);
-        /* zero is an error from EVP_PKEY_get_default_digest_nid() */
-        if (rv == 0)
-            return -1;
-    }
+    if ((ctx = EVP_MD_CTX_new()) == NULL)
+        return -1;
+
+    ERR_set_mark();
+    rv = EVP_DigestSignInit_ex(ctx, NULL, name, libctx,
+                               propq, pkey, NULL);
+    ERR_pop_to_mark();
+
+    EVP_MD_CTX_free(ctx);
     return rv;
 }
 
diff --git a/doc/build.info b/doc/build.info
index af0e0e0539..02882af91e 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -1198,6 +1198,10 @@ DEPEND[html/man3/EVP_PKEY_derive.html]=man3/EVP_PKEY_derive.pod
 GENERATE[html/man3/EVP_PKEY_derive.html]=man3/EVP_PKEY_derive.pod
 DEPEND[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod
 GENERATE[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod
+DEPEND[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod
+GENERATE[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod
+DEPEND[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod
+GENERATE[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod
 DEPEND[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod
 GENERATE[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod
 DEPEND[man/man3/EVP_PKEY_encapsulate.3]=man3/EVP_PKEY_encapsulate.pod
@@ -1274,10 +1278,6 @@ DEPEND[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod
 GENERATE[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod
 DEPEND[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
 GENERATE[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
-DEPEND[html/man3/EVP_PKEY_supports_digest_nid.html]=man3/EVP_PKEY_supports_digest_nid.pod
-GENERATE[html/man3/EVP_PKEY_supports_digest_nid.html]=man3/EVP_PKEY_supports_digest_nid.pod
-DEPEND[man/man3/EVP_PKEY_supports_digest_nid.3]=man3/EVP_PKEY_supports_digest_nid.pod
-GENERATE[man/man3/EVP_PKEY_supports_digest_nid.3]=man3/EVP_PKEY_supports_digest_nid.pod
 DEPEND[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
 GENERATE[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
 DEPEND[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod
@@ -3001,6 +3001,7 @@ html/man3/EVP_PKEY_copy_parameters.html \
 html/man3/EVP_PKEY_decapsulate.html \
 html/man3/EVP_PKEY_decrypt.html \
 html/man3/EVP_PKEY_derive.html \
+html/man3/EVP_PKEY_digestsign_supports_digest.html \
 html/man3/EVP_PKEY_encapsulate.html \
 html/man3/EVP_PKEY_encrypt.html \
 html/man3/EVP_PKEY_fromdata.html \
@@ -3020,7 +3021,6 @@ html/man3/EVP_PKEY_set_type.html \
 html/man3/EVP_PKEY_settable_params.html \
 html/man3/EVP_PKEY_sign.html \
 html/man3/EVP_PKEY_size.html \
-html/man3/EVP_PKEY_supports_digest_nid.html \
 html/man3/EVP_PKEY_todata.html \
 html/man3/EVP_PKEY_verify.html \
 html/man3/EVP_PKEY_verify_recover.html \
@@ -3589,6 +3589,7 @@ man/man3/EVP_PKEY_copy_parameters.3 \
 man/man3/EVP_PKEY_decapsulate.3 \
 man/man3/EVP_PKEY_decrypt.3 \
 man/man3/EVP_PKEY_derive.3 \
+man/man3/EVP_PKEY_digestsign_supports_digest.3 \
 man/man3/EVP_PKEY_encapsulate.3 \
 man/man3/EVP_PKEY_encrypt.3 \
 man/man3/EVP_PKEY_fromdata.3 \
@@ -3608,7 +3609,6 @@ man/man3/EVP_PKEY_set_type.3 \
 man/man3/EVP_PKEY_settable_params.3 \
 man/man3/EVP_PKEY_sign.3 \
 man/man3/EVP_PKEY_size.3 \
-man/man3/EVP_PKEY_supports_digest_nid.3 \
 man/man3/EVP_PKEY_todata.3 \
 man/man3/EVP_PKEY_verify.3 \
 man/man3/EVP_PKEY_verify_recover.3 \
diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
index cbf735d333..4a515590cc 100644
--- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod
+++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
@@ -257,7 +257,6 @@ L<EVP_PKEY_set_type_str(3)>, and L<EVP_PKEY_assign(3)>.
 
 The pkey_ctrl() method adds extra algorithm specific control.
 It's called by L<EVP_PKEY_get_default_digest_nid(3)>,
-L<EVP_PKEY_supports_digest_nid(3)>,
 L<EVP_PKEY_set1_encoded_public_key(3)>,
 L<EVP_PKEY_get1_encoded_public_key(3)>, L<PKCS7_SIGNER_INFO_set(3)>,
 L<PKCS7_RECIP_INFO_set(3)>, ...
diff --git a/doc/man3/EVP_PKEY_digestsign_supports_digest.pod b/doc/man3/EVP_PKEY_digestsign_supports_digest.pod
new file mode 100644
index 0000000000..c043ce4e95
--- /dev/null
+++ b/doc/man3/EVP_PKEY_digestsign_supports_digest.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_digestsign_supports_digest - indicate support for signature digest
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+ int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
+                                         const char *name, const char *propq);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_digestsign_supports_digest() function queries whether the message
+digest I<name> is supported for public key signature operations associated with
+key I<pkey>. The query is done within an optional library context I<libctx> and
+with an optional property query I<propq>.
+
+=head1 RETURN VALUES
+
+The EVP_PKEY_digestsign_supports_digest() function returns 1 if the message
+digest algorithm identified by I<name> can be used for public key signature
+operations associated with key I<pkey> and 0 if it cannot be used. It returns
+a negative value for failure.
+
+=head1 SEE ALSO
+
+L<EVP_DigestSignInit_ex(3)>,
+
+=head1 HISTORY
+
+The EVP_PKEY_digestsign_supports_digest() function was added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/doc/man3/EVP_PKEY_get_default_digest_nid.pod
index 2213a024c7..d680ffef1a 100644
--- a/doc/man3/EVP_PKEY_get_default_digest_nid.pod
+++ b/doc/man3/EVP_PKEY_get_default_digest_nid.pod
@@ -47,7 +47,7 @@ algorithm.
 
 L<EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_sign(3)>,
-L<EVP_PKEY_supports_digest_nid(3)>,
+L<EVP_PKEY_digestsign_supports_digest(3)>,
 L<EVP_PKEY_verify(3)>,
 L<EVP_PKEY_verify_recover(3)>,
 
diff --git a/doc/man3/EVP_PKEY_supports_digest_nid.pod b/doc/man3/EVP_PKEY_supports_digest_nid.pod
deleted file mode 100644
index b3f51346ca..0000000000
--- a/doc/man3/EVP_PKEY_supports_digest_nid.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_PKEY_supports_digest_nid - indicate support for signature digest
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
- int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
-
-=head1 DESCRIPTION
-
-The EVP_PKEY_supports_digest_nid() function queries whether the message digest
-NID B<nid> is supported for public key signature operations associated with key
-B<pkey>.
-
-=head1 NOTES
-
-If the EVP_PKEY implementation does not explicitly support this method, but
-L<EVP_PKEY_get_default_digest_nid(3)> returns a mandatory digest result, then
-only that mandatory digest will be supported.
-
-=head1 RETURN VALUES
-
-The EVP_PKEY_supports_digest_nid() function returns 1 if the message digest
-algorithm identified by B<nid> can be used for public key signature operations
-associated with key B<pkey> and 0 if it cannot be used. It returns a negative
-value for failure. In particular a return value of -2 indicates the query
-operation is not supported by the public key algorithm.
-
-=head1 SEE ALSO
-
-L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_get_default_digest_nid(3)>,
-L<EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verify_recover(3)>,
-
-=head1 HISTORY
-
-The EVP_PKEY_supports_digest_nid() function was added in OpenSSL 3.0.
-
-=head1 COPYRIGHT
-
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License").  You may not use
-this file except in compliance with the License.  You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9d4867ea99..27e14d07b6 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1398,7 +1398,8 @@ int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey,
 int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
 int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
                                      char *mdname, size_t mdname_sz);
-int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
+int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
+                                        const char *name, const char *propq);
 
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 /*
@@ -1513,8 +1514,7 @@ int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num);
 
 # define ASN1_PKEY_CTRL_SET1_TLS_ENCPT   0x9
 # define ASN1_PKEY_CTRL_GET1_TLS_ENCPT   0xa
-# define ASN1_PKEY_CTRL_SUPPORTS_MD_NID  0xb
-# define ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED 0xc
+# define ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED 0xb
 
 int EVP_PKEY_asn1_get_count(void);
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 14c16e355d..1dc57af43a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3052,15 +3052,18 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
     const SIGALG_LOOKUP *lu;
     int mdnid, pknid, supported;
     size_t i;
+    const char *mdname = NULL;
 
     /*
-     * If the given EVP_PKEY cannot supporting signing with this sigalg,
+     * If the given EVP_PKEY cannot support signing with this digest,
      * the answer is simply 'no'.
      */
-    ERR_set_mark();
-    supported = EVP_PKEY_supports_digest_nid(pkey, sig->hash);
-    ERR_pop_to_mark();
-    if (supported == 0)
+    if (sig->hash != NID_undef)
+        mdname = OBJ_nid2sn(sig->hash);
+    supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx,
+                                                    mdname,
+                                                    s->ctx->propq);
+    if (supported <= 0)
         return 0;
 
     /*
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 69b8f63e32..67bf50af4d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4414,7 +4414,7 @@ EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_final                           ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_finalXOF                        ?	3_0_0	EXIST::FUNCTION:
 OSSL_EC_curve_nid2name                  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_supports_digest_nid            ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_digestsign_supports_digest     ?	3_0_0	EXIST::FUNCTION:
 SRP_VBASE_add0_user                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SRP_user_pwd_new                        ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
 SRP_user_pwd_set_gN                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP

From tomas at openssl.org  Thu May 13 11:30:34 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 11:30:34 +0000
Subject: [openssl]  master update
Message-ID: <1620905434.866569.4087.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7bc027d73bc51cfa0ae23fbfd91134be9464d694 (commit)
       via  b4c4a2c68817ea0b2df8012673fa4e0712681704 (commit)
      from  e9fe0f7e9df7e0909ca52a024b889e48616a29d9 (commit)


- Log -----------------------------------------------------------------
commit 7bc027d73bc51cfa0ae23fbfd91134be9464d694
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue Apr 27 18:12:15 2021 +0200

    Fallback to legacy pem decoding if OSSL_DECODER fails
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15045)

commit b4c4a2c68817ea0b2df8012673fa4e0712681704
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue Apr 27 16:01:13 2021 +0200

    Implement pem_read_key directly through OSSL_DECODER
    
    Using OSSL_STORE is too heavy and breaks things.
    
    There were also needed various fixes mainly for missing proper
    handling of the SM2 keys in the OSSL_DECODER.
    
    Fixes #14788
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15045)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_asn1.c                           |   7 +
 crypto/ec/ec_key.c                            |   3 +
 crypto/pem/pem_pkey.c                         | 232 +++++++++++++++++++-------
 crypto/x509/x_pubkey.c                        |   4 +-
 providers/fips-sources.checksums              |   6 +-
 providers/fips.checksum                       |   2 +-
 providers/implementations/keymgmt/ec_kmgmt.c  |   8 +-
 providers/implementations/keymgmt/rsa_kmgmt.c |   4 +-
 test/evp_extra_test2.c                        |   9 +-
 test/sslapitest.c                             |  30 ++--
 10 files changed, 221 insertions(+), 84 deletions(-)

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index ed30d1b3a9..0e37b21ac3 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -965,6 +965,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
         goto err;
     }
 
+    if (EC_GROUP_get_curve_name(ret->group) == NID_sm2)
+        EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE);
+
     EC_POINT_clear_free(ret->pub_key);
     ret->pub_key = EC_POINT_new(ret->group);
     if (ret->pub_key == NULL) {
@@ -1109,6 +1112,10 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
             ret->dirty_cnt++;
         return NULL;
     }
+
+    if (EC_GROUP_get_curve_name(ret->group) == NID_sm2)
+        EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE);
+
     ret->dirty_cnt++;
 
     if (a)
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index f06715fa6b..ea2bad3e26 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -678,6 +678,9 @@ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
         return 0;
     EC_GROUP_free(key->group);
     key->group = EC_GROUP_dup(group);
+    if (key->group != NULL && EC_GROUP_get_curve_name(key->group) == NID_sm2)
+        EC_KEY_set_flags(key, EC_FLAG_SM2_RANGE);
+
     key->dirty_cnt++;
     return (key->group == NULL) ? 0 : 1;
 }
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 3faca8d0ec..3f0a9e4fef 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some STORE deprecated APIs */
+/* We need to use some deprecated APIs */
 #define OPENSSL_SUPPRESS_DEPRECATED
 
 #include <stdio.h>
@@ -20,82 +20,198 @@
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <openssl/dh.h>
-#include <openssl/store.h>
+#include <openssl/decoder.h>
 #include <openssl/ui.h>
-#include "crypto/store.h"
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 #include "pem_local.h"
 
 int ossl_pem_check_suffix(const char *pem_str, const char *suffix);
 
-static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
-                                  pem_password_cb *cb, void *u,
-                                  OSSL_LIB_CTX *libctx, const char *propq,
-                                  int expected_store_info_type,
-                                  int try_secure)
+static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x,
+                                          pem_password_cb *cb, void *u,
+                                          OSSL_LIB_CTX *libctx,
+                                          const char *propq,
+                                          int selection)
 {
-    EVP_PKEY *ret = NULL;
-    OSSL_STORE_CTX *ctx = NULL;
-    OSSL_STORE_INFO *info = NULL;
-    const UI_METHOD *ui_method = NULL;
-    UI_METHOD *allocated_ui_method = NULL;
-
-    if (expected_store_info_type != OSSL_STORE_INFO_PKEY
-        && expected_store_info_type != OSSL_STORE_INFO_PUBKEY
-        && expected_store_info_type != OSSL_STORE_INFO_PARAMS) {
-        ERR_raise(ERR_LIB_PEM, ERR_R_PASSED_INVALID_ARGUMENT);
+    EVP_PKEY *pkey = NULL;
+    OSSL_DECODER_CTX *dctx = NULL;
+
+    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL,
+                                         selection, libctx, propq);
+
+    if (dctx == NULL)
         return NULL;
-    }
 
     if (cb == NULL)
         cb = PEM_def_callback;
-    ui_method = allocated_ui_method = UI_UTIL_wrap_read_pem_callback(cb, 0);
-    if (ui_method == NULL)
-        return NULL;
 
-    if ((ctx = OSSL_STORE_attach(bp, "file", libctx, propq, ui_method, u,
-                                 NULL, NULL, NULL)) == NULL)
+    if (!OSSL_DECODER_CTX_set_pem_password_cb(dctx, cb, u))
         goto err;
-#ifndef OPENSSL_NO_SECURE_HEAP
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-    if (try_secure) {
-        int on = 1;
-        if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on))
+
+    while (!OSSL_DECODER_from_bio(dctx, bp) || pkey == NULL)
+        if (BIO_eof(bp) != 0)
             goto err;
-    }
-# endif
-#endif
 
-    if (!OSSL_STORE_expect(ctx, expected_store_info_type))
+    if (!evp_keymgmt_util_has(pkey, selection)) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+        ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
         goto err;
+    }
 
-    while (!OSSL_STORE_eof(ctx)
-           && (info = OSSL_STORE_load(ctx)) != NULL) {
-        if (OSSL_STORE_INFO_get_type(info) == expected_store_info_type) {
-            switch (expected_store_info_type) {
-            case OSSL_STORE_INFO_PKEY:
-                ret = OSSL_STORE_INFO_get1_PKEY(info);
-                break;
-            case OSSL_STORE_INFO_PUBKEY:
-                ret = OSSL_STORE_INFO_get1_PUBKEY(info);
-                break;
-            case OSSL_STORE_INFO_PARAMS:
-                ret = OSSL_STORE_INFO_get1_PARAMS(info);
-                break;
-            }
-        }
-        OSSL_STORE_INFO_free(info);
-        info = NULL;
+    if (x != NULL) {
+        EVP_PKEY_free(*x);
+        *x = pkey;
     }
 
-    if (ret != NULL && x != NULL)
-        *x = ret;
+ err:
+    OSSL_DECODER_CTX_free(dctx);
+    return pkey;
+}
+
+static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x,
+                                         pem_password_cb *cb, void *u,
+                                         OSSL_LIB_CTX *libctx,
+                                         const char *propq,
+                                         int selection)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int slen;
+    EVP_PKEY *ret = NULL;
 
+    ERR_set_mark();  /* not interested in PEM read errors */
+    if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
+        if (!PEM_bytes_read_bio_secmem(&data, &len, &nm,
+                                       PEM_STRING_EVP_PKEY,
+                                       bp, cb, u)) {
+            ERR_pop_to_mark();
+            return NULL;
+         }
+    } else {
+        const char *pem_string = PEM_STRING_PARAMETERS;
+
+        if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
+            pem_string = PEM_STRING_PUBLIC;
+        if (!PEM_bytes_read_bio(&data, &len, &nm,
+                                pem_string,
+                                bp, cb, u)) {
+            ERR_pop_to_mark();
+            return NULL;
+        }
+    }
+    ERR_clear_last_mark();
+    p = data;
+
+    if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+
+        if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len)) == NULL)
+            goto p8err;
+        ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
+        if (x != NULL) {
+            EVP_PKEY_free(*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        X509_SIG *p8;
+        int klen;
+        char psbuf[PEM_BUFSIZE];
+
+        if ((p8 = d2i_X509_SIG(NULL, &p, len)) == NULL)
+            goto p8err;
+        if (cb != NULL)
+            klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (klen < 0) {
+            ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
+            X509_SIG_free(p8);
+            goto err;
+        }
+        p8inf = PKCS8_decrypt(p8, psbuf, klen);
+        X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
+        if (p8inf == NULL)
+            goto p8err;
+        ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq);
+        if (x != NULL) {
+            EVP_PKEY_free(*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if ((slen = ossl_pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+        if (ameth == NULL || ameth->old_priv_decode == NULL)
+            goto p8err;
+        ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
+    } else if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) {
+        ret = d2i_PUBKEY(x, &p, len);
+    } else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) {
+        ret = EVP_PKEY_new();
+        if (ret == NULL)
+            goto err;
+        if (!EVP_PKEY_set_type_str(ret, nm, slen)
+            || !ret->ameth->param_decode
+            || !ret->ameth->param_decode(ret, &p, len)) {
+            EVP_PKEY_free(ret);
+            ret = NULL;
+            goto err;
+        }
+        if (x) {
+            EVP_PKEY_free(*x);
+            *x = ret;
+        }
+    }
+
+ p8err:
+    if (ret == NULL)
+        ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
  err:
-    OSSL_STORE_close(ctx);
-    UI_destroy_method(allocated_ui_method);
-    OSSL_STORE_INFO_free(info);
+    OPENSSL_secure_free(nm);
+    OPENSSL_secure_clear_free(data, len);
+    return ret;
+}
+
+static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
+                                  pem_password_cb *cb, void *u,
+                                  OSSL_LIB_CTX *libctx,
+                                  const char *propq,
+                                  int selection)
+{
+    EVP_PKEY *ret;
+    BIO *new_bio = NULL;
+    int pos;
+
+    if ((pos = BIO_tell(bp)) < 0) {
+        new_bio = BIO_new(BIO_f_readbuffer());
+        if (new_bio == NULL)
+            return NULL;
+        bp = BIO_push(new_bio, bp);
+        pos = BIO_tell(bp);
+    }
+
+    ERR_set_mark();
+    ret = pem_read_bio_key_decoder(bp, x, cb, u, libctx, propq, selection);
+    if (ret == NULL
+        && (BIO_seek(bp, pos) < 0
+            || (ret = pem_read_bio_key_legacy(bp, x, cb, u,
+                                              libctx, propq,
+                                              selection)) == NULL))
+        ERR_clear_last_mark();
+    else
+        ERR_pop_to_mark();
+
+    if (new_bio != NULL) {
+        BIO_pop(new_bio);
+        BIO_free(new_bio);
+    }
     return ret;
 }
 
@@ -104,7 +220,7 @@ EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x,
                                  OSSL_LIB_CTX *libctx, const char *propq)
 {
     return pem_read_bio_key(bp, x, cb, u, libctx, propq,
-                            OSSL_STORE_INFO_PUBKEY, 0);
+                            EVP_PKEY_PUBLIC_KEY);
 }
 
 EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
@@ -142,7 +258,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x,
                                      OSSL_LIB_CTX *libctx, const char *propq)
 {
     return pem_read_bio_key(bp, x, cb, u, libctx, propq,
-                            OSSL_STORE_INFO_PKEY, 1);
+                            EVP_PKEY_KEYPAIR);
 }
 
 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
@@ -207,7 +323,7 @@ EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
                                      OSSL_LIB_CTX *libctx, const char *propq)
 {
     return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
-                            OSSL_STORE_INFO_PARAMS, 0);
+                            EVP_PKEY_KEY_PARAMETERS);
 }
 
 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 9b846a8bc2..966a1a534b 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -678,12 +678,14 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
     EVP_PKEY *pkey;
     EC_KEY *key = NULL;
     const unsigned char *q;
+    int type;
 
     q = *pp;
     pkey = d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
+    type = EVP_PKEY_id(pkey);
+    if (type == EVP_PKEY_EC || type == EVP_PKEY_SM2)
         key = EVP_PKEY_get1_EC_KEY(pkey);
     EVP_PKEY_free(pkey);
     if (key == NULL)
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 57c66af718..872759e0c7 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -147,7 +147,7 @@ d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curv
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
-2103bb62699b1a0ca4e3f75bd1697d856a9afd7f0051d49e433cf69d62d53e2a  crypto/ec/ec_key.c
+5485a66d4251bc2f044e4d91f6a6b5068957c3b685237bf96a4b45e9c737420c  crypto/ec/ec_key.c
 7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68  crypto/ec/ec_kmeth.c
 90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908  crypto/ec/ec_lib.c
 58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0  crypto/ec/ec_mult.c
@@ -323,7 +323,7 @@ d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/comm
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e  providers/common/securitycheck.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
-5c31ba4eedb31e2509288be50280e0df58faa86fe4b5e99a1167a53fd6f3bd0f  providers/fips/fipsprov.c
+ff2d14b053ecad3a2bc42e2b4a54fe2bbb62fd6068d090dde4d68ae0e14a1a1d  providers/fips/fipsprov.c
 c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
 fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
 08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
@@ -375,7 +375,7 @@ a5b4ddffa137a52f6a0a0c0c28c618d9bff00af2ec49e51885fc7af116e04869  providers/impl
 1a6b7e37229e81eae3981ab2e0b7669eb24aaa6487738c4b44a970da212560b6  providers/implementations/keymgmt/ecx_kmgmt.c
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 21b259d6a9eb5e319106012179e04963fb9659ed85af37f5c9c8752ec2385dae  providers/implementations/keymgmt/mac_legacy_kmgmt.c
-c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87  providers/implementations/keymgmt/rsa_kmgmt.c
+adb3672738af90c3f5829c77abe95af2862b13a7cb1679aac4edc9c704cbdef7  providers/implementations/keymgmt/rsa_kmgmt.c
 25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef  providers/implementations/macs/cmac_prov.c
 f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/implementations/macs/gmac_prov.c
 35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf  providers/implementations/macs/hmac_prov.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 83fe30d81c..3054d8e19f 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-3ea8c9568047f0cf5ca79b8de0b7d4daa76044baa6bfe25a22a7bbfe13186f7c  providers/fips-sources.checksums
+b3dca5cc989c42b9e46c0e0b1738ff17b51ce825f0b87ae13b8f609a0840978f  providers/fips-sources.checksums
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index f563d920c4..2673619ef4 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -1288,14 +1288,8 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     ret = ec_gen_assign_group(ec, gctx->gen_group);
 
     /* Whether you want it or not, you get a keypair, not just one half */
-    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
-        /*
-         * For SM2, we need a new flag to indicate the 'generate' function
-         * to use a new range
-         */
-        EC_KEY_set_flags(ec, EC_FLAG_SM2_RANGE);
+    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
         ret = ret && EC_KEY_generate_key(ec);
-    }
 
     if (ret)
         return ec;
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index a075c54487..34871629ba 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -122,9 +122,7 @@ static int rsa_has(const void *keydata, int selection)
     if ((selection & RSA_POSSIBLE_SELECTIONS) == 0)
         return 1; /* the selection is not missing */
 
-    if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
-        /* This will change with OAEP */
-        ok = ok && (RSA_test_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS) != 0);
+    /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
         ok = ok && (RSA_get0_e(rsa) != NULL);
     if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index d9d26711ba..cad1934c5b 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -371,10 +371,17 @@ static int test_d2i_PrivateKey_ex(void) {
     provider = OSSL_PROVIDER_load(NULL, "default");
     key_bio = BIO_new_mem_buf((&keydata[0])->kder, (&keydata)[0]->size);
 
-    ok = TEST_ptr(pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL));
+    if (!TEST_ptr_null(pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL)))
+        goto err;
+
+    ERR_clear_error();
+    if (!TEST_int_ge(BIO_seek(key_bio, 0), 0))
+        goto err;
+    ok = TEST_ptr(pkey = d2i_PrivateKey_bio(key_bio, NULL));
     TEST_int_eq(ERR_peek_error(), 0);
     test_openssl_errors();
 
+ err:
     EVP_PKEY_free(pkey);
     BIO_free(key_bio);
     OSSL_PROVIDER_unload(provider);
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d4c8bf4d38..ad83491573 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8102,12 +8102,21 @@ static int test_sigalgs_available(int idx)
     if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
         goto end;
 
-    if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
-                                       TLS_client_method(),
-                                       TLS1_VERSION,
-                                       0,
-                                       &sctx, &cctx, cert, privkey)))
-        goto end;
+    if (idx != 5) {
+        if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+                                           TLS_client_method(),
+                                           TLS1_VERSION,
+                                           0,
+                                           &sctx, &cctx, cert, privkey)))
+            goto end;
+    } else {
+        if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+                                           TLS_client_method(),
+                                           TLS1_VERSION,
+                                           0,
+                                           &sctx, &cctx, cert2, privkey2)))
+            goto end;
+    }
 
     /* Ensure we only use TLSv1.2 ciphersuites based on SHA256 */
     if (idx < 4) {
@@ -8135,16 +8144,17 @@ static int test_sigalgs_available(int idx)
             goto end;
     }
 
-    if (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2,
-                                                  SSL_FILETYPE_PEM), 1)
+    if (idx != 5
+        && (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2,
+                                                      SSL_FILETYPE_PEM), 1)
             || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx,
                                                         privkey2,
                                                         SSL_FILETYPE_PEM), 1)
-            || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1))
+            || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)))
         goto end;
 
     if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-                                             NULL, NULL)))
+                                      NULL, NULL)))
         goto end;
 
     if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))

From no-reply at appveyor.com  Thu May 13 11:30:21 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 11:30:21 +0000
Subject: Build failed: openssl master.42016
Message-ID: <20210513113021.1.DB0784E124B2A7B9@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/c724cce7/attachment.html>

From pauli at openssl.org  Thu May 13 11:53:09 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 11:53:09 +0000
Subject: [openssl]  master update
Message-ID: <1620906789.299961.12295.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3ba3e350fd15c133a172095f67e6e0c99ab9b410 (commit)
      from  7bc027d73bc51cfa0ae23fbfd91134be9464d694 (commit)


- Log -----------------------------------------------------------------
commit 3ba3e350fd15c133a172095f67e6e0c99ab9b410
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 15:19:54 2021 +1000

    doc: remove references to undepreciated commands being deprecated.
    
    The dsa, ec, ecparam, and rsa manual pages refer to themselves are being
    deprecated which they aren't.  Address this and add a note pointing to
    the pkey command equivalents albeit without recommending it.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15239)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/openssl-dsa.pod.in     |  7 +++++--
 doc/man1/openssl-ec.pod.in      |  7 +++++--
 doc/man1/openssl-ecparam.pod.in |  8 ++++++--
 doc/man1/openssl-rsa.pod.in     | 10 +++++++---
 4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index b17b49ad0f..68ce5f319c 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -129,10 +129,13 @@ a public key.
 
 =back
 
+The L<openssl-pkey(1)> command is capable of performing all the operations
+this command can, as well as supporting other public key types.
+
 =head1 EXAMPLES
 
-Examples equivalent to these can be found in the documentation for the
-non-deprecated L<openssl-pkey(1)> command.
+The documentation for the L<openssl-pkey(1)> command contains examples
+equivalent to the ones listed here.
 
 To remove the pass phrase on a DSA private key:
 
diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in
index b3aabcb41a..479485cc80 100644
--- a/doc/man1/openssl-ec.pod.in
+++ b/doc/man1/openssl-ec.pod.in
@@ -147,10 +147,13 @@ This option checks the consistency of an EC private or public key.
 
 =back
 
+The L<openssl-pkey(1)> command is capable of performing all the operations
+this command can, as well as supporting other public key types.
+
 =head1 EXAMPLES
 
-Examples equivalent to these can be found in the documentation for the
-non-deprecated L<openssl-pkey(1)> command.
+The documentation for the L<openssl-pkey(1)> command contains examples
+equivalent to the ones listed here.
 
 To encrypt a private key using triple DES:
 
diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in
index 2f0968c311..e0bdb75cf3 100644
--- a/doc/man1/openssl-ecparam.pod.in
+++ b/doc/man1/openssl-ecparam.pod.in
@@ -129,10 +129,14 @@ This option will generate an EC private key using the specified parameters.
 
 =back
 
+The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands are capable
+of performing all the operations this command can, as well as supporting
+other public key types.
+
 =head1 EXAMPLES
 
-Examples equivalent to these can be found in the documentation for the
-non-deprecated L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands.
+The documentation for the L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>
+commands contains examples equivalent to the ones listed here.
 
 To create EC parameters with the group 'prime192v1':
 
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index d67a0f64bb..fab6408f14 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -57,7 +57,6 @@ various forms and their components printed out.
 
 Print out a usage message.
 
-
 =item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
 The key input format; unspecified by default.
@@ -140,10 +139,15 @@ Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
 
 =back
 
+=head1 NOTES
+
+The L<openssl-pkey(1)> command is capable of performing all the operations
+this command can, as well as supporting other public key types.
+
 =head1 EXAMPLES
 
-Examples equivalent to these can be found in the documentation for the
-non-deprecated L<openssl-pkey(1)> command.
+The documentation for the L<openssl-pkey(1)> command contains examples
+equivalent to the ones listed here.
 
 To remove the pass phrase on an RSA private key:
 

From no-reply at appveyor.com  Thu May 13 12:49:18 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 12:49:18 +0000
Subject: Build failed: openssl master.42017
Message-ID: <20210513124918.1.27E76380BF32EC2A@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/3a74ff05/attachment.html>

From no-reply at appveyor.com  Thu May 13 12:50:04 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 12:50:04 +0000
Subject: Build failed: openssl pr14749.42018
Message-ID: <20210513125004.1.A58904D8274F94B5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/042a0a40/attachment.html>

From no-reply at appveyor.com  Thu May 13 12:51:09 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 12:51:09 +0000
Subject: Build failed: openssl pr14749.42019
Message-ID: <20210513125109.1.A22529AF56289F4B@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/b22e325f/attachment.html>

From pauli at openssl.org  Thu May 13 14:02:51 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 14:02:51 +0000
Subject: [openssl]  master update
Message-ID: <1620914571.783988.12929.nullmailer@dev.openssl.org>

The branch master has been updated
       via  da51566b256e0c0536d5b986e676863b0526bf5e (commit)
      from  3ba3e350fd15c133a172095f67e6e0c99ab9b410 (commit)


- Log -----------------------------------------------------------------
commit da51566b256e0c0536d5b986e676863b0526bf5e
Author: Ben Avison <bavison at riscosopen.org>
Date:   Wed Mar 10 15:54:44 2021 +0000

    ARM assembly pack: translate bit-sliced AES implementation to AArch64
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14592)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/asm/bsaes-armv8.S | 2338 ++++++++++++++++++++++++++++++++++++++++++
 crypto/aes/build.info        |    5 +-
 2 files changed, 2341 insertions(+), 2 deletions(-)
 create mode 100644 crypto/aes/asm/bsaes-armv8.S

diff --git a/crypto/aes/asm/bsaes-armv8.S b/crypto/aes/asm/bsaes-armv8.S
new file mode 100644
index 0000000000..9bd02d0c8a
--- /dev/null
+++ b/crypto/aes/asm/bsaes-armv8.S
@@ -0,0 +1,2338 @@
+// Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+//
+// ====================================================================
+// Written by Ben Avison <bavison at riscosopen.org> for the OpenSSL
+// project. Rights for redistribution and usage in source and binary
+// forms are granted according to the OpenSSL license.
+// ====================================================================
+//
+// This implementation is a translation of bsaes-armv7 for AArch64.
+// No attempt has been made to carry across the build switches for
+// kernel targets, since the Linux kernel crypto support has moved on
+// from when it was based on OpenSSL.
+
+// A lot of hand-scheduling has been performed. Consequently, this code
+// doesn't factor out neatly into macros in the same way that the
+// AArch32 version did, and there is little to be gained by wrapping it
+// up in Perl, and it is presented as pure assembly.
+
+
+#include "crypto/arm_arch.h"
+
+.text
+
+.type   _bsaes_decrypt8,%function
+.align  4
+// On entry:
+//   x9 -> key (previously expanded using _bsaes_key_convert)
+//   x10 = number of rounds
+//   v0-v7 input data
+// On exit:
+//   x9-x11 corrupted
+//   other general-purpose registers preserved
+//   v0-v7 output data
+//   v11-v15 preserved
+//   other SIMD registers corrupted
+_bsaes_decrypt8:
+        ldr     q8, [x9], #16
+        adr     x11, .LM0ISR
+        movi    v9.16b, #0x55
+        ldr     q10, [x11], #16
+        movi    v16.16b, #0x33
+        movi    v17.16b, #0x0f
+        sub     x10, x10, #1
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v1.16b, v1.16b, v8.16b
+        eor     v2.16b, v2.16b, v8.16b
+        eor     v4.16b, v4.16b, v8.16b
+        eor     v3.16b, v3.16b, v8.16b
+        eor     v5.16b, v5.16b, v8.16b
+        tbl     v0.16b, {v0.16b}, v10.16b
+        tbl     v1.16b, {v1.16b}, v10.16b
+        tbl     v2.16b, {v2.16b}, v10.16b
+        tbl     v4.16b, {v4.16b}, v10.16b
+        eor     v6.16b, v6.16b, v8.16b
+        eor     v7.16b, v7.16b, v8.16b
+        tbl     v3.16b, {v3.16b}, v10.16b
+        tbl     v5.16b, {v5.16b}, v10.16b
+        tbl     v6.16b, {v6.16b}, v10.16b
+        ushr    v8.2d, v0.2d, #1
+        tbl     v7.16b, {v7.16b}, v10.16b
+        ushr    v10.2d, v4.2d, #1
+        ushr    v18.2d, v2.2d, #1
+        eor     v8.16b, v8.16b, v1.16b
+        ushr    v19.2d, v6.2d, #1
+        eor     v10.16b, v10.16b, v5.16b
+        eor     v18.16b, v18.16b, v3.16b
+        and     v8.16b, v8.16b, v9.16b
+        eor     v19.16b, v19.16b, v7.16b
+        and     v10.16b, v10.16b, v9.16b
+        and     v18.16b, v18.16b, v9.16b
+        eor     v1.16b, v1.16b, v8.16b
+        shl     v8.2d, v8.2d, #1
+        and     v9.16b, v19.16b, v9.16b
+        eor     v5.16b, v5.16b, v10.16b
+        shl     v10.2d, v10.2d, #1
+        eor     v3.16b, v3.16b, v18.16b
+        shl     v18.2d, v18.2d, #1
+        eor     v0.16b, v0.16b, v8.16b
+        shl     v8.2d, v9.2d, #1
+        eor     v7.16b, v7.16b, v9.16b
+        eor     v4.16b, v4.16b, v10.16b
+        eor     v2.16b, v2.16b, v18.16b
+        ushr    v9.2d, v1.2d, #2
+        eor     v6.16b, v6.16b, v8.16b
+        ushr    v8.2d, v0.2d, #2
+        ushr    v10.2d, v5.2d, #2
+        ushr    v18.2d, v4.2d, #2
+        eor     v9.16b, v9.16b, v3.16b
+        eor     v8.16b, v8.16b, v2.16b
+        eor     v10.16b, v10.16b, v7.16b
+        eor     v18.16b, v18.16b, v6.16b
+        and     v9.16b, v9.16b, v16.16b
+        and     v8.16b, v8.16b, v16.16b
+        and     v10.16b, v10.16b, v16.16b
+        and     v16.16b, v18.16b, v16.16b
+        eor     v3.16b, v3.16b, v9.16b
+        shl     v9.2d, v9.2d, #2
+        eor     v2.16b, v2.16b, v8.16b
+        shl     v8.2d, v8.2d, #2
+        eor     v7.16b, v7.16b, v10.16b
+        shl     v10.2d, v10.2d, #2
+        eor     v6.16b, v6.16b, v16.16b
+        shl     v16.2d, v16.2d, #2
+        eor     v1.16b, v1.16b, v9.16b
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v5.16b, v5.16b, v10.16b
+        eor     v4.16b, v4.16b, v16.16b
+        ushr    v8.2d, v3.2d, #4
+        ushr    v9.2d, v2.2d, #4
+        ushr    v10.2d, v1.2d, #4
+        ushr    v16.2d, v0.2d, #4
+        eor     v8.16b, v8.16b, v7.16b
+        eor     v9.16b, v9.16b, v6.16b
+        eor     v10.16b, v10.16b, v5.16b
+        eor     v16.16b, v16.16b, v4.16b
+        and     v8.16b, v8.16b, v17.16b
+        and     v9.16b, v9.16b, v17.16b
+        and     v10.16b, v10.16b, v17.16b
+        and     v16.16b, v16.16b, v17.16b
+        eor     v7.16b, v7.16b, v8.16b
+        shl     v8.2d, v8.2d, #4
+        eor     v6.16b, v6.16b, v9.16b
+        shl     v9.2d, v9.2d, #4
+        eor     v5.16b, v5.16b, v10.16b
+        shl     v10.2d, v10.2d, #4
+        eor     v4.16b, v4.16b, v16.16b
+        shl     v16.2d, v16.2d, #4
+        eor     v3.16b, v3.16b, v8.16b
+        eor     v2.16b, v2.16b, v9.16b
+        eor     v1.16b, v1.16b, v10.16b
+        eor     v0.16b, v0.16b, v16.16b
+        b       .Ldec_sbox
+.align  4
+.Ldec_loop:
+        ld1     {v16.16b, v17.16b, v18.16b, v19.16b}, [x9], #64
+        ldp     q8, q9, [x9], #32
+        eor     v0.16b, v16.16b, v0.16b
+        ldr     q10, [x9], #16
+        eor     v1.16b, v17.16b, v1.16b
+        ldr     q16, [x9], #16
+        eor     v2.16b, v18.16b, v2.16b
+        eor     v3.16b, v19.16b, v3.16b
+        eor     v4.16b, v8.16b, v4.16b
+        eor     v5.16b, v9.16b, v5.16b
+        eor     v6.16b, v10.16b, v6.16b
+        eor     v7.16b, v16.16b, v7.16b
+        tbl     v0.16b, {v0.16b}, v28.16b
+        tbl     v1.16b, {v1.16b}, v28.16b
+        tbl     v2.16b, {v2.16b}, v28.16b
+        tbl     v3.16b, {v3.16b}, v28.16b
+        tbl     v4.16b, {v4.16b}, v28.16b
+        tbl     v5.16b, {v5.16b}, v28.16b
+        tbl     v6.16b, {v6.16b}, v28.16b
+        tbl     v7.16b, {v7.16b}, v28.16b
+.Ldec_sbox:
+        eor     v1.16b, v1.16b, v4.16b
+        eor     v3.16b, v3.16b, v4.16b
+        subs    x10, x10, #1
+        eor     v4.16b, v4.16b, v7.16b
+        eor     v2.16b, v2.16b, v7.16b
+        eor     v1.16b, v1.16b, v6.16b
+        eor     v6.16b, v6.16b, v4.16b
+        eor     v2.16b, v2.16b, v5.16b
+        eor     v0.16b, v0.16b, v1.16b
+        eor     v7.16b, v7.16b, v6.16b
+        eor     v8.16b, v6.16b, v2.16b
+        and     v9.16b, v4.16b, v6.16b
+        eor     v10.16b, v2.16b, v6.16b
+        eor     v3.16b, v3.16b, v0.16b
+        eor     v5.16b, v5.16b, v0.16b
+        eor     v16.16b, v7.16b, v4.16b
+        eor     v17.16b, v4.16b, v0.16b
+        and     v18.16b, v0.16b, v2.16b
+        eor     v19.16b, v7.16b, v4.16b
+        eor     v1.16b, v1.16b, v3.16b
+        eor     v20.16b, v3.16b, v0.16b
+        eor     v21.16b, v5.16b, v2.16b
+        eor     v22.16b, v3.16b, v7.16b
+        and     v8.16b, v17.16b, v8.16b
+        orr     v17.16b, v3.16b, v5.16b
+        eor     v23.16b, v1.16b, v6.16b
+        eor     v24.16b, v20.16b, v16.16b
+        eor     v25.16b, v1.16b, v5.16b
+        orr     v26.16b, v20.16b, v21.16b
+        and     v20.16b, v20.16b, v21.16b
+        and     v27.16b, v7.16b, v1.16b
+        eor     v21.16b, v21.16b, v23.16b
+        orr     v28.16b, v16.16b, v23.16b
+        orr     v29.16b, v22.16b, v25.16b
+        eor     v26.16b, v26.16b, v8.16b
+        and     v16.16b, v16.16b, v23.16b
+        and     v22.16b, v22.16b, v25.16b
+        and     v21.16b, v24.16b, v21.16b
+        eor     v8.16b, v28.16b, v8.16b
+        eor     v23.16b, v5.16b, v2.16b
+        eor     v24.16b, v1.16b, v6.16b
+        eor     v16.16b, v16.16b, v22.16b
+        eor     v22.16b, v3.16b, v0.16b
+        eor     v25.16b, v29.16b, v21.16b
+        eor     v21.16b, v26.16b, v21.16b
+        eor     v8.16b, v8.16b, v20.16b
+        eor     v26.16b, v23.16b, v24.16b
+        eor     v16.16b, v16.16b, v20.16b
+        eor     v28.16b, v22.16b, v19.16b
+        eor     v20.16b, v25.16b, v20.16b
+        eor     v9.16b, v21.16b, v9.16b
+        eor     v8.16b, v8.16b, v18.16b
+        eor     v18.16b, v5.16b, v1.16b
+        eor     v21.16b, v16.16b, v17.16b
+        eor     v16.16b, v16.16b, v17.16b
+        eor     v17.16b, v20.16b, v27.16b
+        eor     v20.16b, v3.16b, v7.16b
+        eor     v25.16b, v9.16b, v8.16b
+        eor     v27.16b, v0.16b, v4.16b
+        and     v29.16b, v9.16b, v17.16b
+        eor     v30.16b, v8.16b, v29.16b
+        eor     v31.16b, v21.16b, v29.16b
+        eor     v29.16b, v21.16b, v29.16b
+        bsl     v30.16b, v17.16b, v21.16b
+        bsl     v31.16b, v9.16b, v8.16b
+        bsl     v16.16b, v30.16b, v29.16b
+        bsl     v21.16b, v29.16b, v30.16b
+        eor     v8.16b, v31.16b, v30.16b
+        and     v1.16b, v1.16b, v31.16b
+        and     v9.16b, v16.16b, v31.16b
+        and     v6.16b, v6.16b, v30.16b
+        eor     v16.16b, v17.16b, v21.16b
+        and     v4.16b, v4.16b, v30.16b
+        eor     v17.16b, v8.16b, v30.16b
+        and     v21.16b, v24.16b, v8.16b
+        eor     v9.16b, v9.16b, v25.16b
+        and     v19.16b, v19.16b, v8.16b
+        eor     v24.16b, v30.16b, v16.16b
+        eor     v25.16b, v30.16b, v16.16b
+        and     v7.16b, v7.16b, v17.16b
+        and     v10.16b, v10.16b, v16.16b
+        eor     v29.16b, v9.16b, v16.16b
+        eor     v30.16b, v31.16b, v9.16b
+        and     v0.16b, v24.16b, v0.16b
+        and     v9.16b, v18.16b, v9.16b
+        and     v2.16b, v25.16b, v2.16b
+        eor     v10.16b, v10.16b, v6.16b
+        eor     v18.16b, v29.16b, v16.16b
+        and     v5.16b, v30.16b, v5.16b
+        eor     v24.16b, v8.16b, v29.16b
+        and     v25.16b, v26.16b, v29.16b
+        and     v26.16b, v28.16b, v29.16b
+        eor     v8.16b, v8.16b, v29.16b
+        eor     v17.16b, v17.16b, v18.16b
+        eor     v5.16b, v1.16b, v5.16b
+        and     v23.16b, v24.16b, v23.16b
+        eor     v21.16b, v21.16b, v25.16b
+        eor     v19.16b, v19.16b, v26.16b
+        eor     v0.16b, v4.16b, v0.16b
+        and     v3.16b, v17.16b, v3.16b
+        eor     v1.16b, v9.16b, v1.16b
+        eor     v9.16b, v25.16b, v23.16b
+        eor     v5.16b, v5.16b, v21.16b
+        eor     v2.16b, v6.16b, v2.16b
+        and     v6.16b, v8.16b, v22.16b
+        eor     v3.16b, v7.16b, v3.16b
+        and     v8.16b, v20.16b, v18.16b
+        eor     v10.16b, v10.16b, v9.16b
+        eor     v0.16b, v0.16b, v19.16b
+        eor     v9.16b, v1.16b, v9.16b
+        eor     v1.16b, v2.16b, v21.16b
+        eor     v3.16b, v3.16b, v19.16b
+        and     v16.16b, v27.16b, v16.16b
+        eor     v17.16b, v26.16b, v6.16b
+        eor     v6.16b, v8.16b, v7.16b
+        eor     v7.16b, v1.16b, v9.16b
+        eor     v1.16b, v5.16b, v3.16b
+        eor     v2.16b, v10.16b, v3.16b
+        eor     v4.16b, v16.16b, v4.16b
+        eor     v8.16b, v6.16b, v17.16b
+        eor     v5.16b, v9.16b, v3.16b
+        eor     v9.16b, v0.16b, v1.16b
+        eor     v6.16b, v7.16b, v1.16b
+        eor     v0.16b, v4.16b, v17.16b
+        eor     v4.16b, v8.16b, v7.16b
+        eor     v7.16b, v9.16b, v2.16b
+        eor     v8.16b, v3.16b, v0.16b
+        eor     v7.16b, v7.16b, v5.16b
+        eor     v3.16b, v4.16b, v7.16b
+        eor     v4.16b, v7.16b, v0.16b
+        eor     v7.16b, v8.16b, v3.16b
+        bcc     .Ldec_done
+        ext     v8.16b, v0.16b, v0.16b, #8
+        ext     v9.16b, v1.16b, v1.16b, #8
+        ldr     q28, [x11]                  // load from .LISR in common case (x10 > 0)
+        ext     v10.16b, v6.16b, v6.16b, #8
+        ext     v16.16b, v3.16b, v3.16b, #8
+        ext     v17.16b, v5.16b, v5.16b, #8
+        ext     v18.16b, v4.16b, v4.16b, #8
+        eor     v8.16b, v8.16b, v0.16b
+        eor     v9.16b, v9.16b, v1.16b
+        eor     v10.16b, v10.16b, v6.16b
+        eor     v16.16b, v16.16b, v3.16b
+        eor     v17.16b, v17.16b, v5.16b
+        ext     v19.16b, v2.16b, v2.16b, #8
+        ext     v20.16b, v7.16b, v7.16b, #8
+        eor     v18.16b, v18.16b, v4.16b
+        eor     v6.16b, v6.16b, v8.16b
+        eor     v8.16b, v2.16b, v10.16b
+        eor     v4.16b, v4.16b, v9.16b
+        eor     v2.16b, v19.16b, v2.16b
+        eor     v9.16b, v20.16b, v7.16b
+        eor     v0.16b, v0.16b, v16.16b
+        eor     v1.16b, v1.16b, v16.16b
+        eor     v6.16b, v6.16b, v17.16b
+        eor     v8.16b, v8.16b, v16.16b
+        eor     v7.16b, v7.16b, v18.16b
+        eor     v4.16b, v4.16b, v16.16b
+        eor     v2.16b, v3.16b, v2.16b
+        eor     v1.16b, v1.16b, v17.16b
+        eor     v3.16b, v5.16b, v9.16b
+        eor     v5.16b, v8.16b, v17.16b
+        eor     v7.16b, v7.16b, v17.16b
+        ext     v8.16b, v0.16b, v0.16b, #12
+        ext     v9.16b, v6.16b, v6.16b, #12
+        ext     v10.16b, v4.16b, v4.16b, #12
+        ext     v16.16b, v1.16b, v1.16b, #12
+        ext     v17.16b, v5.16b, v5.16b, #12
+        ext     v18.16b, v7.16b, v7.16b, #12
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v6.16b, v6.16b, v9.16b
+        eor     v4.16b, v4.16b, v10.16b
+        ext     v19.16b, v2.16b, v2.16b, #12
+        ext     v20.16b, v3.16b, v3.16b, #12
+        eor     v1.16b, v1.16b, v16.16b
+        eor     v5.16b, v5.16b, v17.16b
+        eor     v7.16b, v7.16b, v18.16b
+        eor     v2.16b, v2.16b, v19.16b
+        eor     v16.16b, v16.16b, v0.16b
+        eor     v3.16b, v3.16b, v20.16b
+        eor     v17.16b, v17.16b, v4.16b
+        eor     v10.16b, v10.16b, v6.16b
+        ext     v0.16b, v0.16b, v0.16b, #8
+        eor     v9.16b, v9.16b, v1.16b
+        ext     v1.16b, v1.16b, v1.16b, #8
+        eor     v8.16b, v8.16b, v3.16b
+        eor     v16.16b, v16.16b, v3.16b
+        eor     v18.16b, v18.16b, v5.16b
+        eor     v19.16b, v19.16b, v7.16b
+        ext     v21.16b, v5.16b, v5.16b, #8
+        ext     v5.16b, v7.16b, v7.16b, #8
+        eor     v7.16b, v20.16b, v2.16b
+        ext     v4.16b, v4.16b, v4.16b, #8
+        ext     v20.16b, v3.16b, v3.16b, #8
+        eor     v17.16b, v17.16b, v3.16b
+        ext     v2.16b, v2.16b, v2.16b, #8
+        eor     v3.16b, v10.16b, v3.16b
+        ext     v10.16b, v6.16b, v6.16b, #8
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v1.16b, v1.16b, v16.16b
+        eor     v5.16b, v5.16b, v18.16b
+        eor     v3.16b, v3.16b, v4.16b
+        eor     v7.16b, v20.16b, v7.16b
+        eor     v6.16b, v2.16b, v19.16b
+        eor     v4.16b, v21.16b, v17.16b
+        eor     v2.16b, v10.16b, v9.16b
+        bne     .Ldec_loop
+        ldr     q28, [x11, #16]!            // load from .LISRM0 on last round (x10 == 0)
+        b       .Ldec_loop
+.align  4
+.Ldec_done:
+        ushr    v8.2d, v0.2d, #1
+        movi    v9.16b, #0x55
+        ldr     q10, [x9]
+        ushr    v16.2d, v2.2d, #1
+        movi    v17.16b, #0x33
+        ushr    v18.2d, v6.2d, #1
+        movi    v19.16b, #0x0f
+        eor     v8.16b, v8.16b, v1.16b
+        ushr    v20.2d, v3.2d, #1
+        eor     v16.16b, v16.16b, v7.16b
+        eor     v18.16b, v18.16b, v4.16b
+        and     v8.16b, v8.16b, v9.16b
+        eor     v20.16b, v20.16b, v5.16b
+        and     v16.16b, v16.16b, v9.16b
+        and     v18.16b, v18.16b, v9.16b
+        shl     v21.2d, v8.2d, #1
+        eor     v1.16b, v1.16b, v8.16b
+        and     v8.16b, v20.16b, v9.16b
+        eor     v7.16b, v7.16b, v16.16b
+        shl     v9.2d, v16.2d, #1
+        eor     v4.16b, v4.16b, v18.16b
+        shl     v16.2d, v18.2d, #1
+        eor     v0.16b, v0.16b, v21.16b
+        shl     v18.2d, v8.2d, #1
+        eor     v5.16b, v5.16b, v8.16b
+        eor     v2.16b, v2.16b, v9.16b
+        eor     v6.16b, v6.16b, v16.16b
+        ushr    v8.2d, v1.2d, #2
+        eor     v3.16b, v3.16b, v18.16b
+        ushr    v9.2d, v0.2d, #2
+        ushr    v16.2d, v7.2d, #2
+        ushr    v18.2d, v2.2d, #2
+        eor     v8.16b, v8.16b, v4.16b
+        eor     v9.16b, v9.16b, v6.16b
+        eor     v16.16b, v16.16b, v5.16b
+        eor     v18.16b, v18.16b, v3.16b
+        and     v8.16b, v8.16b, v17.16b
+        and     v9.16b, v9.16b, v17.16b
+        and     v16.16b, v16.16b, v17.16b
+        and     v17.16b, v18.16b, v17.16b
+        eor     v4.16b, v4.16b, v8.16b
+        shl     v8.2d, v8.2d, #2
+        eor     v6.16b, v6.16b, v9.16b
+        shl     v9.2d, v9.2d, #2
+        eor     v5.16b, v5.16b, v16.16b
+        shl     v16.2d, v16.2d, #2
+        eor     v3.16b, v3.16b, v17.16b
+        shl     v17.2d, v17.2d, #2
+        eor     v1.16b, v1.16b, v8.16b
+        eor     v0.16b, v0.16b, v9.16b
+        eor     v7.16b, v7.16b, v16.16b
+        eor     v2.16b, v2.16b, v17.16b
+        ushr    v8.2d, v4.2d, #4
+        ushr    v9.2d, v6.2d, #4
+        ushr    v16.2d, v1.2d, #4
+        ushr    v17.2d, v0.2d, #4
+        eor     v8.16b, v8.16b, v5.16b
+        eor     v9.16b, v9.16b, v3.16b
+        eor     v16.16b, v16.16b, v7.16b
+        eor     v17.16b, v17.16b, v2.16b
+        and     v8.16b, v8.16b, v19.16b
+        and     v9.16b, v9.16b, v19.16b
+        and     v16.16b, v16.16b, v19.16b
+        and     v17.16b, v17.16b, v19.16b
+        eor     v5.16b, v5.16b, v8.16b
+        shl     v8.2d, v8.2d, #4
+        eor     v3.16b, v3.16b, v9.16b
+        shl     v9.2d, v9.2d, #4
+        eor     v7.16b, v7.16b, v16.16b
+        shl     v16.2d, v16.2d, #4
+        eor     v2.16b, v2.16b, v17.16b
+        shl     v17.2d, v17.2d, #4
+        eor     v4.16b, v4.16b, v8.16b
+        eor     v6.16b, v6.16b, v9.16b
+        eor     v7.16b, v7.16b, v10.16b
+        eor     v1.16b, v1.16b, v16.16b
+        eor     v2.16b, v2.16b, v10.16b
+        eor     v0.16b, v0.16b, v17.16b
+        eor     v4.16b, v4.16b, v10.16b
+        eor     v6.16b, v6.16b, v10.16b
+        eor     v3.16b, v3.16b, v10.16b
+        eor     v5.16b, v5.16b, v10.16b
+        eor     v1.16b, v1.16b, v10.16b
+        eor     v0.16b, v0.16b, v10.16b
+        ret
+.size   _bsaes_decrypt8,.-_bsaes_decrypt8
+
+.type   _bsaes_const,%object
+.align  6
+_bsaes_const:
+// InvShiftRows constants
+// Used in _bsaes_decrypt8, which assumes contiguity
+// .LM0ISR used with round 0 key
+// .LISR   used with middle round keys
+// .LISRM0 used with final round key
+.LM0ISR:
+.quad   0x0a0e0206070b0f03, 0x0004080c0d010509
+.LISR:
+.quad   0x0504070602010003, 0x0f0e0d0c080b0a09
+.LISRM0:
+.quad   0x01040b0e0205080f, 0x0306090c00070a0d
+
+// ShiftRows constants
+// Used in _bsaes_encrypt8, which assumes contiguity
+// .LM0SR used with round 0 key
+// .LSR   used with middle round keys
+// .LSRM0 used with final round key
+.LM0SR:
+.quad   0x0a0e02060f03070b, 0x0004080c05090d01
+.LSR:
+.quad   0x0504070600030201, 0x0f0e0d0c0a09080b
+.LSRM0:
+.quad   0x0304090e00050a0f, 0x01060b0c0207080d
+
+.LM0_bigendian:
+.quad   0x02060a0e03070b0f, 0x0004080c0105090d
+.LM0_littleendian:
+.quad   0x0105090d0004080c, 0x03070b0f02060a0e
+
+// Used in bsaes_ctr32_encrypt_blocks, prior to dropping into
+// _bsaes_encrypt8_alt, for round 0 key in place of .LM0SR
+.LREVM0SR:
+.quad   0x090d01050c000408, 0x03070b0f060a0e02
+
+.align  6
+.size   _bsaes_const,.-_bsaes_const
+
+.type   _bsaes_encrypt8,%function
+.align  4
+// On entry:
+//   x9 -> key (previously expanded using _bsaes_key_convert)
+//   x10 = number of rounds
+//   v0-v7 input data
+// On exit:
+//   x9-x11 corrupted
+//   other general-purpose registers preserved
+//   v0-v7 output data
+//   v11-v15 preserved
+//   other SIMD registers corrupted
+_bsaes_encrypt8:
+        ldr     q8, [x9], #16
+        adr     x11, .LM0SR
+        ldr     q9, [x11], #16
+_bsaes_encrypt8_alt:
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v1.16b, v1.16b, v8.16b
+        sub     x10, x10, #1
+        eor     v2.16b, v2.16b, v8.16b
+        eor     v4.16b, v4.16b, v8.16b
+        eor     v3.16b, v3.16b, v8.16b
+        eor     v5.16b, v5.16b, v8.16b
+        tbl     v0.16b, {v0.16b}, v9.16b
+        tbl     v1.16b, {v1.16b}, v9.16b
+        tbl     v2.16b, {v2.16b}, v9.16b
+        tbl     v4.16b, {v4.16b}, v9.16b
+        eor     v6.16b, v6.16b, v8.16b
+        eor     v7.16b, v7.16b, v8.16b
+        tbl     v3.16b, {v3.16b}, v9.16b
+        tbl     v5.16b, {v5.16b}, v9.16b
+        tbl     v6.16b, {v6.16b}, v9.16b
+        ushr    v8.2d, v0.2d, #1
+        movi    v10.16b, #0x55
+        tbl     v7.16b, {v7.16b}, v9.16b
+        ushr    v9.2d, v4.2d, #1
+        movi    v16.16b, #0x33
+        ushr    v17.2d, v2.2d, #1
+        eor     v8.16b, v8.16b, v1.16b
+        movi    v18.16b, #0x0f
+        ushr    v19.2d, v6.2d, #1
+        eor     v9.16b, v9.16b, v5.16b
+        eor     v17.16b, v17.16b, v3.16b
+        and     v8.16b, v8.16b, v10.16b
+        eor     v19.16b, v19.16b, v7.16b
+        and     v9.16b, v9.16b, v10.16b
+        and     v17.16b, v17.16b, v10.16b
+        eor     v1.16b, v1.16b, v8.16b
+        shl     v8.2d, v8.2d, #1
+        and     v10.16b, v19.16b, v10.16b
+        eor     v5.16b, v5.16b, v9.16b
+        shl     v9.2d, v9.2d, #1
+        eor     v3.16b, v3.16b, v17.16b
+        shl     v17.2d, v17.2d, #1
+        eor     v0.16b, v0.16b, v8.16b
+        shl     v8.2d, v10.2d, #1
+        eor     v7.16b, v7.16b, v10.16b
+        eor     v4.16b, v4.16b, v9.16b
+        eor     v2.16b, v2.16b, v17.16b
+        ushr    v9.2d, v1.2d, #2
+        eor     v6.16b, v6.16b, v8.16b
+        ushr    v8.2d, v0.2d, #2
+        ushr    v10.2d, v5.2d, #2
+        ushr    v17.2d, v4.2d, #2
+        eor     v9.16b, v9.16b, v3.16b
+        eor     v8.16b, v8.16b, v2.16b
+        eor     v10.16b, v10.16b, v7.16b
+        eor     v17.16b, v17.16b, v6.16b
+        and     v9.16b, v9.16b, v16.16b
+        and     v8.16b, v8.16b, v16.16b
+        and     v10.16b, v10.16b, v16.16b
+        and     v16.16b, v17.16b, v16.16b
+        eor     v3.16b, v3.16b, v9.16b
+        shl     v9.2d, v9.2d, #2
+        eor     v2.16b, v2.16b, v8.16b
+        shl     v8.2d, v8.2d, #2
+        eor     v7.16b, v7.16b, v10.16b
+        shl     v10.2d, v10.2d, #2
+        eor     v6.16b, v6.16b, v16.16b
+        shl     v16.2d, v16.2d, #2
+        eor     v1.16b, v1.16b, v9.16b
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v5.16b, v5.16b, v10.16b
+        eor     v4.16b, v4.16b, v16.16b
+        ushr    v8.2d, v3.2d, #4
+        ushr    v9.2d, v2.2d, #4
+        ushr    v10.2d, v1.2d, #4
+        ushr    v16.2d, v0.2d, #4
+        eor     v8.16b, v8.16b, v7.16b
+        eor     v9.16b, v9.16b, v6.16b
+        eor     v10.16b, v10.16b, v5.16b
+        eor     v16.16b, v16.16b, v4.16b
+        and     v8.16b, v8.16b, v18.16b
+        and     v9.16b, v9.16b, v18.16b
+        and     v10.16b, v10.16b, v18.16b
+        and     v16.16b, v16.16b, v18.16b
+        eor     v7.16b, v7.16b, v8.16b
+        shl     v8.2d, v8.2d, #4
+        eor     v6.16b, v6.16b, v9.16b
+        shl     v9.2d, v9.2d, #4
+        eor     v5.16b, v5.16b, v10.16b
+        shl     v10.2d, v10.2d, #4
+        eor     v4.16b, v4.16b, v16.16b
+        shl     v16.2d, v16.2d, #4
+        eor     v3.16b, v3.16b, v8.16b
+        eor     v2.16b, v2.16b, v9.16b
+        eor     v1.16b, v1.16b, v10.16b
+        eor     v0.16b, v0.16b, v16.16b
+        b       .Lenc_sbox
+.align  4
+.Lenc_loop:
+        ld1     {v16.16b, v17.16b, v18.16b, v19.16b}, [x9], #64
+        ldp     q8, q9, [x9], #32
+        eor     v0.16b, v16.16b, v0.16b
+        ldr     q10, [x9], #16
+        eor     v1.16b, v17.16b, v1.16b
+        ldr     q16, [x9], #16
+        eor     v2.16b, v18.16b, v2.16b
+        eor     v3.16b, v19.16b, v3.16b
+        eor     v4.16b, v8.16b, v4.16b
+        eor     v5.16b, v9.16b, v5.16b
+        eor     v6.16b, v10.16b, v6.16b
+        eor     v7.16b, v16.16b, v7.16b
+        tbl     v0.16b, {v0.16b}, v28.16b
+        tbl     v1.16b, {v1.16b}, v28.16b
+        tbl     v2.16b, {v2.16b}, v28.16b
+        tbl     v3.16b, {v3.16b}, v28.16b
+        tbl     v4.16b, {v4.16b}, v28.16b
+        tbl     v5.16b, {v5.16b}, v28.16b
+        tbl     v6.16b, {v6.16b}, v28.16b
+        tbl     v7.16b, {v7.16b}, v28.16b
+.Lenc_sbox:
+        eor     v5.16b, v5.16b, v6.16b
+        eor     v3.16b, v3.16b, v0.16b
+        subs    x10, x10, #1
+        eor     v2.16b, v2.16b, v1.16b
+        eor     v5.16b, v5.16b, v0.16b
+        eor     v8.16b, v3.16b, v7.16b
+        eor     v6.16b, v6.16b, v2.16b
+        eor     v7.16b, v7.16b, v5.16b
+        eor     v8.16b, v8.16b, v4.16b
+        eor     v3.16b, v6.16b, v3.16b
+        eor     v4.16b, v4.16b, v5.16b
+        eor     v6.16b, v1.16b, v5.16b
+        eor     v2.16b, v2.16b, v7.16b
+        eor     v1.16b, v8.16b, v1.16b
+        eor     v8.16b, v7.16b, v4.16b
+        eor     v9.16b, v3.16b, v0.16b
+        eor     v10.16b, v7.16b, v6.16b
+        eor     v16.16b, v5.16b, v3.16b
+        eor     v17.16b, v6.16b, v2.16b
+        eor     v18.16b, v5.16b, v1.16b
+        eor     v19.16b, v2.16b, v4.16b
+        eor     v20.16b, v1.16b, v0.16b
+        orr     v21.16b, v8.16b, v9.16b
+        orr     v22.16b, v10.16b, v16.16b
+        eor     v23.16b, v8.16b, v17.16b
+        eor     v24.16b, v9.16b, v18.16b
+        and     v19.16b, v19.16b, v20.16b
+        orr     v20.16b, v17.16b, v18.16b
+        and     v8.16b, v8.16b, v9.16b
+        and     v9.16b, v17.16b, v18.16b
+        and     v17.16b, v23.16b, v24.16b
+        and     v10.16b, v10.16b, v16.16b
+        eor     v16.16b, v21.16b, v19.16b
+        eor     v18.16b, v20.16b, v19.16b
+        and     v19.16b, v2.16b, v1.16b
+        and     v20.16b, v6.16b, v5.16b
+        eor     v21.16b, v22.16b, v17.16b
+        eor     v9.16b, v9.16b, v10.16b
+        eor     v10.16b, v16.16b, v17.16b
+        eor     v16.16b, v18.16b, v8.16b
+        and     v17.16b, v4.16b, v0.16b
+        orr     v18.16b, v7.16b, v3.16b
+        eor     v21.16b, v21.16b, v8.16b
+        eor     v8.16b, v9.16b, v8.16b
+        eor     v9.16b, v10.16b, v19.16b
+        eor     v10.16b, v3.16b, v0.16b
+        eor     v16.16b, v16.16b, v17.16b
+        eor     v17.16b, v5.16b, v1.16b
+        eor     v19.16b, v21.16b, v20.16b
+        eor     v20.16b, v8.16b, v18.16b
+        eor     v8.16b, v8.16b, v18.16b
+        eor     v18.16b, v7.16b, v4.16b
+        eor     v21.16b, v9.16b, v16.16b
+        eor     v22.16b, v6.16b, v2.16b
+        and     v23.16b, v9.16b, v19.16b
+        eor     v24.16b, v10.16b, v17.16b
+        eor     v25.16b, v0.16b, v1.16b
+        eor     v26.16b, v7.16b, v6.16b
+        eor     v27.16b, v18.16b, v22.16b
+        eor     v28.16b, v3.16b, v5.16b
+        eor     v29.16b, v16.16b, v23.16b
+        eor     v30.16b, v20.16b, v23.16b
+        eor     v23.16b, v20.16b, v23.16b
+        eor     v31.16b, v4.16b, v2.16b
+        bsl     v29.16b, v19.16b, v20.16b
+        bsl     v30.16b, v9.16b, v16.16b
+        bsl     v8.16b, v29.16b, v23.16b
+        bsl     v20.16b, v23.16b, v29.16b
+        eor     v9.16b, v30.16b, v29.16b
+        and     v5.16b, v5.16b, v30.16b
+        and     v8.16b, v8.16b, v30.16b
+        and     v1.16b, v1.16b, v29.16b
+        eor     v16.16b, v19.16b, v20.16b
+        and     v2.16b, v2.16b, v29.16b
+        eor     v19.16b, v9.16b, v29.16b
+        and     v17.16b, v17.16b, v9.16b
+        eor     v8.16b, v8.16b, v21.16b
+        and     v20.16b, v22.16b, v9.16b
+        eor     v21.16b, v29.16b, v16.16b
+        eor     v22.16b, v29.16b, v16.16b
+        and     v23.16b, v25.16b, v16.16b
+        and     v6.16b, v6.16b, v19.16b
+        eor     v25.16b, v8.16b, v16.16b
+        eor     v29.16b, v30.16b, v8.16b
+        and     v4.16b, v21.16b, v4.16b
+        and     v8.16b, v28.16b, v8.16b
+        and     v0.16b, v22.16b, v0.16b
+        eor     v21.16b, v23.16b, v1.16b
+        eor     v22.16b, v9.16b, v25.16b
+        eor     v9.16b, v9.16b, v25.16b
+        eor     v23.16b, v25.16b, v16.16b
+        and     v3.16b, v29.16b, v3.16b
+        and     v24.16b, v24.16b, v25.16b
+        and     v25.16b, v27.16b, v25.16b
+        and     v10.16b, v22.16b, v10.16b
+        and     v9.16b, v9.16b, v18.16b
+        eor     v18.16b, v19.16b, v23.16b
+        and     v19.16b, v26.16b, v23.16b
+        eor     v3.16b, v5.16b, v3.16b
+        eor     v17.16b, v17.16b, v24.16b
+        eor     v10.16b, v24.16b, v10.16b
+        and     v16.16b, v31.16b, v16.16b
+        eor     v20.16b, v20.16b, v25.16b
+        eor     v9.16b, v25.16b, v9.16b
+        eor     v4.16b, v2.16b, v4.16b
+        and     v7.16b, v18.16b, v7.16b
+        eor     v18.16b, v19.16b, v6.16b
+        eor     v5.16b, v8.16b, v5.16b
+        eor     v0.16b, v1.16b, v0.16b
+        eor     v1.16b, v21.16b, v10.16b
+        eor     v8.16b, v3.16b, v17.16b
+        eor     v2.16b, v16.16b, v2.16b
+        eor     v3.16b, v6.16b, v7.16b
+        eor     v6.16b, v18.16b, v9.16b
+        eor     v4.16b, v4.16b, v20.16b
+        eor     v10.16b, v5.16b, v10.16b
+        eor     v0.16b, v0.16b, v17.16b
+        eor     v9.16b, v2.16b, v9.16b
+        eor     v3.16b, v3.16b, v20.16b
+        eor     v7.16b, v6.16b, v1.16b
+        eor     v5.16b, v8.16b, v4.16b
+        eor     v6.16b, v10.16b, v1.16b
+        eor     v2.16b, v4.16b, v0.16b
+        eor     v4.16b, v3.16b, v10.16b
+        eor     v9.16b, v9.16b, v7.16b
+        eor     v3.16b, v0.16b, v5.16b
+        eor     v0.16b, v1.16b, v4.16b
+        eor     v1.16b, v4.16b, v8.16b
+        eor     v4.16b, v9.16b, v5.16b
+        eor     v6.16b, v6.16b, v3.16b
+        bcc     .Lenc_done
+        ext     v8.16b, v0.16b, v0.16b, #12
+        ext     v9.16b, v4.16b, v4.16b, #12
+        ldr     q28, [x11]
+        ext     v10.16b, v6.16b, v6.16b, #12
+        ext     v16.16b, v1.16b, v1.16b, #12
+        ext     v17.16b, v3.16b, v3.16b, #12
+        ext     v18.16b, v7.16b, v7.16b, #12
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v4.16b, v4.16b, v9.16b
+        eor     v6.16b, v6.16b, v10.16b
+        ext     v19.16b, v2.16b, v2.16b, #12
+        ext     v20.16b, v5.16b, v5.16b, #12
+        eor     v1.16b, v1.16b, v16.16b
+        eor     v3.16b, v3.16b, v17.16b
+        eor     v7.16b, v7.16b, v18.16b
+        eor     v2.16b, v2.16b, v19.16b
+        eor     v16.16b, v16.16b, v0.16b
+        eor     v5.16b, v5.16b, v20.16b
+        eor     v17.16b, v17.16b, v6.16b
+        eor     v10.16b, v10.16b, v4.16b
+        ext     v0.16b, v0.16b, v0.16b, #8
+        eor     v9.16b, v9.16b, v1.16b
+        ext     v1.16b, v1.16b, v1.16b, #8
+        eor     v8.16b, v8.16b, v5.16b
+        eor     v16.16b, v16.16b, v5.16b
+        eor     v18.16b, v18.16b, v3.16b
+        eor     v19.16b, v19.16b, v7.16b
+        ext     v3.16b, v3.16b, v3.16b, #8
+        ext     v7.16b, v7.16b, v7.16b, #8
+        eor     v20.16b, v20.16b, v2.16b
+        ext     v6.16b, v6.16b, v6.16b, #8
+        ext     v21.16b, v5.16b, v5.16b, #8
+        eor     v17.16b, v17.16b, v5.16b
+        ext     v2.16b, v2.16b, v2.16b, #8
+        eor     v10.16b, v10.16b, v5.16b
+        ext     v22.16b, v4.16b, v4.16b, #8
+        eor     v0.16b, v0.16b, v8.16b
+        eor     v1.16b, v1.16b, v16.16b
+        eor     v5.16b, v7.16b, v18.16b
+        eor     v4.16b, v3.16b, v17.16b
+        eor     v3.16b, v6.16b, v10.16b
+        eor     v7.16b, v21.16b, v20.16b
+        eor     v6.16b, v2.16b, v19.16b
+        eor     v2.16b, v22.16b, v9.16b
+        bne     .Lenc_loop
+        ldr     q28, [x11, #16]!            // load from .LSRM0 on last round (x10 == 0)
+        b       .Lenc_loop
+.align  4
+.Lenc_done:
+        ushr    v8.2d, v0.2d, #1
+        movi    v9.16b, #0x55
+        ldr     q10, [x9]
+        ushr    v16.2d, v3.2d, #1
+        movi    v17.16b, #0x33
+        ushr    v18.2d, v4.2d, #1
+        movi    v19.16b, #0x0f
+        eor     v8.16b, v8.16b, v1.16b
+        ushr    v20.2d, v2.2d, #1
+        eor     v16.16b, v16.16b, v7.16b
+        eor     v18.16b, v18.16b, v6.16b
+        and     v8.16b, v8.16b, v9.16b
+        eor     v20.16b, v20.16b, v5.16b
+        and     v16.16b, v16.16b, v9.16b
+        and     v18.16b, v18.16b, v9.16b
+        shl     v21.2d, v8.2d, #1
+        eor     v1.16b, v1.16b, v8.16b
+        and     v8.16b, v20.16b, v9.16b
+        eor     v7.16b, v7.16b, v16.16b
+        shl     v9.2d, v16.2d, #1
+        eor     v6.16b, v6.16b, v18.16b
+        shl     v16.2d, v18.2d, #1
+        eor     v0.16b, v0.16b, v21.16b
+        shl     v18.2d, v8.2d, #1
+        eor     v5.16b, v5.16b, v8.16b
+        eor     v3.16b, v3.16b, v9.16b
+        eor     v4.16b, v4.16b, v16.16b
+        ushr    v8.2d, v1.2d, #2
+        eor     v2.16b, v2.16b, v18.16b
+        ushr    v9.2d, v0.2d, #2
+        ushr    v16.2d, v7.2d, #2
+        ushr    v18.2d, v3.2d, #2
+        eor     v8.16b, v8.16b, v6.16b
+        eor     v9.16b, v9.16b, v4.16b
+        eor     v16.16b, v16.16b, v5.16b
+        eor     v18.16b, v18.16b, v2.16b
+        and     v8.16b, v8.16b, v17.16b
+        and     v9.16b, v9.16b, v17.16b
+        and     v16.16b, v16.16b, v17.16b
+        and     v17.16b, v18.16b, v17.16b
+        eor     v6.16b, v6.16b, v8.16b
+        shl     v8.2d, v8.2d, #2
+        eor     v4.16b, v4.16b, v9.16b
+        shl     v9.2d, v9.2d, #2
+        eor     v5.16b, v5.16b, v16.16b
+        shl     v16.2d, v16.2d, #2
+        eor     v2.16b, v2.16b, v17.16b
+        shl     v17.2d, v17.2d, #2
+        eor     v1.16b, v1.16b, v8.16b
+        eor     v0.16b, v0.16b, v9.16b
+        eor     v7.16b, v7.16b, v16.16b
+        eor     v3.16b, v3.16b, v17.16b
+        ushr    v8.2d, v6.2d, #4
+        ushr    v9.2d, v4.2d, #4
+        ushr    v16.2d, v1.2d, #4
+        ushr    v17.2d, v0.2d, #4
+        eor     v8.16b, v8.16b, v5.16b
+        eor     v9.16b, v9.16b, v2.16b
+        eor     v16.16b, v16.16b, v7.16b
+        eor     v17.16b, v17.16b, v3.16b
+        and     v8.16b, v8.16b, v19.16b
+        and     v9.16b, v9.16b, v19.16b
+        and     v16.16b, v16.16b, v19.16b
+        and     v17.16b, v17.16b, v19.16b
+        eor     v5.16b, v5.16b, v8.16b
+        shl     v8.2d, v8.2d, #4
+        eor     v2.16b, v2.16b, v9.16b
+        shl     v9.2d, v9.2d, #4
+        eor     v7.16b, v7.16b, v16.16b
+        shl     v16.2d, v16.2d, #4
+        eor     v3.16b, v3.16b, v17.16b
+        shl     v17.2d, v17.2d, #4
+        eor     v6.16b, v6.16b, v8.16b
+        eor     v4.16b, v4.16b, v9.16b
+        eor     v7.16b, v7.16b, v10.16b
+        eor     v1.16b, v1.16b, v16.16b
+        eor     v3.16b, v3.16b, v10.16b
+        eor     v0.16b, v0.16b, v17.16b
+        eor     v6.16b, v6.16b, v10.16b
+        eor     v4.16b, v4.16b, v10.16b
+        eor     v2.16b, v2.16b, v10.16b
+        eor     v5.16b, v5.16b, v10.16b
+        eor     v1.16b, v1.16b, v10.16b
+        eor     v0.16b, v0.16b, v10.16b
+        ret
+.size   _bsaes_encrypt8,.-_bsaes_encrypt8
+
+.type   _bsaes_key_convert,%function
+.align  4
+// On entry:
+//   x9 -> input key (big-endian)
+//   x10 = number of rounds
+//   x17 -> output key (native endianness)
+// On exit:
+//   x9, x10 corrupted
+//   x11 -> .LM0_bigendian
+//   x17 -> last quadword of output key
+//   other general-purpose registers preserved
+//   v2-v6 preserved
+//   v7.16b[] = 0x63
+//   v8-v14 preserved
+//   v15 = last round key (converted to native endianness)
+//   other SIMD registers corrupted
+_bsaes_key_convert:
+#ifdef __ARMEL__
+        adr     x11, .LM0_littleendian
+#else
+        adr     x11, .LM0_bigendian
+#endif
+        ldr     q0, [x9], #16               // load round 0 key
+        ldr     q1, [x11]                   // .LM0
+        ldr     q15, [x9], #16              // load round 1 key
+
+        movi    v7.16b, #0x63               // compose .L63
+        movi    v16.16b, #0x01              // bit masks
+        movi    v17.16b, #0x02
+        movi    v18.16b, #0x04
+        movi    v19.16b, #0x08
+        movi    v20.16b, #0x10
+        movi    v21.16b, #0x20
+        movi    v22.16b, #0x40
+        movi    v23.16b, #0x80
+
+#ifdef __ARMEL__
+        rev32   v0.16b, v0.16b
+#endif
+        sub     x10, x10, #1
+        str     q0, [x17], #16              // save round 0 key
+
+.align  4
+.Lkey_loop:
+        tbl     v0.16b, {v15.16b}, v1.16b
+        ldr     q15, [x9], #16              // load next round key
+
+        eor     v0.16b, v0.16b, v7.16b
+        cmtst   v24.16b, v0.16b, v16.16b
+        cmtst   v25.16b, v0.16b, v17.16b
+        cmtst   v26.16b, v0.16b, v18.16b
+        cmtst   v27.16b, v0.16b, v19.16b
+        cmtst   v28.16b, v0.16b, v20.16b
+        cmtst   v29.16b, v0.16b, v21.16b
+        cmtst   v30.16b, v0.16b, v22.16b
+        cmtst   v31.16b, v0.16b, v23.16b
+        sub     x10, x10, #1
+        st1     {v24.16b-v27.16b}, [x17], #64 // write bit-sliced round key
+        st1     {v28.16b-v31.16b}, [x17], #64
+        cbnz    x10, .Lkey_loop
+
+        // don't save last round key
+#ifdef __ARMEL__
+        rev32   v15.16b, v15.16b
+        adr     x11, .LM0_bigendian
+#endif
+        ret
+.size   _bsaes_key_convert,.-_bsaes_key_convert
+
+.globl  bsaes_cbc_encrypt
+.type   bsaes_cbc_encrypt,%function
+.align  4
+// On entry:
+//   x0 -> input ciphertext
+//   x1 -> output plaintext
+//   x2 = size of ciphertext and plaintext in bytes (assumed a multiple of 16)
+//   x3 -> key
+//   x4 -> 128-bit initialisation vector (or preceding 128-bit block of ciphertext if continuing after an earlier call)
+//   w5 must be == 0
+// On exit:
+//   Output plaintext filled in
+//   Initialisation vector overwritten with last quadword of ciphertext
+//   No output registers, usual AAPCS64 register preservation
+bsaes_cbc_encrypt:
+        cmp     x2, #128
+        blo     AES_cbc_encrypt
+
+        // it is up to the caller to make sure we are called with enc == 0
+
+        stp     fp, lr, [sp, #-48]!
+        stp     d8, d9, [sp, #16]
+        stp     d10, d15, [sp, #32]
+        lsr     x2, x2, #4                  // len in 16 byte blocks
+
+        ldr     w15, [x3, #240]             // get # of rounds
+        mov     x14, sp
+
+        // allocate the key schedule on the stack
+        add     x17, sp, #96
+        sub     x17, x17, x15, lsl #7       // 128 bytes per inner round key, less 96 bytes
+
+        // populate the key schedule
+        mov     x9, x3                      // pass key
+        mov     x10, x15                    // pass # of rounds
+        mov     sp, x17                     // sp is sp
+        bl      _bsaes_key_convert
+        ldr     q6,  [sp]
+        str     q15, [x17]                  // save last round key
+        eor     v6.16b, v6.16b, v7.16b      // fix up round 0 key (by XORing with 0x63)
+        str     q6, [sp]
+
+        ldr     q15, [x4]                   // load IV
+        b       .Lcbc_dec_loop
+
+.align  4
+.Lcbc_dec_loop:
+        subs    x2, x2, #0x8
+        bmi     .Lcbc_dec_loop_finish
+
+        ldr     q0, [x0], #16               // load input
+        mov     x9, sp                      // pass the key
+        ldr     q1, [x0], #16
+        mov     x10, x15
+        ldr     q2, [x0], #16
+        ldr     q3, [x0], #16
+        ldr     q4, [x0], #16
+        ldr     q5, [x0], #16
+        ldr     q6, [x0], #16
+        ldr     q7, [x0], #-7*16
+
+        bl      _bsaes_decrypt8
+
+        ldr     q16, [x0], #16              // reload input
+        eor     v0.16b, v0.16b, v15.16b     // ^= IV
+        eor     v1.16b, v1.16b, v16.16b
+        str     q0, [x1], #16               // write output
+        ldr     q0, [x0], #16
+        str     q1, [x1], #16
+        ldr     q1, [x0], #16
+        eor     v1.16b, v4.16b, v1.16b
+        ldr     q4, [x0], #16
+        eor     v2.16b, v2.16b, v4.16b
+        eor     v0.16b, v6.16b, v0.16b
+        ldr     q4, [x0], #16
+        str     q0, [x1], #16
+        str     q1, [x1], #16
+        eor     v0.16b, v7.16b, v4.16b
+        ldr     q1, [x0], #16
+        str     q2, [x1], #16
+        ldr     q2, [x0], #16
+        ldr     q15, [x0], #16
+        str     q0, [x1], #16
+        eor     v0.16b, v5.16b, v2.16b
+        eor     v1.16b, v3.16b, v1.16b
+        str     q1, [x1], #16
+        str     q0, [x1], #16
+
+        b       .Lcbc_dec_loop
+
+.Lcbc_dec_loop_finish:
+        adds    x2, x2, #8
+        beq     .Lcbc_dec_done
+
+        ldr     q0, [x0], #16               // load input
+        cmp     x2, #2
+        blo     .Lcbc_dec_one
+        ldr     q1, [x0], #16
+        mov     x9, sp                      // pass the key
+        mov     x10, x15
+        beq     .Lcbc_dec_two
+        ldr     q2, [x0], #16
+        cmp     x2, #4
+        blo     .Lcbc_dec_three
+        ldr     q3, [x0], #16
+        beq     .Lcbc_dec_four
+        ldr     q4, [x0], #16
+        cmp     x2, #6
+        blo     .Lcbc_dec_five
+        ldr     q5, [x0], #16
+        beq     .Lcbc_dec_six
+        ldr     q6, [x0], #-6*16
+
+        bl      _bsaes_decrypt8
+
+        ldr     q5, [x0], #16               // reload input
+        eor     v0.16b, v0.16b, v15.16b     // ^= IV
+        ldr     q8, [x0], #16
+        ldr     q9, [x0], #16
+        ldr     q10, [x0], #16
+        str     q0, [x1], #16               // write output
+        ldr     q0, [x0], #16
+        eor     v1.16b, v1.16b, v5.16b
+        ldr     q5, [x0], #16
+        eor     v6.16b, v6.16b, v8.16b
+        ldr     q15, [x0]
+        eor     v4.16b, v4.16b, v9.16b
+        eor     v2.16b, v2.16b, v10.16b
+        str     q1, [x1], #16
+        eor     v0.16b, v7.16b, v0.16b
+        str     q6, [x1], #16
+        eor     v1.16b, v3.16b, v5.16b
+        str     q4, [x1], #16
+        str     q2, [x1], #16
+        str     q0, [x1], #16
+        str     q1, [x1]
+        b       .Lcbc_dec_done
+.align  4
+.Lcbc_dec_six:
+        sub     x0, x0, #0x60
+        bl      _bsaes_decrypt8
+        ldr     q3, [x0], #16               // reload input
+        eor     v0.16b, v0.16b, v15.16b     // ^= IV
+        ldr     q5, [x0], #16
+        ldr     q8, [x0], #16
+        ldr     q9, [x0], #16
+        str     q0, [x1], #16               // write output
+        ldr     q0, [x0], #16
+        eor     v1.16b, v1.16b, v3.16b
+        ldr     q15, [x0]
+        eor     v3.16b, v6.16b, v5.16b
+        eor     v4.16b, v4.16b, v8.16b
+        eor     v2.16b, v2.16b, v9.16b
+        str     q1, [x1], #16
+        eor     v0.16b, v7.16b, v0.16b
+        str     q3, [x1], #16
+        str     q4, [x1], #16
+        str     q2, [x1], #16
+        str     q0, [x1]
+        b       .Lcbc_dec_done
+.align  4
+.Lcbc_dec_five:
+        sub     x0, x0, #0x50
+        bl      _bsaes_decrypt8
+        ldr     q3, [x0], #16               // reload input
+        eor     v0.16b, v0.16b, v15.16b     // ^= IV
+        ldr     q5, [x0], #16
+        ldr     q7, [x0], #16
+        ldr     q8, [x0], #16
+        str     q0, [x1], #16               // write output
+        ldr     q15, [x0]
+        eor     v0.16b, v1.16b, v3.16b
+        eor     v1.16b, v6.16b, v5.16b
+        eor     v3.16b, v4.16b, v7.16b
+        str     q0, [x1], #16
+        eor     v0.16b, v2.16b, v8.16b
+        str     q1, [x1], #16
+        str     q3, [x1], #16
+        str     q0, [x1]
+        b       .Lcbc_dec_done
+.align  4
+.Lcbc_dec_four:
+        sub     x0, x0, #0x40
+        bl      _bsaes_decrypt8
+        ldr     q2, [x0], #16               // reload input
+        eor     v0.16b, v0.16b, v15.16b     // ^= IV
+        ldr     q3, [x0], #16
+        ldr     q5, [x0], #16
+        str     q0, [x1], #16               // write output
+        ldr     q15, [x0]
+        eor     v0.16b, v1.16b, v2.16b
+        eor     v1.16b, v6.16b, v3.16b
+        eor     v2.16b, v4.16b, v5.16b
+        str     q0, [x1], #16
+        str     q1, [x1], #16
+        str     q2, [x1]
+        b       .Lcbc_dec_done
+.align  4
+.Lcbc_dec_three:
+        sub     x0, x0, #0x30
+        bl      _bsaes_decrypt8
+        ldr     q2, [x0], #16               // reload input
+        eor     v0.16b, v0.16b, v15.16b     // ^= IV
+        ldr     q3, [x0], #16
+        ldr     q15, [x0]
+        str     q0, [x1], #16               // write output
+        eor     v0.16b, v1.16b, v2.16b
+        eor     v1.16b, v6.16b, v3.16b
+        str     q0, [x1], #16
+        str     q1, [x1]
+        b       .Lcbc_dec_done
+.align  4
+.Lcbc_dec_two:
+        sub     x0, x0, #0x20
+        bl      _bsaes_decrypt8
+        ldr     q2, [x0], #16               // reload input
+        eor     v0.16b, v0.16b, v15.16b     // ^= IV
+        ldr     q15, [x0]
+        str     q0, [x1], #16               // write output
+        eor     v0.16b, v1.16b, v2.16b
+        str     q0, [x1]
+        b       .Lcbc_dec_done
+.align  4
+.Lcbc_dec_one:
+        sub     x0, x0, #0x10
+        stp     x1, x4, [sp, #-32]!
+        str     x14, [sp, #16]
+        mov     v8.16b, v15.16b
+        mov     v15.16b, v0.16b
+        mov     x2, x3
+        bl      AES_decrypt
+        ldr     x14, [sp, #16]
+        ldp     x1, x4, [sp], #32
+        ldr     q0, [x1]                    // load result
+        eor     v0.16b, v0.16b, v8.16b      // ^= IV
+        str     q0, [x1]                    // write output
+
+.align  4
+.Lcbc_dec_done:
+        movi    v0.16b, #0
+        movi    v1.16b, #0
+.Lcbc_dec_bzero:// wipe key schedule [if any]
+        stp     q0, q1, [sp], #32
+        cmp     sp, x14
+        bne     .Lcbc_dec_bzero
+        str     q15, [x4]                   // return IV
+        ldp     d8, d9, [sp, #16]
+        ldp     d10, d15, [sp, #32]
+        ldp     fp, lr, [sp], #48
+        ret
+.size   bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
+
+.globl  bsaes_ctr32_encrypt_blocks
+.type   bsaes_ctr32_encrypt_blocks,%function
+.align  4
+// On entry:
+//   x0 -> input text (whole 16-byte blocks)
+//   x1 -> output text (whole 16-byte blocks)
+//   x2 = number of 16-byte blocks to encrypt/decrypt (> 0)
+//   x3 -> key
+//   x4 -> initial value of 128-bit counter (stored big-endian) which increments, modulo 2^32, for each block
+// On exit:
+//   Output text filled in
+//   No output registers, usual AAPCS64 register preservation
+bsaes_ctr32_encrypt_blocks:
+
+        cmp     x2, #8                      // use plain AES for
+        blo     .Lctr_enc_short             // small sizes
+
+        stp     fp, lr, [sp, #-80]!
+        stp     d8, d9, [sp, #16]
+        stp     d10, d11, [sp, #32]
+        stp     d12, d13, [sp, #48]
+        stp     d14, d15, [sp, #64]
+
+        ldr     w15, [x3, #240]             // get # of rounds
+        mov     x14, sp
+
+        // allocate the key schedule on the stack
+        add     x17, sp, #96
+        sub     x17, x17, x15, lsl #7       // 128 bytes per inner round key, less 96 bytes
+
+        // populate the key schedule
+        mov     x9, x3                      // pass key
+        mov     x10, x15                    // pass # of rounds
+        mov     sp, x17                     // sp is sp
+        bl      _bsaes_key_convert
+        eor     v7.16b, v7.16b, v15.16b     // fix up last round key
+        str     q7, [x17]                   // save last round key
+
+        ldr     q0, [x4]                    // load counter
+        add     x13, x11, #.LREVM0SR-.LM0_bigendian
+        ldr     q4, [sp]                    // load round0 key
+
+        movi    v8.4s, #1                   // compose 1<<96
+        movi    v9.16b, #0
+        rev32   v15.16b, v0.16b
+        rev32   v0.16b, v0.16b
+        ext     v11.16b, v9.16b, v8.16b, #4
+        rev32   v4.16b, v4.16b
+        add     v12.4s, v11.4s, v11.4s      // compose 2<<96
+        str     q4, [sp]                    // save adjusted round0 key
+        add     v13.4s, v11.4s, v12.4s      // compose 3<<96
+        add     v14.4s, v12.4s, v12.4s      // compose 4<<96
+        b       .Lctr_enc_loop
+
+.align  4
+.Lctr_enc_loop:
+        // Intermix prologue from _bsaes_encrypt8 to use the opportunity
+        // to flip byte order in 32-bit counter
+
+        add     v1.4s, v15.4s, v11.4s       // +1
+        add     x9, sp, #0x10               // pass next round key
+        add     v2.4s, v15.4s, v12.4s       // +2
+        ldr     q9, [x13]                   // .LREVM0SR
+        ldr     q8, [sp]                    // load round0 key
+        add     v3.4s, v15.4s, v13.4s       // +3
+        mov     x10, x15                    // pass rounds
+        sub     x11, x13, #.LREVM0SR-.LSR   // pass constants
+        add     v6.4s, v2.4s, v14.4s
+        add     v4.4s, v15.4s, v14.4s       // +4
+        add     v7.4s, v3.4s, v14.4s
+        add     v15.4s, v4.4s, v14.4s       // next counter
+        add     v5.4s, v1.4s, v14.4s
+
+        bl      _bsaes_encrypt8_alt
+
+        subs    x2, x2, #8
+        blo     .Lctr_enc_loop_done
+
+        ldr     q16, [x0], #16
+        ldr     q17, [x0], #16
+        eor     v1.16b, v1.16b, v17.16b
+        ldr     q17, [x0], #16
+        eor     v0.16b, v0.16b, v16.16b
+        eor     v4.16b, v4.16b, v17.16b
+        str     q0, [x1], #16
+        ldr     q16, [x0], #16
+        str     q1, [x1], #16
+        mov     v0.16b, v15.16b
+        str     q4, [x1], #16
+        ldr     q1, [x0], #16
+        eor     v4.16b, v6.16b, v16.16b
+        eor     v1.16b, v3.16b, v1.16b
+        ldr     q3, [x0], #16
+        eor     v3.16b, v7.16b, v3.16b
+        ldr     q6, [x0], #16
+        eor     v2.16b, v2.16b, v6.16b
+        ldr     q6, [x0], #16
+        eor     v5.16b, v5.16b, v6.16b
+        str     q4, [x1], #16
+        str     q1, [x1], #16
+        str     q3, [x1], #16
+        str     q2, [x1], #16
+        str     q5, [x1], #16
+
+        bne     .Lctr_enc_loop
+        b       .Lctr_enc_done
+
+.align  4
+.Lctr_enc_loop_done:
+        add     x2, x2, #8
+        ldr     q16, [x0], #16              // load input
+        eor     v0.16b, v0.16b, v16.16b
+        str     q0, [x1], #16               // write output
+        cmp     x2, #2
+        blo     .Lctr_enc_done
+        ldr     q17, [x0], #16
+        eor     v1.16b, v1.16b, v17.16b
+        str     q1, [x1], #16
+        beq     .Lctr_enc_done
+        ldr     q18, [x0], #16
+        eor     v4.16b, v4.16b, v18.16b
+        str     q4, [x1], #16
+        cmp     x2, #4
+        blo     .Lctr_enc_done
+        ldr     q19, [x0], #16
+        eor     v6.16b, v6.16b, v19.16b
+        str     q6, [x1], #16
+        beq     .Lctr_enc_done
+        ldr     q20, [x0], #16
+        eor     v3.16b, v3.16b, v20.16b
+        str     q3, [x1], #16
+        cmp     x2, #6
+        blo     .Lctr_enc_done
+        ldr     q21, [x0], #16
+        eor     v7.16b, v7.16b, v21.16b
+        str     q7, [x1], #16
+        beq     .Lctr_enc_done
+        ldr     q22, [x0]
+        eor     v2.16b, v2.16b, v22.16b
+        str     q2, [x1], #16
+
+.Lctr_enc_done:
+        movi    v0.16b, #0
+        movi    v1.16b, #0
+.Lctr_enc_bzero: // wipe key schedule [if any]
+        stp     q0, q1, [sp], #32
+        cmp     sp, x14
+        bne     .Lctr_enc_bzero
+
+        ldp     d8, d9, [sp, #16]
+        ldp     d10, d11, [sp, #32]
+        ldp     d12, d13, [sp, #48]
+        ldp     d14, d15, [sp, #64]
+        ldp     fp, lr, [sp], #80
+        ret
+
+.Lctr_enc_short:
+        stp     fp, lr, [sp, #-96]!
+        stp     x19, x20, [sp, #16]
+        stp     x21, x22, [sp, #32]
+        str     x23, [sp, #48]
+
+        mov     x19, x0                     // copy arguments
+        mov     x20, x1
+        mov     x21, x2
+        mov     x22, x3
+        ldr     w23, [x4, #12]              // load counter .LSW
+        ldr     q1, [x4]                    // load whole counter value
+#ifdef __ARMEL__
+        rev     w23, w23
+#endif
+        str     q1, [sp, #80]               // copy counter value
+
+.Lctr_enc_short_loop:
+        add     x0, sp, #80                 // input counter value
+        add     x1, sp, #64                 // output on the stack
+        mov     x2, x22                     // key
+
+        bl      AES_encrypt
+
+        ldr     q0, [x19], #16              // load input
+        ldr     q1, [sp, #64]               // load encrypted counter
+        add     x23, x23, #1
+#ifdef __ARMEL__
+        rev     w0, w23
+        str     w0, [sp, #80+12]            // next counter value
+#else
+        str     w23, [sp, #80+12]           // next counter value
+#endif
+        eor     v0.16b, v0.16b, v1.16b
+        str     q0, [x20], #16              // store output
+        subs    x21, x21, #1
+        bne     .Lctr_enc_short_loop
+
+        movi    v0.16b, #0
+        movi    v1.16b, #0
+        stp     q0, q1, [sp, #64]
+
+        ldr     x23, [sp, #48]
+        ldp     x21, x22, [sp, #32]
+        ldp     x19, x20, [sp, #16]
+        ldp     fp, lr, [sp], #96
+        ret
+.size   bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
+
+.globl  bsaes_xts_encrypt
+.type   bsaes_xts_encrypt,%function
+.align  4
+// On entry:
+//   x0 -> input plaintext
+//   x1 -> output ciphertext
+//   x2 -> length of text in bytes (must be at least 16)
+//   x3 -> key1 (used to encrypt the XORed plaintext blocks)
+//   x4 -> key2 (used to encrypt the initial vector to yield the initial tweak)
+//   x5 -> 16-byte initial vector (typically, sector number)
+// On exit:
+//   Output ciphertext filled in
+//   No output registers, usual AAPCS64 register preservation
+bsaes_xts_encrypt:
+        // Stack layout:
+        // sp ->
+        //        nrounds*128-96 bytes: key schedule
+        // x19 ->
+        //        16 bytes: frame record
+        //        4*16 bytes: tweak storage across _bsaes_encrypt8
+        //        6*8 bytes: storage for 5 callee-saved general-purpose registers
+        //        8*8 bytes: storage for 8 callee-saved SIMD registers
+        stp     fp, lr, [sp, #-192]!
+        stp     x19, x20, [sp, #80]
+        stp     x21, x22, [sp, #96]
+        str     x23, [sp, #112]
+        stp     d8, d9, [sp, #128]
+        stp     d10, d11, [sp, #144]
+        stp     d12, d13, [sp, #160]
+        stp     d14, d15, [sp, #176]
+
+        mov     x19, sp
+        mov     x20, x0
+        mov     x21, x1
+        mov     x22, x2
+        mov     x23, x3
+
+        // generate initial tweak
+        sub     sp, sp, #16
+        mov     x0, x5                      // iv[]
+        mov     x1, sp
+        mov     x2, x4                      // key2
+        bl      AES_encrypt
+        ldr     q11, [sp], #16
+
+        ldr     w1, [x23, #240]             // get # of rounds
+        // allocate the key schedule on the stack
+        add     x17, sp, #96
+        sub     x17, x17, x1, lsl #7        // 128 bytes per inner round key, less 96 bytes
+
+        // populate the key schedule
+        mov     x9, x23                     // pass key
+        mov     x10, x1                     // pass # of rounds
+        mov     sp, x17
+        bl      _bsaes_key_convert
+        eor     v15.16b, v15.16b, v7.16b    // fix up last round key
+        str     q15, [x17]                  // save last round key
+
+        subs    x22, x22, #0x80
+        blo     .Lxts_enc_short
+        b       .Lxts_enc_loop
+
+.align  4
+.Lxts_enc_loop:
+        ldr     q8, .Lxts_magic
+        mov     x10, x1                     // pass rounds
+        add     x2, x19, #16
+        ldr     q0, [x20], #16
+        sshr    v1.2d, v11.2d, #63
+        mov     x9, sp                      // pass key schedule
+        ldr     q6, .Lxts_magic+16
+        add     v2.2d, v11.2d, v11.2d
+        cmtst   v3.2d, v11.2d, v6.2d
+        and     v1.16b, v1.16b, v8.16b
+        ext     v1.16b, v1.16b, v1.16b, #8
+        and     v3.16b, v3.16b, v8.16b
+        ldr     q4, [x20], #16
+        eor     v12.16b, v2.16b, v1.16b
+        eor     v1.16b, v4.16b, v12.16b
+        eor     v0.16b, v0.16b, v11.16b
+        cmtst   v2.2d, v12.2d, v6.2d
+        add     v4.2d, v12.2d, v12.2d
+        add     x0, x19, #16
+        ext     v3.16b, v3.16b, v3.16b, #8
+        and     v2.16b, v2.16b, v8.16b
+        eor     v13.16b, v4.16b, v3.16b
+        ldr     q3, [x20], #16
+        ext     v4.16b, v2.16b, v2.16b, #8
+        eor     v2.16b, v3.16b, v13.16b
+        ldr     q3, [x20], #16
+        add     v5.2d, v13.2d, v13.2d
+        cmtst   v7.2d, v13.2d, v6.2d
+        and     v7.16b, v7.16b, v8.16b
+        ldr     q9, [x20], #16
+        ext     v7.16b, v7.16b, v7.16b, #8
+        ldr     q10, [x20], #16
+        eor     v14.16b, v5.16b, v4.16b
+        ldr     q16, [x20], #16
+        add     v4.2d, v14.2d, v14.2d
+        eor     v3.16b, v3.16b, v14.16b
+        eor     v15.16b, v4.16b, v7.16b
+        add     v5.2d, v15.2d, v15.2d
+        ldr     q7, [x20], #16
+        cmtst   v4.2d, v14.2d, v6.2d
+        and     v17.16b, v4.16b, v8.16b
+        cmtst   v18.2d, v15.2d, v6.2d
+        eor     v4.16b, v9.16b, v15.16b
+        ext     v9.16b, v17.16b, v17.16b, #8
+        eor     v9.16b, v5.16b, v9.16b
+        add     v17.2d, v9.2d, v9.2d
+        and     v18.16b, v18.16b, v8.16b
+        eor     v5.16b, v10.16b, v9.16b
+        str     q9, [x2], #16
+        ext     v10.16b, v18.16b, v18.16b, #8
+        cmtst   v9.2d, v9.2d, v6.2d
+        and     v9.16b, v9.16b, v8.16b
+        eor     v10.16b, v17.16b, v10.16b
+        cmtst   v17.2d, v10.2d, v6.2d
+        eor     v6.16b, v16.16b, v10.16b
+        str     q10, [x2], #16
+        ext     v9.16b, v9.16b, v9.16b, #8
+        add     v10.2d, v10.2d, v10.2d
+        eor     v9.16b, v10.16b, v9.16b
+        str     q9, [x2], #16
+        eor     v7.16b, v7.16b, v9.16b
+        add     v9.2d, v9.2d, v9.2d
+        and     v8.16b, v17.16b, v8.16b
+        ext     v8.16b, v8.16b, v8.16b, #8
+        eor     v8.16b, v9.16b, v8.16b
+        str     q8, [x2]                    // next round tweak
+
+        bl      _bsaes_encrypt8
+
+        ldr     q8, [x0], #16
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        ldr     q9, [x0], #16
+        eor     v4.16b, v4.16b, v13.16b
+        eor     v6.16b, v6.16b, v14.16b
+        ldr     q10, [x0], #16
+        eor     v3.16b, v3.16b, v15.16b
+        subs    x22, x22, #0x80
+        str     q0, [x21], #16
+        ldr     q11, [x0]                   // next round tweak
+        str     q1, [x21], #16
+        eor     v0.16b, v7.16b, v8.16b
+        eor     v1.16b, v2.16b, v9.16b
+        str     q4, [x21], #16
+        eor     v2.16b, v5.16b, v10.16b
+        str     q6, [x21], #16
+        str     q3, [x21], #16
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        str     q2, [x21], #16
+        bpl     .Lxts_enc_loop
+
+.Lxts_enc_short:
+        adds    x22, x22, #0x70
+        bmi     .Lxts_enc_done
+
+        ldr     q8, .Lxts_magic
+        sshr    v1.2d, v11.2d, #63
+        add     v2.2d, v11.2d, v11.2d
+        ldr     q9, .Lxts_magic+16
+        subs    x22, x22, #0x10
+        ldr     q0, [x20], #16
+        and     v1.16b, v1.16b, v8.16b
+        cmtst   v3.2d, v11.2d, v9.2d
+        ext     v1.16b, v1.16b, v1.16b, #8
+        and     v3.16b, v3.16b, v8.16b
+        eor     v12.16b, v2.16b, v1.16b
+        ext     v1.16b, v3.16b, v3.16b, #8
+        add     v2.2d, v12.2d, v12.2d
+        cmtst   v3.2d, v12.2d, v9.2d
+        eor     v13.16b, v2.16b, v1.16b
+        and     v22.16b, v3.16b, v8.16b
+        bmi     .Lxts_enc_1
+
+        ext     v2.16b, v22.16b, v22.16b, #8
+        add     v3.2d, v13.2d, v13.2d
+        ldr     q1, [x20], #16
+        cmtst   v4.2d, v13.2d, v9.2d
+        subs    x22, x22, #0x10
+        eor     v14.16b, v3.16b, v2.16b
+        and     v23.16b, v4.16b, v8.16b
+        bmi     .Lxts_enc_2
+
+        ext     v3.16b, v23.16b, v23.16b, #8
+        add     v4.2d, v14.2d, v14.2d
+        ldr     q2, [x20], #16
+        cmtst   v5.2d, v14.2d, v9.2d
+        eor     v0.16b, v0.16b, v11.16b
+        subs    x22, x22, #0x10
+        eor     v15.16b, v4.16b, v3.16b
+        and     v24.16b, v5.16b, v8.16b
+        bmi     .Lxts_enc_3
+
+        ext     v4.16b, v24.16b, v24.16b, #8
+        add     v5.2d, v15.2d, v15.2d
+        ldr     q3, [x20], #16
+        cmtst   v6.2d, v15.2d, v9.2d
+        eor     v1.16b, v1.16b, v12.16b
+        subs    x22, x22, #0x10
+        eor     v16.16b, v5.16b, v4.16b
+        and     v25.16b, v6.16b, v8.16b
+        bmi     .Lxts_enc_4
+
+        ext     v5.16b, v25.16b, v25.16b, #8
+        add     v6.2d, v16.2d, v16.2d
+        add     x0, x19, #16
+        cmtst   v7.2d, v16.2d, v9.2d
+        ldr     q4, [x20], #16
+        eor     v2.16b, v2.16b, v13.16b
+        str     q16, [x0], #16
+        subs    x22, x22, #0x10
+        eor     v17.16b, v6.16b, v5.16b
+        and     v26.16b, v7.16b, v8.16b
+        bmi     .Lxts_enc_5
+
+        ext     v7.16b, v26.16b, v26.16b, #8
+        add     v18.2d, v17.2d, v17.2d
+        ldr     q5, [x20], #16
+        eor     v3.16b, v3.16b, v14.16b
+        str     q17, [x0], #16
+        subs    x22, x22, #0x10
+        eor     v18.16b, v18.16b, v7.16b
+        bmi     .Lxts_enc_6
+
+        ldr     q6, [x20], #16
+        eor     v4.16b, v4.16b, v15.16b
+        eor     v5.16b, v5.16b, v16.16b
+        str     q18, [x0]                   // next round tweak
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1
+        add     x0, x19, #16
+        sub     x22, x22, #0x10
+        eor     v6.16b, v6.16b, v17.16b
+
+        bl      _bsaes_encrypt8
+
+        ldr     q16, [x0], #16
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        ldr     q17, [x0], #16
+        eor     v4.16b, v4.16b, v13.16b
+        eor     v6.16b, v6.16b, v14.16b
+        eor     v3.16b, v3.16b, v15.16b
+        ldr     q11, [x0]                   // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        eor     v0.16b, v7.16b, v16.16b
+        eor     v1.16b, v2.16b, v17.16b
+        str     q4, [x21], #16
+        str     q6, [x21], #16
+        str     q3, [x21], #16
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        b       .Lxts_enc_done
+
+.align  4
+.Lxts_enc_6:
+        eor     v4.16b, v4.16b, v15.16b
+        eor     v5.16b, v5.16b, v16.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_encrypt8
+
+        ldr     q16, [x0], #16
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v4.16b, v4.16b, v13.16b
+        eor     v6.16b, v6.16b, v14.16b
+        ldr     q11, [x0]                   // next round tweak
+        eor     v3.16b, v3.16b, v15.16b
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        eor     v0.16b, v7.16b, v16.16b
+        str     q4, [x21], #16
+        str     q6, [x21], #16
+        str     q3, [x21], #16
+        str     q0, [x21], #16
+        b       .Lxts_enc_done
+
+.align  4
+.Lxts_enc_5:
+        eor     v3.16b, v3.16b, v14.16b
+        eor     v4.16b, v4.16b, v15.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_encrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        ldr     q11, [x0]                   // next round tweak
+        eor     v4.16b, v4.16b, v13.16b
+        eor     v6.16b, v6.16b, v14.16b
+        eor     v3.16b, v3.16b, v15.16b
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        str     q4, [x21], #16
+        str     q6, [x21], #16
+        str     q3, [x21], #16
+        b       .Lxts_enc_done
+
+.align  4
+.Lxts_enc_4:
+        eor     v2.16b, v2.16b, v13.16b
+        eor     v3.16b, v3.16b, v14.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_encrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v4.16b, v4.16b, v13.16b
+        eor     v6.16b, v6.16b, v14.16b
+        mov     v11.16b, v15.16b            // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        str     q4, [x21], #16
+        str     q6, [x21], #16
+        b       .Lxts_enc_done
+
+.align  4
+.Lxts_enc_3:
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v2.16b, v2.16b, v13.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_encrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v4.16b, v4.16b, v13.16b
+        mov     v11.16b, v14.16b            // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        str     q4, [x21], #16
+        b       .Lxts_enc_done
+
+.align  4
+.Lxts_enc_2:
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_encrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        mov     v11.16b, v13.16b            // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        b       .Lxts_enc_done
+
+.align  4
+.Lxts_enc_1:
+        eor     v0.16b, v0.16b, v11.16b
+        sub     x0, sp, #16
+        sub     x1, sp, #16
+        mov     x2, x23
+        mov     v13.d[0], v11.d[1]          // just in case AES_encrypt corrupts top half of callee-saved SIMD registers
+        mov     v14.d[0], v12.d[1]
+        str     q0, [sp, #-16]!
+
+        bl      AES_encrypt
+
+        ldr     q0, [sp], #16
+        trn1    v13.2d, v11.2d, v13.2d
+        trn1    v11.2d, v12.2d, v14.2d      // next round tweak
+        eor     v0.16b, v0.16b, v13.16b
+        str     q0, [x21], #16
+
+.Lxts_enc_done:
+        adds    x22, x22, #0x10
+        beq     .Lxts_enc_ret
+
+        sub     x6, x21, #0x10
+        // Penultimate plaintext block produces final ciphertext part-block
+        // plus remaining part of final plaintext block. Move ciphertext part
+        // to final position and re-use penultimate ciphertext block buffer to
+        // construct final plaintext block
+.Lxts_enc_steal:
+        ldrb    w0, [x20], #1
+        ldrb    w1, [x21, #-0x10]
+        strb    w0, [x21, #-0x10]
+        strb    w1, [x21], #1
+
+        subs    x22, x22, #1
+        bhi     .Lxts_enc_steal
+
+        // Finally encrypt the penultimate ciphertext block using the
+        // last tweak
+        ldr     q0, [x6]
+        eor     v0.16b, v0.16b, v11.16b
+        str     q0, [sp, #-16]!
+        mov     x0, sp
+        mov     x1, sp
+        mov     x2, x23
+        mov     x21, x6
+        mov     v13.d[0], v11.d[1]          // just in case AES_encrypt corrupts top half of callee-saved SIMD registers
+
+        bl      AES_encrypt
+
+        trn1    v11.2d, v11.2d, v13.2d
+        ldr     q0, [sp], #16
+        eor     v0.16b, v0.16b, v11.16b
+        str     q0, [x21]
+
+.Lxts_enc_ret:
+
+        movi    v0.16b, #0
+        movi    v1.16b, #0
+.Lxts_enc_bzero: // wipe key schedule
+        stp     q0, q1, [sp], #32
+        cmp     sp, x19
+        bne     .Lxts_enc_bzero
+
+        ldp     x19, x20, [sp, #80]
+        ldp     x21, x22, [sp, #96]
+        ldr     x23, [sp, #112]
+        ldp     d8, d9, [sp, #128]
+        ldp     d10, d11, [sp, #144]
+        ldp     d12, d13, [sp, #160]
+        ldp     d14, d15, [sp, #176]
+        ldp     fp, lr, [sp], #192
+        ret
+.size   bsaes_xts_encrypt,.-bsaes_xts_encrypt
+
+// The assembler doesn't seem capable of de-duplicating these when expressed
+// using `ldr qd,=` syntax, so assign a symbolic address
+.align  5
+.Lxts_magic:
+.quad   1, 0x87, 0x4000000000000000, 0x4000000000000000
+
+.globl  bsaes_xts_decrypt
+.type   bsaes_xts_decrypt,%function
+.align  4
+// On entry:
+//   x0 -> input ciphertext
+//   x1 -> output plaintext
+//   x2 -> length of text in bytes (must be at least 16)
+//   x3 -> key1 (used to decrypt the XORed ciphertext blocks)
+//   x4 -> key2 (used to encrypt the initial vector to yield the initial tweak)
+//   x5 -> 16-byte initial vector (typically, sector number)
+// On exit:
+//   Output plaintext filled in
+//   No output registers, usual AAPCS64 register preservation
+bsaes_xts_decrypt:
+        // Stack layout:
+        // sp ->
+        //        nrounds*128-96 bytes: key schedule
+        // x19 ->
+        //        16 bytes: frame record
+        //        4*16 bytes: tweak storage across _bsaes_decrypt8
+        //        6*8 bytes: storage for 5 callee-saved general-purpose registers
+        //        8*8 bytes: storage for 8 callee-saved SIMD registers
+        stp     fp, lr, [sp, #-192]!
+        stp     x19, x20, [sp, #80]
+        stp     x21, x22, [sp, #96]
+        str     x23, [sp, #112]
+        stp     d8, d9, [sp, #128]
+        stp     d10, d11, [sp, #144]
+        stp     d12, d13, [sp, #160]
+        stp     d14, d15, [sp, #176]
+
+        mov     x19, sp
+        mov     x20, x0
+        mov     x21, x1
+        mov     x22, x2
+        mov     x23, x3
+
+        // generate initial tweak
+        sub     sp, sp, #16
+        mov     x0, x5                      // iv[]
+        mov     x1, sp
+        mov     x2, x4                      // key2
+        bl      AES_encrypt
+        ldr     q11, [sp], #16
+
+        ldr     w1, [x23, #240]             // get # of rounds
+        // allocate the key schedule on the stack
+        add     x17, sp, #96
+        sub     x17, x17, x1, lsl #7        // 128 bytes per inner round key, less 96 bytes
+
+        // populate the key schedule
+        mov     x9, x23                     // pass key
+        mov     x10, x1                     // pass # of rounds
+        mov     sp, x17
+        bl      _bsaes_key_convert
+        ldr     q6,  [sp]
+        str     q15, [x17]                  // save last round key
+        eor     v6.16b, v6.16b, v7.16b      // fix up round 0 key (by XORing with 0x63)
+        str     q6, [sp]
+
+        sub     x30, x22, #0x10
+        tst     x22, #0xf                   // if not multiple of 16
+        csel    x22, x30, x22, ne           // subtract another 16 bytes
+        subs    x22, x22, #0x80
+
+        blo     .Lxts_dec_short
+        b       .Lxts_dec_loop
+
+.align  4
+.Lxts_dec_loop:
+        ldr     q8, .Lxts_magic
+        mov     x10, x1                     // pass rounds
+        add     x2, x19, #16
+        ldr     q0, [x20], #16
+        sshr    v1.2d, v11.2d, #63
+        mov     x9, sp                      // pass key schedule
+        ldr     q6, .Lxts_magic+16
+        add     v2.2d, v11.2d, v11.2d
+        cmtst   v3.2d, v11.2d, v6.2d
+        and     v1.16b, v1.16b, v8.16b
+        ext     v1.16b, v1.16b, v1.16b, #8
+        and     v3.16b, v3.16b, v8.16b
+        ldr     q4, [x20], #16
+        eor     v12.16b, v2.16b, v1.16b
+        eor     v1.16b, v4.16b, v12.16b
+        eor     v0.16b, v0.16b, v11.16b
+        cmtst   v2.2d, v12.2d, v6.2d
+        add     v4.2d, v12.2d, v12.2d
+        add     x0, x19, #16
+        ext     v3.16b, v3.16b, v3.16b, #8
+        and     v2.16b, v2.16b, v8.16b
+        eor     v13.16b, v4.16b, v3.16b
+        ldr     q3, [x20], #16
+        ext     v4.16b, v2.16b, v2.16b, #8
+        eor     v2.16b, v3.16b, v13.16b
+        ldr     q3, [x20], #16
+        add     v5.2d, v13.2d, v13.2d
+        cmtst   v7.2d, v13.2d, v6.2d
+        and     v7.16b, v7.16b, v8.16b
+        ldr     q9, [x20], #16
+        ext     v7.16b, v7.16b, v7.16b, #8
+        ldr     q10, [x20], #16
+        eor     v14.16b, v5.16b, v4.16b
+        ldr     q16, [x20], #16
+        add     v4.2d, v14.2d, v14.2d
+        eor     v3.16b, v3.16b, v14.16b
+        eor     v15.16b, v4.16b, v7.16b
+        add     v5.2d, v15.2d, v15.2d
+        ldr     q7, [x20], #16
+        cmtst   v4.2d, v14.2d, v6.2d
+        and     v17.16b, v4.16b, v8.16b
+        cmtst   v18.2d, v15.2d, v6.2d
+        eor     v4.16b, v9.16b, v15.16b
+        ext     v9.16b, v17.16b, v17.16b, #8
+        eor     v9.16b, v5.16b, v9.16b
+        add     v17.2d, v9.2d, v9.2d
+        and     v18.16b, v18.16b, v8.16b
+        eor     v5.16b, v10.16b, v9.16b
+        str     q9, [x2], #16
+        ext     v10.16b, v18.16b, v18.16b, #8
+        cmtst   v9.2d, v9.2d, v6.2d
+        and     v9.16b, v9.16b, v8.16b
+        eor     v10.16b, v17.16b, v10.16b
+        cmtst   v17.2d, v10.2d, v6.2d
+        eor     v6.16b, v16.16b, v10.16b
+        str     q10, [x2], #16
+        ext     v9.16b, v9.16b, v9.16b, #8
+        add     v10.2d, v10.2d, v10.2d
+        eor     v9.16b, v10.16b, v9.16b
+        str     q9, [x2], #16
+        eor     v7.16b, v7.16b, v9.16b
+        add     v9.2d, v9.2d, v9.2d
+        and     v8.16b, v17.16b, v8.16b
+        ext     v8.16b, v8.16b, v8.16b, #8
+        eor     v8.16b, v9.16b, v8.16b
+        str     q8, [x2]                    // next round tweak
+
+        bl      _bsaes_decrypt8
+
+        eor     v6.16b, v6.16b, v13.16b
+        eor     v0.16b, v0.16b, v11.16b
+        ldr     q8, [x0], #16
+        eor     v7.16b, v7.16b, v8.16b
+        str     q0, [x21], #16
+        eor     v0.16b, v1.16b, v12.16b
+        ldr     q1, [x0], #16
+        eor     v1.16b, v3.16b, v1.16b
+        subs    x22, x22, #0x80
+        eor     v2.16b, v2.16b, v15.16b
+        eor     v3.16b, v4.16b, v14.16b
+        ldr     q4, [x0], #16
+        str     q0, [x21], #16
+        ldr     q11, [x0]                   // next round tweak
+        eor     v0.16b, v5.16b, v4.16b
+        str     q6, [x21], #16
+        str     q3, [x21], #16
+        str     q2, [x21], #16
+        str     q7, [x21], #16
+        str     q1, [x21], #16
+        str     q0, [x21], #16
+        bpl     .Lxts_dec_loop
+
+.Lxts_dec_short:
+        adds    x22, x22, #0x70
+        bmi     .Lxts_dec_done
+
+        ldr     q8, .Lxts_magic
+        sshr    v1.2d, v11.2d, #63
+        add     v2.2d, v11.2d, v11.2d
+        ldr     q9, .Lxts_magic+16
+        subs    x22, x22, #0x10
+        ldr     q0, [x20], #16
+        and     v1.16b, v1.16b, v8.16b
+        cmtst   v3.2d, v11.2d, v9.2d
+        ext     v1.16b, v1.16b, v1.16b, #8
+        and     v3.16b, v3.16b, v8.16b
+        eor     v12.16b, v2.16b, v1.16b
+        ext     v1.16b, v3.16b, v3.16b, #8
+        add     v2.2d, v12.2d, v12.2d
+        cmtst   v3.2d, v12.2d, v9.2d
+        eor     v13.16b, v2.16b, v1.16b
+        and     v22.16b, v3.16b, v8.16b
+        bmi     .Lxts_dec_1
+
+        ext     v2.16b, v22.16b, v22.16b, #8
+        add     v3.2d, v13.2d, v13.2d
+        ldr     q1, [x20], #16
+        cmtst   v4.2d, v13.2d, v9.2d
+        subs    x22, x22, #0x10
+        eor     v14.16b, v3.16b, v2.16b
+        and     v23.16b, v4.16b, v8.16b
+        bmi     .Lxts_dec_2
+
+        ext     v3.16b, v23.16b, v23.16b, #8
+        add     v4.2d, v14.2d, v14.2d
+        ldr     q2, [x20], #16
+        cmtst   v5.2d, v14.2d, v9.2d
+        eor     v0.16b, v0.16b, v11.16b
+        subs    x22, x22, #0x10
+        eor     v15.16b, v4.16b, v3.16b
+        and     v24.16b, v5.16b, v8.16b
+        bmi     .Lxts_dec_3
+
+        ext     v4.16b, v24.16b, v24.16b, #8
+        add     v5.2d, v15.2d, v15.2d
+        ldr     q3, [x20], #16
+        cmtst   v6.2d, v15.2d, v9.2d
+        eor     v1.16b, v1.16b, v12.16b
+        subs    x22, x22, #0x10
+        eor     v16.16b, v5.16b, v4.16b
+        and     v25.16b, v6.16b, v8.16b
+        bmi     .Lxts_dec_4
+
+        ext     v5.16b, v25.16b, v25.16b, #8
+        add     v6.2d, v16.2d, v16.2d
+        add     x0, x19, #16
+        cmtst   v7.2d, v16.2d, v9.2d
+        ldr     q4, [x20], #16
+        eor     v2.16b, v2.16b, v13.16b
+        str     q16, [x0], #16
+        subs    x22, x22, #0x10
+        eor     v17.16b, v6.16b, v5.16b
+        and     v26.16b, v7.16b, v8.16b
+        bmi     .Lxts_dec_5
+
+        ext     v7.16b, v26.16b, v26.16b, #8
+        add     v18.2d, v17.2d, v17.2d
+        ldr     q5, [x20], #16
+        eor     v3.16b, v3.16b, v14.16b
+        str     q17, [x0], #16
+        subs    x22, x22, #0x10
+        eor     v18.16b, v18.16b, v7.16b
+        bmi     .Lxts_dec_6
+
+        ldr     q6, [x20], #16
+        eor     v4.16b, v4.16b, v15.16b
+        eor     v5.16b, v5.16b, v16.16b
+        str     q18, [x0]                   // next round tweak
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1
+        add     x0, x19, #16
+        sub     x22, x22, #0x10
+        eor     v6.16b, v6.16b, v17.16b
+
+        bl      _bsaes_decrypt8
+
+        ldr     q16, [x0], #16
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        ldr     q17, [x0], #16
+        eor     v6.16b, v6.16b, v13.16b
+        eor     v4.16b, v4.16b, v14.16b
+        eor     v2.16b, v2.16b, v15.16b
+        ldr     q11, [x0]                   // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        eor     v0.16b, v7.16b, v16.16b
+        eor     v1.16b, v3.16b, v17.16b
+        str     q6, [x21], #16
+        str     q4, [x21], #16
+        str     q2, [x21], #16
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        b       .Lxts_dec_done
+
+.align  4
+.Lxts_dec_6:
+        eor     v4.16b, v4.16b, v15.16b
+        eor     v5.16b, v5.16b, v16.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_decrypt8
+
+        ldr     q16, [x0], #16
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v6.16b, v6.16b, v13.16b
+        eor     v4.16b, v4.16b, v14.16b
+        ldr     q11, [x0]                   // next round tweak
+        eor     v2.16b, v2.16b, v15.16b
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        eor     v0.16b, v7.16b, v16.16b
+        str     q6, [x21], #16
+        str     q4, [x21], #16
+        str     q2, [x21], #16
+        str     q0, [x21], #16
+        b       .Lxts_dec_done
+
+.align  4
+.Lxts_dec_5:
+        eor     v3.16b, v3.16b, v14.16b
+        eor     v4.16b, v4.16b, v15.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_decrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        ldr     q11, [x0]                   // next round tweak
+        eor     v6.16b, v6.16b, v13.16b
+        eor     v4.16b, v4.16b, v14.16b
+        eor     v2.16b, v2.16b, v15.16b
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        str     q6, [x21], #16
+        str     q4, [x21], #16
+        str     q2, [x21], #16
+        b       .Lxts_dec_done
+
+.align  4
+.Lxts_dec_4:
+        eor     v2.16b, v2.16b, v13.16b
+        eor     v3.16b, v3.16b, v14.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_decrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v6.16b, v6.16b, v13.16b
+        eor     v4.16b, v4.16b, v14.16b
+        mov     v11.16b, v15.16b            // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        str     q6, [x21], #16
+        str     q4, [x21], #16
+        b       .Lxts_dec_done
+
+.align  4
+.Lxts_dec_3:
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v2.16b, v2.16b, v13.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_decrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        eor     v6.16b, v6.16b, v13.16b
+        mov     v11.16b, v14.16b            // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        str     q6, [x21], #16
+        b       .Lxts_dec_done
+
+.align  4
+.Lxts_dec_2:
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        mov     x9, sp                      // pass key schedule
+        mov     x10, x1                     // pass rounds
+        add     x0, x19, #16
+
+        bl      _bsaes_decrypt8
+
+        eor     v0.16b, v0.16b, v11.16b
+        eor     v1.16b, v1.16b, v12.16b
+        mov     v11.16b, v13.16b            // next round tweak
+        str     q0, [x21], #16
+        str     q1, [x21], #16
+        b       .Lxts_dec_done
+
+.align  4
+.Lxts_dec_1:
+        eor     v0.16b, v0.16b, v11.16b
+        sub     x0, sp, #16
+        sub     x1, sp, #16
+        mov     x2, x23
+        mov     v13.d[0], v11.d[1]          // just in case AES_decrypt corrupts top half of callee-saved SIMD registers
+        mov     v14.d[0], v12.d[1]
+        str     q0, [sp, #-16]!
+
+        bl      AES_decrypt
+
+        ldr     q0, [sp], #16
+        trn1    v13.2d, v11.2d, v13.2d
+        trn1    v11.2d, v12.2d, v14.2d      // next round tweak
+        eor     v0.16b, v0.16b, v13.16b
+        str     q0, [x21], #16
+
+.Lxts_dec_done:
+        adds    x22, x22, #0x10
+        beq     .Lxts_dec_ret
+
+        // calculate one round of extra tweak for the stolen ciphertext
+        ldr     q8, .Lxts_magic
+        sshr    v6.2d, v11.2d, #63
+        and     v6.16b, v6.16b, v8.16b
+        add     v12.2d, v11.2d, v11.2d
+        ext     v6.16b, v6.16b, v6.16b, #8
+        eor     v12.16b, v12.16b, v6.16b
+
+        // perform the final decryption with the last tweak value
+        ldr     q0, [x20], #16
+        eor     v0.16b, v0.16b, v12.16b
+        str     q0, [sp, #-16]!
+        mov     x0, sp
+        mov     x1, sp
+        mov     x2, x23
+        mov     v13.d[0], v11.d[1]          // just in case AES_decrypt corrupts top half of callee-saved SIMD registers
+        mov     v14.d[0], v12.d[1]
+
+        bl      AES_decrypt
+
+        trn1    v12.2d, v12.2d, v14.2d
+        trn1    v11.2d, v11.2d, v13.2d
+        ldr     q0, [sp], #16
+        eor     v0.16b, v0.16b, v12.16b
+        str     q0, [x21]
+
+        mov     x6, x21
+        // Penultimate ciphertext block produces final plaintext part-block
+        // plus remaining part of final ciphertext block. Move plaintext part
+        // to final position and re-use penultimate plaintext block buffer to
+        // construct final ciphertext block
+.Lxts_dec_steal:
+        ldrb    w1, [x21]
+        ldrb    w0, [x20], #1
+        strb    w1, [x21, #0x10]
+        strb    w0, [x21], #1
+
+        subs    x22, x22, #1
+        bhi     .Lxts_dec_steal
+
+        // Finally decrypt the penultimate plaintext block using the
+        // penultimate tweak
+        ldr     q0, [x6]
+        eor     v0.16b, v0.16b, v11.16b
+        str     q0, [sp, #-16]!
+        mov     x0, sp
+        mov     x1, sp
+        mov     x2, x23
+        mov     x21, x6
+
+        bl      AES_decrypt
+
+        trn1    v11.2d, v11.2d, v13.2d
+        ldr     q0, [sp], #16
+        eor     v0.16b, v0.16b, v11.16b
+        str     q0, [x21]
+
+.Lxts_dec_ret:
+
+        movi    v0.16b, #0
+        movi    v1.16b, #0
+.Lxts_dec_bzero: // wipe key schedule
+        stp     q0, q1, [sp], #32
+        cmp     sp, x19
+        bne     .Lxts_dec_bzero
+
+        ldp     x19, x20, [sp, #80]
+        ldp     x21, x22, [sp, #96]
+        ldr     x23, [sp, #112]
+        ldp     d8, d9, [sp, #128]
+        ldp     d10, d11, [sp, #144]
+        ldp     d12, d13, [sp, #160]
+        ldp     d14, d15, [sp, #176]
+        ldp     fp, lr, [sp], #192
+        ret
+.size   bsaes_xts_decrypt,.-bsaes_xts_decrypt
diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index 66bff1ae73..b17f7e5c1f 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -30,8 +30,8 @@ IF[{- !$disabled{asm} -}]
 
   $AESASM_armv4=aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S
   $AESDEF_armv4=AES_ASM BSAES_ASM
-  $AESASM_aarch64=aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S
-  $AESDEF_aarch64=VPAES_ASM
+  $AESASM_aarch64=aes_core.c aes_cbc.c aesv8-armx.S bsaes-armv8.S vpaes-armv8.S
+  $AESDEF_aarch64=BSAES_ASM VPAES_ASM
 
   $AESASM_parisc11=aes_core.c aes_cbc.c aes-parisc.s
   $AESDEF_parisc11=AES_ASM
@@ -73,6 +73,7 @@ DEFINE[../../providers/libfips.a]=$AESDEF
 DEFINE[../../providers/libdefault.a]=$AESDEF
 
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
+GENERATE[bsaes-armv8.S]=asm/bsaes-armv8.S
 
 GENERATE[aes-586.s]=asm/aes-586.pl
 DEPEND[aes-586.s]=../perlasm/x86asm.pl

From pauli at openssl.org  Thu May 13 14:03:52 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 13 May 2021 14:03:52 +0000
Subject: [openssl]  master update
Message-ID: <1620914632.461767.14307.nullmailer@dev.openssl.org>

The branch master has been updated
       via  2bdec3b037264540014120a02217fc67bf355f11 (commit)
      from  da51566b256e0c0536d5b986e676863b0526bf5e (commit)


- Log -----------------------------------------------------------------
commit 2bdec3b037264540014120a02217fc67bf355f11
Author: Xiaofei Bai <xiaofei.bai at arm.com>
Date:   Tue May 11 09:37:22 2021 +0000

    crypto/arm_arch.h: add a variable declaration
    
    Add this variable declaration to prevent
    "-Werror,-Wmissing-variable-declarations" error from compiler.
    This error currently only happens on clang.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15240)

-----------------------------------------------------------------------

Summary of changes:
 crypto/arm_arch.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
index d98154bddb..9de35afcfd 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -72,6 +72,7 @@
 # ifndef __ASSEMBLER__
 extern unsigned int OPENSSL_armcap_P;
 extern unsigned int OPENSSL_arm_midr;
+extern unsigned int OPENSSL_armv8_rsa_neonized;
 # endif
 
 # define ARMV7_NEON      (1<<0)

From beldmit at gmail.com  Thu May 13 14:11:05 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Thu, 13 May 2021 14:11:05 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1620915065.556905.17839.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  9a48d4a4fec6827d387ee63756504892e3656299 (commit)
       via  fffb067b468f8e6ffd003b346d7aba558f205c23 (commit)
      from  207b8693b0821aab356ce9dccb7f2fe86e5e035a (commit)


- Log -----------------------------------------------------------------
commit 9a48d4a4fec6827d387ee63756504892e3656299
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Fri Apr 30 18:13:14 2021 +0200

    Testing private keys with extra attributes
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15075)

commit fffb067b468f8e6ffd003b346d7aba558f205c23
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Wed Apr 28 21:43:35 2021 +0300

    Try to parse private key as PKCS#8 first, fallback afterwards
    
    Fixes #15022
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15075)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/d2i_pr.c       |  71 +++++++++++++++++++++++++++++++--------------
 test/recipes/25-test_req.t |  27 +++++++++++++++--
 test/testrsa_withattrs.der | Bin 0 -> 1277 bytes
 test/testrsa_withattrs.pem |  29 ++++++++++++++++++
 4 files changed, 103 insertions(+), 24 deletions(-)
 create mode 100644 test/testrsa_withattrs.der
 create mode 100644 test/testrsa_withattrs.pem

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 7b127d2092..091b6e7216 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -78,13 +78,53 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
  * type
  */
 
+static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on)
+{
+    const unsigned char *p = *pp;
+    PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+    EVP_PKEY *ret;
+
+    if (p8 == NULL)
+        return NULL;
+
+    ret = EVP_PKCS82PKEY(p8);
+    if (ret == NULL)
+        *carry_on = 0;
+
+    PKCS8_PRIV_KEY_INFO_free(p8);
+
+    if (ret != NULL)
+        *pp = p;
+
+    return ret;
+}
+
 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                              long length)
 {
     STACK_OF(ASN1_TYPE) *inkey;
     const unsigned char *p;
     int keytype;
+    EVP_PKEY *ret = NULL;
+    int carry_on = 1;
+
+    ERR_set_mark();
+    ret = key_as_pkcs8(pp, length, &carry_on);
+    if (ret != NULL) {
+        ERR_clear_last_mark();
+        if (a != NULL)
+            *a = ret;
+        return ret;
+    }
+
+    if (carry_on == 0) {
+        ERR_clear_last_mark();
+        ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
+                ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return NULL;
+    }
     p = *pp;
+
     /*
      * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
      * analyzing it we can determine the passed structure: this assumes the
@@ -100,28 +140,15 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         keytype = EVP_PKEY_DSA;
     else if (sk_ASN1_TYPE_num(inkey) == 4)
         keytype = EVP_PKEY_EC;
-    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
-                                              * traditional format */
-        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
-        EVP_PKEY *ret;
-
-        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-        if (!p8) {
-            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
-                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-            return NULL;
-        }
-        ret = EVP_PKCS82PKEY(p8);
-        PKCS8_PRIV_KEY_INFO_free(p8);
-        if (ret == NULL)
-            return NULL;
-        *pp = p;
-        if (a) {
-            *a = ret;
-        }
-        return ret;
-    } else
+    else
         keytype = EVP_PKEY_RSA;
     sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-    return d2i_PrivateKey(keytype, a, pp, length);
+
+    ret = d2i_PrivateKey(keytype, a, pp, length);
+    if (ret != NULL)
+        ERR_pop_to_mark();
+    else
+        ERR_clear_last_mark();
+
+    return ret;
 }
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 5e1ea308a2..be4cdb1626 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -47,7 +47,7 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
 
 subtest "generating certificate requests with RSA" => sub {
-    plan tests => 2;
+    plan tests => 6;
 
     SKIP: {
         skip "RSA is not supported by this OpenSSL build", 2
@@ -63,6 +63,29 @@ subtest "generating certificate requests with RSA" => sub {
                     "-config", srctop_file("test", "test.cnf"),
                     "-verify", "-in", "testreq.pem", "-noout"])),
            "Verifying signature on request");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
+                    "-key", srctop_file("test", "testrsa_withattrs.pem")])),
+           "Generating request from a key with extra attributes - PEM");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
+           "Verifying signature on request from a key with extra attributes - PEM");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-new", "-out", "testreq_withattrs_der.pem", "-utf8",
+                    "-key", srctop_file("test", "testrsa_withattrs.der"),
+	            "-keyform", "DER"])),
+           "Generating request from a key with extra attributes - PEM");
+
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
+           "Verifying signature on request from a key with extra attributes - PEM");
     }
 };
 
@@ -165,7 +188,7 @@ run_conversion('req conversions',
 run_conversion('req conversions -- testreq2',
                srctop_file("test", "testreq2.pem"));
 
-unlink "testkey.pem", "testreq.pem";
+unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
 
 sub run_conversion {
     my $title = shift;
diff --git a/test/testrsa_withattrs.der b/test/testrsa_withattrs.der
new file mode 100644
index 0000000000..811e1e0bcb
Binary files /dev/null and b/test/testrsa_withattrs.der differ
diff --git a/test/testrsa_withattrs.pem b/test/testrsa_withattrs.pem
new file mode 100644
index 0000000000..42d0a3c51c
--- /dev/null
+++ b/test/testrsa_withattrs.pem
@@ -0,0 +1,29 @@
+-----BEGIN PRIVATE KEY-----
+MIIE+QIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDsh7QWxhftrqng
+RC3Ms+HxH2NFCX1sRoiIV4cYK2z0DQdEiNpFdpHlcs3weTuudcpr8XursodVFMTB
+eHjROhgwO/LT9xReEUiaoHJgfv6KcKcxEvntCjQkzGhkw03OH5VYdtTRAbwpwcYt
+groPiZ2STINpQOmFabzai+K+3rddwTGkkca3C5kY7KOMlnt9IuvmycksRqH6MPKz
+P5QbztlgY95rtra+OEzKLYQ1ux6hkaUlpxT5eGKfzYdccwKJWa0dUXyT/8F6rpTm
+Zbz3BxdKGAWMywaTfh5ywhNmVNTeIumxIRc3+PInn0rqKTaDrWylxiBdb3t27HxQ
+InDZmPwdAgMBAAECggEBAMTRrzN8JxEq1ES/tvStgodoPOyHlwxwLNB3NP0RtZnm
+9XM8BZTjs0egnmlKGDV14riruuMGrcJIg+kR3EcN9m68k7V51kLoUugINuTBCAIe
+96DIT5vFb9pnFT8znRy1/0obp787mF2O1t+r9jNTqgDBFmCRGUBg2jtpR4bYQPEL
+ZjXMDPcsmOlmbBdsyQvjlOHqXjCoUWwOCBEZdtaLzxaOPrBW5Jh2h3Xz1pV3NdZ/
+xufAYRhpJamPNiSipRehBZAeQP2ZAyHj/5x3tgEcA+C04Ki8NvuwJx/6T/lGKD+1
+x3DKsniNi6fEbGlpST/Zp1GY4WyVPcrLa8JxyO+UagECgYEA+gvBBI+LSK5enPXu
+WooEQP17fKzdZG7Cic8TfTPbtBIcXjNQFLHjFoBNk+TBFCjZma7L+fEcKcDm+Bg1
+qa4xihOP6BoQqHXZZNZ+9ZU96MPmI9Zb60CMG9lM1VVhSqrm2n3Q+tefod/a2bQk
+oz8QsdpsUFqVFCF5l+Tb6lp2QN0CgYEA8imPEml6LG35snBY1H6t0ASCHT1oFdHP
+o01WKQas/tuLO+pMfZrA0zLZBExxZuUJloC6COsTcOrlK+hGM60Ab6TgSPbUvYqH
+8yMV7SYLvheEngqIiFExmHg79mxnys3Rgv9KMxAV2Ip2wBrBMwUOaURU9pUKXlIN
+xiaUuevSVEECgYEA0Dbrcs3JUSuKM7AC3DfjlO6/XrFf5hrpOfJKq058m/Uc1EBs
+Zd8/V2RdtVKeiRf/Ix9QUYA6UHaGnn8iaHpaXD0v7zmNN4pzDaojrIKrO+GtCZid
+kEd+pE4N0fO4AYJQnA567/aPwi7zQaflfl6smz1kRoE3dLzvUNHNYtgTcq0CgYAm
+Op1VgMVCwlHK86VyVlVGI5AO4aTO3QJ0ez8A1wb0bOA8Iy7UHVwXe017Oj4kyj+L
+POMhiUrWZp6rIc4DVmpdNaAapKzNB1OS9JT/jSQJbFkJQgxvyLGVqlV8/3wbLgbH
+MVobWYy5VJKOnSqmzUOLJrhq/PhYD4gRIgIUn7/igQKBgQCptqrREOq9fXDEpozC
+39TL4vDrKJWpB1uK6pBEjgEVD/+tcfziVN40j5hnNFDUu/8kxxp9/4w8mPjdJ0CF
+hWIvrXasjnnFehy6IewWCljNH5CfOM64rDoXaF+ESIM4rLBHbQ8KYvaKkMjOcdNB
+JG1sRWVU01AwEhnvxS1zbyBtiqA4MDYGCCqFAwIJAwgBMSoEKBqiSOXm8r5I7hEA
++gglN/s0bbRCnzopEhuEorpcnDXrktVtjQrmMi0=
+-----END PRIVATE KEY-----

From no-reply at appveyor.com  Thu May 13 14:15:06 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 14:15:06 +0000
Subject: Build failed: openssl master.42020
Message-ID: <20210513141506.1.4C95E43BFAE475AC@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/f7f26f68/attachment.html>

From no-reply at appveyor.com  Thu May 13 14:16:23 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 14:16:23 +0000
Subject: Build failed: openssl pr14749.42021
Message-ID: <20210513141623.1.2EB1D0DBFC5C4846@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/01d9a2fe/attachment.html>

From no-reply at appveyor.com  Thu May 13 14:17:37 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 14:17:37 +0000
Subject: Build failed: openssl pr14749-orig.42022
Message-ID: <20210513141737.1.76C37E7B40D59D05@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/f19c6b1d/attachment.html>

From no-reply at appveyor.com  Thu May 13 14:19:03 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 14:19:03 +0000
Subject: Build failed: openssl pr14749.42023
Message-ID: <20210513141903.1.080D5984372E13CA@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/5659657f/attachment-0001.html>

From no-reply at appveyor.com  Thu May 13 15:50:03 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 15:50:03 +0000
Subject: Build failed: openssl master.42024
Message-ID: <20210513155003.1.8D6C7E7997E62B37@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/92a991ea/attachment.html>

From no-reply at appveyor.com  Thu May 13 15:51:12 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 15:51:12 +0000
Subject: Build failed: openssl pr14749.42025
Message-ID: <20210513155112.1.2E8F4B1C799806AF@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/8c10af6e/attachment.html>

From no-reply at appveyor.com  Thu May 13 15:52:35 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 15:52:35 +0000
Subject: Build failed: openssl pr14749-new.42026
Message-ID: <20210513155235.1.7C429311009C27A4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/8fe092d7/attachment.html>

From no-reply at appveyor.com  Thu May 13 17:23:47 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 17:23:47 +0000
Subject: Build failed: openssl master.42027
Message-ID: <20210513172347.1.BA3270B615763DA5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/ef26f9dc/attachment.html>

From tomas at openssl.org  Thu May 13 17:26:30 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 13 May 2021 17:26:30 +0000
Subject: [openssl]  master update
Message-ID: <1620926790.353304.4756.nullmailer@dev.openssl.org>

The branch master has been updated
       via  afecd85db1359b5a62c037b8a507b928541c779c (commit)
      from  2bdec3b037264540014120a02217fc67bf355f11 (commit)


- Log -----------------------------------------------------------------
commit afecd85db1359b5a62c037b8a507b928541c779c
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 12 19:15:27 2021 +0200

    Replace some of the ERR_clear_error() calls with mark calls
    
    Fixes #15219
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15253)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/a_d2i_fp.c  |  7 ++++---
 crypto/asn1/p5_pbev2.c  |  3 ++-
 crypto/bio/bio_lib.c    |  8 ++++++--
 crypto/bio/bss_conn.c   |  8 +++++---
 crypto/ec/ec2_oct.c     |  8 ++++----
 crypto/ec/ecp_oct.c     | 10 ++++------
 crypto/pkcs12/p12_add.c |  3 ++-
 crypto/pkcs12/p12_p8e.c | 22 +++++++++++++---------
 crypto/x509/by_file.c   |  6 ++++--
 9 files changed, 44 insertions(+), 31 deletions(-)

diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 2c7acb34e0..f1e96b2eaf 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -115,7 +115,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
         return -1;
     }
 
-    ERR_clear_error();
+    ERR_set_mark();
     for (;;) {
         diff = len - off;
         if (want >= diff) {
@@ -149,10 +149,10 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
         if (inf & 0x80) {
             unsigned long e;
 
-            e = ERR_GET_REASON(ERR_peek_error());
+            e = ERR_GET_REASON(ERR_peek_last_error());
             if (e != ASN1_R_TOO_LONG)
                 goto err;
-            ERR_clear_error();
+            ERR_pop_to_mark();
         }
         i = q - p;            /* header length */
         off += i;               /* end of data */
@@ -235,6 +235,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
     *pb = b;
     return off;
  err:
+    ERR_clear_last_mark();
     BUF_MEM_free(b);
     return -1;
 }
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index da227b96e2..c9d9d31cc2 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -88,11 +88,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter,
      * If prf NID unspecified see if cipher has a preference. An error is OK
      * here: just means use default PRF.
      */
+    ERR_set_mark();
     if ((prf_nid == -1) &&
         EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
-        ERR_clear_error();
         prf_nid = NID_hmacWithSHA256;
     }
+    ERR_pop_to_mark();
     EVP_CIPHER_CTX_free(ctx);
     ctx = NULL;
 
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 5cdd6d7cfd..575107634c 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -870,7 +870,8 @@ int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds)
     BIO_set_nbio(bio, !blocking);
 
  retry:
-    rv = BIO_do_connect(bio); /* This may indirectly call ERR_clear_error(); */
+    ERR_set_mark();
+    rv = BIO_do_connect(bio);
 
     if (rv <= 0) { /* could be timeout or retryable error or fatal error */
         int err = ERR_peek_last_error();
@@ -897,7 +898,7 @@ int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds)
             }
         }
         if (timeout >= 0 && do_retry) {
-            ERR_clear_error(); /* using ERR_pop_to_mark() would be cleaner */
+            ERR_pop_to_mark();
             /* will not actually wait if timeout == 0 (i.e., blocking BIO): */
             rv = bio_wait(bio, max_time, nap_milliseconds);
             if (rv > 0)
@@ -905,11 +906,14 @@ int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds)
             ERR_raise(ERR_LIB_BIO,
                       rv == 0 ? BIO_R_CONNECT_TIMEOUT : BIO_R_CONNECT_ERROR);
         } else {
+            ERR_clear_last_mark();
             rv = -1;
             if (err == 0) /* missing error queue entry */
                 /* workaround: general error */
                 ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR);
         }
+    } else {
+        ERR_clear_last_mark();
     }
 
     return rv;
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 7aaae65bc2..3ab2c0d4ba 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -155,6 +155,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
 
         case BIO_CONN_S_CONNECT:
             BIO_clear_retry_flags(b);
+            ERR_set_mark();
             ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
                               BIO_SOCK_KEEPALIVE | c->connect_mode);
             b->retry_reason = 0;
@@ -163,7 +164,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                     BIO_set_retry_special(b);
                     c->state = BIO_CONN_S_BLOCKED_CONNECT;
                     b->retry_reason = BIO_RR_CONNECT;
-                    ERR_clear_error();
+                    ERR_pop_to_mark();
                 } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter))
                            != NULL) {
                     /*
@@ -171,9 +172,10 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                      */
                     BIO_closesocket(b->num);
                     c->state = BIO_CONN_S_CREATE_SOCKET;
-                    ERR_clear_error();
+                    ERR_pop_to_mark();
                     break;
                 } else {
+                    ERR_clear_last_mark();
                     ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
                                    "calling connect(%s, %s)",
                                     c->param_hostname, c->param_service);
@@ -182,6 +184,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                 }
                 goto exit_loop;
             } else {
+                ERR_clear_last_mark();
                 c->state = BIO_CONN_S_OK;
             }
             break;
@@ -196,7 +199,6 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                      */
                     BIO_closesocket(b->num);
                     c->state = BIO_CONN_S_CREATE_SOCKET;
-                    ERR_clear_error();
                     break;
                 }
                 ERR_raise_data(ERR_LIB_SYS, i,
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 1970efd65c..10a4932591 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -46,9 +46,6 @@ int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
 #ifndef FIPS_MODULE
     BN_CTX *new_ctx = NULL;
 
-    /* clear error queue */
-    ERR_clear_error();
-
     if (ctx == NULL) {
         ctx = new_ctx = BN_CTX_new();
         if (ctx == NULL)
@@ -80,21 +77,24 @@ int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
             goto err;
         if (!BN_GF2m_add(tmp, x, tmp))
             goto err;
+        ERR_set_mark();
         if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
 #ifndef FIPS_MODULE
             unsigned long err = ERR_peek_last_error();
 
             if (ERR_GET_LIB(err) == ERR_LIB_BN
                 && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
-                ERR_clear_error();
+                ERR_pop_to_mark();
                 ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT);
             } else
 #endif
             {
+                ERR_clear_last_mark();
                 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
             }
             goto err;
         }
+        ERR_clear_last_mark();
         z0 = (BN_is_odd(z)) ? 1 : 0;
         if (!group->meth->field_mul(group, y, x, z, ctx))
             goto err;
diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
index b10947d714..68943e521e 100644
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@@ -28,11 +28,6 @@ int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
     BIGNUM *tmp1, *tmp2, *x, *y;
     int ret = 0;
 
-#ifndef FIPS_MODULE
-    /* clear error queue */
-    ERR_clear_error();
-#endif
-
     if (ctx == NULL) {
         ctx = new_ctx = BN_CTX_new_ex(group->libctx);
         if (ctx == NULL)
@@ -106,21 +101,24 @@ int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
             goto err;
     }
 
+    ERR_set_mark();
     if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) {
 #ifndef FIPS_MODULE
         unsigned long err = ERR_peek_last_error();
 
         if (ERR_GET_LIB(err) == ERR_LIB_BN
             && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
-            ERR_clear_error();
+            ERR_pop_to_mark();
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT);
         } else
 #endif
         {
+            ERR_clear_last_mark();
             ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
         }
         goto err;
     }
+    ERR_clear_last_mark();
 
     if (y_bit != BN_is_odd(y)) {
         if (BN_is_zero(y)) {
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index b644834f33..6fd4184af5 100644
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -102,14 +102,15 @@ PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen,
         goto err;
     }
 
+    ERR_set_mark();
     pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
     if (pbe_ciph == NULL)
         pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+    ERR_pop_to_mark();
 
     if (pbe_ciph != NULL) {
         pbe = PKCS5_pbe2_set_iv_ex(pbe_ciph, iter, salt, saltlen, NULL, -1, ctx);
     } else {
-        ERR_clear_error();
         pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, ctx);
     }
 
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index e357f310a6..9c27534017 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -29,16 +29,20 @@ X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher,
         }
         pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1,
                                    libctx);
-    } else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
-        if (cipher == NULL) {
-            ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
-            return NULL;
-        }
-        pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, pbe_nid,
-                                   libctx);
     } else {
-        ERR_clear_error();
-        pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx);
+        ERR_set_mark();
+        if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
+            ERR_clear_last_mark();
+            if (cipher == NULL) {
+                ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+            }
+            pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL,
+                                       pbe_nid, libctx);
+        } else {
+            ERR_pop_to_mark();
+            pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx);
+        }
     }
     if (pbe == NULL) {
         ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index eed902b649..c6fd3db50a 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -113,16 +113,18 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
 
     if (type == X509_FILETYPE_PEM) {
         for (;;) {
+            ERR_set_mark();
             if (PEM_read_bio_X509_AUX(in, &x, NULL, "") == NULL) {
                 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
                      PEM_R_NO_START_LINE) && (count > 0)) {
-                    ERR_clear_error();
+                    ERR_pop_to_mark();
                     break;
                 } else {
-                    ERR_raise(ERR_LIB_X509, ERR_R_PEM_LIB);
+                    ERR_clear_last_mark();
                     goto err;
                 }
             }
+            ERR_clear_last_mark();
             i = X509_STORE_add_cert(ctx->store_ctx, x);
             if (!i)
                 goto err;

From dev at ddvo.net  Thu May 13 17:40:17 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Thu, 13 May 2021 17:40:17 +0000
Subject: [openssl]  master update
Message-ID: <1620927617.049357.13794.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c4005c8b84f35196a4c455f2e8a5aecfa88372e5 (commit)
      from  afecd85db1359b5a62c037b8a507b928541c779c (commit)


- Log -----------------------------------------------------------------
commit c4005c8b84f35196a4c455f2e8a5aecfa88372e5
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 12 18:19:07 2021 +0200

    http_client.c: Fix inconsistency w.r.t. type of max_resp_len
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15251)

-----------------------------------------------------------------------

Summary of changes:
 crypto/http/http_client.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index c32b352137..8069b2f645 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -52,7 +52,7 @@ struct ossl_http_req_ctx_st {
     int expect_asn1;            /* response must be ASN.1-encoded */
     long len_to_send;           /* number of bytes in request still to send */
     unsigned long resp_len;     /* length of response */
-    unsigned long max_resp_len; /* Maximum length of response */
+    size_t max_resp_len;        /* Maximum length of response */
     int keep_alive;             /* Persistent conn. 0=no, 1=prefer, 2=require */
     time_t max_time;            /* Maximum end time of current transfer, or 0 */
     time_t max_total_time;      /* Maximum end time of total transfer, or 0 */
@@ -135,7 +135,7 @@ void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
         ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
         return;
     }
-    rctx->max_resp_len = len != 0 ? len : HTTP_DEFAULT_MAX_RESP_LEN;
+    rctx->max_resp_len = len != 0 ? (size_t)len : HTTP_DEFAULT_MAX_RESP_LEN;
 }
 
 /*
@@ -1020,7 +1020,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
                    int maxline, const STACK_OF(CONF_VALUE) *headers,
                    const char *expected_ct, int expect_asn1,
-                   unsigned long max_resp_len, int timeout)
+                   size_t max_resp_len, int timeout)
 {
     time_t start_time = timeout > 0 ? time(NULL) : 0;
     char *current_url, *redirection_url = NULL;

From no-reply at appveyor.com  Thu May 13 18:47:43 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 18:47:43 +0000
Subject: Build failed: openssl master.42028
Message-ID: <20210513184743.1.73775A5055E56DD6@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/8d2488ad/attachment.html>

From no-reply at appveyor.com  Thu May 13 20:10:35 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 20:10:35 +0000
Subject: Build failed: openssl master.42029
Message-ID: <20210513201035.1.A53CB59D58AB4BFF@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/ad8b6726/attachment.html>

From no-reply at appveyor.com  Thu May 13 21:32:41 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 21:32:41 +0000
Subject: Build failed: openssl master.42030
Message-ID: <20210513213241.1.2A6BFE0B85E4C8CC@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/7aa950ef/attachment.html>

From no-reply at appveyor.com  Thu May 13 22:55:15 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 13 May 2021 22:55:15 +0000
Subject: Build failed: openssl master.42031
Message-ID: <20210513225515.1.07A4561BB0B0156D@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210513/b09308ad/attachment.html>

From pauli at openssl.org  Fri May 14 00:14:13 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 14 May 2021 00:14:13 +0000
Subject: [openssl]  master update
Message-ID: <1620951253.468764.18257.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c65abf2213117eb5348a46fbc18f706aca052e85 (commit)
      from  c4005c8b84f35196a4c455f2e8a5aecfa88372e5 (commit)


- Log -----------------------------------------------------------------
commit c65abf2213117eb5348a46fbc18f706aca052e85
Author: bonniegong <46280630+bonniegong at users.noreply.github.com>
Date:   Mon Apr 12 10:43:13 2021 +0800

    check i2d_ASN1_TYPE return value
    
    add a length check to the return value of function i2d_ASN1_TYPE. Return an error instead of trying to malloc a negative number.
    
    CLA: trivial
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14828)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/a_strex.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index b9b6f1c871..b31761aae6 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
     t.type = str->type;
     t.value.ptr = (char *)str;
     der_len = i2d_ASN1_TYPE(&t, NULL);
+    if (der_len <= 0)
+        return -1;
     if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
         return -1;

From pauli at openssl.org  Fri May 14 00:15:51 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 14 May 2021 00:15:51 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1620951351.216365.19911.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  a812f8fc8f3c9ba30e5ecd2c168cca0613f15dcd (commit)
      from  9a48d4a4fec6827d387ee63756504892e3656299 (commit)


- Log -----------------------------------------------------------------
commit a812f8fc8f3c9ba30e5ecd2c168cca0613f15dcd
Author: bonniegong <46280630+bonniegong at users.noreply.github.com>
Date:   Mon Apr 12 10:43:13 2021 +0800

    check i2d_ASN1_TYPE return value
    
    add a length check to the return value of function i2d_ASN1_TYPE. Return an error instead of trying to malloc a negative number.
    
    CLA: trivial
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14828)
    
    (cherry picked from commit c65abf2213117eb5348a46fbc18f706aca052e85)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/a_strex.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 4879b33785..7cd18b4b85 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
     t.type = str->type;
     t.value.ptr = (char *)str;
     der_len = i2d_ASN1_TYPE(&t, NULL);
+    if (der_len <= 0)
+        return -1;
     if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
         ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
         return -1;

From no-reply at appveyor.com  Fri May 14 00:16:49 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 00:16:49 +0000
Subject: Build failed: openssl master.42034
Message-ID: <20210514001649.1.A7616AEC282EAA73@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/22f4289f/attachment.html>

From no-reply at appveyor.com  Fri May 14 01:42:20 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 01:42:20 +0000
Subject: Build failed: openssl master.42037
Message-ID: <20210514014220.1.7B7DD8AEF45078D0@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/48981ceb/attachment.html>

From no-reply at appveyor.com  Fri May 14 03:00:43 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 03:00:43 +0000
Subject: Build failed: openssl master.42038
Message-ID: <20210514030043.1.AADD5CB1D5EC8B2E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/95c50c72/attachment.html>

From no-reply at appveyor.com  Fri May 14 04:20:31 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 04:20:31 +0000
Subject: Build failed: openssl master.42039
Message-ID: <20210514042031.1.A5BA916BA5EC11FF@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/d39c34ef/attachment.html>

From no-reply at appveyor.com  Fri May 14 05:40:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 05:40:02 +0000
Subject: Build failed: openssl master.42040
Message-ID: <20210514054002.1.9F30EFE3FB843E73@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/4517af1c/attachment.html>

From levitte at openssl.org  Fri May 14 06:36:25 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 14 May 2021 06:36:25 +0000
Subject: [openssl]  master update
Message-ID: <1620974185.473460.9067.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d0364dcc42b151cfc08d860efb15cd48d87302c6 (commit)
      from  c65abf2213117eb5348a46fbc18f706aca052e85 (commit)


- Log -----------------------------------------------------------------
commit d0364dcc42b151cfc08d860efb15cd48d87302c6
Author: Rich Salz <rsalz at akamai.com>
Date:   Wed May 12 10:42:46 2021 -0400

    Add --banner config option
    
    Use it in the automated workflows.
    
    Fixes: #15247
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15248)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml                | 36 ++++++++++++++---------------
 .github/workflows/coveralls.yml         |  2 +-
 .github/workflows/run-checker-ci.yml    |  2 +-
 .github/workflows/run-checker-daily.yml |  2 +-
 .github/workflows/run-checker-merge.yml |  2 +-
 .github/workflows/windows.yml           |  2 +-
 Configurations/unix-Makefile.tmpl       |  4 ++--
 Configure                               | 41 +++++++++++++++++++--------------
 INSTALL.md                              |  5 ++++
 9 files changed, 54 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e37c7f54d8..46a096cb75 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ jobs:
         sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings enable-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
     - name: make build_generated
       run: make -s build_generated
     - name: make update
@@ -34,7 +34,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings enable-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
     - name: make build_generated
       run: make -s build_generated
     - name: make doc-nits
@@ -48,7 +48,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: CPPFLAGS=-ansi ./config no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
+      run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
     - name: make
       run: make -s -j4
 
@@ -57,7 +57,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config enable-fips --strict-warnings && perl configdata.pm --dump
+      run: ./config --banner=Configured enable-fips --strict-warnings && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -68,7 +68,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: CC=clang ./config no-fips --strict-warnings && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -79,7 +79,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -90,7 +90,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -104,7 +104,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings no-shared no-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -115,7 +115,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
+      run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -126,7 +126,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -137,7 +137,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: CC=clang ./config no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -148,7 +148,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -159,7 +159,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config --strict-warnings no-legacy enable-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -170,7 +170,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -181,7 +181,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: ./config no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
+      run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -199,7 +199,7 @@ jobs:
         mkdir ./build
         mkdir ./install
     - name: config
-      run: ../config enable-fips --strict-warnings --prefix=$(cd ../install; pwd) && perl configdata.pm --dump
+      run: ../config --banner=Configured enable-fips --strict-warnings --prefix=$(cd ../install; pwd) && perl configdata.pm --dump
       working-directory: ./build
     - name: make
       run: make -s -j4
@@ -228,7 +228,7 @@ jobs:
     - name: setup hostname workaround
       run: sudo hostname localhost
     - name: config
-      run: ./config --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: test external gost-engine
@@ -249,7 +249,7 @@ jobs:
       with:
         submodules: recursive
     - name: Configure OpenSSL
-      run: ./config --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: Setup Python
diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml
index c6e4f76bfc..34e5117298 100644
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -14,7 +14,7 @@ jobs:
       run: |
         sudo apt-get -yq install lcov
     - name: config
-      run: CC=gcc ./config --debug --coverage no-asm enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
+      run: CC=gcc ./config --banner=Configured --debug --coverage no-asm enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml
index d89c7740e1..48ff9c9765 100644
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -31,7 +31,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: CC=clang ./config --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
index 9f0bc37db2..efe350c254 100644
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -127,7 +127,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: CC=clang ./config --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml
index 179d5dc0c0..81121e7f3a 100644
--- a/.github/workflows/run-checker-merge.yml
+++ b/.github/workflows/run-checker-merge.yml
@@ -24,7 +24,7 @@ jobs:
     steps:
     - uses: actions/checkout at v2
     - name: config
-      run: CC=clang ./config --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 4a871bca4f..57962eef55 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -13,7 +13,7 @@ jobs:
     - name: config
       working-directory: _build
       run: |
-        perl ..\Configure no-makedepend no-bulk no-deprecated no-fips no-asm -DOPENSSL_SMALL_FOOTPRINT VC-WIN64A
+        perl ..\Configure --banner=Configured no-makedepend no-bulk no-deprecated no-fips no-asm -DOPENSSL_SMALL_FOOTPRINT VC-WIN64A
         perl configdata.pm --dump
     - name: build
       working-directory: _build
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 935210941f..a80e78e86f 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1151,9 +1151,9 @@ providers/fips.module.sources.new: \
 	( \
 	  srcdir=`cd $(SRCDIR); pwd`; \
 	  cd sources-tmp \
-	  && $$srcdir/Configure enable-fips \
+	  && $$srcdir/Configure --banner=Configured enable-fips \
 	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \
-	  && $$srcdir/Configure enable-fips no-asm \
+	  && $$srcdir/Configure --banner=Configured enable-fips no-asm \
 	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \
 	)
 	( \
diff --git a/Configure b/Configure
index dc0b1924b7..2996cd1b4a 100755
--- a/Configure
+++ b/Configure
@@ -29,6 +29,24 @@ $SIG{__DIE__} = \&death_handler;
 
 my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
 
+my $banner = <<"EOF";
+
+**********************************************************************
+***                                                                ***
+***   OpenSSL has been successfully configured                     ***
+***                                                                ***
+***   If you encounter a problem while building, please open an    ***
+***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
+***   and include the output from the following command:           ***
+***                                                                ***
+***       perl configdata.pm --dump                                ***
+***                                                                ***
+***   (If you are new to OpenSSL, you might want to consult the    ***
+***   'Troubleshooting' section in the INSTALL.md file first)      ***
+***                                                                ***
+**********************************************************************
+EOF
+
 # Options:
 #
 # --config      add the given configuration file, which will be read after
@@ -43,6 +61,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 #               given with --prefix.
 #               This becomes the value of OPENSSLDIR in Makefile and in C.
 #               (Default: PREFIX/ssl)
+# --banner=".." Output specified text instead of default completion banner
 #
 # --cross-compile-prefix Add specified prefix to binutils components.
 #
@@ -976,6 +995,10 @@ while (@argvcopy)
                         die "FIPS key too long (64 bytes max)\n"
                            if length $1 > 64;
                         }
+                elsif (/^--banner=(.*)$/)
+                        {
+                        $banner = $1 . "\n";
+                        }
                 elsif (/^--cross-compile-prefix=(.*)$/)
                         {
                         $user{CROSS_COMPILE}=$1;
@@ -2812,23 +2835,7 @@ or position independent code, please let us know (but please first make sure
 you have tried with a current version of OpenSSL).
 EOF
 
-print <<"EOF";
-
-**********************************************************************
-***                                                                ***
-***   OpenSSL has been successfully configured                     ***
-***                                                                ***
-***   If you encounter a problem while building, please open an    ***
-***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
-***   and include the output from the following command:           ***
-***                                                                ***
-***       perl configdata.pm --dump                                ***
-***                                                                ***
-***   (If you are new to OpenSSL, you might want to consult the    ***
-***   'Troubleshooting' section in the INSTALL.md file first)      ***
-***                                                                ***
-**********************************************************************
-EOF
+print $banner;
 
 exit(0);
 
diff --git a/INSTALL.md b/INSTALL.md
index f89e1aed53..1855dcd128 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -578,6 +578,11 @@ as configuration option, you must ensure that it's valid for both the C and
 the C++ compiler.  If not, the C++ build test will most likely break.  As an
 alternative, you can use the language specific variables, `CFLAGS` and `CXXFLAGS`.
 
+### --banner=text
+
+Use the specified text instead of the default banner at the end of
+configuration.
+
 ### no-bulk
 
 Build only some minimal set of features.

From no-reply at appveyor.com  Fri May 14 06:58:56 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 06:58:56 +0000
Subject: Build failed: openssl master.42041
Message-ID: <20210514065856.1.B6DC0C5A30D23185@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/95902a56/attachment.html>

From pauli at openssl.org  Fri May 14 07:52:51 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 14 May 2021 07:52:51 +0000
Subject: [openssl]  master update
Message-ID: <1620978771.441729.26663.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8a0f65f06b0b0fa0411175bcd764c818d9c52469 (commit)
      from  d0364dcc42b151cfc08d860efb15cd48d87302c6 (commit)


- Log -----------------------------------------------------------------
commit 8a0f65f06b0b0fa0411175bcd764c818d9c52469
Author: Juergen Christ <jchrist at linux.ibm.com>
Date:   Wed May 12 13:54:20 2021 +0200

    Fix provider library build wrt. AES
    
    Commit c7978e506b2d1300accd9e696656f9cc94196e6d ("Fix missing $CPUIDDEF in
    libdefault.a") revealed another problem in the build system on s390.  The
    build of the provider libraries includes the AES system without the proper
    defines.  This causes a build error on s390 now since the CPUIDDEF is present
    but the prototypes for various AES functions implemented in assembler are
    missing due to missing preprocessor defines.  Fix this by adding the missing
    defines to all provider libraries.
    
    Signed-off-by: Juergen Christ <jchrist at linux.ibm.com>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15244)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/build.info | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index b17f7e5c1f..edf6c8106e 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -71,6 +71,13 @@ SOURCE[../../providers/libfips.a]=$COMMON
 DEFINE[../../libcrypto]=$AESDEF
 DEFINE[../../providers/libfips.a]=$AESDEF
 DEFINE[../../providers/libdefault.a]=$AESDEF
+# We only need to include the AESDEF stuff in the legacy provider when it's a
+# separate module and it's dynamically linked with libcrypto.  Otherwise, it
+# already gets everything that the static libcrypto.a has, and doesn't need it
+# added again.
+IF[{- !$disabled{module} && !$disabled{shared} -}]
+  DEFINE[../providers/liblegacy.a]=$AESDEF
+ENDIF
 
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 GENERATE[bsaes-armv8.S]=asm/bsaes-armv8.S

From no-reply at appveyor.com  Fri May 14 08:19:43 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 08:19:43 +0000
Subject: Build failed: openssl master.42042
Message-ID: <20210514081943.1.CCF98B81C3F1A80E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/b7b72979/attachment.html>

From matt at openssl.org  Fri May 14 09:13:13 2021
From: matt at openssl.org (Matt Caswell)
Date: Fri, 14 May 2021 09:13:13 +0000
Subject: [openssl]  master update
Message-ID: <1620983593.612018.15630.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f04bb0bce490de847ed0482b8ec9eabedd173852 (commit)
       via  56bd17830f2d5855b533d923d4e0649d3ed61d11 (commit)
      from  8a0f65f06b0b0fa0411175bcd764c818d9c52469 (commit)


- Log -----------------------------------------------------------------
commit f04bb0bce490de847ed0482b8ec9eabedd173852
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 11 13:09:24 2021 -0400

    Slightly reformat ssl.h.in
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15230)

commit 56bd17830f2d5855b533d923d4e0649d3ed61d11
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 11 10:51:13 2021 -0400

    Convert SSL_{CTX}_[gs]et_options to 64
    
    Less tersely: converted SSL_get_options, SSL_set_options,
    SSL_CTX_get_options and SSL_CTX_get_options to take and return uint64_t
    since we were running out of 32 bits.
    
    Fixes: 15145
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15230)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                       |   6 +
 doc/man3/OSSL_CORE_MAKE_FUNC.pod |   5 +-
 doc/man3/SSL_CTX_set_options.pod |  12 +-
 include/openssl/ssl.h.in         | 231 +++++++++++++++++----------------------
 ssl/ssl_conf.c                   |  16 ++-
 ssl/ssl_lib.c                    |  17 +--
 ssl/ssl_local.h                  |   4 +-
 util/other.syms                  |   1 +
 8 files changed, 137 insertions(+), 155 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index e4e33e4e88..8c72ac33d0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * The signatures of the functions to get and set options on SSL and
+   SSL_CTX objects changed from "unsigned long" to "uint64_t" type.
+   Some source code changes may be required.
+
+   * Rich Salz *
+
  * Add "abspath" and "includedir" pragma's to config files, to prevent,
    or modify relative pathname inclusion.
 
diff --git a/doc/man3/OSSL_CORE_MAKE_FUNC.pod b/doc/man3/OSSL_CORE_MAKE_FUNC.pod
index 409c19db62..751a01fc57 100644
--- a/doc/man3/OSSL_CORE_MAKE_FUNC.pod
+++ b/doc/man3/OSSL_CORE_MAKE_FUNC.pod
@@ -2,13 +2,16 @@
 
 =head1 NAME
 
-OSSL_CORE_MAKE_FUNC - OpenSSL reserved symbols
+OSSL_CORE_MAKE_FUNC,
+SSL_OP_BIT
+- OpenSSL reserved symbols
 
 =head1 SYNOPSIS
 
  #include <openssl/core_dispatch.h>
 
  #define OSSL_CORE_MAKE_FUNC(type,name,args)
+ #define SSL_OP_BIT(n)
 
 =head1 DESCRIPTION
 
diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index e84aaac8a8..7b179099e1 100644
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -10,14 +10,14 @@ SSL_get_secure_renegotiation_support - manipulate SSL options
 
  #include <openssl/ssl.h>
 
- long SSL_CTX_set_options(SSL_CTX *ctx, long options);
- long SSL_set_options(SSL *ssl, long options);
+ uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t options);
+ uint64_t SSL_set_options(SSL *ssl, uint64_t options);
 
- long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
- long SSL_clear_options(SSL *ssl, long options);
+ uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t options);
+ uint64_t SSL_clear_options(SSL *ssl, uint64_t options);
 
- long SSL_CTX_get_options(SSL_CTX *ctx);
- long SSL_get_options(SSL *ssl);
+ uint64_t SSL_CTX_get_options(SSL_CTX *ctx);
+ uint64_t SSL_get_options(SSL *ssl);
 
  long SSL_get_secure_renegotiation_support(SSL *ssl);
 
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 5dd473c9bd..a227090263 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -316,158 +316,131 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
 /* Typedef for SSL async callback */
 typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 
-/* Disable Extended master secret */
-# define SSL_OP_NO_EXTENDED_MASTER_SECRET                0x00000001U
-
-/* Cleanse plaintext copies of data delivered to the application */
-# define SSL_OP_CLEANSE_PLAINTEXT                        0x00000002U
-
-/* Allow initial connection to servers that don't support RI */
-# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
-
-/* Enable support for Kernel TLS */
-# define SSL_OP_ENABLE_KTLS                              0x00000008U
-
-# define SSL_OP_TLSEXT_PADDING                           0x00000010U
-# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
-# define SSL_OP_IGNORE_UNEXPECTED_EOF                    0x00000080U
-
-# define SSL_OP_DISABLE_TLSEXT_CA_NAMES                  0x00000200U
-
-/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
-# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000400U
+#define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)
 
 /*
- * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
- * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
- * workaround is not needed.  Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include it in
- * SSL_OP_ALL. Added in 0.9.6e
+ * SSL/TLS connection options.
  */
-# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800U
-
-/* DTLS options */
-# define SSL_OP_NO_QUERY_MTU                             0x00001000U
-/* Turn on Cookie Exchange (on relevant for servers) */
-# define SSL_OP_COOKIE_EXCHANGE                          0x00002000U
-/* Don't use RFC4507 ticket extension */
-# define SSL_OP_NO_TICKET                                0x00004000U
+    /* Disable Extended master secret */
+# define SSL_OP_NO_EXTENDED_MASTER_SECRET                SSL_OP_BIT(0)
+    /* Cleanse plaintext copies of data delivered to the application */
+# define SSL_OP_CLEANSE_PLAINTEXT                        SSL_OP_BIT(1)
+    /* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT                    SSL_OP_BIT(2)
+    /* Enable support for Kernel TLS */
+# define SSL_OP_ENABLE_KTLS                              SSL_OP_BIT(3)
+# define SSL_OP_TLSEXT_PADDING                           SSL_OP_BIT(4)
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   SSL_OP_BIT(6)
+# define SSL_OP_IGNORE_UNEXPECTED_EOF                    SSL_OP_BIT(7)
+# define SSL_OP_ALLOW_CLIENT_RENEGOTIATION               SSL_OP_BIT(8)
+# define SSL_OP_DISABLE_TLSEXT_CA_NAMES                  SSL_OP_BIT(9)
+    /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
+# define SSL_OP_ALLOW_NO_DHE_KEX                         SSL_OP_BIT(10)
+    /*
+     * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
+     * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
+     * the workaround is not needed.  Unfortunately some broken SSL/TLS
+     * implementations cannot handle it at all, which is why we include it
+     * in SSL_OP_ALL. Added in 0.9.6e
+     */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              SSL_OP_BIT(11)
+    /* DTLS options */
+# define SSL_OP_NO_QUERY_MTU                             SSL_OP_BIT(12)
+    /* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE                          SSL_OP_BIT(13)
+    /* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET                                SSL_OP_BIT(14)
 # ifndef OPENSSL_NO_DTLS1_METHOD
-/* Use Cisco's "speshul" version of DTLS_BAD_VER
- * (only with deprecated DTLSv1_client_method())  */
-#  define SSL_OP_CISCO_ANYCONNECT                        0x00008000U
+    /*
+     * Use Cisco's version identifier of DTLS_BAD_VER
+     * (only with deprecated DTLSv1_client_method())
+     */
+#  define SSL_OP_CISCO_ANYCONNECT                        SSL_OP_BIT(15)
 # endif
-
-/* As server, disallow session resumption on renegotiation */
-# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000U
-/* Don't use compression even if supported */
-# define SSL_OP_NO_COMPRESSION                           0x00020000U
-/* Permit unsafe legacy renegotiation */
-# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
-/* Disable encrypt-then-mac */
-# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
+    /* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   SSL_OP_BIT(16)
+    /* Don't use compression even if supported */
+# define SSL_OP_NO_COMPRESSION                           SSL_OP_BIT(17)
+    /* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        SSL_OP_BIT(18)
+    /* Disable encrypt-then-mac */
+# define SSL_OP_NO_ENCRYPT_THEN_MAC                      SSL_OP_BIT(19)
+    /*
+     * Enable TLSv1.3 Compatibility mode. This is on by default. A future
+     * version of OpenSSL may have this disabled by default.
+     */
+# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT                  SSL_OP_BIT(20)
+    /*
+     * Prioritize Chacha20Poly1305 when client does.
+     * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE
+     */
+# define SSL_OP_PRIORITIZE_CHACHA                        SSL_OP_BIT(21)
+    /*
+     * Set on servers to choose the cipher according to server's preferences.
+     */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE                 SSL_OP_BIT(22)
+    /*
+     * If set, a server will allow a client to issue a SSLv3.0 version
+     * number as latest version supported in the premaster secret, even when
+     * TLSv1.0 (version 3.1) was announced in the client hello. Normally
+     * this is forbidden to prevent version rollback attacks.
+     */
+# define SSL_OP_TLS_ROLLBACK_BUG                         SSL_OP_BIT(23)
+    /*
+     * Switches off automatic TLSv1.3 anti-replay protection for early data.
+     * This is a server-side option only (no effect on the client).
+     */
+# define SSL_OP_NO_ANTI_REPLAY                           SSL_OP_BIT(24)
+# define SSL_OP_NO_SSLv3                                 SSL_OP_BIT(25)
+# define SSL_OP_NO_TLSv1                                 SSL_OP_BIT(26)
+# define SSL_OP_NO_TLSv1_2                               SSL_OP_BIT(27)
+# define SSL_OP_NO_TLSv1_1                               SSL_OP_BIT(28)
+# define SSL_OP_NO_TLSv1_3                               SSL_OP_BIT(29)
+# define SSL_OP_NO_DTLSv1                                SSL_OP_BIT(26)
+# define SSL_OP_NO_DTLSv1_2                              SSL_OP_BIT(27)
+    /* Disallow all renegotiation */
+# define SSL_OP_NO_RENEGOTIATION                         SSL_OP_BIT(30)
+    /*
+     * Make server add server-hello extension from early version of
+     * cryptopro draft, when GOST ciphersuite is negotiated. Required for
+     * interoperability with CryptoPro CSP 3.x
+     */
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     SSL_OP_BIT(31)
 
 /*
- * Enable TLSv1.3 Compatibility mode. This is on by default. A future version
- * of OpenSSL may have this disabled by default.
+ * Option "collections."
  */
-# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT                  0x00100000U
-
-/* Prioritize Chacha20Poly1305 when client does.
- * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */
-# define SSL_OP_PRIORITIZE_CHACHA                        0x00200000U
+# define SSL_OP_NO_SSL_MASK \
+        ( SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 \
+          | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3 )
+# define SSL_OP_NO_DTLS_MASK \
+        ( SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 )
 
-/*
- * Set on servers to choose the cipher according to the server's preferences
- */
-# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000U
-/*
- * If set, a server will allow a client to issue a SSLv3.0 version number as
- * latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks.
- */
-# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000U
+/* Various bug workarounds that should be rather harmless. */
+# define SSL_OP_ALL \
+        ( SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \
+          | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG )
 
 /*
- * Switches off automatic TLSv1.3 anti-replay protection for early data. This
- * is a server-side option only (no effect on the client).
+ * OBSOLETE OPTIONS retained for compatibility
  */
-# define SSL_OP_NO_ANTI_REPLAY                           0x01000000U
-
-# define SSL_OP_NO_SSLv3                                 0x02000000U
-# define SSL_OP_NO_TLSv1                                 0x04000000U
-# define SSL_OP_NO_TLSv1_2                               0x08000000U
-# define SSL_OP_NO_TLSv1_1                               0x10000000U
-# define SSL_OP_NO_TLSv1_3                               0x20000000U
-
-# define SSL_OP_NO_DTLSv1                                0x04000000U
-# define SSL_OP_NO_DTLSv1_2                              0x08000000U
-
-# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
-        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
-# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
-
-/* Disallow all renegotiation */
-# define SSL_OP_NO_RENEGOTIATION                         0x40000000U
-
-/*
- * Make server add server-hello extension from early version of cryptopro
- * draft, when GOST ciphersuite is negotiated. Required for interoperability
- * with CryptoPro CSP 3.x
- */
-# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000U
-
-/*
- * SSL_OP_ALL: various bug workarounds that should be rather harmless.
- * This used to be 0x000FFFFFL before 0.9.7.
- * This used to be 0x80000BFFU before 1.1.1.
- */
-# define SSL_OP_ALL        (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\
-                            SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\
-                            SSL_OP_TLSEXT_PADDING|\
-                            SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-
-/* OBSOLETE OPTIONS: retained for compatibility */
 
-/* Removed from OpenSSL 1.1.0. Was 0x00000001L */
-/* Related to removed SSLv2. */
 # define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
-/* Removed from OpenSSL 1.1.0. Was 0x00000002L */
-/* Related to removed SSLv2. */
 # define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0
-/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */
-/* Dead forever, see CVE-2010-4180 */
 # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0
-/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */
-/* Refers to ancient SSLREF and SSLv2. */
 # define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
-/* Removed from OpenSSL 1.1.0. Was 0x00000020 */
 # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0
-/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */
 # define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
-/* Removed from OpenSSL 1.1.0. Was 0x00000080 */
-/* Ancient SSLeay version. */
 # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
-/* Removed from OpenSSL 1.1.0. Was 0x00000100L */
 # define SSL_OP_TLS_D5_BUG                               0x0
-/* Removed from OpenSSL 1.1.0. Was 0x00000200L */
 # define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
-/* Removed from OpenSSL 1.1.0. Was 0x00080000L */
 # define SSL_OP_SINGLE_ECDH_USE                          0x0
-/* Removed from OpenSSL 1.1.0. Was 0x00100000L */
 # define SSL_OP_SINGLE_DH_USE                            0x0
-/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */
 # define SSL_OP_EPHEMERAL_RSA                            0x0
-/* Removed from OpenSSL 1.1.0. Was 0x01000000L */
 # define SSL_OP_NO_SSLv2                                 0x0
-/* Removed from OpenSSL 1.0.1. Was 0x08000000L */
 # define SSL_OP_PKCS1_CHECK_1                            0x0
-/* Removed from OpenSSL 1.0.1. Was 0x10000000L */
 # define SSL_OP_PKCS1_CHECK_2                            0x0
-/* Removed from OpenSSL 1.1.0. Was 0x20000000L */
 # define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
-/* Removed from OpenSSL 1.1.0. Was 0x40000000L */
 # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0
 
 /*
@@ -601,12 +574,12 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
  * cannot be used to clear bits.
  */
 
-unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
-unsigned long SSL_get_options(const SSL *s);
-unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
-unsigned long SSL_clear_options(SSL *s, unsigned long op);
-unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
-unsigned long SSL_set_options(SSL *s, unsigned long op);
+uint64_t SSL_CTX_get_options(const SSL_CTX *ctx);
+uint64_t SSL_get_options(const SSL *s);
+uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op);
+uint64_t SSL_clear_options(SSL *s, uint64_t op);
+uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op);
+uint64_t SSL_set_options(SSL *s, uint64_t op);
 
 # define SSL_CTX_set_mode(ctx,op) \
         SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 1f288b5e06..8d1663c0cc 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -24,12 +24,12 @@ typedef struct {
     const char *name;
     int namelen;
     unsigned int name_flags;
-    unsigned long option_value;
+    uint64_t option_value;
 } ssl_flag_tbl;
 
 /* Switch table: use for single command line switches like no_tls2 */
 typedef struct {
-    unsigned long option_value;
+    uint64_t option_value;
     unsigned int name_flags;
 } ssl_switch_tbl;
 
@@ -84,7 +84,7 @@ struct ssl_conf_ctx_st {
     SSL_CTX *ctx;
     SSL *ssl;
     /* Pointer to SSL or SSL_CTX options field or NULL if none */
-    uint32_t *poptions;
+    uint64_t *poptions;
     /* Certificate filenames for each type */
     char *cert_filename[SSL_PKEY_NUM];
     /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
@@ -104,9 +104,10 @@ struct ssl_conf_ctx_st {
 };
 
 static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
-                           unsigned long option_value, int onoff)
+                           uint64_t option_value, int onoff)
 {
     uint32_t *pflags;
+
     if (cctx->poptions == NULL)
         return;
     if (name_flags & SSL_TFLAG_INV)
@@ -122,8 +123,11 @@ static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
         break;
 
     case SSL_TFLAG_OPTION:
-        pflags = cctx->poptions;
-        break;
+        if (onoff)
+            *cctx->poptions |= option_value;
+        else
+            *cctx->poptions &= ~option_value;
+        return;
 
     default:
         return;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c9b49279c5..047fa1a07d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4874,37 +4874,32 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
     return ctx->cert->sec_ex;
 }
 
-/*
- * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
- * can return unsigned long, instead of the generic long return value from the
- * control interface.
- */
-unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
+uint64_t SSL_CTX_get_options(const SSL_CTX *ctx)
 {
     return ctx->options;
 }
 
-unsigned long SSL_get_options(const SSL *s)
+uint64_t SSL_get_options(const SSL *s)
 {
     return s->options;
 }
 
-unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
+uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op)
 {
     return ctx->options |= op;
 }
 
-unsigned long SSL_set_options(SSL *s, unsigned long op)
+uint64_t SSL_set_options(SSL *s, uint64_t op)
 {
     return s->options |= op;
 }
 
-unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
+uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
 {
     return ctx->options &= ~op;
 }
 
-unsigned long SSL_clear_options(SSL *s, unsigned long op)
+uint64_t SSL_clear_options(SSL *s, uint64_t op)
 {
     return s->options &= ~op;
 }
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 023e6f4378..0a6c4bf9ec 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -957,7 +957,7 @@ struct ssl_ctx_st {
      * SSL_new)
      */
 
-    uint32_t options;
+    uint64_t options;
     uint32_t mode;
     int min_proto_version;
     int max_proto_version;
@@ -1535,7 +1535,7 @@ struct ssl_st {
     STACK_OF(X509_NAME) *client_ca_names;
     CRYPTO_REF_COUNT references;
     /* protocol behaviour */
-    uint32_t options;
+    uint64_t options;
     /* API behaviour */
     uint32_t mode;
     int min_proto_version;
diff --git a/util/other.syms b/util/other.syms
index f8fb0d52e2..466373ad7f 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -514,6 +514,7 @@ SSL_CTX_set_tlsext_ticket_key_cb        define
 SSL_CTX_set_tmp_dh                      define
 SSL_CTX_set_tmp_ecdh                    define
 SSL_DEFAULT_CIPHER_LIST                 define deprecated 3.0.0
+SSL_OP_BIT                              define
 SSL_add0_chain_cert                     define
 SSL_add1_chain_cert                     define
 SSL_build_cert_chain                    define

From no-reply at appveyor.com  Fri May 14 09:41:31 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 09:41:31 +0000
Subject: Build failed: openssl master.42043
Message-ID: <20210514094131.1.D864D92E711A2B24@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/f310f6e0/attachment.html>

From no-reply at appveyor.com  Fri May 14 10:52:33 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 10:52:33 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42044
Message-ID: <20210514105233.1.E96BA733E505A955@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/60db1ffb/attachment.html>

From no-reply at appveyor.com  Fri May 14 12:14:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 12:14:02 +0000
Subject: Build failed: openssl master.42045
Message-ID: <20210514121402.1.B4A399A8D7D3E96C@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/67cd5983/attachment.html>

From pauli at openssl.org  Fri May 14 12:24:19 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 14 May 2021 12:24:19 +0000
Subject: [openssl]  master update
Message-ID: <1620995059.102164.8600.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bbf5ccfd8729120e067de709c43be0a4cdfb423b (commit)
      from  f04bb0bce490de847ed0482b8ec9eabedd173852 (commit)


- Log -----------------------------------------------------------------
commit bbf5ccfd8729120e067de709c43be0a4cdfb423b
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 12:26:24 2021 +1000

    mac: improve MAC documentation (Poly 1305 key reuse, nomenclature)
    
    Fixes #12441
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15237)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/EVP_MAC.pod          | 4 +++-
 doc/man7/EVP_MAC-Poly1305.pod | 7 +++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index f4386f9daf..d053375dcf 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -259,7 +259,7 @@ must be set first, see parameter names "algorithm" below.
 
 =item "iv" (B<OSSL_MAC_PARAM_IV>) <octet string>
 
-Some MAC implementations require an IV, this parameter sets the IV.
+Some MAC implementations (GMAC) require an IV, this parameter sets the IV.
 
 =item "custom" (B<OSSL_MAC_PARAM_CUSTOM>) <octet string>
 
@@ -342,6 +342,8 @@ The MAC life-cycle is described in L<life_cycle-mac(7)>.  In the future,
 the transitions described there will be enforced.  When this is done, it will
 not be considered a breaking change to the API.
 
+The usage of the parameter names "custom", "iv" and "salt" correspond to
+the names used in the standard where the algorithm was defined.
 
 =head1 RETURN VALUES
 
diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod
index 59f9444214..a942226cd8 100644
--- a/doc/man7/EVP_MAC-Poly1305.pod
+++ b/doc/man7/EVP_MAC-Poly1305.pod
@@ -49,6 +49,13 @@ Gets the MAC size.
 The "size" parameter can also be retrieved with with EVP_MAC_CTX_get_mac_size().
 The length of the "size" parameter should not exceed that of an B<unsigned int>.
 
+=head1 NOTES
+
+The OpenSSL implementation of the Poly 1305 MAC corresponds to RFC 7539.
+
+It is critical to never reuse the key.  The security implication noted in
+RFC 8439 applies equally to the OpenSSL implementation.
+
 =head1 SEE ALSO
 
 L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,

From no-reply at appveyor.com  Fri May 14 15:01:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 14 May 2021 15:01:02 +0000
Subject: Build completed: openssl master.42046
Message-ID: <20210514150102.1.21E6C9688DC5E03D@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210514/9f6ce526/attachment.html>

From dev at ddvo.net  Fri May 14 17:28:38 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Fri, 14 May 2021 17:28:38 +0000
Subject: [openssl]  master update
Message-ID: <1621013318.385320.20476.nullmailer@dev.openssl.org>

The branch master has been updated
       via  647a5dbf10227d65919b49d078da4eaca313f921 (commit)
       via  e2c38c1a4e034f3fac817870902db6d8bc117119 (commit)
       via  be799eb7a3a7d0012dfa27ade1fa68319a40c6c6 (commit)
       via  8b5ca5111ed9d7907e2de91a5af5b5407a46eaf1 (commit)
       via  829902879eb7ba1260a9444f6b6b91d84ca61037 (commit)
       via  22fe2b129922bc9322c41ce8beff1551c078c838 (commit)
       via  8801240bc5d5e7fe29b2635bbf9c4d45fd1b2996 (commit)
       via  19f97fe6f10bf0d1daec26a9ae2ad919127c67d5 (commit)
       via  19a39b29e846e465ee97e7519acf14ddc9302198 (commit)
       via  ca8f823ffd955493b5f7ce85b7511b758f2a982e (commit)
       via  cc1af4dbfe61317e3ade562bd80201f775d01ee6 (commit)
       via  5a0e05413aa54ee9b463e3f59eefeb3aa35d0958 (commit)
       via  35d445be2cc7afc916cead51923754e6858f46f2 (commit)
       via  68bb06f778ccd5c8d48edef5234d11a4158fae77 (commit)
      from  bbf5ccfd8729120e067de709c43be0a4cdfb423b (commit)


- Log -----------------------------------------------------------------
commit 647a5dbf10227d65919b49d078da4eaca313f921
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 11 15:45:22 2021 +0200

    Add OSSL_ prefix to HTTP_DEFAULT_MAX_{LINE_LENGTH,RESP_LEN}
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit e2c38c1a4e034f3fac817870902db6d8bc117119
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 4 16:58:59 2021 +0200

    http_client.c: Rename internal fields and functions for consistency
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit be799eb7a3a7d0012dfa27ade1fa68319a40c6c6
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 4 16:33:19 2021 +0200

    HTTP client: Allow streaming of response data (with possibly indefinite length)
    
    Also clean up max_resp_len and add OSSL_HTTP_REQ_CTX_get_resp_len().
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 8b5ca5111ed9d7907e2de91a5af5b5407a46eaf1
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 4 11:15:36 2021 +0200

    HTTP client: Allow streaming of request data (for POST method)
    
    Also clean up OSSL_HTTP_REQ_CTX_nbio() states and make it more efficient.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 829902879eb7ba1260a9444f6b6b91d84ca61037
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 3 16:33:10 2021 +0200

    HTTP client API: Generalize to arbitrary request and response contents
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 22fe2b129922bc9322c41ce8beff1551c078c838
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 1 22:04:17 2021 +0200

    OSSL_HTTP_transfer(): Fix error reporting in case rctx->server is NULL
    
    Also improve doc of OSSL_parse_url() and OSSL_HTTP_parse_url().
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 8801240bc5d5e7fe29b2635bbf9c4d45fd1b2996
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 1 19:47:38 2021 +0200

    OSSL_HTTP_get(): Do not close connection if redirect to same server
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 19f97fe6f10bf0d1daec26a9ae2ad919127c67d5
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Apr 28 00:26:14 2021 +0200

    HTTP: Implement persistent connections (keep-alive)
    
    Both at API and at CLI level (for the CMP app only, so far)
    there is a new parameter/option: keep_alive.
    * 0 means HTTP connections are not kept open after
    receiving a response, which is the default behavior for HTTP 1.0.
    * 1 means that persistent connections are requested.
    * 2 means that persistent connections are required, i.e.,
    in case the server does not grant them an error occurs.
    
    For the CMP app the default value is 1, which means preferring to keep
    the connection open. For all other internal uses of the HTTP client
    (fetching an OCSP response, a cert, or a CRL) it does not matter
    because these operations just take one round trip.
    
    If the client application requested or required a persistent connection
    and this was granted by the server, it can keep the OSSL_HTTP_REQ_CTX *
    as long as it wants to send further requests and OSSL_HTTP_is_alive()
    returns nonzero,
    else it should call OSSL_HTTP_REQ_CTX_free() or OSSL_HTTP_close().
    In case the client application keeps the OSSL_HTTP_REQ_CTX *
    but the connection then dies for any reason at the server side, it will
    notice this obtaining an I/O error when trying to send the next request.
    
    This requires extending the HTTP header parsing and
    rearranging the high-level HTTP client API. In particular:
    * Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
      OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
    * Split the timeout functionality accordingly and improve default behavior.
    * Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().
    * Extend struct ossl_http_req_ctx_st accordingly.
    
    Use the new feature for the CMP client, which requires extending
    related transaction management of CMP client and test server.
    
    Update the documentation and extend the tests accordingly.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 19a39b29e846e465ee97e7519acf14ddc9302198
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 1 19:26:53 2021 +0200

    OSSL_HTTP_REQ_CTX_add1_headers(): Fix use with host == NULL (relative URLs)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit ca8f823ffd955493b5f7ce85b7511b758f2a982e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 10 14:36:20 2021 +0200

    CMP test server: Extend error reporting on cert rejected for revocation
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit cc1af4dbfe61317e3ade562bd80201f775d01ee6
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 10 09:37:36 2021 +0200

    HTTP test server: Improve connection management and logging
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 5a0e05413aa54ee9b463e3f59eefeb3aa35d0958
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 10 09:32:53 2021 +0200

    cmp_server.c: Improve transaction management and logging
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 35d445be2cc7afc916cead51923754e6858f46f2
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 10 14:38:36 2021 +0200

    OSSL_CMP_SRV_process_request(): Log any error queue entries on response
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

commit 68bb06f778ccd5c8d48edef5234d11a4158fae77
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 12 08:37:54 2021 +0200

    HTTP client: Rename 'maxline' parameter to 'buf_size' for clarity
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15053)

-----------------------------------------------------------------------

Summary of changes:
 NEWS.md                                            |   6 +-
 apps/cmp.c                                         |  73 ++-
 apps/cmp_mock_srv.c                                |   3 +-
 apps/include/apps.h                                |   1 +
 apps/include/http_server.h                         |  23 +-
 apps/lib/apps.c                                    |   7 +-
 apps/lib/http_server.c                             | 130 +++-
 apps/ocsp.c                                        |  14 +-
 crypto/cmp/cmp_ctx.c                               |  17 +-
 crypto/cmp/cmp_http.c                              |  38 +-
 crypto/cmp/cmp_local.h                             |   2 +
 crypto/cmp/cmp_server.c                            |  25 +-
 crypto/err/openssl.txt                             |   2 +
 crypto/http/http_client.c                          | 661 ++++++++++++---------
 crypto/http/http_err.c                             |   4 +
 crypto/ocsp/ocsp_http.c                            |  24 +-
 crypto/x509/x_all.c                                |   2 +-
 doc/man3/OSSL_CMP_CTX_new.pod                      |  13 +-
 doc/man3/OSSL_CMP_SRV_CTX_new.pod                  |   4 +
 doc/man3/OSSL_HTTP_REQ_CTX.pod                     |   6 +-
 doc/man3/OSSL_HTTP_parse_url.pod                   |   8 +-
 doc/man3/OSSL_HTTP_transfer.pod                    |   3 +-
 include/openssl/http.h                             |   4 +-
 test/http_test.c                                   | 187 ++++--
 .../80-test_cmp_http_data/test_connection.csv      |  92 +--
 25 files changed, 887 insertions(+), 462 deletions(-)

diff --git a/NEWS.md b/NEWS.md
index 3193ce6149..78d0772b9a 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -53,8 +53,10 @@ OpenSSL 3.0
     also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712).
     It is part of the crypto lib and adds a 'cmp' app with a demo configuration.
     All widely used CMP features are supported for both clients and servers.
-  * Added a proper HTTP(S) client to libcrypto supporting GET and POST,
-    redirection, plain and ASN.1-encoded contents, proxies, and timeouts.
+  * Added a proper HTTP client supporting GET with optional redirection, POST,
+    arbitrary request and response content types, TLS, persistent connections,
+    connections via HTTP(s) proxies, connections and exchange via user-defined
+    BIOs (allowing implicit connections), and timeout checks.
   * Added util/check-format.pl for checking adherence to the coding guidelines.
   * Added OSSL_ENCODER, a generic encoder API.
   * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM.
diff --git a/apps/cmp.c b/apps/cmp.c
index f64cb8c813..70ca9a34fd 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -72,6 +72,7 @@ static char *opt_path = NULL;
 static char *opt_proxy = NULL;
 static char *opt_no_proxy = NULL;
 static char *opt_recipient = NULL;
+static int opt_keep_alive = 1;
 static int opt_msg_timeout = -1;
 static int opt_total_timeout = -1;
 
@@ -205,7 +206,7 @@ typedef enum OPTION_choice {
 
     OPT_SERVER, OPT_PATH, OPT_PROXY, OPT_NO_PROXY,
     OPT_RECIPIENT,
-    OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT,
+    OPT_KEEP_ALIVE, OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT,
 
     OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT,
     OPT_EXPECT_SENDER,
@@ -344,8 +345,10 @@ const OPTIONS cmp_options[] = {
      "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
     {"recipient", OPT_RECIPIENT, 's',
      "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"},
+    {"keep_alive", OPT_KEEP_ALIVE, 'N',
+     "Persistent HTTP connections. 0: no, 1 (the default): request, 2: require"},
     {"msg_timeout", OPT_MSG_TIMEOUT, 'N',
-     "Timeout per CMP message round trip (or 0 for none). Default 120 seconds"},
+     "Number of seconds allowed per CMP message round trip, or 0 for infinite"},
     {"total_timeout", OPT_TOTAL_TIMEOUT, 'N',
      "Overall time an enrollment incl. polling may take. Default 0 = infinite"},
 
@@ -530,7 +533,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
     {&opt_oldcert}, {(char **)&opt_revreason},
 
     {&opt_server}, {&opt_path}, {&opt_proxy}, {&opt_no_proxy},
-    {&opt_recipient},
+    {&opt_recipient}, {(char **)&opt_keep_alive},
     {(char **)&opt_msg_timeout}, {(char **)&opt_total_timeout},
 
     {&opt_trusted}, {&opt_untrusted}, {&opt_srvcert},
@@ -1817,6 +1820,15 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
     if (!setup_verification_ctx(ctx))
         goto err;
 
+    if (opt_keep_alive != 1)
+        (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_KEEP_ALIVE,
+                                      opt_keep_alive);
+    if (opt_total_timeout > 0 && opt_msg_timeout > 0
+            && opt_total_timeout < opt_msg_timeout) {
+        CMP_err2("-total_timeout argument = %d must not be < %d (-msg_timeout)",
+                 opt_total_timeout, opt_msg_timeout);
+        goto err;
+    }
     if (opt_msg_timeout >= 0) /* must do this before setup_ssl_ctx() */
         (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT,
                                       opt_msg_timeout);
@@ -2232,6 +2244,13 @@ static int get_opts(int argc, char **argv)
         case OPT_RECIPIENT:
             opt_recipient = opt_str();
             break;
+        case OPT_KEEP_ALIVE:
+            opt_keep_alive = opt_int_arg();
+            if (opt_keep_alive > 2) {
+                CMP_err("-keep_alive argument must be 0, 1, or 2");
+                goto opthelp;
+            }
+            break;
         case OPT_MSG_TIMEOUT:
             opt_msg_timeout = opt_int_arg();
             break;
@@ -2540,6 +2559,7 @@ int cmp_main(int argc, char **argv)
     X509 *newcert = NULL;
     ENGINE *engine = NULL;
     char mock_server[] = "mock server:1";
+    OSSL_CMP_CTX *srv_cmp_ctx = NULL;
     int ret = 0; /* default: failure */
 
     prog = opt_appname(argv[0]);
@@ -2651,22 +2671,26 @@ int cmp_main(int argc, char **argv)
 
         if ((srv_ctx = setup_srv_ctx(engine)) == NULL)
             goto err;
+        srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx);
         OSSL_CMP_CTX_set_transfer_cb_arg(cmp_ctx, srv_ctx);
-        if (!OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx),
-                                     print_to_bio_out)) {
+        if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_out)) {
             CMP_err1("cannot set up error reporting and logging for %s", prog);
             goto err;
         }
+        OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
     }
 
 
     if (opt_port != NULL) { /* act as very basic CMP HTTP server */
+        /* TODO for readability, convert this block to separate function */
 #ifdef OPENSSL_NO_SOCK
         BIO_printf(bio_err, "Cannot act as server - sockets not supported\n");
 #else
         BIO *acbio;
         BIO *cbio = NULL;
+        int keep_alive = 0;
         int msgs = 0;
+        int retry = 1;
 
         if ((acbio = http_server_init_bio(prog, opt_port)) == NULL)
             goto err;
@@ -2677,11 +2701,19 @@ int cmp_main(int argc, char **argv)
 
             ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
                                            (ASN1_VALUE **)&req, &path,
-                                           &cbio, acbio, prog, 0, 0);
-            if (ret == 0)
-                continue;
-            if (ret++ == -1)
-                break; /* fatal error */
+                                           &cbio, acbio, &keep_alive,
+                                           prog, opt_port, 0, 0);
+            if (ret == 0) { /* no request yet */
+                if (retry) {
+                    sleep(1);
+                    retry = 0;
+                    continue;
+                }
+                ret = 0;
+                goto next;
+            }
+            if (ret++ == -1) /* fatal error */
+                break;
 
             ret = 0;
             msgs++;
@@ -2692,7 +2724,7 @@ int cmp_main(int argc, char **argv)
                              path);
                     OPENSSL_free(path);
                     OSSL_CMP_MSG_free(req);
-                    goto cont;
+                    goto next;
                 }
                 OPENSSL_free(path);
                 resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req);
@@ -2702,18 +2734,25 @@ int cmp_main(int argc, char **argv)
                                                   500, "Internal Server Error");
                     break; /* treated as fatal error */
                 }
-                ret = http_server_send_asn1_resp(cbio, "application/pkixcmp",
+                ret = http_server_send_asn1_resp(cbio, keep_alive,
+                                                 "application/pkixcmp",
                                                  ASN1_ITEM_rptr(OSSL_CMP_MSG),
                                                  (const ASN1_VALUE *)resp);
                 OSSL_CMP_MSG_free(resp);
                 if (!ret)
                     break; /* treated as fatal error */
-            } else {
-                (void)http_server_send_status(cbio, 400, "Bad Request");
             }
-        cont:
-            BIO_free_all(cbio);
-            cbio = NULL;
+        next:
+            if (!ret) { /* on transmission error, cancel CMP transaction */
+                (void)OSSL_CMP_CTX_set1_transactionID(srv_cmp_ctx, NULL);
+                (void)OSSL_CMP_CTX_set1_senderNonce(srv_cmp_ctx, NULL);
+            }
+            if (!ret || !keep_alive
+                || OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1
+                 /* transaction closed by OSSL_CMP_CTX_server_perform() */) {
+                BIO_free_all(cbio);
+                cbio = NULL;
+            }
         }
         BIO_free_all(cbio);
         BIO_free_all(acbio);
diff --git a/apps/cmp_mock_srv.c b/apps/cmp_mock_srv.c
index 856dbefd97..1e6a27210c 100644
--- a/apps/cmp_mock_srv.c
+++ b/apps/cmp_mock_srv.c
@@ -251,7 +251,8 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
     if (X509_NAME_cmp(issuer, X509_get_issuer_name(ctx->certOut)) != 0
             || ASN1_INTEGER_cmp(serial,
                                 X509_get0_serialNumber(ctx->certOut)) != 0) {
-        ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED);
+        ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED,
+                       "wrong certificate to revoke");
         return NULL;
     }
     return OSSL_CMP_PKISI_dup(ctx->statusOut);
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 207ed41bc7..41178a6e22 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -285,6 +285,7 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
                                const STACK_OF(CONF_VALUE) *headers,
                                const char *content_type,
                                ASN1_VALUE *req, const ASN1_ITEM *req_it,
+                               const char *expected_content_type,
                                long timeout, const ASN1_ITEM *rsp_it);
 # endif
 
diff --git a/apps/include/http_server.h b/apps/include/http_server.h
index 1264753899..ed3f597fbd 100644
--- a/apps/include/http_server.h
+++ b/apps/include/http_server.h
@@ -35,12 +35,14 @@
 #  include <signal.h>
 #  define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
 # else
+#  undef LOG_DEBUG
 #  undef LOG_INFO
 #  undef LOG_WARNING
 #  undef LOG_ERR
-#  define LOG_INFO      0
-#  define LOG_WARNING   1
-#  define LOG_ERR       2
+#  define LOG_DEBUG     7
+#  define LOG_INFO      6
+#  define LOG_WARNING   4
+#  define LOG_ERR       3
 # endif
 
 /*-
@@ -65,10 +67,12 @@ BIO *http_server_init_bio(const char *prog, const char *port);
  * Accept an ASN.1-formatted HTTP request
  * it: the expected request ASN.1 type
  * preq: pointer to variable where to place the parsed request
- * pcbio: pointer to variable where to place the BIO for sending the response to
  * ppath: pointer to variable where to place the request path, or NULL
+ * pcbio: pointer to variable where to place the BIO for sending the response to
  * acbio: the listening bio (typically as returned by http_server_init_bio())
- * prog: the name of the current app
+ * found_keep_alive: for returning flag if client requests persistent connection
+ * prog: the name of the current app, for diagnostics only
+ * port: the local port listening to, for diagnostics only
  * accept_get: whether to accept GET requests (in addition to POST requests)
  * timeout: connection timeout (in seconds), or 0 for none/infinite
  * returns 0 in case caller should retry, then *preq == *ppath == *pcbio == NULL
@@ -81,19 +85,22 @@ BIO *http_server_init_bio(const char *prog, const char *port);
  */
 int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
                              char **ppath, BIO **pcbio, BIO *acbio,
-                             const char *prog, int accept_get, int timeout);
+                             int *found_keep_alive,
+                             const char *prog, const char *port,
+                             int accept_get, int timeout);
 
 /*-
  * Send an ASN.1-formatted HTTP response
  * cbio: destination BIO (typically as returned by http_server_get_asn1_req())
  *       note: cbio should not do an encoding that changes the output length
+ * keep_alive: grant persistent connnection
  * content_type: string identifying the type of the response
  * it: the response ASN.1 type
- * valit: the response ASN.1 type
  * resp: the response to send
  * returns 1 on success, 0 on failure
  */
-int http_server_send_asn1_resp(BIO *cbio, const char *content_type,
+int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
+                               const char *content_type,
                                const ASN1_ITEM *it, const ASN1_VALUE *resp);
 
 /*-
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index dafcf419bf..fa63410359 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2504,7 +2504,7 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
     mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
                         app_http_tls_cb, &info, 0 /* buf_size */, headers,
                         expected_content_type, 1 /* expect_asn1 */,
-                        HTTP_DEFAULT_MAX_RESP_LEN, timeout);
+                        OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
     resp = ASN1_item_d2i_bio(it, mem, NULL);
     BIO_free(mem);
 
@@ -2521,6 +2521,7 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
                                const STACK_OF(CONF_VALUE) *headers,
                                const char *content_type,
                                ASN1_VALUE *req, const ASN1_ITEM *req_it,
+                               const char *expected_content_type,
                                long timeout, const ASN1_ITEM *rsp_it)
 {
     APP_HTTP_TLS_INFO info;
@@ -2538,8 +2539,8 @@ ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,
                              proxy, no_proxy, NULL /* bio */, NULL /* rbio */,
                              app_http_tls_cb, &info,
                              0 /* buf_size */, headers, content_type, req_mem,
-                             NULL /* expected_ct */, 1 /* expect_asn1 */,
-                             HTTP_DEFAULT_MAX_RESP_LEN, timeout,
+                             expected_content_type, 1 /* expect_asn1 */,
+                             OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout,
                              0 /* keep_alive */);
     BIO_free(req_mem);
     res = ASN1_item_d2i_bio(rsp_it, rsp, NULL);
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index 7626ca9aa4..691e5c9056 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -30,7 +30,15 @@
 # endif
 #endif
 
+static int verbosity = LOG_INFO;
+
+#define HTTP_PREFIX "HTTP/"
+#define HTTP_VERSION_PATT "1." /* allow 1.x */
+#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
+#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
+
 #ifdef HTTP_DAEMON
+
 int multi = 0; /* run multiple responder processes */
 int acfd = (int) INVALID_SOCKET;
 
@@ -49,6 +57,9 @@ void log_message(const char *prog, int level, const char *fmt, ...)
 {
     va_list ap;
 
+    if (verbosity < level)
+        return;
+
     va_start(ap, fmt);
 #ifdef HTTP_DAEMON
     if (multi) {
@@ -56,7 +67,7 @@ void log_message(const char *prog, int level, const char *fmt, ...)
 
         if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0)
             syslog(level, "%s", buf);
-        if (level >= LOG_ERR)
+        if (level <= LOG_ERR)
             ERR_print_errors_cb(print_syslog, &level);
     } else
 #endif
@@ -64,6 +75,7 @@ void log_message(const char *prog, int level, const char *fmt, ...)
         BIO_printf(bio_err, "%s: ", prog);
         BIO_vprintf(bio_err, fmt, ap);
         BIO_printf(bio_err, "\n");
+        (void)BIO_flush(bio_err);
     }
     va_end(ap);
 }
@@ -257,28 +269,36 @@ static int urldecode(char *p)
     return (int)(out - save);
 }
 
+/* if *pcbio != NULL, continue given connected session, else accept new */
+/* if found_keep_alive != NULL, return this way connection persistence state */
 int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
                              char **ppath, BIO **pcbio, BIO *acbio,
-                             const char *prog, int accept_get, int timeout)
+                             int *found_keep_alive,
+                             const char *prog, const char *port,
+                             int accept_get, int timeout)
 {
-    BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
+    BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
     int len;
     char reqbuf[2048], inbuf[2048];
     char *meth, *url, *end;
     ASN1_VALUE *req;
-    int ret = 1;
+    int ret = 0;
 
     *preq = NULL;
     if (ppath != NULL)
         *ppath = NULL;
-    *pcbio = NULL;
 
-    /* Connection loss before accept() is routine, ignore silently */
-    if (BIO_do_accept(acbio) <= 0)
-        return 0;
+    if (cbio == NULL) {
+        log_message(prog, LOG_DEBUG,
+                    "Awaiting new connection on port %s...", port);
+        if (BIO_do_accept(acbio) <= 0)
+            /* Connection loss before accept() is routine, ignore silently */
+            return ret;
 
-    cbio = BIO_pop(acbio);
-    *pcbio = cbio;
+        *pcbio = cbio = BIO_pop(acbio);
+    } else {
+        log_message(prog, LOG_DEBUG, "Awaiting next request...");
+    }
     if (cbio == NULL) {
         /* Cannot call http_server_send_status(cbio, ...) */
         ret = -1;
@@ -294,23 +314,32 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
 
     /* Read the request line. */
     len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
-    if (len <= 0) {
-        log_message(prog, LOG_INFO,
-                    "Request line read error or empty request");
+    if (len == 0)
+        return ret;
+    ret = 1;
+    if (len < 0) {
+        log_message(prog, LOG_WARNING, "Request line read error");
         (void)http_server_send_status(cbio, 400, "Bad Request");
         goto out;
     }
+    if ((end = strchr(reqbuf, '\r')) != NULL
+            || (end = strchr(reqbuf, '\n')) != NULL)
+        *end = '\0';
+    log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf);
 
     meth = reqbuf;
     url = meth + 3;
     if ((accept_get && strncmp(meth, "GET ", 4) == 0)
             || (url++, strncmp(meth, "POST ", 5) == 0)) {
+        static const char http_version_str[] = " "HTTP_PREFIX_VERSION;
+        static const size_t http_version_str_len = sizeof(http_version_str) - 1;
+
         /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */
         *(url++) = '\0';
         while (*url == ' ')
             url++;
         if (*url != '/') {
-            log_message(prog, LOG_INFO,
+            log_message(prog, LOG_WARNING,
                         "Invalid %s -- URL does not begin with '/': %s",
                         meth, url);
             (void)http_server_send_status(cbio, 400, "Bad Request");
@@ -322,14 +351,17 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
         for (end = url; *end != '\0'; end++)
             if (*end == ' ')
                 break;
-        if (strncmp(end, " HTTP/1.", 7) != 0) {
-            log_message(prog, LOG_INFO,
+        if (strncmp(end, http_version_str, http_version_str_len) != 0) {
+            log_message(prog, LOG_WARNING,
                         "Invalid %s -- bad HTTP/version string: %s",
                         meth, end + 1);
             (void)http_server_send_status(cbio, 400, "Bad Request");
             goto out;
         }
         *end = '\0';
+        /* above HTTP 1.0, connection persistence is the default */
+        if (found_keep_alive != NULL)
+            *found_keep_alive = end[http_version_str_len] > '0';
 
         /*-
          * Skip "GET / HTTP..." requests often used by load-balancers.
@@ -343,7 +375,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
 
         len = urldecode(url);
         if (len < 0) {
-            log_message(prog, LOG_INFO,
+            log_message(prog, LOG_WARNING,
                         "Invalid %s request -- bad URL encoding: %s",
                         meth, url);
             (void)http_server_send_status(cbio, 400, "Bad Request");
@@ -361,8 +393,9 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
             getbio = BIO_push(b64, getbio);
         }
     } else {
-        log_message(prog, LOG_INFO,
-                    "HTTP request does not start with GET/POST: %s", reqbuf);
+        log_message(prog, LOG_WARNING,
+                    "HTTP request does not begin with %sPOST: %s",
+                    accept_get ? "GET or " : "", reqbuf);
         /* TODO provide better diagnosis in case client tries TLS */
         (void)http_server_send_status(cbio, 400, "Bad Request");
         goto out;
@@ -377,15 +410,50 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
 
     /* Read and skip past the headers. */
     for (;;) {
+        char *key, *value, *line_end = NULL;
+
         len = BIO_gets(cbio, inbuf, sizeof(inbuf));
         if (len <= 0) {
-            log_message(prog, LOG_ERR,
-                        "Error skipping remaining HTTP headers");
+            log_message(prog, LOG_WARNING, "Error reading HTTP header");
             (void)http_server_send_status(cbio, 400, "Bad Request");
             goto out;
         }
-        if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+
+        if (inbuf[0] == '\r' || inbuf[0] == '\n')
             break;
+
+        key = inbuf;
+        value = strchr(key, ':');
+        if (value != NULL) {
+            *(value++) = '\0';
+            while (*value == ' ')
+                value++;
+            line_end = strchr(value, '\r');
+            if (line_end == NULL)
+                line_end = strchr(value, '\n');
+            if (line_end != NULL)
+                *line_end = '\0';
+        } else {
+            log_message(prog, LOG_WARNING,
+                        "Error parsing HTTP header: missing ':'");
+            (void)http_server_send_status(cbio, 400, "Bad Request");
+            goto out;
+        }
+        if (value != NULL && line_end != NULL) {
+            /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
+            if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
+                if (strcasecmp(value, "keep-alive") == 0)
+                    *found_keep_alive = 1;
+                if (strcasecmp(value, "close") == 0)
+                    *found_keep_alive = 0;
+            }
+        } else {
+            log_message(prog, LOG_WARNING,
+                        "Error parsing HTTP header: missing end of line");
+            (void)http_server_send_status(cbio, 400, "Bad Request");
+            goto out;
+        }
+
     }
 
 # ifdef HTTP_DAEMON
@@ -397,7 +465,9 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
     /* Try to read and parse request */
     req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL);
     if (req == NULL) {
-        log_message(prog, LOG_ERR, "Error parsing request");
+        log_message(prog, LOG_WARNING,
+                    "Error parsing DER-encoded request content");
+        (void)http_server_send_status(cbio, 400, "Bad Request");
     } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) {
         log_message(prog, LOG_ERR,
                     "Out of memory allocating %zu bytes", strlen(url) + 1);
@@ -429,11 +499,15 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
 }
 
 /* assumes that cbio does not do an encoding that changes the output length */
-int http_server_send_asn1_resp(BIO *cbio, const char *content_type,
+int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
+                               const char *content_type,
                                const ASN1_ITEM *it, const ASN1_VALUE *resp)
 {
-    int ret = BIO_printf(cbio, "HTTP/1.0 200 OK\r\nContent-type: %s\r\n"
-                         "Content-Length: %d\r\n\r\n", content_type,
+    int ret = BIO_printf(cbio, HTTP_1_0" 200 OK\r\n%s"
+                         "Content-type: %s\r\n"
+                         "Content-Length: %d\r\n\r\n",
+                         keep_alive ? "Connection: keep-alive\r\n" : "",
+                         content_type,
                          ASN1_item_i2d(resp, NULL, it)) > 0
             && ASN1_item_i2d_bio(it, cbio, resp) > 0;
 
@@ -443,7 +517,9 @@ int http_server_send_asn1_resp(BIO *cbio, const char *content_type,
 
 int http_server_send_status(BIO *cbio, int status, const char *reason)
 {
-    int ret = BIO_printf(cbio, "HTTP/1.0 %d %s\r\n\r\n", status, reason) > 0;
+    int ret = BIO_printf(cbio, HTTP_1_0" %d %s\r\n\r\n",
+                         /* This implicitly cancels keep-alive */
+                         status, reason) > 0;
 
     (void)BIO_flush(cbio);
     return ret;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 355b4127c8..dd816c4221 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -76,7 +76,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
 
 static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
-                        int timeout);
+                        const char *port, int timeout);
 static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp);
 static char *prog;
 
@@ -631,7 +631,7 @@ redo_accept:
 #endif
 
         req = NULL;
-        res = do_responder(&req, &cbio, acbio, req_timeout);
+        res = do_responder(&req, &cbio, acbio, port, req_timeout);
         if (res == 0)
             goto redo_accept;
 
@@ -1162,12 +1162,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 }
 
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
-                        int timeout)
+                        const char *port, int timeout)
 {
 #ifndef OPENSSL_NO_SOCK
     return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST),
                                     (ASN1_VALUE **)preq, NULL, pcbio, acbio,
-                                    prog, 1 /* accept_get */, timeout);
+                                    NULL /* found_keep_alive */,
+                                    prog, port, 1 /* accept_get */, timeout);
 #else
     BIO_printf(bio_err,
                "Error getting OCSP request - sockets not supported\n");
@@ -1179,7 +1180,9 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
 static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp)
 {
 #ifndef OPENSSL_NO_SOCK
-    return http_server_send_asn1_resp(cbio, "application/ocsp-response",
+    return http_server_send_asn1_resp(cbio,
+                                      0 /* no keep-alive */,
+                                      "application/ocsp-response",
                                       ASN1_ITEM_rptr(OCSP_RESPONSE),
                                       (const ASN1_VALUE *)resp);
 #else
@@ -1211,6 +1214,7 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
         app_http_post_asn1(host, port, path, NULL, NULL /* no proxy used */,
                            ctx, headers, "application/ocsp-request",
                            (ASN1_VALUE *)req, ASN1_ITEM_rptr(OCSP_REQUEST),
+                           "application/ocsp-response",
                            req_timeout, ASN1_ITEM_rptr(OCSP_RESPONSE));
 
     if (resp == NULL)
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 7e7af63b4a..a09432597b 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -115,7 +115,8 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
     ctx->status = -1;
     ctx->failInfoCode = -1;
 
-    ctx->msg_timeout = 2 * 60;
+    ctx->keep_alive = 1;
+    ctx->msg_timeout = -1;
 
     if ((ctx->untrusted = sk_X509_new_null()) == NULL)
         goto oom;
@@ -149,6 +150,11 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
         return 0;
     }
 
+    if (ctx->http_ctx != NULL) {
+        (void)OSSL_HTTP_close(ctx->http_ctx, 1);
+        ossl_cmp_debug(ctx, "disconnected from CMP server");
+        ctx->http_ctx = NULL;
+    }
     ctx->status = -1;
     ctx->failInfoCode = -1;
 
@@ -169,6 +175,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
     if (ctx == NULL)
         return;
 
+    if (ctx->http_ctx != NULL) {
+        (void)OSSL_HTTP_close(ctx->http_ctx, 1);
+        ossl_cmp_debug(ctx, "disconnected from CMP server");
+    }
     OPENSSL_free(ctx->serverPath);
     OPENSSL_free(ctx->server);
     OPENSSL_free(ctx->proxy);
@@ -1041,6 +1051,9 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val)
     case OSSL_CMP_OPT_MAC_ALGNID:
         ctx->pbm_mac = val;
         break;
+    case OSSL_CMP_OPT_KEEP_ALIVE:
+        ctx->keep_alive = val;
+        break;
     case OSSL_CMP_OPT_MSG_TIMEOUT:
         ctx->msg_timeout = val;
         break;
@@ -1105,6 +1118,8 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt)
         return EVP_MD_type(ctx->pbm_owf);
     case OSSL_CMP_OPT_MAC_ALGNID:
         return ctx->pbm_mac;
+    case OSSL_CMP_OPT_KEEP_ALIVE:
+        return ctx->keep_alive;
     case OSSL_CMP_OPT_MSG_TIMEOUT:
         return ctx->msg_timeout;
     case OSSL_CMP_OPT_TOTAL_TIMEOUT:
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c
index a358622feb..600955efce 100644
--- a/crypto/cmp/cmp_http.c
+++ b/crypto/cmp/cmp_http.c
@@ -28,6 +28,19 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
+static int keep_alive(int keep_alive, int body_type)
+{
+    if (keep_alive != 0
+        /* Ask for persistent connection only if may need more round trips */
+            && body_type != OSSL_CMP_PKIBODY_IR
+            && body_type != OSSL_CMP_PKIBODY_CR
+            && body_type != OSSL_CMP_PKIBODY_P10CR
+            && body_type != OSSL_CMP_PKIBODY_KUR
+            && body_type != OSSL_CMP_PKIBODY_POLLREQ)
+        keep_alive = 0;
+    return keep_alive;
+}
+
 /*
  * Send the PKIMessage req and on success return the response, else NULL.
  * Any previous error queue entries will likely be removed by ERR_clear_error().
@@ -55,11 +68,12 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
 
     if (ctx->serverPort != 0)
         BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort);
-
     tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL;
-    ossl_cmp_log2(DEBUG, ctx, "connecting to CMP server %s%s",
-                  ctx->server, tls_used ? " using TLS" : "");
-    rsp = OSSL_HTTP_transfer(NULL, ctx->server, server_port,
+    if (ctx->http_ctx == NULL)
+        ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s",
+                      ctx->server, server_port, tls_used ? " using TLS" : "");
+
+    rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port,
                              ctx->serverPath, tls_used,
                              ctx->proxy, ctx->no_proxy,
                              NULL /* bio */, NULL /* rbio */,
@@ -67,12 +81,22 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
                              0 /* buf_size */, headers,
                              content_type_pkix, req_mem,
                              content_type_pkix, 1 /* expect_asn1 */,
-                             HTTP_DEFAULT_MAX_RESP_LEN,
-                             ctx->msg_timeout, 0 /* keep_alive */);
+                             OSSL_HTTP_DEFAULT_MAX_RESP_LEN,
+                             ctx->msg_timeout,
+                             keep_alive(ctx->keep_alive, req->body->type));
     BIO_free(req_mem);
     res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL);
     BIO_free(rsp);
-    ossl_cmp_debug(ctx, "disconnected from CMP server");
+
+    if (ctx->http_ctx == NULL)
+        ossl_cmp_debug(ctx, "disconnected from CMP server");
+    /*
+     * Note that on normal successful end of the transaction the connection
+     * is not closed at this level, but this will be done by the CMP client
+     * application via OSSL_CMP_CTX_free() or OSSL_CMP_CTX_reinit().
+     */
+    if (res != NULL)
+        ossl_cmp_debug(ctx, "finished reading response from CMP server");
  err:
     sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
     return res;
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index b2a3382079..eee609937b 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -40,11 +40,13 @@ struct ossl_cmp_ctx_st {
     OSSL_CMP_transfer_cb_t transfer_cb; /* default: OSSL_CMP_MSG_http_perform */
     void *transfer_cb_arg; /* allows to store optional argument to cb */
     /* HTTP-based transfer */
+    OSSL_HTTP_REQ_CTX *http_ctx;
     char *serverPath;
     char *server;
     int serverPort;
     char *proxy;
     char *no_proxy;
+    int keep_alive; /* persistent connection: 0=no, 1=prefer, 2=require */
     int msg_timeout; /* max seconds to wait for each CMP message round trip */
     int total_timeout; /* max number of seconds an enrollment may take, incl. */
     /* attempts polling for a response if a 'waiting' PKIStatus is received */
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index 4e8fa6e069..73c14841ca 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -507,6 +507,8 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
 #endif
         }
     }
+    ossl_cmp_log1(DEBUG, ctx,
+                  "received %s", ossl_cmp_bodytype_to_string(req_type));
 
     res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
                                     srv_ctx->acceptUnprotected);
@@ -579,7 +581,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
         }
 
         if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection,
-                                          fail_info, NULL)) != NULL) {
+                                          fail_info, data)) != NULL) {
             if (err != 0 && (flags & ERR_TXT_STRING) != 0)
                 data = ERR_reason_error_string(err);
             rsp = ossl_cmp_error_new(srv_ctx->ctx, si,
@@ -588,20 +590,28 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
             OSSL_CMP_PKISI_free(si);
         }
     }
+    OSSL_CMP_CTX_print_errors(ctx);
     ctx->secretValue = backup_secret;
 
-    /* possibly close the transaction */
     rsp_type =
         rsp != NULL ? ossl_cmp_msg_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR;
+    if (rsp != NULL)
+        ossl_cmp_log1(DEBUG, ctx,
+                      "sending %s", ossl_cmp_bodytype_to_string(rsp_type));
+    else
+        ossl_cmp_log(ERR, ctx, "cannot send proper CMP response");
+
+    /* possibly close the transaction */
+    ctx->status = -2; /* this indicates transaction is open */
     switch (rsp_type) {
     case OSSL_CMP_PKIBODY_IP:
     case OSSL_CMP_PKIBODY_CP:
     case OSSL_CMP_PKIBODY_KUP:
-    case OSSL_CMP_PKIBODY_RP:
         if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 0)
             break;
         /* fall through */
 
+    case OSSL_CMP_PKIBODY_RP:
     case OSSL_CMP_PKIBODY_PKICONF:
     case OSSL_CMP_PKIBODY_GENP:
     case OSSL_CMP_PKIBODY_ERROR:
@@ -609,6 +619,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
         /* prepare for next transaction, ignoring any errors here: */
         (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL);
         (void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL);
+        ctx->status = -1; /* transaction closed */
 
     default: /* not closing transaction in other cases */
         break;
@@ -622,19 +633,19 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
  * returns received message on success, else NULL and pushes an element on the
  * error stack.
  */
-OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
-                                           const OSSL_CMP_MSG *req)
+OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
+                                          const OSSL_CMP_MSG *req)
 {
     OSSL_CMP_SRV_CTX *srv_ctx = NULL;
 
     if (client_ctx == NULL || req == NULL) {
         ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
-        return 0;
+        return NULL;
     }
 
     if ((srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(client_ctx)) == NULL) {
         ERR_raise(ERR_LIB_CMP, CMP_R_TRANSFER_ERROR);
-        return 0;
+        return NULL;
     }
 
     return OSSL_CMP_SRV_process_request(srv_ctx, req);
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 9ad6757857..0bbdd886ce 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -760,6 +760,7 @@ HTTP_R_ERROR_PARSING_URL:101:error parsing url
 HTTP_R_ERROR_RECEIVING:103:error receiving
 HTTP_R_ERROR_SENDING:102:error sending
 HTTP_R_FAILED_READING_DATA:128:failed reading data
+HTTP_R_HEADER_PARSE_ERROR:126:header parse error
 HTTP_R_INCONSISTENT_CONTENT_LENGTH:120:inconsistent content length
 HTTP_R_INVALID_PORT_NUMBER:123:invalid port number
 HTTP_R_INVALID_URL_PATH:125:invalid url path
@@ -774,6 +775,7 @@ HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP:112:redirection from https to http
 HTTP_R_REDIRECTION_NOT_ENABLED:116:redirection not enabled
 HTTP_R_RESPONSE_LINE_TOO_LONG:113:response line too long
 HTTP_R_RESPONSE_PARSE_ERROR:104:response parse error
+HTTP_R_SERVER_CANCELED_CONNECTION:127:server canceled connection
 HTTP_R_SOCK_NOT_SUPPORTED:122:sock not supported
 HTTP_R_STATUS_CODE_UNSUPPORTED:114:status code unsupported
 HTTP_R_TLS_NOT_ENABLED:107:tls not enabled
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 8069b2f645..cd6a51989f 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -27,54 +27,69 @@
 
 #define HTTP_PREFIX "HTTP/"
 #define HTTP_VERSION_PATT "1." /* allow 1.x */
-#define HTTP_VERSION_STR_LEN 3
-#define HTTP_LINE1_MINLEN ((int)strlen(HTTP_PREFIX HTTP_VERSION_PATT "x 200\n"))
+#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
+#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
+#define HTTP_VERSION_PATT_LEN strlen(HTTP_PREFIX_VERSION)
+#define HTTP_VERSION_STR_LEN (HTTP_VERSION_PATT_LEN + 1)
+#define HTTP_LINE1_MINLEN ((int)strlen(HTTP_PREFIX_VERSION "x 200\n"))
 #define HTTP_VERSION_MAX_REDIRECTIONS 50
 
 #define HTTP_STATUS_CODE_OK                200
 #define HTTP_STATUS_CODE_MOVED_PERMANENTLY 301
 #define HTTP_STATUS_CODE_FOUND             302
 
-
 /* Stateful HTTP request code, supporting blocking and non-blocking I/O */
 
 /* Opaque HTTP request status structure */
 
 struct ossl_http_req_ctx_st {
     int state;                  /* Current I/O state */
-    unsigned char *readbuf;     /* Buffer for reading response by line */
-    int readbuflen;             /* Buffer length, equals maxline */
-    BIO *wbio;                  /* BIO to send request to */
-    BIO *rbio;                  /* BIO to read response from */
-    BIO *mem;                   /* Memory BIO response is built into */
-    int method_POST;            /* HTTP method is "POST" (else "GET") */
-    char *expected_ct;          /* expected Content-Type, or NULL */
-    int expect_asn1;            /* response must be ASN.1-encoded */
-    long len_to_send;           /* number of bytes in request still to send */
-    unsigned long resp_len;     /* length of response */
-    size_t max_resp_len;        /* Maximum length of response */
+    unsigned char *buf;         /* Buffer to write request or read response */
+    int buf_size;               /* Buffer size */
+    int free_wbio;              /* wbio allocated internally, free with ctx */
+    BIO *wbio;                  /* BIO to write/send request to */
+    BIO *rbio;                  /* BIO to read/receive response from */
+    OSSL_HTTP_bio_cb_t upd_fn;  /* Optional BIO update callback used for TLS */
+    void *upd_arg;              /* Optional arg for update callback function */
+    int use_ssl;                /* Use HTTPS */
+    char *proxy;                /* Optional proxy name or URI */
+    char *server;               /* Optional server host name */
+    char *port;                 /* Optional server port */
+    BIO *mem;                   /* Memory BIO holding request/response header */
+    BIO *req;                   /* BIO holding the request provided by caller */
+    int method_POST;            /* HTTP method is POST (else GET) */
+    char *expected_ct;          /* Optional expected Content-Type */
+    int expect_asn1;            /* Response must be ASN.1-encoded */
+    unsigned char *pos;         /* Current position sending data */
+    long len_to_send;           /* Number of bytes still to send */
+    size_t resp_len;            /* Length of response */
+    size_t max_resp_len;        /* Maximum length of response, or 0 */
     int keep_alive;             /* Persistent conn. 0=no, 1=prefer, 2=require */
     time_t max_time;            /* Maximum end time of current transfer, or 0 */
     time_t max_total_time;      /* Maximum end time of total transfer, or 0 */
-    char *redirection_url;      /* Location given with HTTP status 301/302 */
+    char *redirection_url;      /* Location obtained from HTTP status 301/302 */
 };
 
 /* HTTP states */
 
-#define OHS_NOREAD          0x1000 /* If set no reading should be performed */
-#define OHS_ERROR           (0 | OHS_NOREAD) /* Error condition */
-#define OHS_FIRSTLINE       1 /* First line being read */
-#define OHS_REDIRECT        0xa /* Looking for redirection location */
-#define OHS_HEADERS         2 /* MIME headers being read */
-#define OHS_ASN1_HEADER     3 /* HTTP initial header (tag+length) being read */
-#define OHS_CONTENT         4 /* HTTP content octets being read */
-#define OHS_WRITE_INIT     (5 | OHS_NOREAD) /* 1st call: ready to start send */
-#define OHS_WRITE          (6 | OHS_NOREAD) /* Request being sent */
-#define OHS_FLUSH          (7 | OHS_NOREAD) /* Request being flushed */
-#define OHS_DONE           (8 | OHS_NOREAD) /* Completed */
-#define OHS_HTTP_HEADER    (9 | OHS_NOREAD) /* Headers set, w/o final \r\n */
-
-OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int maxline)
+#define OHS_NOREAD         0x1000 /* If set no reading should be performed */
+#define OHS_ERROR          (0 | OHS_NOREAD) /* Error condition */
+#define OHS_ADD_HEADERS    (1 | OHS_NOREAD) /* Adding header lines to request */
+#define OHS_WRITE_INIT     (2 | OHS_NOREAD) /* 1st call: ready to start send */
+#define OHS_WRITE_HDR      (3 | OHS_NOREAD) /* Request header being sent */
+#define OHS_WRITE_REQ      (4 | OHS_NOREAD) /* Request contents being sent */
+#define OHS_FLUSH          (5 | OHS_NOREAD) /* Request being flushed */
+#define OHS_FIRSTLINE       1 /* First line of response being read */
+#define OHS_HEADERS         2 /* MIME headers of response being read */
+#define OHS_REDIRECT        3 /* MIME headers being read, expecting Location */
+#define OHS_ASN1_HEADER     4 /* ASN1 sequence header (tag+length) being read */
+#define OHS_ASN1_CONTENT    5 /* ASN1 content octets being read */
+#define OHS_ASN1_DONE      (6 | OHS_NOREAD) /* ASN1 content read completed */
+#define OHS_STREAM         (7 | OHS_NOREAD) /* HTTP content stream to be read */
+
+/* Low-level HTTP API implementation */
+
+OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size)
 {
     OSSL_HTTP_REQ_CTX *rctx;
 
@@ -86,16 +101,15 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int maxline)
     if ((rctx = OPENSSL_zalloc(sizeof(*rctx))) == NULL)
         return NULL;
     rctx->state = OHS_ERROR;
-    rctx->readbuflen = maxline > 0 ? maxline : HTTP_DEFAULT_MAX_LINE_LENGTH;
-    rctx->readbuf = OPENSSL_malloc(rctx->readbuflen);
+    rctx->buf_size = buf_size > 0 ? buf_size : OSSL_HTTP_DEFAULT_MAX_LINE_LEN;
+    rctx->buf = OPENSSL_malloc(rctx->buf_size);
     rctx->wbio = wbio;
     rctx->rbio = rbio;
-    if (rctx->readbuf == NULL) {
+    if (rctx->buf == NULL) {
         OPENSSL_free(rctx);
         return NULL;
     }
-    rctx->resp_len = 0;
-    rctx->max_resp_len = HTTP_DEFAULT_MAX_RESP_LEN;
+    rctx->max_resp_len = OSSL_HTTP_DEFAULT_MAX_RESP_LEN;
     /* everything else is 0, e.g. rctx->len_to_send, or NULL, e.g. rctx->mem  */
     return rctx;
 }
@@ -104,8 +118,19 @@ void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx)
 {
     if (rctx == NULL)
         return;
+    /*
+     * Use BIO_free_all() because bio_update_fn may prepend or append to cbio.
+     * This also frees any (e.g., SSL/TLS) BIOs linked with bio and,
+     * like BIO_reset(bio), calls SSL_shutdown() to notify/alert the peer.
+     */
+    if (rctx->free_wbio)
+        BIO_free_all(rctx->wbio);
+    /* do not free rctx->rbio */
     BIO_free(rctx->mem); /* this may indirectly call ERR_clear_error() */
-    OPENSSL_free(rctx->readbuf);
+    OPENSSL_free(rctx->buf);
+    OPENSSL_free(rctx->proxy);
+    OPENSSL_free(rctx->server);
+    OPENSSL_free(rctx->port);
     OPENSSL_free(rctx->expected_ct);
     OPENSSL_free(rctx);
 }
@@ -135,7 +160,7 @@ void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
         ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
         return;
     }
-    rctx->max_resp_len = len != 0 ? (size_t)len : HTTP_DEFAULT_MAX_RESP_LEN;
+    rctx->max_resp_len = len != 0 ? (size_t)len : OSSL_HTTP_DEFAULT_MAX_RESP_LEN;
 }
 
 /*
@@ -175,9 +200,10 @@ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
     if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0)
         return 0;
 
-    if (BIO_printf(rctx->mem, "%s "HTTP_PREFIX"1.0\r\n", path) <= 0)
+    if (BIO_printf(rctx->mem, "%s "HTTP_1_0"\r\n", path) <= 0)
         return 0;
-    rctx->state = OHS_HTTP_HEADER;
+    rctx->resp_len = 0;
+    rctx->state = OHS_ADD_HEADERS;
     return 1;
 }
 
@@ -201,10 +227,7 @@ int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
         if (BIO_puts(rctx->mem, value) <= 0)
             return 0;
     }
-    if (BIO_write(rctx->mem, "\r\n", 2) != 2)
-        return 0;
-    rctx->state = OHS_HTTP_HEADER;
-    return 1;
+    return BIO_write(rctx->mem, "\r\n", 2) == 2;
 }
 
 int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx,
@@ -216,7 +239,7 @@ int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx,
         return 0;
     }
     if (keep_alive != 0
-            && rctx->state != OHS_ERROR && rctx->state != OHS_HEADERS) {
+            && rctx->state != OHS_ERROR && rctx->state != OHS_ADD_HEADERS) {
         /* Cannot anymore set keep-alive in request header */
         ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
@@ -237,17 +260,23 @@ int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx,
     return 1;
 }
 
-static int ossl_http_req_ctx_set_content(OSSL_HTTP_REQ_CTX *rctx,
-                                         const char *content_type, BIO *req_mem)
+static int set_content(OSSL_HTTP_REQ_CTX *rctx,
+                       const char *content_type, BIO *req)
 {
-    const unsigned char *req;
     long req_len;
 
-    if (rctx == NULL || req_mem == NULL) {
+    if (rctx == NULL || (req == NULL && content_type != NULL)) {
         ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    if (rctx->mem == NULL || !rctx->method_POST) {
+
+    if (rctx->keep_alive != 0
+            && !OSSL_HTTP_REQ_CTX_add1_header(rctx, "Connection", "keep-alive"))
+        return 0;
+
+    if (req == NULL)
+        return 1;
+    if (!rctx->method_POST) {
         ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;
     }
@@ -256,12 +285,10 @@ static int ossl_http_req_ctx_set_content(OSSL_HTTP_REQ_CTX *rctx,
             && BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0)
         return 0;
 
-    if ((req_len = BIO_get_mem_data(req_mem, &req)) <= 0)
-        return 0;
-    rctx->state = OHS_WRITE_INIT;
-
-    return BIO_printf(rctx->mem, "Content-Length: %ld\r\n\r\n", req_len) > 0
-        && BIO_write(rctx->mem, req, req_len) == (int)req_len;
+    rctx->req = req;
+    if ((req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL)) <= 0)
+        return 1; /* streaming BIO may not support querying size */
+    return BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) > 0;
 }
 
 int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
@@ -276,17 +303,16 @@ int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type
     }
 
     res = (mem = ASN1_item_i2d_mem_bio(it, req)) != NULL
-        && ossl_http_req_ctx_set_content(rctx, content_type, mem);
+        && set_content(rctx, content_type, mem);
     BIO_free(mem);
     return res;
 }
 
-static int OSSL_HTTP_REQ_CTX_add1_headers(OSSL_HTTP_REQ_CTX *rctx,
-                                          const STACK_OF(CONF_VALUE) *headers,
-                                          const char *host)
+static int add1_headers(OSSL_HTTP_REQ_CTX *rctx,
+                        const STACK_OF(CONF_VALUE) *headers, const char *host)
 {
     int i;
-    int add_host = 1;
+    int add_host = host != NULL && *host != '\0';
     CONF_VALUE *hdr;
 
     for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
@@ -302,41 +328,36 @@ static int OSSL_HTTP_REQ_CTX_add1_headers(OSSL_HTTP_REQ_CTX *rctx,
     return 1;
 }
 
-/*-
- * Create OSSL_HTTP_REQ_CTX structure using the values provided.
- * If !use_http_proxy then the 'server' and 'port' parameters are ignored.
- * If req_mem == NULL then use GET and ignore content_type, else POST.
- */
-static OSSL_HTTP_REQ_CTX
-*ossl_http_req_ctx_new(BIO *wbio, BIO *rbio, int use_http_proxy,
-                       const char *server, const char *port,
-                       const char *path,
-                       const STACK_OF(CONF_VALUE) *headers,
-                       const char *content_type, BIO *req_mem,
-                       int maxline, int timeout,
-                       const char *expected_ct, int expect_asn1)
+/* Create OSSL_HTTP_REQ_CTX structure using the values provided. */
+static OSSL_HTTP_REQ_CTX *http_req_ctx_new(int free_wbio, BIO *wbio, BIO *rbio,
+                                           OSSL_HTTP_bio_cb_t bio_update_fn,
+                                           void *arg, int use_ssl,
+                                           const char *proxy,
+                                           const char *server, const char *port,
+                                           int buf_size, int overall_timeout)
 {
-    OSSL_HTTP_REQ_CTX *rctx;
-
-    if (use_http_proxy && (server == NULL || port == NULL)) {
-        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    /* remaining parameters are checked indirectly by the functions called */
+    OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, buf_size);
 
-    if ((rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, maxline))
-        == NULL)
+    if (rctx == NULL)
         return NULL;
-    if (OSSL_HTTP_REQ_CTX_set_request_line(rctx, req_mem != NULL,
-                                           use_http_proxy ? server : NULL, port,
-                                           path)
-        && OSSL_HTTP_REQ_CTX_set_expected(rctx, expected_ct, expect_asn1,
-                                          timeout, 0)
-        && OSSL_HTTP_REQ_CTX_add1_headers(rctx, headers, server)
-        && (req_mem == NULL
-            || ossl_http_req_ctx_set_content(rctx, content_type, req_mem)))
-        return rctx;
+    rctx->free_wbio = free_wbio;
+    rctx->upd_fn = bio_update_fn;
+    rctx->upd_arg = arg;
+    rctx->use_ssl = use_ssl;
+    if (proxy != NULL
+            && (rctx->proxy = OPENSSL_strdup(proxy)) == NULL)
+        goto err;
+    if (server != NULL
+            && (rctx->server = OPENSSL_strdup(server)) == NULL)
+        goto err;
+    if (port != NULL
+            && (rctx->port = OPENSSL_strdup(port)) == NULL)
+        goto err;
+    rctx->max_total_time =
+        overall_timeout > 0 ? time(NULL) + overall_timeout : 0;
+    return rctx;
 
+ err:
     OSSL_HTTP_REQ_CTX_free(rctx);
     return NULL;
 }
@@ -346,45 +367,42 @@ static OSSL_HTTP_REQ_CTX
  * We need to obtain the numeric code and (optional) informational message.
  */
 
-static int parse_http_line1(char *line)
+static int parse_http_line1(char *line, int *found_keep_alive)
 {
-    int retcode;
+    int i, retcode;
     char *code, *reason, *end;
 
+    if (strncmp(line, HTTP_PREFIX_VERSION, HTTP_VERSION_PATT_LEN) != 0)
+        goto err;
+    /* above HTTP 1.0, connection persistence is the default */
+    *found_keep_alive = line[HTTP_VERSION_PATT_LEN] > '0';
+
     /* Skip to first whitespace (past protocol info) */
     for (code = line; *code != '\0' && !ossl_isspace(*code); code++)
         continue;
-    if (*code == '\0') {
-        ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR);
-        return 0;
-    }
+    if (*code == '\0')
+        goto err;
 
     /* Skip past whitespace to start of response code */
     while (*code != '\0' && ossl_isspace(*code))
         code++;
-
-    if (*code == '\0') {
-        ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR);
-        return 0;
-    }
+    if (*code == '\0')
+        goto err;
 
     /* Find end of response code: first whitespace after start of code */
     for (reason = code; *reason != '\0' && !ossl_isspace(*reason); reason++)
         continue;
 
-    if (*reason == '\0') {
-        ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR);
-        return 0;
-    }
+    if (*reason == '\0')
+        goto err;
 
     /* Set end of response code and start of message */
     *reason++ = '\0';
 
     /* Attempt to parse numeric code */
     retcode = strtoul(code, &end, 10);
-
     if (*end != '\0')
-        return 0;
+        goto err;
 
     /* Skip over any leading whitespace in message */
     while (*reason != '\0' && ossl_isspace(*reason))
@@ -418,16 +436,24 @@ static int parse_http_line1(char *line)
                            "Code=%s, Reason=%s", code, reason);
         return 0;
     }
+
+ err:
+    i = 0;
+    while (i < 60 && ossl_isprint(line[i]))
+        i++;
+    line[i] = '\0';
+    ERR_raise_data(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR, "content=%s", line);
+    return 0;
 }
 
-static int check_set_resp_len(OSSL_HTTP_REQ_CTX *rctx, unsigned long len)
+static int check_set_resp_len(OSSL_HTTP_REQ_CTX *rctx, size_t len)
 {
-    if (len > rctx->max_resp_len)
+    if (rctx->max_resp_len != 0 && len > rctx->max_resp_len)
         ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MAX_RESP_LEN_EXCEEDED,
-                       "length=%lu, max=%lu", len, rctx->max_resp_len);
+                       "length=%zu, max=%zu", len, rctx->max_resp_len);
     if (rctx->resp_len != 0 && rctx->resp_len != len)
         ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INCONSISTENT_CONTENT_LENGTH,
-                       "ASN.1 length=%lu, Content-Length=%lu",
+                       "ASN.1 length=%zu, Content-Length=%zu",
                        len, rctx->resp_len);
     rctx->resp_len = len;
     return 1;
@@ -439,9 +465,9 @@ static int check_set_resp_len(OSSL_HTTP_REQ_CTX *rctx, unsigned long len)
  */
 int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 {
-    int i;
+    int i, found_expected_ct = 0, found_keep_alive = 0;
     long n;
-    unsigned long resp_len;
+    size_t resp_len;
     const unsigned char *p;
     char *key, *value, *line_end = NULL;
 
@@ -457,7 +483,10 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
     rctx->redirection_url = NULL;
  next_io:
     if ((rctx->state & OHS_NOREAD) == 0) {
-        n = BIO_read(rctx->rbio, rctx->readbuf, rctx->readbuflen);
+        if (rctx->expect_asn1)
+            n = BIO_read(rctx->rbio, rctx->buf, rctx->buf_size);
+        else
+            n = BIO_gets(rctx->rbio, (char *)rctx->buf, rctx->buf_size);
         if (n <= 0) {
             if (BIO_should_retry(rctx->rbio))
                 return -1;
@@ -466,12 +495,12 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
         }
 
         /* Write data to memory BIO */
-        if (BIO_write(rctx->mem, rctx->readbuf, n) != n)
+        if (BIO_write(rctx->mem, rctx->buf, n) != n)
             return 0;
     }
 
     switch (rctx->state) {
-    case OHS_HTTP_HEADER:
+    case OHS_ADD_HEADERS:
         /* Last operation was adding headers: need a final \r\n */
         if (BIO_write(rctx->mem, "\r\n", 2) != 2) {
             rctx->state = OHS_ERROR;
@@ -481,30 +510,45 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 
         /* fall thru */
     case OHS_WRITE_INIT:
-        rctx->len_to_send = BIO_get_mem_data(rctx->mem, NULL);
-        rctx->state = OHS_WRITE;
+        rctx->len_to_send = BIO_get_mem_data(rctx->mem, &rctx->pos);
+        rctx->state = OHS_WRITE_HDR;
 
         /* fall thru */
-    case OHS_WRITE:
-        n = BIO_get_mem_data(rctx->mem, &p) - rctx->len_to_send;
-        i = BIO_write(rctx->wbio, p + n, rctx->len_to_send);
-
-        if (i <= 0) {
-            if (BIO_should_retry(rctx->wbio))
-                return -1;
-            rctx->state = OHS_ERROR;
-            return 0;
+    case OHS_WRITE_HDR:
+        /* Copy some chunk of data from rctx->mem to rctx->wbio */
+    case OHS_WRITE_REQ:
+        /* Copy some chunk of data from rctx->req to rctx->wbio */
+
+        if (rctx->len_to_send > 0) {
+            i = BIO_write(rctx->wbio, rctx->pos, rctx->len_to_send);
+            if (i <= 0) {
+                if (BIO_should_retry(rctx->wbio))
+                    return -1;
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            rctx->pos += i;
+            rctx->len_to_send -= i;
+            goto next_io;
         }
-
-        rctx->len_to_send -= i;
-
-        if (rctx->len_to_send > 0)
+        if (rctx->state == OHS_WRITE_HDR) {
+            (void)BIO_reset(rctx->mem);
+            rctx->state = OHS_WRITE_REQ;
+        }
+        if (rctx->req != NULL && !BIO_eof(rctx->req)) {
+            n = BIO_read(rctx->req, rctx->buf, rctx->buf_size);
+            if (n <= 0) {
+                if (BIO_should_retry(rctx->rbio))
+                    return -1;
+                ERR_raise(ERR_LIB_HTTP, HTTP_R_FAILED_READING_DATA);
+                return 0;
+            }
+            rctx->pos = rctx->buf;
+            rctx->len_to_send = n;
             goto next_io;
-
+        }
         rctx->state = OHS_FLUSH;
 
-        (void)BIO_reset(rctx->mem);
-
         /* fall thru */
     case OHS_FLUSH:
 
@@ -537,13 +581,13 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
          */
         n = BIO_get_mem_data(rctx->mem, &p);
         if (n <= 0 || memchr(p, '\n', n) == 0) {
-            if (n >= rctx->readbuflen) {
+            if (n >= rctx->buf_size) {
                 rctx->state = OHS_ERROR;
                 return 0;
             }
             goto next_io;
         }
-        n = BIO_gets(rctx->mem, (char *)rctx->readbuf, rctx->readbuflen);
+        n = BIO_gets(rctx->mem, (char *)rctx->buf, rctx->buf_size);
 
         if (n <= 0) {
             if (BIO_should_retry(rctx->mem))
@@ -553,7 +597,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
         }
 
         /* Don't allow excessive lines */
-        if (n == rctx->readbuflen) {
+        if (n == rctx->buf_size) {
             ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_LINE_TOO_LONG);
             rctx->state = OHS_ERROR;
             return 0;
@@ -561,7 +605,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 
         /* First line */
         if (rctx->state == OHS_FIRSTLINE) {
-            switch (parse_http_line1((char *)rctx->readbuf)) {
+            switch (parse_http_line1((char *)rctx->buf, &found_keep_alive)) {
             case HTTP_STATUS_CODE_OK:
                 rctx->state = OHS_HEADERS;
                 goto next_line;
@@ -579,7 +623,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
                 return 0;
             }
         }
-        key = (char *)rctx->readbuf;
+        key = (char *)rctx->buf;
         value = strchr(key, ':');
         if (value != NULL) {
             *(value++) = '\0';
@@ -605,11 +649,17 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
                                    rctx->expected_ct, value);
                     return 0;
                 }
-                OPENSSL_free(rctx->expected_ct);
-                rctx->expected_ct = NULL; /* content-type has been found */
+                found_expected_ct = 1;
             }
-            if (strcasecmp(key, "Content-Length") == 0) {
-                resp_len = strtoul(value, &line_end, 10);
+
+            /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
+            if (strcasecmp(key, "Connection") == 0) {
+                if (strcasecmp(value, "keep-alive") == 0)
+                    found_keep_alive = 1;
+                else if (strcasecmp(value, "close") == 0)
+                    found_keep_alive = 0;
+            } else if (strcasecmp(key, "Content-Length") == 0) {
+                resp_len = (size_t)strtoul(value, &line_end, 10);
                 if (line_end == value || *line_end != '\0') {
                     ERR_raise_data(ERR_LIB_HTTP,
                                    HTTP_R_ERROR_PARSING_CONTENT_LENGTH,
@@ -622,18 +672,28 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
         }
 
         /* Look for blank line indicating end of headers */
-        for (p = rctx->readbuf; *p != '\0'; p++) {
+        for (p = rctx->buf; *p != '\0'; p++) {
             if (*p != '\r' && *p != '\n')
                 break;
         }
         if (*p != '\0') /* not end of headers */
             goto next_line;
 
-        if (rctx->expected_ct != NULL) {
+        if (rctx->expected_ct != NULL && !found_expected_ct) {
             ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MISSING_CONTENT_TYPE,
                            "expected=%s", rctx->expected_ct);
             return 0;
         }
+        if (rctx->keep_alive != 0 /* do not let server initiate keep_alive */
+                && !found_keep_alive /* otherwise there is no change */) {
+            if (rctx->keep_alive == 2) {
+                rctx->keep_alive = 0;
+                ERR_raise(ERR_LIB_HTTP, HTTP_R_SERVER_CANCELED_CONNECTION);
+                return 0;
+            }
+            rctx->keep_alive = 0;
+        }
+
         if (rctx->state == OHS_REDIRECT) {
             /* http status code indicated redirect but there was no Location */
             ERR_raise(ERR_LIB_HTTP, HTTP_R_MISSING_REDIRECT_LOCATION);
@@ -641,8 +701,8 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
         }
 
         if (!rctx->expect_asn1) {
-            rctx->state = OHS_CONTENT;
-            goto content;
+            rctx->state = OHS_STREAM;
+            return 1;
         }
 
         rctx->state = OHS_ASN1_HEADER;
@@ -691,17 +751,16 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
         if (!check_set_resp_len(rctx, resp_len))
             return 0;
 
- content:
-        rctx->state = OHS_CONTENT;
+        rctx->state = OHS_ASN1_CONTENT;
 
         /* Fall thru */
-    case OHS_CONTENT:
+    case OHS_ASN1_CONTENT:
     default:
         n = BIO_get_mem_data(rctx->mem, NULL);
-        if (n < (long)rctx->resp_len /* may be 0 if no Content-Type or ASN.1 */)
+        if (n < 0 || (size_t)n < rctx->resp_len)
             goto next_io;
 
-        rctx->state = OHS_DONE;
+        rctx->state = OHS_ASN1_DONE;
         return 1;
     }
 }
@@ -723,7 +782,7 @@ int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx,
 #ifndef OPENSSL_NO_SOCK
 
 /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */
-static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */,
+static BIO *http_new_bio(const char *server /* optionally includes ":port" */,
                          const char *server_port /* explicit server port */,
                          int use_ssl,
                          const char *proxy /* optionally includes ":port" */,
@@ -755,11 +814,7 @@ static BIO *HTTP_new_bio(const char *server /* optionally includes ":port" */,
 }
 #endif /* OPENSSL_NO_SOCK */
 
-int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx)
-{
-    return rctx != NULL && rctx->keep_alive != 0;
-}
-
+/* Exchange request and response via HTTP on (non-)blocking BIO */
 BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx)
 {
     int rv;
@@ -788,87 +843,25 @@ BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx)
         }
         return NULL;
     }
-    return rctx->mem;
+    return rctx->state == OHS_STREAM ? rctx->rbio : rctx->mem;
 }
 
-static int update_timeout(int timeout, time_t start_time)
+int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx)
 {
-    long elapsed_time;
-
-    if (timeout == 0)
-        return 0;
-    elapsed_time = (long)(time(NULL) - start_time); /* this might overflow */
-    return timeout <= elapsed_time ? -1 : timeout - elapsed_time;
+    return rctx != NULL && rctx->keep_alive != 0;
 }
 
+/* High-level HTTP API implementation */
+
+/* Initiate an HTTP session using bio, else use given server, proxy, etc. */
 OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
                                   const char *proxy, const char *no_proxy,
                                   int use_ssl, BIO *bio, BIO *rbio,
                                   OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
                                   int buf_size, int overall_timeout)
 {
-    return NULL; /* TODO(3.0) expand */
-}
-
-/*-
- * Exchange HTTP request and response with the given server.
- * If req_mem == NULL then use GET and ignore content_type, else POST.
- * The redirection_url output (freed by caller) parameter is used only for GET.
- *
- * Typically the bio and rbio parameters are NULL and a network BIO is created
- * internally for connecting to the given server and port, optionally via a
- * proxy and its port, and is then used for exchanging the request and response.
- * If bio is given and rbio is NULL then this BIO is used instead.
- * If both bio and rbio are given (which may be memory BIOs for instance)
- * then no explicit connection is attempted,
- * bio is used for writing the request, and rbio for reading the response.
- *
- * bio_update_fn is an optional BIO connect/disconnect callback function,
- * which has the prototype
- *   BIO *(*OSSL_HTTP_bio_cb_t) (BIO *bio, void *arg, int conn, int detail);
- * The callback may modify the HTTP BIO provided in the bio argument,
- * whereby it may make use of any custom defined argument 'arg'.
- * During connection establishment, just after BIO_do_connect_retry(),
- * the callback function is invoked with the 'conn' argument being 1
- * 'detail' indicating whether a HTTPS (i.e., TLS) connection is requested.
- * On disconnect 'conn' is 0 and 'detail' indicates that no error occurred.
- * For instance, on connect the funct may prepend a TLS BIO to implement HTTPS;
- * after disconnect it may do some error diagnostics and/or specific cleanup.
- * The function should return NULL to indicate failure.
- * After disconnect the modified BIO will be deallocated using BIO_free_all().
- */
-int OSSL_HTTP_set_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
-                          const STACK_OF(CONF_VALUE) *headers,
-                          const char *content_type, BIO *req,
-                          const char *expected_content_type, int expect_asn1,
-                          size_t max_resp_len, int timeout, int keep_alive)
-{
-    return 0; /* TODO(3.0) expand */
-}
-
-BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url)
-{
-    return NULL; /* TODO(3.0) expand */
-}
-
-BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
-                        const char *server, const char *port, const char *path,
-                        int use_ssl, const char *proxy, const char *no_proxy,
-                        BIO *bio, BIO *rbio,
-                        OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                        int maxline, const STACK_OF(CONF_VALUE) *headers,
-                        const char *content_type, BIO *req_mem,
-                        const char *expected_ct, int expect_asn1,
-                        size_t max_resp_len, int timeout, int keep_alive)
-{
-    char **redirection_url = (char **)prctx; /* TODO(3.0) fix when API approved */
-    time_t start_time = timeout > 0 ? time(NULL) : 0;
-    BIO *cbio; /* = bio if present, used as connection BIO if rbio is NULL */
-    OSSL_HTTP_REQ_CTX *rctx;
-    BIO *resp = NULL;
-
-    if (redirection_url != NULL)
-        *redirection_url = NULL; /* do this beforehand to prevent dbl free */
+    BIO *cbio; /* == bio if supplied, used as connection BIO if rbio is NULL */
+    OSSL_HTTP_REQ_CTX *rctx = NULL;
 
     if (use_ssl && bio_update_fn == NULL) {
         ERR_raise(ERR_LIB_HTTP, HTTP_R_TLS_NOT_ENABLED);
@@ -881,6 +874,10 @@ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
 
     if (bio != NULL) {
         cbio = bio;
+        if (proxy != NULL || no_proxy != NULL) {
+            ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT);
+            return NULL;
+        }
     } else {
 #ifndef OPENSSL_NO_SOCK
         char *proxy_host = NULL, *proxy_port = NULL;
@@ -889,7 +886,7 @@ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
             ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
             return NULL;
         }
-        if (*port == '\0')
+        if (port != NULL && *port == '\0')
             port = NULL;
         if (port == NULL && strchr(server, ':') == NULL)
             port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
@@ -899,7 +896,7 @@ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
                                     &proxy_host, &proxy_port, NULL /* num */,
                                     NULL /* path */, NULL, NULL))
             return NULL;
-        cbio = HTTP_new_bio(server, port, use_ssl, proxy_host, proxy_port);
+        cbio = http_new_bio(server, port, use_ssl, proxy_host, proxy_port);
         OPENSSL_free(proxy_host);
         OPENSSL_free(proxy_port);
         if (cbio == NULL)
@@ -909,16 +906,19 @@ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
         return NULL;
 #endif
     }
-    /* remaining parameters are checked indirectly by the functions called */
 
     (void)ERR_set_mark(); /* prepare removing any spurious libssl errors */
-    if (rbio == NULL && BIO_do_connect_retry(cbio, timeout, -1) <= 0)
+    if (rbio == NULL && BIO_do_connect_retry(cbio, overall_timeout, -1) <= 0) {
+        if (bio == NULL) /* cbio was not provided by caller */
+            BIO_free_all(cbio);
         goto end;
-    /* now timeout is guaranteed to be >= 0 */
+    }
+    /* now overall_timeout is guaranteed to be >= 0 */
 
     /* callback can be used to wrap or prepend TLS session */
     if (bio_update_fn != NULL) {
         BIO *orig_bio = cbio;
+
         cbio = (*bio_update_fn)(cbio, arg, 1 /* connect */, use_ssl);
         if (cbio == NULL) {
             cbio = orig_bio;
@@ -926,13 +926,64 @@ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
         }
     }
 
-    rctx = ossl_http_req_ctx_new(cbio, rbio != NULL ? rbio : cbio,
-                                 !use_ssl && proxy != NULL, server, port, path,
-                                 headers, content_type, req_mem, maxline,
-                                 update_timeout(timeout, start_time),
-                                 expected_ct, expect_asn1);
-    if (rctx == NULL)
-        goto end;
+    rctx = http_req_ctx_new(bio == NULL, cbio, rbio != NULL ? rbio : cbio,
+                            bio_update_fn, arg, use_ssl, proxy, server, port,
+                            buf_size, overall_timeout);
+
+ end:
+    if (rctx != NULL)
+        /* remove any spurious error queue entries by ssl_add_cert_chain() */
+        (void)ERR_pop_to_mark();
+    else
+        (void)ERR_clear_last_mark();
+
+    return rctx;
+}
+
+int OSSL_HTTP_set_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
+                          const STACK_OF(CONF_VALUE) *headers,
+                          const char *content_type, BIO *req,
+                          const char *expected_content_type, int expect_asn1,
+                          size_t max_resp_len, int timeout, int keep_alive)
+{
+    int use_http_proxy;
+
+    if (rctx == NULL) {
+        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    use_http_proxy = rctx->proxy != NULL && !rctx->use_ssl;
+    if (use_http_proxy && (rctx->server == NULL || rctx->port == NULL)) {
+        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+    rctx->max_resp_len = max_resp_len; /* allows for 0: indefinite */
+
+    return OSSL_HTTP_REQ_CTX_set_request_line(rctx, req != NULL,
+                                              use_http_proxy ? rctx->server
+                                              : NULL, rctx->port, path)
+        && add1_headers(rctx, headers, rctx->server)
+        && OSSL_HTTP_REQ_CTX_set_expected(rctx, expected_content_type,
+                                          expect_asn1, timeout, keep_alive)
+        && set_content(rctx, content_type, req);
+}
+
+/*-
+ * Exchange single HTTP request and response according to rctx.
+ * If rctx->method_POST then use POST, else use GET and ignore content_type.
+ * The redirection_url output (freed by caller) parameter is used only for GET.
+ */
+BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url)
+{
+    BIO *resp;
+
+    if (rctx == NULL) {
+        ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (redirection_url != NULL)
+        *redirection_url = NULL; /* do this beforehand to prevent dbl free */
 
     resp = OSSL_HTTP_REQ_CTX_exchange(rctx);
     if (resp == NULL) {
@@ -956,43 +1007,27 @@ BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
                         && reason == CMP_R_POTENTIALLY_INVALID_CERTIFICATE)
 #endif
                 ) {
-                BIO_snprintf(buf, 200, "server=%s:%s", server, port);
-                ERR_add_error_data(1, buf);
-                if (proxy != NULL)
-                    ERR_add_error_data(2, " proxy=", proxy);
+                if (rctx->server != NULL) {
+                    BIO_snprintf(buf, sizeof(buf), "server=http%s://%s%s%s",
+                                 rctx->use_ssl ? "s" : "", rctx->server,
+                                 rctx->port != NULL ? ":" : "",
+                                 rctx->port != NULL ? rctx->port : "");
+                    ERR_add_error_data(1, buf);
+                }
+                if (rctx->proxy != NULL)
+                    ERR_add_error_data(2, " proxy=", rctx->proxy);
                 if (err == 0) {
-                    BIO_snprintf(buf, 200, " peer has disconnected%s",
-                                 use_ssl ? " violating the protocol" :
+                    BIO_snprintf(buf, sizeof(buf), " peer has disconnected%s",
+                                 rctx->use_ssl ? " violating the protocol" :
                                  ", likely because it requires the use of TLS");
                     ERR_add_error_data(1, buf);
                 }
             }
         }
     }
-    /* callback can be used to clean up TLS session */
-    if (bio_update_fn != NULL
-            && (*bio_update_fn)(cbio, arg, 0, resp != NULL) == NULL)
-        resp = NULL;
 
     if (resp != NULL && !BIO_up_ref(resp))
         resp = NULL;
-    OSSL_HTTP_REQ_CTX_free(rctx);
-
- end:
-    /*
-     * Use BIO_free_all() because bio_update_fn may prepend or append to cbio.
-     * This also frees any (e.g., SSL/TLS) BIOs linked with bio and,
-     * like BIO_reset(bio), calls SSL_shutdown() to notify/alert the peer.
-     */
-    if (bio == NULL) /* cbio was not provided by caller */
-        BIO_free_all(cbio);
-
-    if (resp != NULL)
-        /* remove any spurious error queue entries by ssl_add_cert_chain() */
-        (void)ERR_pop_to_mark();
-    else
-        (void)ERR_clear_last_mark();
-
     return resp;
 }
 
@@ -1018,17 +1053,17 @@ static int redirection_ok(int n_redir, const char *old_url, const char *new_url)
 BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                    BIO *bio, BIO *rbio,
                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
-                   int maxline, const STACK_OF(CONF_VALUE) *headers,
+                   int buf_size, const STACK_OF(CONF_VALUE) *headers,
                    const char *expected_ct, int expect_asn1,
                    size_t max_resp_len, int timeout)
 {
-    time_t start_time = timeout > 0 ? time(NULL) : 0;
     char *current_url, *redirection_url = NULL;
     int n_redirs = 0;
     char *host;
     char *port;
     char *path;
     int use_ssl;
+    OSSL_HTTP_REQ_CTX *rctx;
     BIO *resp = NULL;
 
     if (url == NULL) {
@@ -1043,14 +1078,21 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                                  &port, NULL /* port_num */, &path, NULL, NULL))
             break;
 
-     new_rpath:
-        resp = OSSL_HTTP_transfer((OSSL_HTTP_REQ_CTX **)&redirection_url, /* TODO(3.0) fix when API approved */
-                                  host, port, path, use_ssl, proxy, no_proxy,
-                                  bio, rbio,
-                                  bio_update_fn, arg, maxline, headers, NULL, NULL,
-                                  expected_ct, expect_asn1,
-                                  max_resp_len,
-                                  update_timeout(timeout, start_time), 0);
+        rctx = OSSL_HTTP_open(host, port, proxy, no_proxy,
+                              use_ssl, bio, rbio, bio_update_fn, arg,
+                              buf_size, timeout);
+    new_rpath:
+        if (rctx != NULL) {
+            if (!OSSL_HTTP_set_request(rctx, path, headers,
+                                       NULL /* content_type */,
+                                       NULL /* req */,
+                                       expected_ct, expect_asn1, max_resp_len,
+                                       -1 /* use same max time (timeout) */,
+                                       0 /* no keep_alive */))
+                OSSL_HTTP_REQ_CTX_free(rctx);
+            else
+                resp = OSSL_HTTP_exchange(rctx, &redirection_url);
+        }
         OPENSSL_free(path);
         if (resp == NULL && redirection_url != NULL) {
             if (redirection_ok(++n_redirs, current_url, redirection_url)) {
@@ -1063,21 +1105,72 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                 }
                 OPENSSL_free(host);
                 OPENSSL_free(port);
+                (void)OSSL_HTTP_close(rctx, 1);
                 continue;
             }
+            /* if redirection not allowed, ignore it */
             OPENSSL_free(redirection_url);
         }
         OPENSSL_free(host);
         OPENSSL_free(port);
+        if (!OSSL_HTTP_close(rctx, resp != NULL)) {
+            BIO_free(resp);
+            resp = NULL;
+        }
         break;
     }
     OPENSSL_free(current_url);
     return resp;
 }
 
+/* Exchange request and response over a connection managed via |prctx| */
+BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx,
+                        const char *server, const char *port,
+                        const char *path, int use_ssl,
+                        const char *proxy, const char *no_proxy,
+                        BIO *bio, BIO *rbio,
+                        OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                        int buf_size, const STACK_OF(CONF_VALUE) *headers,
+                        const char *content_type, BIO *req,
+                        const char *expected_ct, int expect_asn1,
+                        size_t max_resp_len, int timeout, int keep_alive)
+{
+    OSSL_HTTP_REQ_CTX *rctx = prctx == NULL ? NULL : *prctx;
+    BIO *resp = NULL;
+
+    if (rctx == NULL) {
+        rctx = OSSL_HTTP_open(server, port, proxy, no_proxy,
+                              use_ssl, bio, rbio, bio_update_fn, arg,
+                              buf_size, timeout);
+        timeout = -1; /* Already set during opening the connection */
+    }
+    if (rctx != NULL) {
+        if (OSSL_HTTP_set_request(rctx, path, headers, content_type, req,
+                                  expected_ct, expect_asn1,
+                                  max_resp_len, timeout, keep_alive))
+            resp = OSSL_HTTP_exchange(rctx, NULL);
+        if (resp == NULL || !OSSL_HTTP_is_alive(rctx)) {
+            if (!OSSL_HTTP_close(rctx, resp != NULL)) {
+                BIO_free(resp);
+                resp = NULL;
+            }
+            rctx = NULL;
+        }
+    }
+    if (prctx != NULL)
+        *prctx = rctx;
+    return resp;
+}
+
 int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok)
 {
-    return 0; /* TODO(3.0) expand */
+    int ret = 1;
+
+    /* callback can be used to clean up TLS session on disconnect */
+    if (rctx != NULL && rctx->upd_fn != NULL)
+        ret = (*rctx->upd_fn)(rctx->wbio, rctx->upd_arg, 0, ok) != NULL;
+    OSSL_HTTP_REQ_CTX_free(rctx);
+    return ret;
 }
 
 /* BASE64 encoder used for encoding basic proxy authentication credentials */
@@ -1137,7 +1230,7 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
     }
     BIO_push(fbio, bio);
 
-    BIO_printf(fbio, "CONNECT %s:%s "HTTP_PREFIX"1.0\r\n", server, port);
+    BIO_printf(fbio, "CONNECT %s:%s "HTTP_1_0"\r\n", server, port);
 
     /*
      * Workaround for broken proxies which would otherwise close
@@ -1199,23 +1292,25 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
         if (read_len < HTTP_LINE1_MINLEN)
             continue;
 
-        /* RFC 7231 4.3.6: any 2xx status code is valid */
+        /* Check for HTTP/1.x */
         if (strncmp(mbuf, HTTP_PREFIX, strlen(HTTP_PREFIX)) != 0) {
-            ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_PARSE_ERROR);
+            ERR_raise(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR);
             BIO_printf(bio_err, "%s: HTTP CONNECT failed, non-HTTP response\n",
                        prog);
             /* Wrong protocol, not even HTTP, so stop reading headers */
             goto end;
         }
         mbufp = mbuf + strlen(HTTP_PREFIX);
-        if (strncmp(mbufp, HTTP_VERSION_PATT, strlen(HTTP_VERSION_PATT)) != 0) {
+        if (strncmp(mbufp, HTTP_VERSION_PATT, HTTP_VERSION_PATT_LEN) != 0) {
             ERR_raise(ERR_LIB_HTTP, HTTP_R_RECEIVED_WRONG_HTTP_VERSION);
             BIO_printf(bio_err,
                        "%s: HTTP CONNECT failed, bad HTTP version %.*s\n",
-                       prog, HTTP_VERSION_STR_LEN, mbufp);
+                       prog, (int)HTTP_VERSION_STR_LEN, mbufp);
             goto end;
         }
         mbufp += HTTP_VERSION_STR_LEN;
+
+        /* RFC 7231 4.3.6: any 2xx status code is valid */
         if (strncmp(mbufp, " 2", strlen(" 2")) != 0) {
             mbufp += 1;
             /* chop any trailing whitespace */
diff --git a/crypto/http/http_err.c b/crypto/http/http_err.c
index 2bb6d97290..4ac639197e 100644
--- a/crypto/http/http_err.c
+++ b/crypto/http/http_err.c
@@ -27,6 +27,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
     {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_SENDING), "error sending"},
     {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_FAILED_READING_DATA),
     "failed reading data"},
+    {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_HEADER_PARSE_ERROR),
+    "header parse error"},
     {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INCONSISTENT_CONTENT_LENGTH),
     "inconsistent content length"},
     {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_PORT_NUMBER),
@@ -53,6 +55,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
     "response line too long"},
     {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_PARSE_ERROR),
     "response parse error"},
+    {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SERVER_CANCELED_CONNECTION),
+    "server canceled connection"},
     {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SOCK_NOT_SUPPORTED),
     "sock not supported"},
     {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_STATUS_CODE_UNSUPPORTED),
diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c
index 8cf816e53f..f19047aa08 100644
--- a/crypto/ocsp/ocsp_http.c
+++ b/crypto/ocsp/ocsp_http.c
@@ -14,16 +14,25 @@
 #ifndef OPENSSL_NO_OCSP
 
 OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
-                                    const OCSP_REQUEST *req, int maxline)
+                                    const OCSP_REQUEST *req, int buf_size)
 {
-    OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(io, io, maxline);
+    OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(io, io, buf_size);
 
     if (rctx == NULL)
         return NULL;
-
-    if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */, NULL, NULL, path))
+    /*-
+     * by default:
+     * no bio_update_fn (and consequently no arg)
+     * no ssl
+     * no proxy
+     * no timeout (blocking indefinitely)
+     * no expected content type
+     * max_resp_len = 100 KiB
+     */
+    if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */,
+                                            NULL, NULL, path))
         goto err;
-
+    /* by default, no extra headers */
     if (!OSSL_HTTP_REQ_CTX_set_expected(rctx,
                                         NULL /* content_type */, 1 /* asn1 */,
                                         0 /* timeout */, 0 /* keep_alive */))
@@ -31,9 +40,8 @@ OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
     if (req != NULL
         && !OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request",
                                        ASN1_ITEM_rptr(OCSP_REQUEST),
-                                       (ASN1_VALUE *)req))
+                                       (const ASN1_VALUE *)req))
         goto err;
-
     return rctx;
 
  err:
@@ -47,7 +55,7 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
     OSSL_HTTP_REQ_CTX *ctx;
     BIO *mem;
 
-    ctx = OCSP_sendreq_new(b, path, req, -1 /* default max resp line length */);
+    ctx = OCSP_sendreq_new(b, path, req, 0 /* default buf_size */);
     if (ctx == NULL)
         return NULL;
     mem = OSSL_HTTP_REQ_CTX_exchange(ctx);
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 1bd47ce654..ba400d1103 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -79,7 +79,7 @@ static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
                              bio, rbio, NULL /* cb */ , NULL /* arg */,
                              1024 /* buf_size */, NULL /* headers */,
                              NULL /* expected_ct */, 1 /* expect_asn1 */,
-                             HTTP_DEFAULT_MAX_RESP_LEN, timeout);
+                             OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
     ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
 
     BIO_free(mem);
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index 4260c04d88..51ac68d1a7 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -194,10 +194,20 @@ The following options can be set:
         due to errors, warnings, general info, debugging, etc.
         Default is OSSL_CMP_LOG_INFO. See also L<OSSL_CMP_log_open(3)>.
 
+=item B<OSSL_CMP_OPT_KEEP_ALIVE>
+
+        If the given value is 0 then HTTP connections are not kept open
+        after receiving a response, which is the default behavior for HTTP 1.0.
+        If the value is 1 or 2 then persistent connections are requested.
+        If the value is 2 then persistent connections are required,
+        i.e., in case the server does not grant them an error occurs.
+        The default value is 1: prefer to keep the connection open.
+
 =item B<OSSL_CMP_OPT_MSG_TIMEOUT>
 
         Number of seconds (or 0 for infinite) a CMP message round trip is
-        allowed to take before a timeout error is returned. Default is 120.
+        allowed to take before a timeout error is returned.
+        Default is to use the B<OSSL_CMP_OPT_MSG_TIMEOUT> setting.
 
 =item B<OSSL_CMP_OPT_TOTAL_TIMEOUT>
 
@@ -602,6 +612,7 @@ OSSL_CMP_CTX_set_certConf_cb_arg(), or NULL if unset.
 
 OSSL_CMP_CTX_get_status() returns the PKIstatus from the last received
 CertRepMessage or Revocation Response or error message, or -1 if unset.
+For server contexts it returns -2 if a transaction is open, else -1.
 
 OSSL_CMP_CTX_get0_statusString() returns the statusString from the last received
 CertRepMessage or Revocation Response or error message, or NULL if unset.
diff --git a/doc/man3/OSSL_CMP_SRV_CTX_new.pod b/doc/man3/OSSL_CMP_SRV_CTX_new.pod
index adce88547b..bad043cb92 100644
--- a/doc/man3/OSSL_CMP_SRV_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_SRV_CTX_new.pod
@@ -89,6 +89,10 @@ Its arguments are the B<OSSL_CMP_SRV_CTX> I<srv_ctx> and the CMP request message
 I<req>. It does the typical generic checks on I<req>, calls
 the respective callback function (if present) for more specific processing,
 and then assembles a result message, which may be a CMP error message.
+If after return of the function the expression
+I<OSSL_CMP_CTX_get_status(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx))> yields -1
+then the function has closed the current transaction,
+which may be due to normal successful end of the transaction or due to an error.
 
 OSSL_CMP_CTX_server_perform() is an interface to
 OSSL_CMP_SRV_process_request() that can be used by a CMP client
diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod
index a09b9b81a9..ec358d265f 100644
--- a/doc/man3/OSSL_HTTP_REQ_CTX.pod
+++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod
@@ -64,7 +64,7 @@ which gets populated with the B<BIO> to write/send the request to (I<wbio>),
 the B<BIO> to read/receive the response from (I<rbio>, which may be equal to
 I<wbio>), and the maximum expected response header line length I<buf_size>.
 A value <= 0 indicates that
-the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB should be used.
+the B<OSSL_HTTP_DEFAULT_MAX_LINE_LEN> of 4KiB should be used.
 I<buf_size> is also used as the number of content bytes that are read at a time.
 The allocated context structure is also populated with an internal allocated
 memory B<BIO>, which collects the HTTP request and additional headers as text.
@@ -154,7 +154,7 @@ in I<rctx> if provided by the server as <Content-Length> header field, else 0.
 
 OSSL_HTTP_REQ_CTX_set_max_response_length() sets the maximum allowed
 response content length for I<rctx> to I<len>. If not set or I<len> is 0
-then the B<HTTP_DEFAULT_MAX_RESP_LEN> is used, which currently is 100 KiB.
+then the B<OSSL_HTTP_DEFAULT_MAX_RESP_LEN> is used, which currently is 100 KiB.
 If the C<Content-Length> header is present and exceeds this value or
 the content is an ASN.1 encoded structure with a length exceeding this value
 or both length indications are present but disagree then an error occurs.
@@ -222,7 +222,7 @@ OSSL_HTTP_REQ_CTX_nbio() and OSSL_HTTP_REQ_CTX_nbio_d2i()
 return 1 for success, 0 on error or redirection, -1 if retry is needed.
 
 OSSL_HTTP_REQ_CTX_exchange() and OSSL_HTTP_REQ_CTX_get0_mem_bio()
-returns a pointer to a B<BIO> on success and NULL on failure.
+return a pointer to a B<BIO> on success and NULL on failure.
 
 OSSL_HTTP_REQ_CTX_get_resp_len() returns the size of the response contents
 or 0 if not available or an error occurred.
diff --git a/doc/man3/OSSL_HTTP_parse_url.pod b/doc/man3/OSSL_HTTP_parse_url.pod
index 60589b6bf9..559ff1dd08 100644
--- a/doc/man3/OSSL_HTTP_parse_url.pod
+++ b/doc/man3/OSSL_HTTP_parse_url.pod
@@ -31,7 +31,7 @@ L<openssl_user_macros(7)>:
 OSSL_parse_url() parses its input string I<url> as a URL of the form
 C<[scheme://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up
 into scheme, userinfo, host, port, path, query, and fragment components.
-The host component may be a DNS name or an IP address
+The host (or server) component may be a DNS name or an IP address
 where IPv6 addresses should be enclosed in square brackets C<[> and C<]>.
 The port component is optional and defaults to C<0>.
 If given, it must be in decimal form.  If the I<pport_num> argument is not NULL
@@ -52,6 +52,8 @@ If I<pssl> is not NULL, I<*pssl> is assigned 1 in case parsing was successful
 and the scheme is C<https>, else 0.
 The port component is optional and defaults to C<443> if the scheme is C<https>,
 else C<80>.
+Note that relative paths must be given with a leading C</>,
+otherwise the first path element is interpreted as the hostname.
 
 Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl)
 is equivalent to
@@ -59,7 +61,7 @@ OSSL_HTTP_parse_url(url, ssl, NULL, host, port, NULL, path, NULL, NULL).
 
 =head1 RETURN VALUES
 
-OSSL_HTTP_parse_url() and OCSP_parse_url()
+OSSL_parse_url(), OSSL_HTTP_parse_url(), and OCSP_parse_url()
 return 1 on success, 0 on error.
 
 =head1 SEE ALSO
@@ -68,7 +70,7 @@ L<OSSL_HTTP_transfer(3)>
 
 =head1 HISTORY
 
-OOSSL_HTTP_parse_url() was added in OpenSSL 3.0.
+OSSL_parse_url() and OSSL_HTTP_parse_url() were added in OpenSSL 3.0.
 OCSP_parse_url() was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod
index da84789472..d6eb39f652 100644
--- a/doc/man3/OSSL_HTTP_transfer.pod
+++ b/doc/man3/OSSL_HTTP_transfer.pod
@@ -123,8 +123,7 @@ Here is a simple example that supports TLS connections (but not via a proxy):
 After disconnect the modified BIO will be deallocated using BIO_free_all().
 
 The I<buf_size> parameter specifies the response header maximum line length.
-A value <= 0 indicates that
-the B<HTTP_DEFAULT_MAX_LINE_LENGTH> of 4KiB should be used.
+A value <= 0 means that the B<OSSL_HTTP_DEFAULT_MAX_LINE_LEN> (4KiB) is used.
 I<buf_size> is also used as the number of content bytes that are read at a time.
 
 If the I<overall_timeout> parameter is > 0 this indicates the maximum number of
diff --git a/include/openssl/http.h b/include/openssl/http.h
index 2140d5d2f8..76d20c5242 100644
--- a/include/openssl/http.h
+++ b/include/openssl/http.h
@@ -33,8 +33,8 @@ extern "C" {
 # define OPENSSL_HTTP_PROXY "HTTP_PROXY"
 # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
 
-#define HTTP_DEFAULT_MAX_LINE_LENGTH (4 * 1024)
-#define HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
+#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
+#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
 
 /* Low-level HTTP API */
 OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size);
diff --git a/test/http_test.c b/test/http_test.c
index e4209a37c0..b9f7452744 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -17,26 +17,30 @@
 
 static const ASN1_ITEM *x509_it = NULL;
 static X509 *x509 = NULL;
-#define SERVER "mock.server"
-#define PORT   "81"
-#define RPATH  "path/any.crt"
-static const char *rpath;
-
-/*
- * pretty trivial HTTP mock server:
- * for POST, copy request headers+body from mem BIO 'in' as response to 'out'
- * for GET, first redirect the request then respond with 'rsp' of ASN1 type 'it'
+#define RPATH "/path/result.crt"
+
+typedef struct {
+    BIO *out;
+    char version;
+    int keep_alive;
+} server_args;
+
+/*-
+ * Pretty trivial HTTP mock server:
+ * For POST, copy request headers+body from mem BIO 'in' as response to 'out'.
+ * For GET, redirect to RPATH, else respond with 'rsp' of ASN1 type 'it'.
+ * Respond with HTTP version 1.'version' and 'keep_alive' (unless implicit).
  */
-static int mock_http_server(BIO *in, BIO *out,
+static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive,
                             ASN1_VALUE *rsp, const ASN1_ITEM *it)
 {
-    const char *req;
+    const char *req, *path;
     long count = BIO_get_mem_data(in, (unsigned char **)&req);
     const char *hdr = (char *)req;
     int is_get = count >= 4 && strncmp(hdr, "GET ", 4) == 0;
     int len;
 
-    /* first line should contain "<GET or POST> <rpath> HTTP/1.x" */
+    /* first line should contain "<GET or POST> <path> HTTP/1.x" */
     if (is_get)
         hdr += 4;
     else if (TEST_true(count >= 5 && strncmp(hdr, "POST ", 5) == 0))
@@ -44,16 +48,12 @@ static int mock_http_server(BIO *in, BIO *out,
     else
         return 0;
 
-    while (*rpath == '/')
-        rpath++;
-    while (*hdr == '/')
-        hdr++;
-    len = strlen(rpath);
-    if (!TEST_strn_eq(hdr, rpath, len) || !TEST_char_eq(hdr++[len], ' '))
+    path = hdr;
+    hdr = strchr(hdr, ' ');
+    if (hdr == NULL)
         return 0;
-    hdr += len;
     len = strlen("HTTP/1.");
-    if (!TEST_strn_eq(hdr, "HTTP/1.", len))
+    if (!TEST_strn_eq(++hdr, "HTTP/1.", len))
         return 0;
     hdr += len;
     /* check for HTTP version 1.0 .. 1.1 */
@@ -62,16 +62,22 @@ static int mock_http_server(BIO *in, BIO *out,
     if (!TEST_char_eq(*hdr++, '\r') || !TEST_char_eq(*hdr++, '\n'))
         return 0;
     count -= (hdr - req);
-    if (count <= 0 || out == NULL)
+    if (count < 0 || out == NULL)
         return 0;
 
-    if (is_get && strcmp(rpath, RPATH) == 0) {
-        rpath = "path/new.crt";
-        return BIO_printf(out, "HTTP/1.1 301 Moved Permanently\r\n"
-                          "Location: /%s\r\n\r\n", rpath) > 0; /* same server */
+    if (strncmp(path, RPATH, strlen(RPATH)) != 0) {
+        if (!is_get)
+            return 0;
+        return BIO_printf(out, "HTTP/1.%c 301 Moved Permanently\r\n"
+                          "Location: %s\r\n\r\n",
+                          version, RPATH) > 0; /* same server */
     }
-    if (BIO_printf(out, "HTTP/1.1 200 OK\r\n") <= 0)
+    if (BIO_printf(out, "HTTP/1.%c 200 OK\r\n", version) <= 0)
         return 0;
+    if ((version == '0') == keep_alive) /* otherwise, default */
+        if (BIO_printf(out, "Connection: %s\r\n",
+                       version == '0' ? "keep-alive" : "close") <= 0)
+            return 0;
     if (is_get) { /* construct new header and body */
         if ((len = ASN1_item_i2d(rsp, NULL, it)) <= 0)
             return 0;
@@ -80,16 +86,26 @@ static int mock_http_server(BIO *in, BIO *out,
             return 0;
         return ASN1_item_i2d_bio(it, out, rsp);
     } else {
-        return BIO_write(out, hdr, count) == count; /* echo header and body */
+        len = strlen("Connection: ");
+        if (strncmp(hdr, "Connection: ", len) == 0) {
+            /* skip req Connection header */
+            hdr = strstr(hdr + len, "\r\n");
+            if (hdr == NULL)
+                return 0;
+            hdr += 2;
+        }
+        /* echo remaining request header and body */
+        return BIO_write(out, hdr, count) == count;
     }
 }
 
 static long http_bio_cb_ex(BIO *bio, int oper, const char *argp, size_t len,
                            int cmd, long argl, int ret, size_t *processed)
 {
+    server_args *args = (server_args *)BIO_get_callback_arg(bio);
 
     if (oper == (BIO_CB_CTRL | BIO_CB_RETURN) && cmd == BIO_CTRL_FLUSH)
-        ret = mock_http_server(bio, (BIO *)BIO_get_callback_arg(bio),
+        ret = mock_http_server(bio, args->out, args->version, args->keep_alive,
                                (ASN1_VALUE *)x509, x509_it);
     return ret;
 }
@@ -99,6 +115,7 @@ static int test_http_x509(int do_get)
     X509 *rcert = NULL;
     BIO *wbio = BIO_new(BIO_s_mem());
     BIO *rbio = BIO_new(BIO_s_mem());
+    server_args mock_args = { NULL, '0', 0 };
     BIO *rsp, *req = ASN1_item_i2d_mem_bio(x509_it, (ASN1_VALUE *)x509);
     STACK_OF(CONF_VALUE) *headers = NULL;
     const char content_type[] = "application/x-x509-ca-cert";
@@ -106,23 +123,23 @@ static int test_http_x509(int do_get)
 
     if (wbio == NULL || rbio == NULL || req == NULL)
         goto err;
+    mock_args.out = rbio;
     BIO_set_callback_ex(wbio, http_bio_cb_ex);
-    BIO_set_callback_arg(wbio, (char *)rbio);
+    BIO_set_callback_arg(wbio, (char *)&mock_args);
 
-    rpath = RPATH;
     rsp = do_get ?
-        OSSL_HTTP_get("http://"SERVER":"PORT"/"RPATH,
+        OSSL_HTTP_get("/will-be-redirected",
                       NULL /* proxy */, NULL /* no_proxy */,
-                      wbio, rbio, NULL /* bio_fn */, NULL /* arg */,
+                      wbio, rbio, NULL /* bio_update_fn */, NULL /* arg */,
                       0 /* buf_size */, headers, content_type,
                       1 /* expect_asn1 */,
-                      HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */)
+                      OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */)
         : OSSL_HTTP_transfer(NULL, NULL /* host */, NULL /* port */, RPATH,
                              0 /* use_ssl */,NULL /* proxy */, NULL /* no_pr */,
                              wbio, rbio, NULL /* bio_fn */, NULL /* arg */,
                              0 /* buf_size */, headers, content_type,
                              req, content_type, 1 /* expect_asn1 */,
-                             HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */,
+                             OSSL_HTTP_DEFAULT_MAX_RESP_LEN, 0 /* timeout */,
                              0 /* keep_alive */);
     rcert = d2i_X509_bio(rsp, NULL);
     BIO_free(rsp);
@@ -137,6 +154,52 @@ static int test_http_x509(int do_get)
     return res;
 }
 
+static int test_http_keep_alive(char version, int keep_alive, int kept_alive)
+{
+    BIO *wbio = BIO_new(BIO_s_mem());
+    BIO *rbio = BIO_new(BIO_s_mem());
+    BIO *rsp;
+    server_args mock_args = { NULL, '0', 0 };
+    const char *const content_type = "application/x-x509-ca-cert";
+    OSSL_HTTP_REQ_CTX *rctx = NULL;
+    int i, res = 0;
+
+    if (wbio == NULL || rbio == NULL)
+        goto err;
+    mock_args.out = rbio;
+    mock_args.version = version;
+    mock_args.keep_alive = kept_alive;
+    BIO_set_callback_ex(wbio, http_bio_cb_ex);
+    BIO_set_callback_arg(wbio, (char *)&mock_args);
+
+    for (res = 1, i = 1; res && i <= 2; i++) {
+        rsp = OSSL_HTTP_transfer(&rctx, NULL /* server */, NULL /* port */,
+                                 RPATH, 0 /* use_ssl */,
+                                 NULL /* proxy */, NULL /* no_proxy */,
+                                 wbio, rbio, NULL /* bio_update_fn */, NULL,
+                                 0 /* buf_size */, NULL /* headers */,
+                                 NULL /* content_type */, NULL /* req => GET */,
+                                 content_type, 0 /* ASN.1 not expected */,
+                                 0 /* max_resp_len */, 0 /* timeout */,
+                                 keep_alive);
+        if (keep_alive == 2 && kept_alive == 0)
+            res = res && TEST_ptr_null(rsp)
+                && TEST_int_eq(OSSL_HTTP_is_alive(rctx), 0);
+        else
+            res = res && TEST_ptr(rsp)
+                && TEST_int_eq(OSSL_HTTP_is_alive(rctx), keep_alive > 0);
+        BIO_free(rsp);
+        (void)BIO_reset(rbio); /* discard response contents */
+        keep_alive = 0;
+    }
+    OSSL_HTTP_close(rctx, res);
+
+ err:
+    BIO_free(wbio);
+    BIO_free(rbio);
+    return res;
+}
+
 static int test_http_url_ok(const char *url, int exp_ssl, const char *exp_host,
                             const char *exp_port, const char *exp_path)
 {
@@ -253,21 +316,61 @@ static int test_http_post_x509(void)
     return test_http_x509(0);
 }
 
+static int test_http_keep_alive_0_no_no(void)
+{
+    return test_http_keep_alive('0', 0, 0);
+}
+
+static int test_http_keep_alive_1_no_no(void)
+{
+    return test_http_keep_alive('1', 0, 0);
+}
+
+static int test_http_keep_alive_0_prefer_yes(void)
+{
+    return test_http_keep_alive('0', 1, 1);
+}
+
+static int test_http_keep_alive_1_prefer_yes(void)
+{
+    return test_http_keep_alive('1', 1, 1);
+}
+
+static int test_http_keep_alive_0_require_yes(void)
+{
+    return test_http_keep_alive('0', 2, 1);
+}
+
+static int test_http_keep_alive_1_require_yes(void)
+{
+    return test_http_keep_alive('1', 2, 1);
+}
+
+static int test_http_keep_alive_0_require_no(void)
+{
+    return test_http_keep_alive('0', 2, 0);
+}
+
+static int test_http_keep_alive_1_require_no(void)
+{
+    return test_http_keep_alive('1', 2, 0);
+}
+
 void cleanup_tests(void)
 {
     X509_free(x509);
 }
 
+OPT_TEST_DECLARE_USAGE("cert.pem\n")
+
 int setup_tests(void)
 {
-    if (!test_skip_common_options()) {
-        TEST_error("Error parsing test options\n");
+    if (!test_skip_common_options())
         return 0;
-    }
 
     x509_it = ASN1_ITEM_rptr(X509);
     if (!TEST_ptr((x509 = load_cert_pem(test_get_argument(0), NULL))))
-        return 1;
+        return 0;
 
     ADD_TEST(test_http_url_dns);
     ADD_TEST(test_http_url_path_query);
@@ -279,5 +382,13 @@ int setup_tests(void)
     ADD_TEST(test_http_url_invalid_path);
     ADD_TEST(test_http_get_x509);
     ADD_TEST(test_http_post_x509);
+    ADD_TEST(test_http_keep_alive_0_no_no);
+    ADD_TEST(test_http_keep_alive_1_no_no);
+    ADD_TEST(test_http_keep_alive_0_prefer_yes);
+    ADD_TEST(test_http_keep_alive_1_prefer_yes);
+    ADD_TEST(test_http_keep_alive_0_require_yes);
+    ADD_TEST(test_http_keep_alive_1_require_yes);
+    ADD_TEST(test_http_keep_alive_0_require_no);
+    ADD_TEST(test_http_keep_alive_1_require_no);
     return 1;
 }
diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv
index 5d1700fa21..3276eb5fb3 100644
--- a/test/recipes/80-test_cmp_http_data/test_connection.csv
+++ b/test/recipes/80-test_cmp_http_data/test_connection.csv
@@ -1,43 +1,49 @@
-expected,description, -section,val, -server,val, -proxy,val, -path,val, -msg_timeout,int, -total_timeout,int, -tls_used,noarg, -no_proxy,val
-,Message transfer options:,,,,,,,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,default config, -section,,,,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,,
-TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-1,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK,
-1,wrong server port, -section,, -server,_SERVER_HOST:99,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK,
-1,server default port, -section,, -server,_SERVER_HOST,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK,
-1,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-1,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-1,server missing argument, -section,, -server,,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1
-1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1
-1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1
-1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,,BLANK,
-0,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,,BLANK,
-0,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,, -path,"""",BLANK,,BLANK,,BLANK,,BLANK,
-1,path missing argument, -section,,,,,, -path,,BLANK,,BLANK,,BLANK,,BLANK,
-1,path wrong, -section,,,,,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,,BLANK,
-0,path with additional '/'s fine according to RFC 3986, -section,,,,,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,,BLANK
-1,path mixed case, -section,,,,,, -path,pKiX/,BLANK,,BLANK,,BLANK,,BLANK,
-1,path upper case, -section,,,,,, -path,PKIX/,BLANK,,BLANK,,BLANK,,BLANK,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-1,msg_timeout missing argument, -section,,,,,,,, -msg_timeout,,BLANK,,BLANK,,BLANK,
-1,msg_timeout negative, -section,,,,,,,, -msg_timeout,-5,BLANK,,BLANK,,BLANK,
-0,msg_timeout 5, -section,,,,,,,, -msg_timeout,5,BLANK,,BLANK,,BLANK,
-0,msg_timeout 0, -section,,,,,,,, -msg_timeout,0,BLANK,,BLANK,,BLANK,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-1,total_timeout missing argument, -section,,,,,,,,BLANK,, -total_timeout,,BLANK,,BLANK,
-1,total_timeout negative, -section,,,,,,,,BLANK,, -total_timeout,-5,BLANK,,BLANK,
-0,total_timeout 10, -section,,,,,,,,BLANK,, -total_timeout,10,BLANK,,BLANK,
-0,total_timeout 0, -section,,,,,,,,BLANK,, -total_timeout,0,BLANK,,BLANK,
-,,,,,,,,,,,,,,,,,,,,,,,,,
+expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls_used,noarg, -path,val, -msg_timeout,int, -total_timeout,int, -keep_alive,val
+,Message transfer options:,,,,,,,,,,,,,,,,,,
+,,,,,,,,,,,,,,,,,,,
+0,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,,,,,,,,,,,,
+TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
+,,,,,,,,,,,,,,,,,,,
+1,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
+1,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
+1,server default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
+1,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server missing argument, -section,, -server,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+,,,,,,,,,,,,,,,,,,,
+1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
+1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
+1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
+1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,, -no_proxy,nonmatch.com,BLANK,,,,BLANK,,BLANK,,BLANK,
+,,,,,,,,,,,,,,,,,,,
+0,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
+0,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
+0,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,,,,BLANK,, -path,"""",BLANK,,BLANK,,BLANK,
+1,path missing argument, -section,,,,,,,,BLANK,, -path,,BLANK,,BLANK,,BLANK,
+1,path wrong, -section,,,,,,,,BLANK,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,
+0,path with additional '/'s fine according to RFC 3986, -section,,,,,,,,BLANK,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,
+1,path mixed case, -section,,,,,,,,BLANK,, -path,pKiX/,BLANK,,BLANK,,BLANK,
+1,path upper case, -section,,,,,,,,BLANK,, -path,PKIX/,BLANK,,BLANK,,BLANK,
+,,,,,,,,,,,,,,,,,,,
+1,msg_timeout missing argument, -section,,,,,,,,BLANK,,,, -msg_timeout,,BLANK,,BLANK,
+1,msg_timeout negative, -section,,,,,,,,BLANK,,,, -msg_timeout,-5,BLANK,,BLANK,
+0,msg_timeout 5, -section,,,,,,,,BLANK,,,, -msg_timeout,5,BLANK,,BLANK,
+0,msg_timeout 0, -section,,,,,,,,BLANK,,,, -msg_timeout,0,BLANK,,BLANK,
+,,,,,,,,,,,,,,,,,,,
+1,total_timeout missing argument, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,,BLANK,
+1,total_timeout negative, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,-5,BLANK,
+0,total_timeout 10, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,10,BLANK,
+0,total_timeout 0, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,0,BLANK,
+,,,,,,,,,,,,,,,,,,,
+1,keep_alive missing argument, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,
+1,keep_alive negative, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,-1
+0,keep_alive 0, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,0
+0,keep_alive 1, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,1
+0,keep_alive 2, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,2
+1,keep_alive 3, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,3

From kaduk at mit.edu  Fri May 14 18:47:07 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Fri, 14 May 2021 18:47:07 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1621018027.930212.18463.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  b743b16113ca0e30c383191c804de37dbfc4f12e (commit)
       via  df1fd3c986f5a58b6dc87d2c4bb565a8f1e688fa (commit)
       via  5d88a9c62c81e38918becae96a842986e2e0940e (commit)
       via  1ab7b9991ba00a1423ec6c5898a70e11d1337cfb (commit)
      from  a812f8fc8f3c9ba30e5ecd2c168cca0613f15dcd (commit)


- Log -----------------------------------------------------------------
commit b743b16113ca0e30c383191c804de37dbfc4f12e
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 23:05:22 2021 -0700

    Update expected results for tls13kexmodes tests
    
    One of the scenarios constructed in these tests was erroneously
    producing successful handshakes until the previous commits, but should
    have been failing.  Update our expected behavior to match the
    specification requirements, and adjust the commentary slightly for
    a test case relevant for the other preceding commit.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    
    (cherry picked from commit 80c25611abd7067815943187f36f5e1879201678)
    
    (Merged from https://github.com/openssl/openssl/pull/15255)

commit df1fd3c986f5a58b6dc87d2c4bb565a8f1e688fa
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 21:27:49 2021 -0700

    Don't send key_share for PSK-only key exchange
    
    TLS 1.3 allows for the "psk_ke" and "psk_dhe_ke" key-exchange modes.
    Only the latter mode introduces a new ephemeral (Diffie-Hellman)
    key exchange, with the PSK being the only key material used in the
    former case.
    
    It's a compliance requirement of RFC 8446 that the server MUST NOT
    send a KeyShareEntry when using the "psk_ke" mode, but prior to
    this commit we would send a key-share based solely on whether the
    client sent one.  This bug goes unnoticed in our internal test suite
    since openssl communicating with openssl can never negotiate the
    PSK-only key-exchange mode.  However, we should still be compliant
    with the spec, so check whether the DHE mode was offered and don't
    send a key-share if it wasn't.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    
    (cherry picked from commit e776858bce32d473bd7a69c616ad7f6c2f979dfc)
    
    (Merged from https://github.com/openssl/openssl/pull/15255)

commit 5d88a9c62c81e38918becae96a842986e2e0940e
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 23:08:10 2021 -0700

    make update
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15255)

commit 1ab7b9991ba00a1423ec6c5898a70e11d1337cfb
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 29 23:03:49 2021 -0700

    Improve RFC 8446 PSK key exchange mode compliance
    
    It's a MUST-level requirement that if the client sends a pre_shared_key
    extension not accompanied by a psk_key_exchange_modes extension, the
    server must abort the handshake.  Prior to this commit the server
    would continue on.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    
    (cherry picked from commit efe0f315354b020213097885c79ce856a2f5ac68)
    
    (Merged from https://github.com/openssl/openssl/pull/15255)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt               |  2 ++
 include/openssl/sslerr.h             |  2 ++
 ssl/ssl_err.c                        |  3 +++
 ssl/statem/extensions.c              | 19 ++++++++++++++++++-
 ssl/statem/extensions_srvr.c         |  7 +++++++
 test/recipes/70-test_tls13kexmodes.t | 12 +++++-------
 6 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index e0e60ffa38..017a9a6652 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1160,6 +1160,7 @@ SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
 SSL_F_FINAL_EMS:486:final_ems
 SSL_F_FINAL_KEY_SHARE:503:final_key_share
 SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
+SSL_F_FINAL_PSK:639:final_psk
 SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
 SSL_F_FINAL_SERVER_NAME:558:final_server_name
 SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
@@ -2741,6 +2742,7 @@ SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
 SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
 SSL_R_MISSING_FATAL:256:missing fatal
 SSL_R_MISSING_PARAMETERS:290:missing parameters
+SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension
 SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
 SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
 SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 9060fd1b75..701d61c6e9 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -70,6 +70,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_FINAL_EMS                                  486
 # define SSL_F_FINAL_KEY_SHARE                            503
 # define SSL_F_FINAL_MAXFRAGMENTLEN                       557
+# define SSL_F_FINAL_PSK                                  639
 # define SSL_F_FINAL_RENEGOTIATE                          483
 # define SSL_F_FINAL_SERVER_NAME                          558
 # define SSL_F_FINAL_SIG_ALGS                             497
@@ -592,6 +593,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
 # define SSL_R_MISSING_FATAL                              256
 # define SSL_R_MISSING_PARAMETERS                         290
+# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION            310
 # define SSL_R_MISSING_RSA_CERTIFICATE                    168
 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
 # define SSL_R_MISSING_RSA_SIGNING_CERT                   170
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index d0c69821b5..324f2ccbb0 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -85,6 +85,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
     {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
     {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
      "final_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"},
     {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
     {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
     {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},
@@ -948,6 +949,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "missing ecdsa signing cert"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION),
+    "missing psk kex modes extension"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
     "missing rsa certificate"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index e1a3b1db67..07803537ba 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -56,6 +56,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent);
 static int final_early_data(SSL *s, unsigned int context, int sent);
 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
 static int init_post_handshake_auth(SSL *s, unsigned int context);
+static int final_psk(SSL *s, unsigned int context, int sent);
 
 /* Structure to define a built-in extension */
 typedef struct extensions_definition_st {
@@ -389,7 +390,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
         | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
         NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
-        tls_construct_ctos_psk, NULL
+        tls_construct_ctos_psk, final_psk
     }
 };
 
@@ -1718,3 +1719,19 @@ static int init_post_handshake_auth(SSL *s, unsigned int context)
 
     return 1;
 }
+
+/*
+ * If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
+ * extension, servers MUST abort the handshake.
+ */
+static int final_psk(SSL *s, unsigned int context, int sent)
+{
+    if (s->server && sent && s->clienthello != NULL
+            && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
+        SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK,
+                 SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 3c7395c0eb..90e8bce19b 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1714,6 +1714,13 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
         }
         return EXT_RETURN_NOT_SENT;
     }
+    if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) {
+        /*
+         * PSK ('hit') and explicitly not doing DHE (if the client sent the
+         * DHE option we always take it); don't send key share.
+         */
+        return EXT_RETURN_NOT_SENT;
+    }
 
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
             || !WPACKET_start_sub_packet_u16(pkt)
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t
index 98989b4703..e8ab25f190 100644
--- a/test/recipes/70-test_tls13kexmodes.t
+++ b/test/recipes/70-test_tls13kexmodes.t
@@ -195,17 +195,14 @@ $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
 plan tests => 11;
 ok(TLSProxy::Message->success(), "Initial connection");
 
-#Test 2: Attempt a resume with no kex modes extension. Should not resume
+#Test 2: Attempt a resume with no kex modes extension. Should fail (server
+#        MUST abort handshake with pre_shared key and no psk_kex_modes)
 $proxy->clear();
 $proxy->clientflags("-sess_in ".$session);
 my $testtype = DELETE_EXTENSION;
 $proxy->filter(\&modify_kex_modes_filter);
 $proxy->start();
-checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::KEY_SHARE_SRV_EXTENSION
-               | checkhandshake::PSK_CLI_EXTENSION,
-               "Resume with no kex modes");
+ok(TLSProxy::Message->fail(), "Resume with no kex modes");
 
 #Test 3: Attempt a resume with empty kex modes extension. Should fail (empty
 #        extension is invalid)
@@ -243,6 +240,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
                "Resume with non-dhe kex mode");
 
 #Test 6: Attempt a resume with only unrecognised kex modes. Should not resume
+#        but rather fall back to full handshake
 $proxy->clear();
 $proxy->clientflags("-sess_in ".$session);
 $testtype = UNKNOWN_KEX_MODES;
@@ -252,7 +250,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                | checkhandshake::PSK_KEX_MODES_EXTENSION
                | checkhandshake::KEY_SHARE_SRV_EXTENSION
                | checkhandshake::PSK_CLI_EXTENSION,
-               "Resume with empty kex modes");
+               "Resume with unrecognized kex mode");
 
 #Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with
 #        a key_share

From pauli at openssl.org  Sat May 15 01:43:56 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 15 May 2021 01:43:56 +0000
Subject: [openssl]  master update
Message-ID: <1621043036.796798.21570.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a113826eac59a1e897c679beaa5934542c46952d (commit)
      from  647a5dbf10227d65919b49d078da4eaca313f921 (commit)


- Log -----------------------------------------------------------------
commit a113826eac59a1e897c679beaa5934542c46952d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 13 15:13:22 2021 +0100

    Fix a memleak on an error path in the pkcs12 test helpers
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15269)

-----------------------------------------------------------------------

Summary of changes:
 test/helpers/pkcs12.c | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/test/helpers/pkcs12.c b/test/helpers/pkcs12.c
index bdc8585535..ab877bca00 100644
--- a/test/helpers/pkcs12.c
+++ b/test/helpers/pkcs12.c
@@ -278,11 +278,9 @@ void start_contentinfo(PKCS12_BUILDER *pb)
 
 void end_contentinfo(PKCS12_BUILDER *pb)
 {
-    if (pb->success) {
-        if (pb->bags && !TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, -1, 0, NULL))) {
+    if (pb->success && pb->bags != NULL) {
+        if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, -1, 0, NULL)))
             pb->success = 0;
-            return;
-        }
     }
     sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);
     pb->bags = NULL;
@@ -291,19 +289,16 @@ void end_contentinfo(PKCS12_BUILDER *pb)
 
 void end_contentinfo_encrypted(PKCS12_BUILDER *pb, const PKCS12_ENC *enc)
 {
-    if (pb->success) {
-        if (pb->bags) {
-            if (legacy) {
-                if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, enc->nid, enc->iter, enc->pass))) {
-                    pb->success = 0;
-                    return;
-                }
-            } else {
-                if (!TEST_true(PKCS12_add_safe_ex(&pb->safes, pb->bags, enc->nid, enc->iter, enc->pass, test_ctx, test_propq))) {
-                    pb->success = 0;
-                    return;
-                }
-            }
+    if (pb->success && pb->bags != NULL) {
+        if (legacy) {
+            if (!TEST_true(PKCS12_add_safe(&pb->safes, pb->bags, enc->nid,
+                                           enc->iter, enc->pass)))
+                pb->success = 0;
+        } else {
+            if (!TEST_true(PKCS12_add_safe_ex(&pb->safes, pb->bags, enc->nid,
+                                              enc->iter, enc->pass, test_ctx,
+                                              test_propq)))
+                pb->success = 0;
         }
     }
     sk_PKCS12_SAFEBAG_pop_free(pb->bags, PKCS12_SAFEBAG_free);

From pauli at openssl.org  Sat May 15 01:49:38 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 15 May 2021 01:49:38 +0000
Subject: [openssl]  master update
Message-ID: <1621043378.616483.25809.nullmailer@dev.openssl.org>

The branch master has been updated
       via  af3521656d08b0876f1bcf326502e84c375222b7 (commit)
      from  a113826eac59a1e897c679beaa5934542c46952d (commit)


- Log -----------------------------------------------------------------
commit af3521656d08b0876f1bcf326502e84c375222b7
Author: Pauli <pauli at openssl.org>
Date:   Thu May 13 13:29:37 2021 +1000

    doc: document all functions in provider-base(7)
    
    Fixes #13358
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15259)

-----------------------------------------------------------------------

Summary of changes:
 doc/man7/provider-base.pod | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index fe48beb1d1..19cd4e445b 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -56,6 +56,8 @@ provider-base
  int CRYPTO_secure_allocated(const void *ptr);
  void OPENSSL_cleanse(void *ptr, size_t len);
 
+ unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen);
+
  OSSL_CORE_BIO *BIO_new_file(const char *filename, const char *mode);
  OSSL_CORE_BIO *BIO_new_membuf(const void *buf, int len);
  int BIO_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len,
@@ -67,7 +69,8 @@ provider-base
  int BIO_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list args);
  int BIO_vsnprintf(char *buf, size_t n, const char *fmt, va_list args);
 
- void self_test_cb(OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg);
+ void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb,
+                                  void *cbarg);
 
  size_t get_entropy(const OSSL_CORE_HANDLE *handle,
                     unsigned char **pout, int entropy,
@@ -107,6 +110,7 @@ provider-base
  const OSSL_ITEM *provider_get_reason_strings(void *provctx);
  int provider_get_capabilities(void *provctx, const char *capability,
                                OSSL_CALLBACK *cb, void *arg);
+ int provider_self_test(void *provctx);
 
 =head1 DESCRIPTION
 
@@ -138,7 +142,7 @@ provider):
  core_get_libctx                OSSL_FUNC_CORE_GET_LIBCTX
  core_new_error                 OSSL_FUNC_CORE_NEW_ERROR
  core_set_error_debug           OSSL_FUNC_CORE_SET_ERROR_DEBUG
- core_set_error                 OSSL_FUNC_CORE_SET_ERROR
+ core_vset_error                OSSL_FUNC_CORE_VSET_ERROR
  CRYPTO_malloc                  OSSL_FUNC_CRYPTO_MALLOC
  CRYPTO_zalloc                  OSSL_FUNC_CRYPTO_ZALLOC
  CRYPTO_memdup                  OSSL_FUNC_CRYPTO_MEMDUP
@@ -200,7 +204,7 @@ object for the current provider is stored, accessible through the I<handle>.
 This may sometimes be useful if the provider wishes to store a
 reference to its context in the same library context.
 
-core_new_error(), core_set_error_debug() and core_set_error() are
+core_new_error(), core_set_error_debug() and core_vset_error() are
 building blocks for reporting an error back to the core, with
 reference to the I<handle>.
 
@@ -221,7 +225,7 @@ line I<line> and the function name I<func> where the error occurred.
 
 This corresponds to the OpenSSL function L<ERR_set_debug(3)>.
 
-=item core_set_error()
+=item core_vset_error()
 
 sets the I<reason> for the error, along with any addition data.
 The I<reason> is a number defined by the provider and used to index
@@ -242,14 +246,14 @@ CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(),
 CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(),
 CRYPTO_secure_zalloc(), CRYPTO_secure_free(),
 CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(),
-BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_up_ref(), BIO_free(),
-BIO_vprintf(), OPENSSL_cleanse(), and OPENSSL_hexstr2buf()
-correspond exactly to the public functions with the same name.
-As a matter of fact, the pointers in the B<OSSL_DISPATCH> array are
-direct pointers to those public functions. Note that the BIO functions take an
-B<OSSL_CORE_BIO> type rather than the standard B<BIO> type. This is to ensure
-that a provider does not mix BIOs from the core with BIOs used on the provider
-side (the two are not compatible).
+BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_write_ex(), BIO_up_ref(),
+BIO_free(), BIO_vprintf(), BIO_vsnprintf(), OPENSSL_cleanse()
+and OPENSSL_hexstr2buf() correspond exactly to the public functions with
+the same name.  As a matter of fact, the pointers in the B<OSSL_DISPATCH>
+array are direct pointers to those public functions. Note that the BIO
+functions take an B<OSSL_CORE_BIO> type rather than the standard B<BIO>
+type. This is to ensure that a provider does not mix BIOs from the core
+with BIOs used on the provider side (the two are not compatible).
 OSSL_SELF_TEST_set_callback() is used to set an optional callback that can be
 passed into a provider. This may be ignored by a provider.
 

From pauli at openssl.org  Sat May 15 02:11:08 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 15 May 2021 02:11:08 +0000
Subject: [openssl]  master update
Message-ID: <1621044668.146507.31665.nullmailer@dev.openssl.org>

The branch master has been updated
       via  773f1c3320f546a53906bd377b2c9d385ece3c39 (commit)
      from  af3521656d08b0876f1bcf326502e84c375222b7 (commit)


- Log -----------------------------------------------------------------
commit 773f1c3320f546a53906bd377b2c9d385ece3c39
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 13 19:41:09 2021 +0200

    Add make update-fips-checksums to release.sh script
    
    Fixes #15223
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15271)

-----------------------------------------------------------------------

Summary of changes:
 dev/release.sh | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/dev/release.sh b/dev/release.sh
index 7a1ee4d270..14a3d445c6 100755
--- a/dev/release.sh
+++ b/dev/release.sh
@@ -30,7 +30,7 @@ Usage: release.sh [ options ... ]
                 key (default: use the default e-mail address? key).
 
 --no-upload     Don't upload to upload at dev.openssl.org.
---no-update     Don't perform 'make update'.
+--no-update     Don't perform 'make update' and 'make update-fips-checksums'.
 --verbose       Verbose output.
 --debug         Include debug output.  Implies --no-upload.
 
@@ -319,10 +319,12 @@ echo "== Configuring OpenSSL for update and release.  This may take a bit of tim
 
 ./Configure cc >&42
 
-$VERBOSE "== Checking source file updates"
+$VERBOSE "== Checking source file updates and fips checksums"
 
 make update >&42
 
+make update-fips-checksums >&42
+
 if [ -n "$(git status --porcelain)" ]; then
     $VERBOSE "== Committing updates"
     git add -u
@@ -337,7 +339,7 @@ fi
 if $do_branch; then
     $VERBOSE "== Creating a local update branch: $tmp_update_branch"
     git branch $git_quiet "$tmp_update_branch"
-fi    
+fi
 
 # Write the version information we updated
 set_version
@@ -410,7 +412,7 @@ cat "$HERE/dev/release-aux/$announce_template" \
           -e "s|\\\$sha256hash|$sha256hash|" \
     | perl -p "$HERE/dev/release-aux/fix-title.pl" \
     > "../$announce"
-              
+
 $VERBOSE "== Generating signatures: $tgzfile.asc $announce.asc"
 rm -f "../$tgzfile.asc" "../$announce.asc"
 echo "Signing the release files.  You may need to enter a pass phrase"
@@ -508,7 +510,7 @@ $VERBOSE "== Push what we have to the parent repository"
 git push parent HEAD
 
 # Done ###############################################################
-    
+
 $VERBOSE "== Done"
 
 cd $HERE
@@ -697,7 +699,7 @@ Don't upload the produced files.
 
 =item B<--no-update>
 
-Don't run C<make update>.
+Don't run C<make update> and C<make update-fips-checksums>.
 
 =item B<--verbose>
 

From no-reply at appveyor.com  Sat May 15 06:33:11 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 06:33:11 +0000
Subject: Build failed: openssl master.42053
Message-ID: <20210515063311.1.CFF200A8AAFF4968@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/6e797a92/attachment.html>

From no-reply at appveyor.com  Sat May 15 07:40:34 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 07:40:34 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42054
Message-ID: <20210515074034.1.694C173086EBF29C@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/fc26b3dc/attachment.html>

From no-reply at appveyor.com  Sat May 15 08:31:15 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 08:31:15 +0000
Subject: Build failed: openssl master.42055
Message-ID: <20210515083115.1.EEBAE66E9E84D99E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/a224023a/attachment.html>

From no-reply at appveyor.com  Sat May 15 09:22:52 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 09:22:52 +0000
Subject: Build failed: openssl master.42056
Message-ID: <20210515092252.1.3433D31565B231D5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/f7551bd7/attachment.html>

From matt at openssl.org  Sat May 15 09:46:25 2021
From: matt at openssl.org (Matt Caswell)
Date: Sat, 15 May 2021 09:46:25 +0000
Subject: [openssl]  master update
Message-ID: <1621071985.334514.719.nullmailer@dev.openssl.org>

The branch master has been updated
       via  522827160936319841f3f83fd246f92da96f5686 (commit)
       via  36a89c04390f2d98e740b9c53a1eead9dcb5f188 (commit)
      from  773f1c3320f546a53906bd377b2c9d385ece3c39 (commit)


- Log -----------------------------------------------------------------
commit 522827160936319841f3f83fd246f92da96f5686
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 13 15:52:19 2021 +0100

    Load the default provider into the p_test provider later
    
    Loading it earlier causes some of the later testing to pass when it should
    fail and masked a bug.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15270)

commit 36a89c04390f2d98e740b9c53a1eead9dcb5f188
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 13 15:35:42 2021 +0100

    Init the child providers immediately on creation of the child libctx
    
    We were deferring the initial creation of the child providers until the
    first fetch. This is a carry over from an earlier iteration of the child
    lib ctx development and is no longer necessary. In fact we need to init
    the child providers immediately otherwise not all providers quite init
    correctly.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15270)

-----------------------------------------------------------------------

Summary of changes:
 crypto/provider_child.c                 | 46 +++++--------------------
 crypto/provider_core.c                  |  6 ----
 doc/internal/man3/ossl_provider_new.pod |  7 +---
 include/internal/provider.h             |  1 -
 test/p_test.c                           | 59 +++++++++++++++++----------------
 5 files changed, 39 insertions(+), 80 deletions(-)

diff --git a/crypto/provider_child.c b/crypto/provider_child.c
index 0ca61c0686..2487d43fd7 100644
--- a/crypto/provider_child.c
+++ b/crypto/provider_child.c
@@ -198,44 +198,6 @@ static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
     return 1;
 }
 
-int ossl_provider_init_child_providers(OSSL_LIB_CTX *ctx)
-{
-    struct child_prov_globals *gbl;
-
-    /* Should never happen */
-    if (ctx == NULL)
-        return 0;
-
-    gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
-                                &child_prov_ossl_ctx_method);
-    if (gbl == NULL)
-        return 0;
-
-    if (!CRYPTO_THREAD_read_lock(gbl->lock))
-        return 0;
-    if (gbl->isinited) {
-        CRYPTO_THREAD_unlock(gbl->lock);
-        return 1;
-    }
-    CRYPTO_THREAD_unlock(gbl->lock);
-
-    if (!CRYPTO_THREAD_write_lock(gbl->lock))
-        return 0;
-    if (!gbl->isinited) {
-        if (!gbl->c_provider_register_child_cb(gbl->handle,
-                                               provider_create_child_cb,
-                                               provider_remove_child_cb,
-                                               ctx)) {
-            CRYPTO_THREAD_unlock(gbl->lock);
-            return 0;
-        }
-        gbl->isinited = 1;
-    }
-    CRYPTO_THREAD_unlock(gbl->lock);
-
-    return 1;
-}
-
 int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
                                 const OSSL_CORE_HANDLE *handle,
                                 const OSSL_DISPATCH *in)
@@ -300,6 +262,14 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
     if (gbl->lock == NULL)
         return 0;
 
+    if (!gbl->c_provider_register_child_cb(gbl->handle,
+                                           provider_create_child_cb,
+                                           provider_remove_child_cb,
+                                           ctx))
+        return 0;
+
+    gbl->isinited = 1;
+
     return 1;
 }
 
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index f0b429d986..b384f74fd2 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -276,9 +276,6 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
         if (!noconfig) {
             if (ossl_lib_ctx_is_default(libctx))
                 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
-            if (ossl_lib_ctx_is_child(libctx)
-                    && !ossl_provider_init_child_providers(libctx))
-                return NULL;
         }
 #endif
 
@@ -1007,9 +1004,6 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
      */
     if (ossl_lib_ctx_is_default(ctx))
         OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
-    if (ossl_lib_ctx_is_child(ctx)
-            && !ossl_provider_init_child_providers(ctx))
-        return 0;
 #endif
 
     if (store == NULL)
diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod
index ff347bad3f..7ab60eb3a5 100644
--- a/doc/internal/man3/ossl_provider_new.pod
+++ b/doc/internal/man3/ossl_provider_new.pod
@@ -7,7 +7,7 @@ ossl_provider_free,
 ossl_provider_set_fallback, ossl_provider_set_module_path,
 ossl_provider_add_parameter, ossl_provider_set_child, ossl_provider_get_parent,
 ossl_provider_up_ref_parent, ossl_provider_free_parent,
-ossl_provider_get0_dispatch, ossl_provider_init_child_providers,
+ossl_provider_get0_dispatch,
 ossl_provider_init_as_child,
 ossl_provider_activate, ossl_provider_deactivate, ossl_provider_available,
 ossl_provider_ctx,
@@ -95,7 +95,6 @@ ossl_provider_get_capabilities
                                       int *result);
  int ossl_provider_clear_all_operation_bits(OSSL_LIB_CTX *libctx);
 
- int ossl_provider_init_child_providers(OSSL_LIB_CTX *ctx);
  int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
                                  const OSSL_CORE_HANDLE *handle,
                                  const OSSL_DISPATCH *in);
@@ -291,10 +290,6 @@ I<*result> to 1 or 0 accorddingly.
 ossl_provider_clear_all_operation_bits() clears all of the operation bits
 to (0) for all providers in the library context I<libctx>.
 
-ossl_provider_init_child_providers() registers the callbacks required to
-receive notifications about loading and unloading of providers in the parent
-library context.
-
 ossl_provider_init_as_child() stores in the library context I<ctx> references to
 the necessary upcalls for managing child providers. The I<handle> and I<in>
 parameters are the B<OSSL_CORE_HANDLE> and B<OSSL_DISPATCH> pointers that were
diff --git a/include/internal/provider.h b/include/internal/provider.h
index 5b0af7a335..020cbc8a9e 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -108,7 +108,6 @@ int ossl_provider_clear_all_operation_bits(OSSL_LIB_CTX *libctx);
 void ossl_provider_add_conf_module(void);
 
 /* Child providers */
-int ossl_provider_init_child_providers(OSSL_LIB_CTX *ctx);
 int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
                                 const OSSL_CORE_HANDLE *handle,
                                 const OSSL_DISPATCH *in);
diff --git a/test/p_test.c b/test/p_test.c
index 8c7bdaf7b8..22bf8648fe 100644
--- a/test/p_test.c
+++ b/test/p_test.c
@@ -39,7 +39,6 @@ typedef struct p_test_ctx {
     char *thisfunc;
     const OSSL_CORE_HANDLE *handle;
     OSSL_LIB_CTX *libctx;
-    OSSL_PROVIDER *deflt;
 } P_TEST_CTX;
 
 static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL;
@@ -61,6 +60,18 @@ static OSSL_FUNC_provider_get_params_fn p_get_params;
 static OSSL_FUNC_provider_get_reason_strings_fn p_get_reason_strings;
 static OSSL_FUNC_provider_teardown_fn p_teardown;
 
+static void p_set_error(int lib, int reason, const char *file, int line,
+                        const char *func, const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    c_new_error(NULL);
+    c_set_error_debug(NULL, file, line, func);
+    c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, ap);
+    va_end(ap);
+}
+
 static const OSSL_PARAM *p_gettable_params(void *_)
 {
     return p_param_types;
@@ -128,6 +139,20 @@ static int p_get_params(void *provctx, OSSL_PARAM params[])
             EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
             const char *msg = "Hello world";
             unsigned char out[16];
+            OSSL_PROVIDER *deflt;
+
+            /*
+            * "default" has not been loaded into the parent libctx. We should be able
+            * to explicitly load it as a non-child provider.
+            */
+            deflt = OSSL_PROVIDER_load(ctx->libctx, "default");
+            if (deflt == NULL
+                    || !OSSL_PROVIDER_available(ctx->libctx, "default")) {
+                /* We set error "3" for a failure to load the default provider */
+                p_set_error(ERR_LIB_PROV, 3, ctx->thisfile, OPENSSL_LINE,
+                            ctx->thisfunc, NULL);
+                ok = 0;
+            }
 
             /*
              * We should have the default provider available that we loaded
@@ -135,7 +160,8 @@ static int p_get_params(void *provctx, OSSL_PARAM params[])
              * from the parent libctx. We should also have "this" provider
              * available.
              */
-            if (OSSL_PROVIDER_available(ctx->libctx, "default")
+            if (ok
+                    && OSSL_PROVIDER_available(ctx->libctx, "default")
                     && OSSL_PROVIDER_available(ctx->libctx, "base")
                     && OSSL_PROVIDER_available(ctx->libctx, "legacy")
                     && OSSL_PROVIDER_available(ctx->libctx, "p_test")
@@ -144,11 +170,12 @@ static int p_get_params(void *provctx, OSSL_PARAM params[])
                 if (EVP_DigestInit_ex(mdctx, md4, NULL)
                         && EVP_DigestUpdate(mdctx, (const unsigned char *)msg,
                                             strlen(msg))
-                        &&EVP_DigestFinal(mdctx, out, NULL))
+                        && EVP_DigestFinal(mdctx, out, NULL))
                     digestsuccess = 1;
             }
             EVP_MD_CTX_free(mdctx);
             EVP_MD_free(md4);
+            OSSL_PROVIDER_unload(deflt);
 #endif
             if (p->data_size >= sizeof(digestsuccess)) {
                 *(unsigned int *)p->data = digestsuccess;
@@ -161,18 +188,6 @@ static int p_get_params(void *provctx, OSSL_PARAM params[])
     return ok;
 }
 
-static void p_set_error(int lib, int reason, const char *file, int line,
-                        const char *func, const char *fmt, ...)
-{
-    va_list ap;
-
-    va_start(ap, fmt);
-    c_new_error(NULL);
-    c_set_error_debug(NULL, file, line, func);
-    c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, ap);
-    va_end(ap);
-}
-
 static const OSSL_ITEM *p_get_reason_strings(void *_)
 {
     static const OSSL_ITEM reason_strings[] = {
@@ -251,19 +266,6 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         p_teardown(ctx);
         return 0;
     }
-    /*
-     * "default" has not been loaded into the parent libctx. We should be able
-     * to explicitly load it as a non-child provider.
-     */
-    ctx->deflt = OSSL_PROVIDER_load(ctx->libctx, "default");
-    if (ctx->deflt == NULL
-            || !OSSL_PROVIDER_available(ctx->libctx, "default")) {
-        /* We set error "3" for a failure to load the default provider */
-        p_set_error(ERR_LIB_PROV, 3, ctx->thisfile, OPENSSL_LINE, ctx->thisfunc,
-                    NULL);
-        p_teardown(ctx);
-        return 0;
-    }
 #endif
 
     /*
@@ -282,7 +284,6 @@ static void p_teardown(void *provctx)
     P_TEST_CTX *ctx = (P_TEST_CTX *)provctx;
 
 #ifdef PROVIDER_INIT_FUNCTION_NAME
-    OSSL_PROVIDER_unload(ctx->deflt);
     OSSL_LIB_CTX_free(ctx->libctx);
 #endif
     free(ctx->thisfile);

From no-reply at appveyor.com  Sat May 15 10:13:16 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 10:13:16 +0000
Subject: Build failed: openssl master.42057
Message-ID: <20210515101316.1.77DF3597F098234E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/c52cda5d/attachment.html>

From no-reply at appveyor.com  Sat May 15 11:02:54 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 11:02:54 +0000
Subject: Build failed: openssl master.42058
Message-ID: <20210515110254.1.3CA591C6FCCD305A@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/58f3d22c/attachment.html>

From kaduk at mit.edu  Sat May 15 20:32:59 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Sat, 15 May 2021 20:32:59 +0000
Subject: [openssl]  master update
Message-ID: <1621110779.071272.15224.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a8457b4c3d86a42209eabe90eddb605f59041f9e (commit)
      from  522827160936319841f3f83fd246f92da96f5686 (commit)


- Log -----------------------------------------------------------------
commit a8457b4c3d86a42209eabe90eddb605f59041f9e
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 14 07:23:51 2021 +0200

    ASN1: Fix i2d_provided() return value
    
    i2d_provided() - which is the internal provider data function for
    i2d_KeyParams(), i2d_PrivateKey(), i2d_PublicKey() - didn't treat the
    returned length from OSSL_ENCODER_to_data() quite as well as it should
    have.  A simple added flag that records the state of |*pp| before
    calling OSSL_ENCODER_to_data() fixes the problem.
    
    Fixes #14655
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15277)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/i2d_evp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c
index 2a101a6fa3..f03dcb2666 100644
--- a/crypto/asn1/i2d_evp.c
+++ b/crypto/asn1/i2d_evp.c
@@ -48,6 +48,7 @@ static int i2d_provided(const EVP_PKEY *a, int selection,
          * down, when pp != NULL.
          */
         size_t len = INT_MAX;
+        int pp_was_NULL = (pp == NULL || *pp == NULL);
 
         ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection,
                                             output_info->output_type,
@@ -56,7 +57,7 @@ static int i2d_provided(const EVP_PKEY *a, int selection,
         if (ctx == NULL)
             return -1;
         if (OSSL_ENCODER_to_data(ctx, pp, &len)) {
-            if (pp == NULL)
+            if (pp_was_NULL)
                 ret = (int)len;
             else
                 ret = INT_MAX - (int)len;

From no-reply at appveyor.com  Sat May 15 21:23:40 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 21:23:40 +0000
Subject: Build failed: openssl master.42059
Message-ID: <20210515212340.1.D7B61A78E2A0264B@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/a54f0af9/attachment.html>

From kaduk at mit.edu  Sat May 15 22:30:14 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Sat, 15 May 2021 22:30:14 +0000
Subject: [openssl]  master update
Message-ID: <1621117814.665993.2146.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6dc56df26c41666ee5138da6c97bdb400fd03025 (commit)
       via  f89d3d698c570703b7fc0908603faf61f6f68446 (commit)
       via  75d4852090bb898b39be8e7ae2874720bd0a9c5c (commit)
       via  c22ad9b64a9f2cca64400836caee7279a9de8cc1 (commit)
       via  aa6bd216dd2691d1254eabcbd584691eb3b4b9b8 (commit)
      from  a8457b4c3d86a42209eabe90eddb605f59041f9e (commit)


- Log -----------------------------------------------------------------
commit 6dc56df26c41666ee5138da6c97bdb400fd03025
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 16 22:03:36 2021 -0700

    Add extensive test coverage for SSL_get_negotiated_group()
    
    This is nearly comprehensive, but we cannot exercise the functionality
    for PSK-only TLS 1.3 resumption, since openssl talking to openssl will
    always negotiate psk_dhe_ke.
    
    Exercise both the TLS 1.3 and 1.2 cases, for initial handshakes
    and resumptions, and for ECDHE and FFDHE.
    Since RFC 7919 named groups (for FFDHE) are only supported for TLS 1.3,
    the TLS 1.2 versions of those scenarios expect to get NID_undef since
    the key exchange was not performed using a named group.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14750)

commit f89d3d698c570703b7fc0908603faf61f6f68446
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 16 20:13:47 2021 -0700

    move group lists out of test_key_exchange() in preparation for reuse
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14750)

commit 75d4852090bb898b39be8e7ae2874720bd0a9c5c
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 16 16:10:04 2021 -0700

    Extend SSL_get_negotiated_group() tests for TLS 1.2
    
    We don't implement RFC 7919 named groups for TLS 1.2, so we can
    only test the ECDHE case for non-TLS-1.3.
    
    Interestingly, though the test_key_exchange() routine claimed to
    be exercising ffdhe2048 with TLS 1.2, the configured ciphers were
    incompatible with DHE key exchange, so we ended up just using RSA
    key transport and not doing an ephemeral key exchange at all.
    Reconfigure the tests to actually exercise ephemeral key exchange
    for both the EC and FF cases (even though we don't use the named
    group information for the finite-field case).
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14750)

commit c22ad9b64a9f2cca64400836caee7279a9de8cc1
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 16 13:42:00 2021 -0700

    Regenerate testsid.pem
    
    Convert this file to the new format, that includes the kex_group
    integer value.  This is needed in order for the round-trip conversion
    test to return the same value as the initial input.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14750)

commit aa6bd216dd2691d1254eabcbd584691eb3b4b9b8
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 16 07:47:09 2021 -0700

    Promote SSL_get_negotiated_group() for non-TLSv1.3
    
    It can be useful to know what group was used for the handshake's
    key exchange process even on non-TLS 1.3 connections.  Allow this
    API, new in OpenSSL 3.0.0, to be used on other TLS versions as well.
    Since pre-TLS-1.3 key exchange occurs only on full handshakes, this
    necessitates adding a field to the SSL_SESSION object to carry the
    group information across resumptions.  The key exchange group in the
    SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake
    uses the "psk_ke" key-exchange mode, so also track whether a fresh key
    exchange was done for TLS 1.3.
    
    Since the new field is optional in the ASN.1 sense, there is no need
    to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility
    churn).
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14750)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_set1_curves.pod |  18 +--
 ssl/s3_lib.c                     |  11 +-
 ssl/ssl_asn1.c                   |   8 +-
 ssl/ssl_local.h                  |   7 ++
 ssl/statem/extensions_clnt.c     |  23 ++++
 ssl/statem/extensions_srvr.c     |   3 +
 ssl/statem/statem_clnt.c         |   2 +
 ssl/statem/statem_srvr.c         |   4 +-
 test/sslapitest.c                | 252 +++++++++++++++++++++++++++++++++++++--
 test/testsid.pem                 |   4 +-
 10 files changed, 307 insertions(+), 25 deletions(-)

diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
index 5eebb2b933..65892e46a5 100644
--- a/doc/man3/SSL_CTX_set1_curves.pod
+++ b/doc/man3/SSL_CTX_set1_curves.pod
@@ -77,10 +77,15 @@ NID_undef is returned. If the NID for the shared group is unknown then the value
 is set to the bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the
 group.
 
-SSL_get_negotiated_group() returns the NID of the negotiated group on a TLSv1.3
-connection for key exchange. This can be called by either client or server. If
-the NID for the shared group is unknown then the value is set to the bitwise OR
-of TLSEXT_nid_unknown (0x1000000) and the id of the group.
+SSL_get_negotiated_group() returns the NID of the negotiated group used for
+the handshake key exchange process.  For TLSv1.3 connections this typically
+reflects the state of the current connection, though in the case of PSK-only
+resumption, the returned value will be from a previous connection.  For earlier
+TLS versions, when a session has been resumed, it always reflects the group
+used for key exchange during the initial handshake (otherwise it is from the
+current, non-resumption, connection).  This can be called by either client or
+server. If the NID for the shared group is unknown then the value is set to the
+bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group.
 
 All these functions are implemented as macros.
 
@@ -110,9 +115,8 @@ is -1.
 When called on a client B<ssl>, SSL_get_shared_group() has no meaning and
 returns -1.
 
-SSL_get_negotiated_group() returns the NID of the negotiated group on a
-TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated
-group.
+SSL_get_negotiated_group() returns the NID of the negotiated group used for
+key exchange, or NID_undef if there was no negotiated group.
 
 =head1 SEE ALSO
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1b491e7f92..7839a4d318 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3636,9 +3636,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             return id;
         }
     case SSL_CTRL_GET_NEGOTIATED_GROUP:
-        ret = tls1_group_id2nid(s->s3.group_id, 1);
-        break;
+        {
+            unsigned int id;
 
+            if (SSL_IS_TLS13(s) && s->s3.did_kex)
+                id = s->s3.group_id;
+            else
+                id = s->session->kex_group;
+            ret = tls1_group_id2nid(id, 1);
+            break;
+        }
     case SSL_CTRL_SET_SIGALGS:
         return tls1_set_sigalgs(s->cert, parg, larg, 0);
 
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index de93ccbde6..b27a58df7c 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -43,6 +43,7 @@ typedef struct {
     ASN1_OCTET_STRING *alpn_selected;
     uint32_t tlsext_max_fragment_len_mode;
     ASN1_OCTET_STRING *ticket_appdata;
+    uint32_t kex_group;
 } SSL_SESSION_ASN1;
 
 ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
@@ -73,7 +74,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
     ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
-    ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18)
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19)
 } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
 
 IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
@@ -134,6 +136,8 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp)
     as.version = SSL_SESSION_ASN1_VERSION;
     as.ssl_version = in->ssl_version;
 
+    as.kex_group = in->kex_group;
+
     if (in->cipher == NULL)
         l = in->cipher_id;
     else
@@ -272,6 +276,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 
     ret->ssl_version = (int)as->ssl_version;
 
+    ret->kex_group = as->kex_group;
+
     if (as->cipher->length != 2) {
         ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH);
         goto err;
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 0a6c4bf9ec..8f3a2f93d6 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -599,6 +599,7 @@ struct ssl_session_st {
     const SSL_CIPHER *cipher;
     unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used to
                                  * load the 'cipher' structure */
+    unsigned int kex_group;      /* TLS group from key exchange */
     CRYPTO_EX_DATA ex_data;     /* application specific data */
     /*
      * These are used to make removal of session-ids more efficient and to
@@ -1412,6 +1413,12 @@ struct ssl_st {
          */
         char is_probably_safari;
 
+        /*
+         * Track whether we did a key exchange this handshake or not, so
+         * SSL_get_negotiated_group() knows whether to fall back to the
+         * value in the SSL_SESSION.
+         */
+        char did_kex;
         /* For clients: peer temporary key */
         /* The group_id for the key exchange key */
         uint16_t group_id;
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index b3ef1bc16a..fe9f8a9de6 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1793,6 +1793,28 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
         return 0;
     }
+    /* Retain this group in the SSL_SESSION */
+    if (!s->hit) {
+        s->session->kex_group = group_id;
+    } else if (group_id != s->session->kex_group) {
+        /*
+         * If this is a resumption but changed what group was used, we need
+         * to record the new group in the session, but the session is not
+         * a new session and could be in use by other threads.  So, make
+         * a copy of the session to record the new information so that it's
+         * useful for any sessions resumed from tickets issued on this
+         * connection.
+         */
+        SSL_SESSION *new_sess;
+
+        if ((new_sess = ssl_session_dup(s->session, 0)) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+        s->session->kex_group = group_id;
+    }
 
     if ((ginf = tls1_group_id_lookup(s->ctx, group_id)) == NULL) {
         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
@@ -1836,6 +1858,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
             return 0;
         }
     }
+    s->s3.did_kex = 1;
 #endif
 
     return 1;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index b2d7ff8f39..6b3b33e239 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -669,6 +669,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
         }
 
         s->s3.group_id = group_id;
+        /* Cache the selected group ID in the SSL_SESSION */
+        s->session->kex_group = group_id;
 
         if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp,
                 PACKET_data(&encoded_pt),
@@ -1705,6 +1707,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
             return EXT_RETURN_FAIL;
         }
     }
+    s->s3.did_kex = 1;
     return EXT_RETURN_SENT;
 #else
     return EXT_RETURN_FAIL;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index dab4d1c4bc..85ed3e4259 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2167,6 +2167,8 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
         *pkey = X509_get0_pubkey(s->session->peer);
     /* else anonymous ECDH, so no certificate or pkey. */
 
+    /* Cache the agreed upon group in the SSL_SESSION */
+    s->session->kex_group = curve_id;
     return 1;
 }
 
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index bad3619170..768e1110e6 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2519,8 +2519,10 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
                      SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
             goto err;
         }
-        s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id);
+        /* Cache the group used in the SSL_SESSION */
+        s->session->kex_group = curve_id;
         /* Generate a new key for this curve */
+        s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id);
         if (s->s3.tmp.pkey == NULL) {
             /* SSLfatal() already called */
             goto err;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index ad83491573..21220d5834 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4487,19 +4487,19 @@ static int test_ciphersuite_change(void)
  * Test 12 = Test all ECDHE with TLSv1.2 client and server
  * Test 13 = Test all FFDHE with TLSv1.2 client and server
  */
+# ifndef OPENSSL_NO_EC
+static int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1,
+                                   NID_secp521r1, NID_X25519, NID_X448};
+# endif
+# ifndef OPENSSL_NO_DH
+static int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
+                                   NID_ffdhe6144, NID_ffdhe8192};
+# endif
 static int test_key_exchange(int idx)
 {
     SSL_CTX *sctx = NULL, *cctx = NULL;
     SSL *serverssl = NULL, *clientssl = NULL;
     int testresult = 0;
-# ifndef OPENSSL_NO_EC
-    int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1,
-                                NID_secp521r1, NID_X25519, NID_X448};
-# endif
-# ifndef OPENSSL_NO_DH
-    int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
-                                NID_ffdhe6144, NID_ffdhe8192};
-# endif
     int kexch_alg;
     int *kexch_groups = &kexch_alg;
     int kexch_groups_size = 1;
@@ -4592,7 +4592,9 @@ static int test_key_exchange(int idx)
         goto end;
 
     if (!TEST_true(SSL_CTX_set_cipher_list(sctx,
-                   TLS1_TXT_RSA_WITH_AES_128_SHA)))
+                   TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+                   TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))
+            || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
         goto end;
 
     /*
@@ -4601,8 +4603,8 @@ static int test_key_exchange(int idx)
      */
 # ifndef OPENSSL_NO_TLS1_2
     if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
-                   TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM ":"
-                   TLS1_TXT_RSA_WITH_AES_128_SHA)))
+                   TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+                   TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)))
         goto end;
 # endif
 
@@ -4630,7 +4632,8 @@ static int test_key_exchange(int idx)
                      kexch_name0))
         goto end;
 
-    if (max_version == TLS1_3_VERSION) {
+    /* We don't implement RFC 7919 named groups for TLS 1.2. */
+    if (idx != 13) {
         if (!TEST_int_eq(SSL_get_negotiated_group(serverssl), kexch_groups[0]))
             goto end;
         if (!TEST_int_eq(SSL_get_negotiated_group(clientssl), kexch_groups[0]))
@@ -4646,6 +4649,226 @@ static int test_key_exchange(int idx)
     return testresult;
 }
 
+# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH)
+static int set_ssl_groups(SSL *serverssl, SSL *clientssl, int clientmulti,
+                          int isecdhe, int idx)
+{
+    int kexch_alg;
+    int *kexch_groups = &kexch_alg;
+    int numec, numff;
+
+    numec = OSSL_NELEM(ecdhe_kexch_groups);
+    numff = OSSL_NELEM(ffdhe_kexch_groups);
+    if (isecdhe)
+        kexch_alg = ecdhe_kexch_groups[idx];
+    else
+        kexch_alg = ffdhe_kexch_groups[idx];
+
+    if (clientmulti) {
+        if (!TEST_true(SSL_set1_groups(serverssl, kexch_groups, 1)))
+            return 0;
+        if (isecdhe) {
+            if (!TEST_true(SSL_set1_groups(clientssl, ecdhe_kexch_groups,
+                                           numec)))
+                return 0;
+        } else {
+            if (!TEST_true(SSL_set1_groups(clientssl, ffdhe_kexch_groups,
+                                           numff)))
+                return 0;
+        }
+    } else {
+        if (!TEST_true(SSL_set1_groups(clientssl, kexch_groups, 1)))
+            return 0;
+        if (isecdhe) {
+            if (!TEST_true(SSL_set1_groups(serverssl, ecdhe_kexch_groups,
+                                           numec)))
+                return 0;
+        } else {
+            if (!TEST_true(SSL_set1_groups(serverssl, ffdhe_kexch_groups,
+                                           numff)))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+/*-
+ * Test the SSL_get_negotiated_group() API across a battery of scenarios.
+ * Run through both the ECDHE and FFDHE group lists used in the previous
+ * test, for both TLS 1.2 and TLS 1.3, negotiating each group in turn,
+ * confirming the expected result; then perform a resumption handshake
+ * while offering the same group list, and another resumption handshake
+ * offering a different group list.  The returned value should be the
+ * negotiated group for the initial handshake; for TLS 1.3 resumption
+ * handshakes the returned value will be negotiated on the resumption
+ * handshake itself, but for TLS 1.2 resumption handshakes the value will
+ * be cached in the session from the original handshake, regardless of what
+ * was offered in the resumption ClientHello.
+ *
+ * Using E for the number of EC groups and F for the number of FF groups:
+ * E tests of ECDHE with TLS 1.3, client sends only one group
+ * F tests of FFDHE with TLS 1.3, client sends only one group
+ * E tests of ECDHE with TLS 1.2, client sends only one group
+ * F tests of FFDHE with TLS 1.2, client sends only one group
+ * E tests of ECDHE with TLS 1.3, server only has one group
+ * F tests of FFDHE with TLS 1.3, server only has one group
+ * E tests of ECDHE with TLS 1.2, server only has one group
+ * F tests of FFDHE with TLS 1.2, server only has one group
+ */
+static int test_negotiated_group(int idx)
+{
+    int clientmulti, istls13, isecdhe, numec, numff, numgroups;
+    int expectednid;
+    SSL_CTX *sctx = NULL, *cctx = NULL;
+    SSL *serverssl = NULL, *clientssl = NULL;
+    SSL_SESSION *origsess = NULL;
+    int testresult = 0;
+    int kexch_alg;
+    int max_version = TLS1_3_VERSION;
+
+    numec = OSSL_NELEM(ecdhe_kexch_groups);
+    numff = OSSL_NELEM(ffdhe_kexch_groups);
+    numgroups = numec + numff;
+    clientmulti = (idx < 2 * numgroups);
+    idx = idx % (2 * numgroups);
+    istls13 = (idx < numgroups);
+    idx = idx % numgroups;
+    isecdhe = (idx < numec);
+    if (!isecdhe)
+        idx -= numec;
+    /* Now 'idx' is an index into ecdhe_kexch_groups or ffdhe_kexch_groups */
+    if (isecdhe)
+        kexch_alg = ecdhe_kexch_groups[idx];
+    else
+        kexch_alg = ffdhe_kexch_groups[idx];
+    /* We expect nothing for the unimplemented TLS 1.2 FFDHE named groups */
+    if (!istls13 && !isecdhe)
+        expectednid = NID_undef;
+    else
+        expectednid = kexch_alg;
+
+    if (!istls13)
+        max_version = TLS1_2_VERSION;
+
+    if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+                                       TLS_client_method(), TLS1_VERSION,
+                                       max_version, &sctx, &cctx, cert,
+                                       privkey)))
+        goto end;
+
+    /*
+     * Force (EC)DHE ciphers for TLS 1.2.
+     * Be sure to enable auto tmp DH so that FFDHE can succeed.
+     */
+    if (!TEST_true(SSL_CTX_set_cipher_list(sctx,
+                   TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+                   TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256))
+            || !TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
+        goto end;
+    if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+                   TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
+                   TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256)))
+        goto end;
+
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                             NULL, NULL)))
+        goto end;
+
+    if (!TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti, isecdhe,
+                                  idx)))
+        goto end;
+
+    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+        goto end;
+
+    /* Initial handshake; always the configured one */
+    if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid)
+            || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid))
+        goto end;
+
+    if (!TEST_ptr((origsess = SSL_get1_session(clientssl))))
+        goto end;
+
+    SSL_shutdown(clientssl);
+    SSL_shutdown(serverssl);
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    serverssl = clientssl = NULL;
+
+    /* First resumption attempt; use the same config as initial handshake */
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                             NULL, NULL))
+            || !TEST_true(SSL_set_session(clientssl, origsess))
+            || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti,
+                                         isecdhe, idx)))
+        goto end;
+
+    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
+            || !TEST_true(SSL_session_reused(clientssl)))
+        goto end;
+
+    /* Still had better agree, since nothing changed... */
+    if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid)
+            || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid))
+        goto end;
+
+    SSL_shutdown(clientssl);
+    SSL_shutdown(serverssl);
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    serverssl = clientssl = NULL;
+
+    /*-
+     * Second resumption attempt
+     * The party that picks one group changes it, which we effectuate by
+     * changing 'idx' and updating what we expect.
+     */
+    if (idx == 0)
+        idx = 1;
+    else
+        idx--;
+    if (istls13) {
+        if (isecdhe)
+            expectednid = ecdhe_kexch_groups[idx];
+        else
+            expectednid = ffdhe_kexch_groups[idx];
+        /* Verify that we are changing what we expect. */
+        if (!TEST_int_ne(expectednid, kexch_alg))
+            goto end;
+    } else {
+        /* TLS 1.2 only supports named groups for ECDHE. */
+        if (isecdhe)
+            expectednid = kexch_alg;
+        else
+            expectednid = 0;
+    }
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                             NULL, NULL))
+            || !TEST_true(SSL_set_session(clientssl, origsess))
+            || !TEST_true(set_ssl_groups(serverssl, clientssl, clientmulti,
+                                         isecdhe, idx)))
+        goto end;
+
+    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
+            || !TEST_true(SSL_session_reused(clientssl)))
+        goto end;
+
+    /* Check that we get what we expected */
+    if (!TEST_uint_eq(SSL_get_negotiated_group(clientssl), expectednid)
+            || !TEST_uint_eq(SSL_get_negotiated_group(serverssl), expectednid))
+        goto end;
+
+    testresult = 1;
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+    SSL_SESSION_free(origsess);
+    return testresult;
+}
+# endif /* !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) */
+
 /*
  * Test TLSv1.3 Cipher Suite
  * Test 0 = Set TLS1.3 cipher on context
@@ -8991,6 +9214,11 @@ int setup_tests(void)
 # ifndef OPENSSL_NO_TLS1_2
     /* Test with both TLSv1.3 and 1.2 versions */
     ADD_ALL_TESTS(test_key_exchange, 14);
+#  if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH)
+    ADD_ALL_TESTS(test_negotiated_group,
+                  4 * (OSSL_NELEM(ecdhe_kexch_groups)
+                       + OSSL_NELEM(ffdhe_kexch_groups)));
+#  endif
 # else
     /* Test with only TLSv1.3 versions */
     ADD_ALL_TESTS(test_key_exchange, 12);
diff --git a/test/testsid.pem b/test/testsid.pem
index a90fb6ef12..36fc4dbe48 100644
--- a/test/testsid.pem
+++ b/test/testsid.pem
@@ -1,5 +1,5 @@
 -----BEGIN SSL SESSION PARAMETERS-----
-MIIGpAIBAQICAwMEAsAwBCABkpk0q01VEnPtcNWLtYg1xZJLreP0C1r4wPOakiLu
+MIIGqQIBAQICAwMEAsAwBCABkpk0q01VEnPtcNWLtYg1xZJLreP0C1r4wPOakiLu
 8AQwi0opOLa+Omt26PqbLUcmI1H7F/n7qRy6TaL9Lxf2/ZBUDgRG3aSuSejO+gki
 F2U9oQYCBFR6XVaiBAICASyjggVjMIIFXzCCBEegAwIBAgIQNdDRF5hINFi7kAeK
 0fP5FjANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJGUjESMBAGA1UEChMJR0FO
@@ -34,5 +34,5 @@ d/xgQ6J+/Z2kAgQAqQQCAgEsqoHDBIHAPGxCacLRMYb3hbL3lRqQIfH3xoufIwKn
 zOAIyjxH7GPZpI87/e93AF1uw6eyy+aWJM6G/71E8Ln1iQtZjrGkGQCjEcIrUhEk
 Bgg93A28zly2zu2aBwi2yT4bUcyHxE3P3Q4R8xkQxrdWSMfCjCy9HKUViOENKET6
 avKXF7lDT1iG/x8RtTHtFGYX4YcFVhdEqcqnZ7tw5sqkHG2D0gLzO2SETF9KPHCq
-zAHQtw5r4Dgl+a+BGLczh6as4yIH+xH+
+zAHQtw5r4Dgl+a+BGLczh6as4yIH+xH+swMCAQA=
 -----END SSL SESSION PARAMETERS-----

From no-reply at appveyor.com  Sat May 15 23:20:47 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 15 May 2021 23:20:47 +0000
Subject: Build failed: openssl master.42060
Message-ID: <20210515232047.1.45BD11BC8867980F@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210515/97460100/attachment.html>

From pauli at openssl.org  Sun May 16 00:25:49 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sun, 16 May 2021 00:25:49 +0000
Subject: [openssl]  master update
Message-ID: <1621124749.360175.9367.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e2daf6f14045587614681bf6579480be63de6da0 (commit)
      from  6dc56df26c41666ee5138da6c97bdb400fd03025 (commit)


- Log -----------------------------------------------------------------
commit e2daf6f14045587614681bf6579480be63de6da0
Author: Pauli <pauli at openssl.org>
Date:   Sun May 16 10:23:54 2021 +1000

    ci: remove the checksum CI script
    
    This script introduces a security vulnerability where the OpenSSL github
    repository can be modified which opens a window for an attacker.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    
    Reported-by: Nikita Stupin

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/checksums.yml | 71 -----------------------------------------
 1 file changed, 71 deletions(-)
 delete mode 100644 .github/workflows/checksums.yml

diff --git a/.github/workflows/checksums.yml b/.github/workflows/checksums.yml
deleted file mode 100644
index 5f444b639b..0000000000
--- a/.github/workflows/checksums.yml
+++ /dev/null
@@ -1,71 +0,0 @@
-name: FIPS Checksums
-on: [pull_request_target]
-jobs:
-  apply-label:
-    runs-on: ubuntu-latest
-    steps:
-      - name: install unifdef
-        run: |
-            sudo apt-get update
-            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
-      - uses: actions/checkout at v2
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-      - name: create build dirs
-        run: |
-          mkdir ./build-pristine
-          mkdir ./build
-      - name: config pristine
-        run: ../config enable-fips && perl configdata.pm --dump
-        working-directory: ./build-pristine
-      - name: make build_generated pristine
-        run: make -s build_generated
-        working-directory: ./build-pristine
-      - name: make fips-checksums pristine
-        run: make fips-checksums
-        working-directory: ./build-pristine
-      - uses: actions/checkout at v2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          clean: false
-      - name: config
-        run: ../config enable-fips && perl configdata.pm --dump
-        working-directory: ./build
-      - name: make build_generated
-        run: make -s build_generated
-        working-directory: ./build
-      - name: make fips-checksums
-        run: make fips-checksums
-        working-directory: ./build
-      - name: update checksums pristine
-        run: touch providers/fips.checksum.new && make update-fips-checksums
-        working-directory: ./build-pristine
-      - name: make diff-fips-checksums
-        run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV
-        working-directory: ./build
-      - name: set label
-        if: ${{ env.fips_changed }}
-        continue-on-error: true
-        uses: actions/github-script at v4
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            github.issues.addLabels({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              labels: ['severity: fips change']
-            })
-      - name: remove label
-        if: ${{ env.fips_unchanged }}
-        continue-on-error: true
-        uses: actions/github-script at v4
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            github.issues.removeLabel({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              name: 'severity: fips change'
-            })

From no-reply at appveyor.com  Sun May 16 01:16:23 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 16 May 2021 01:16:23 +0000
Subject: Build failed: openssl master.42061
Message-ID: <20210516011623.1.494F532F98909AC2@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210516/d40e0d03/attachment.html>

From scan-admin at coverity.com  Sun May 16 07:49:23 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 16 May 2021 07:49:23 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for openssl/openssl
Message-ID: <60a0ce82d78b1_7c2a32b0052c539b0263e7@prd-scan-dashboard-0.mail>


    Your request for analysis of openssl/openssl has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DYhA0_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHta-2F8dxBS6udwcK3BiWk5oIoCdlFpQMUnJU6Bqpg3ss276MlJ4cN9P9TDbHvuWj23gb083bd2iavmc5xiL4-2BdCCP0fdDn48OhUdYBuXD7ZYplhYVUoPo8U-2F4PKFyPmOXcXYagHttgQFUPpS7UQ-2BVJW-2F7A8I-2BlxfpIbvzUIxFNJ1SO3Rr62j-2B1e12fptpQMg7Y-3D

    Build ID: 386789

    Analysis Summary:
       New defects found: 7
       Defects eliminated: 7

    If you have difficulty understanding any defects, email us at scan-admin at coverity.com,
    or post your question to StackOverflow
    at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DLVGY_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHta-2F8dxBS6udwcK3BiWk5oIoCdlFpQMUnJU6Bqpg3ss2bLOnjafdiGo4JgoH2Td6VxpSVff2kLDogzawX9C6VeRt4ewWq8xhaQKfEmPF-2BWyhW8glWbnk-2FY30WeUuZ1BYy87nm-2FNzx-2BsNS1N1KEyU4icjIU0F2zFI-2FWn-2BiL3AWOaJTSxZqctFaMrNR7pMR3Wyw-3D

From scan-admin at coverity.com  Sun May 16 07:53:05 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 16 May 2021 07:53:05 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2
Message-ID: <60a0cf60b49a7_7c4c82b0052c539b02638f@prd-scan-dashboard-0.mail>


    Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DI4oD_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeErzW0ks1oMW77w1WS9sukJt2nPPBg9iUSfJGZnarooRLzRO9Gt-2FUt8mu0DC5Gg0AGFHcwHzzWL14quCXfzNMPNh25EPKYpAMba-2BbRTEOvvMbYyERF7JDglyImiJ20YIPdSzzgjyGc5Ez6RvlwXWJyCmBnzZoeeRMnQBrQLqwaWaRKld409XM-2FcoFBUDyQr9sQ-3D

    Build ID: 386790

    Analysis Summary:
       New defects found: 0
       Defects eliminated: 0


From levitte at openssl.org  Sun May 16 10:08:17 2021
From: levitte at openssl.org (Richard Levitte)
Date: Sun, 16 May 2021 10:08:17 +0000
Subject: [openssl]  master update
Message-ID: <1621159697.236358.27389.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b422ba3dda5d85c295aae6205909a6eeb4921c4b (commit)
       via  a12da5dafbc6e681d32e88ddef0067ff14abd8f2 (commit)
      from  e2daf6f14045587614681bf6579480be63de6da0 (commit)


- Log -----------------------------------------------------------------
commit b422ba3dda5d85c295aae6205909a6eeb4921c4b
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 14 12:26:21 2021 +0200

    Adapt 80-test_cmp_http.t and its data for random accept ports
    
    Fixes #14694
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    (Merged from https://github.com/openssl/openssl/pull/15281)

commit a12da5dafbc6e681d32e88ddef0067ff14abd8f2
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 14 12:25:11 2021 +0200

    APPS: Make the cmp Mock server output the accept address and port
    
    Fixes #14694
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    (Merged from https://github.com/openssl/openssl/pull/15281)

-----------------------------------------------------------------------

Summary of changes:
 apps/include/s_apps.h                              |  1 +
 apps/lib/http_server.c                             |  9 +++
 apps/lib/s_socket.c                                | 66 ++++++++++++----------
 test/recipes/80-test_cmp_http.t                    | 44 ++++++++-------
 test/recipes/80-test_cmp_http_data/Mock/server.cnf |  3 +-
 test/recipes/80-test_cmp_http_data/Mock/test.cnf   |  8 +--
 .../80-test_cmp_http_data/test_connection.csv      |  2 +-
 7 files changed, 78 insertions(+), 55 deletions(-)

diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 3d2bace594..a5e9762aed 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -16,6 +16,7 @@
 #define PROTOCOL        "tcp"
 
 typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
+int report_server_accept(BIO *out, int asock, int with_address);
 int do_server(int *accept_sock, const char *host, const char *port,
               int family, int type, int protocol, do_server_cb cb,
               unsigned char *context, int naccept, BIO *bio_s_out);
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index 691e5c9056..ae33632598 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -23,6 +23,7 @@
 #include "internal/sockets.h"
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include "s_apps.h"
 
 #if defined(__TANDEM)
 # if defined(OPENSSL_TANDEM_FLOSS)
@@ -218,6 +219,7 @@ void spawn_loop(const char *prog)
 BIO *http_server_init_bio(const char *prog, const char *port)
 {
     BIO *acbio = NULL, *bufbio;
+    int asock;
 
     bufbio = BIO_new(BIO_f_buffer());
     if (bufbio == NULL)
@@ -237,6 +239,13 @@ BIO *http_server_init_bio(const char *prog, const char *port)
         goto err;
     }
 
+    /* Report back what address and port are used */
+    BIO_get_fd(acbio, &asock);
+    if (!report_server_accept(bio_out, asock, 1)) {
+        log_message(prog, LOG_ERR, "Error printing ACCEPT string");
+        goto err;
+    }
+
     return acbio;
 
  err:
diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 65d56c0991..e41429df89 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -191,6 +191,38 @@ out:
     return ret;
 }
 
+int report_server_accept(BIO *out, int asock, int with_address)
+{
+    int success = 0;
+
+    if (with_address) {
+        union BIO_sock_info_u info;
+        char *hostname = NULL;
+        char *service = NULL;
+
+        if ((info.addr = BIO_ADDR_new()) != NULL
+            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
+            && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
+            && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
+            && BIO_printf(out,
+                          strchr(hostname, ':') == NULL
+                          ? /* IPv4 */ "ACCEPT %s:%s\n"
+                          : /* IPv6 */ "ACCEPT [%s]:%s\n",
+                          hostname, service) > 0)
+            success = 1;
+
+        OPENSSL_free(hostname);
+        OPENSSL_free(service);
+        BIO_ADDR_free(info.addr);
+    } else {
+        (void)BIO_printf(out, "ACCEPT\n");
+        success = 1;
+    }
+    (void)BIO_flush(out);
+
+    return success;
+}
+
 /*
  * do_server - helper routine to perform a server operation
  * @accept_sock: pointer to storage of resulting socket.
@@ -296,36 +328,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
     BIO_ADDRINFO_free(res);
     res = NULL;
 
-    if (sock_port == 0) {
-        /* dynamically allocated port, report which one */
-        union BIO_sock_info_u info;
-        char *hostname = NULL;
-        char *service = NULL;
-        int success = 0;
-
-        if ((info.addr = BIO_ADDR_new()) != NULL
-            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
-            && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
-            && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
-            && BIO_printf(bio_s_out,
-                          strchr(hostname, ':') == NULL
-                          ? /* IPv4 */ "ACCEPT %s:%s\n"
-                          : /* IPv6 */ "ACCEPT [%s]:%s\n",
-                          hostname, service) > 0)
-            success = 1;
-
-        (void)BIO_flush(bio_s_out);
-        OPENSSL_free(hostname);
-        OPENSSL_free(service);
-        BIO_ADDR_free(info.addr);
-        if (!success) {
-            BIO_closesocket(asock);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    } else {
-        (void)BIO_printf(bio_s_out, "ACCEPT\n");
-        (void)BIO_flush(bio_s_out);
+    if (!report_server_accept(bio_s_out, asock, sock_port == 0)) {
+        BIO_closesocket(asock);
+        ERR_print_errors(bio_err);
+        goto end;
     }
 
     if (accept_sock != NULL)
diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index 7bb720a823..8bd9eacde9 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -28,15 +28,13 @@ plan skip_all => "These tests are not supported in a no-cmp build"
     if disabled("cmp");
 plan skip_all => "These tests are not supported in a no-ec build"
     if disabled("ec");
+plan skip_all => "These tests are not supported in a no-sock build"
+    if disabled("sock");
 
 plan skip_all => "Tests involving local HTTP server not available on Windows, AIX or VMS"
     if $^O =~ /^(VMS|MSWin32|AIX)$/;
 plan skip_all => "Tests involving local HTTP server not available in cross-compile builds"
     if defined $ENV{EXE_SHELL};
-plan skip_all => "Tests involving local HTTP server require 'kill' command"
-    if system("which kill >/dev/null");
-plan skip_all => "Tests involving local HTTP server require 'lsof' command"
-    if system("which lsof >/dev/null"); # this typically excludes Solaris
 
 sub chop_dblquot { # chop any leading and trailing '"' (needed for Windows)
     my $str = shift;
@@ -65,6 +63,7 @@ my $pbm_ref;    # The reference for PBM
 my $pbm_secret; # The secret for PBM
 my $column;     # The column number of the expected result
 my $sleep = 0;  # The time to sleep between two requests
+my $server_fh;  # Server file handle
 
 # The local $server_name variables below are among others taken as the name of a
 # sub-directory with server-specific certs etc. and CA-specific config section.
@@ -131,6 +130,9 @@ sub test_cmp_http {
     my $params = shift;
     my $expected_exit = shift;
     my $path_app = bldtop_dir($app);
+    $params = [ '-server', "127.0.0.1:$server_port", @$params ]
+        unless grep { $_ eq '-server' } @$params;
+
     with({ exit_checker => sub {
         my $actual_exit = shift;
         my $OK = $actual_exit == $expected_exit;
@@ -265,28 +267,32 @@ sub load_tests {
     return \@result;
 }
 
-sub mock_server_pid {
-    return `lsof -iTCP:$server_port` =~ m/\n\S+\s+(\d+)\s+[^\n]+LISTEN/s ? $1 : 0;
-}
-
 sub start_mock_server {
     my $args = $_[0]; # optional further CLI arguments
     my $dir = bldtop_dir("");
-    my $cmd = "LD_LIBRARY_PATH=$dir DYLD_LIBRARY_PATH=$dir " .
-        bldtop_dir($app) . " -config server.cnf $args";
-    my $pid = mock_server_pid();
-    if ($pid) {
-        print "Mock server already running with pid=$pid\n";
-        return $pid;
-    }
+    local $ENV{LD_LIBRARY_PATH} = $dir;
+    local $ENV{DYLD_LIBRARY_PATH} = $dir;
+    my $cmd = bldtop_dir($app) . " -config server.cnf $args";
     print "Current directory is ".getcwd()."\n";
-    print "Launching mock server listening on port $server_port: $cmd\n";
-    return system("$cmd &") == 0 # start in background, check for success
-        ? (sleep 1, mock_server_pid()) : 0;
+    print "Launching mock server: $cmd\n";
+    my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd";
+    print "Pid is: $pid\n";
+    # Find out the actual server port
+    while (<$server_fh>) {
+        print;
+        s/\R$//;                # Better chomp
+        next unless (/^ACCEPT\s.*:(\d+)$/);
+        $server_port = $1;
+        $server_tls = $1;
+        $kur_port = $1;
+        $pbm_port = $1;
+        last;
+    }
+    return $pid;
 }
 
 sub stop_mock_server {
     my $pid = $_[0];
     print "Killing mock server with pid=$pid\n";
-    system("kill $pid") if $pid;
+    kill('QUIT', $pid) if $pid;
 }
diff --git a/test/recipes/80-test_cmp_http_data/Mock/server.cnf b/test/recipes/80-test_cmp_http_data/Mock/server.cnf
index c8fe8edcc6..24a6ebb9f6 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/server.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/server.cnf
@@ -1,6 +1,7 @@
 [cmp] # mock server configuration
 
-port = 1700
+# port 0 means that a random available port will be used
+port = 0
 srv_cert = server.crt
 srv_key = server.key
 srv_secret = pass:test
diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
index 22ca0f2362..503ded18e3 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
@@ -17,8 +17,8 @@ policies = certificatePolicies
 [Mock] # the built-in OpenSSL CMP mock server
 no_check_time = 1
 server_host = 127.0.0.1 # localhost
-server_port = 1700
-server_tls = 0
+server_port = 0
+server_tls = $server_port
 server_cert = server.crt
 server = $server_host:$server_port
 server_path = pkix/
@@ -30,8 +30,8 @@ expect_sender = $server_dn
 subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
 newkey = signer.key
 out_trusted = signer_root.crt
-kur_port = 1700
-pbm_port = 1700
+kur_port = $server_port
+pbm_port = $server_port
 pbm_ref =
 pbm_secret = pass:test
 cert = signer.crt
diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv
index 3276eb5fb3..b3290e0e73 100644
--- a/test/recipes/80-test_cmp_http_data/test_connection.csv
+++ b/test/recipes/80-test_cmp_http_data/test_connection.csv
@@ -14,7 +14,7 @@ TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
 1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
 TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,
 1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,

From no-reply at appveyor.com  Sun May 16 10:59:11 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 16 May 2021 10:59:11 +0000
Subject: Build failed: openssl master.42062
Message-ID: <20210516105911.1.A864A22D077A2835@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210516/a1f62dd3/attachment.html>

From shane.lontis at oracle.com  Sun May 16 23:32:42 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 16 May 2021 23:32:42 +0000
Subject: [openssl]  master update
Message-ID: <1621207962.355266.10369.nullmailer@dev.openssl.org>

The branch master has been updated
       via  00b8706c71aaa46c1b5adcc2210ccd3f9d374b6c (commit)
      from  a1f63873ce33abf8ffc7b234ea27b587e1bcc0f2 (commit)


- Log -----------------------------------------------------------------
commit 00b8706c71aaa46c1b5adcc2210ccd3f9d374b6c
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu May 13 18:03:42 2021 +1000

    Fix OSSL_DECODER_new_for_pkey() selection parameter documentation
    
    Fixes #14518
    
    EVP_PKEY_fromdata() already defines this value so we link to this
    documentation, 0 is also added as a possible input value.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15260)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod |  7 ++++++
 doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod | 34 +++---------------------------
 2 files changed, 10 insertions(+), 31 deletions(-)

diff --git a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
index 695cdf78ed..5a01a19ebe 100644
--- a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
+++ b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
@@ -108,6 +108,13 @@ C<type-specific>.  This is the structure used for keys encoded
 according to key type specific specifications.  For example, RSA keys
 encoded according to PKCS#1.
 
+=head2 Selections
+
+I<selection> can be any one of the values described in
+L<EVP_PKEY_fromdata(3)/Selections>.
+Additionally I<selection> can also be set to B<0> to indicate that the code will
+auto detect the selection.
+
 =head1 RETURN VALUES
 
 OSSL_DECODER_CTX_new_for_pkey() returns a pointer to a
diff --git a/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod b/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
index 674b5c3799..9db6e3d2a4 100644
--- a/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
+++ b/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
@@ -108,38 +108,10 @@ The output is the I<selection> of the I<pkey> in PEM format.
 
 =head2 Selections
 
-=begin comment
+I<selection> can be any one of the values described in
+L<EVP_PKEY_fromdata(3)/Selections>.
 
-These constants should really be documented among the EVP manuals, but this
-will have to do for now.
-
-=end comment
-
-The following constants can be used for standard I<selection>:
-
-=over 4
-
-=item B<EVP_PKEY_KEY_PARAMETERS>
-
-Indicates that only the key parameters should be included in the output.
-Where it matters, the data type in the output will indicate that the data is
-parameters, not a key.
-
-=item B<EVP_PKEY_PUBLIC_KEY>
-
-Indicates that the public key and eventual key parameters will be included
-in the output.  Where it matters, the data type in the output will indicate
-that the data is a public key.
-
-=item B<EVP_PKEY_KEYPAIR>
-
-Indicates that the private key, the public key and eventual key parameters
-should be included in the output.  Where it matters, the data type in the
-output will indicate that the data is a private key.
-
-=back
-
-These are only indications, the encoder implementations are free to
+These are only 'hints' since the encoder implementations are free to
 determine what makes sense to include in the output, and this may depend on
 the desired output.  For example, an EC key in a PKCS#8 structure doesn't
 usually include the public key.

From shane.lontis at oracle.com  Sun May 16 23:28:28 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 16 May 2021 23:28:28 +0000
Subject: [openssl]  master update
Message-ID: <1621207708.861350.7299.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a1f63873ce33abf8ffc7b234ea27b587e1bcc0f2 (commit)
      from  b422ba3dda5d85c295aae6205909a6eeb4921c4b (commit)


- Log -----------------------------------------------------------------
commit a1f63873ce33abf8ffc7b234ea27b587e1bcc0f2
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu May 13 18:49:52 2021 +1000

    Fix compiler error when using config option 'enable-acvp-tests'
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15264)

-----------------------------------------------------------------------

Summary of changes:
 test/acvp_test.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/test/acvp_test.c b/test/acvp_test.c
index d400a81174..339c2fb965 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -450,7 +450,7 @@ static int dsa_create_pkey(EVP_PKEY **pkey,
                            const unsigned char *g, size_t g_len,
                            const unsigned char *seed, size_t seed_len,
                            int counter,
-                           const char *validate_type,
+                           int validate_pq, int validate_g,
                            const unsigned char *pub, size_t pub_len,
                            BN_CTX *bn_ctx)
 {
@@ -463,9 +463,12 @@ static int dsa_create_pkey(EVP_PKEY **pkey,
     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
         || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
         || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
-        || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
-                         OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
-                         validate_type, 0))
+        || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
+                                              OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
+                                              validate_pq))
+        || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
+                                              OSSL_PKEY_PARAM_FFC_VALIDATE_G,
+                                              validate_g))
         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
         || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
         || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
@@ -524,7 +527,7 @@ static int dsa_pqver_test(int id)
         || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
                                       tst->q, tst->q_len, NULL, 0,
                                       tst->seed, tst->seed_len, tst->counter,
-                                      OSSL_FFC_PARAM_VALIDATE_PQ,
+                                      1, 0,
                                       NULL, 0,
                                       bn_ctx))
         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
@@ -625,7 +628,7 @@ static int dsa_sigver_test(int id)
     if (!TEST_ptr(bn_ctx = BN_CTX_new())
         || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
                                       tst->q, tst->q_len, tst->g, tst->g_len,
-                                      NULL, 0, 0, "", tst->pub, tst->pub_len,
+                                      NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
                                       bn_ctx)))
         goto err;
 

From shane.lontis at oracle.com  Sun May 16 23:35:58 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 16 May 2021 23:35:58 +0000
Subject: [openssl]  master update
Message-ID: <1621208158.061367.28772.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f2ceefc3f9ffe5936b775eba69be8ffb42fd20ea (commit)
      from  00b8706c71aaa46c1b5adcc2210ccd3f9d374b6c (commit)


- Log -----------------------------------------------------------------
commit f2ceefc3f9ffe5936b775eba69be8ffb42fd20ea
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu May 13 13:02:38 2021 +1000

    Add doc for ERR_clear_last_mark().
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15258)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/ERR_set_mark.pod | 13 ++++++++-----
 util/missingcrypto.txt    |  1 -
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/doc/man3/ERR_set_mark.pod b/doc/man3/ERR_set_mark.pod
index 224e2b698e..e61d5c61ed 100644
--- a/doc/man3/ERR_set_mark.pod
+++ b/doc/man3/ERR_set_mark.pod
@@ -2,15 +2,16 @@
 
 =head1 NAME
 
-ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark
+ERR_set_mark, ERR_clear_last_mark, ERR_pop_to_mark
+- set mark, clear mark and pop errors until mark
 
 =head1 SYNOPSIS
 
  #include <openssl/err.h>
 
  int ERR_set_mark(void);
-
  int ERR_pop_to_mark(void);
+ int ERR_clear_last_mark(void);
 
 =head1 DESCRIPTION
 
@@ -20,16 +21,18 @@ is one.
 ERR_pop_to_mark() will pop the top of the error stack until a mark is found.
 The mark is then removed.  If there is no mark, the whole stack is removed.
 
+ERR_clear_last_mark() removes the last mark added if there is one.
+
 =head1 RETURN VALUES
 
 ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.
 
-ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which
-implies that the stack became empty, otherwise 1.
+ERR_clear_last_mark() and ERR_pop_to_mark() return 0 if there was no mark in the
+error stack, which implies that the stack became empty, otherwise 1.
 
 =head1 COPYRIGHT
 
-Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 9eefc090f8..5847e6446b 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -596,7 +596,6 @@ EVP_SIGNATURE-ECDSA(7)
 EVP_SIGNATURE-ED25519(7)
 EVP_SIGNATURE-ED448(7)
 EVP_SIGNATURE-RSA(7)
-ERR_clear_last_mark(3)
 ERR_get_state(3)
 ERR_load_ASN1_strings(3)
 ERR_load_ASYNC_strings(3)

From shane.lontis at oracle.com  Sun May 16 23:58:14 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 16 May 2021 23:58:14 +0000
Subject: [openssl]  master update
Message-ID: <1621209494.460619.6049.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f5680cd0eb7fdf95db5a55028b889ea56295dac9 (commit)
      from  f2ceefc3f9ffe5936b775eba69be8ffb42fd20ea (commit)


- Log -----------------------------------------------------------------
commit f5680cd0eb7fdf95db5a55028b889ea56295dac9
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 14 14:00:22 2021 +0100

    Add a CHANGES entry for fully pluggable groups
    
    Fixes #12283
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15282)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md | 7 +++++++
 NEWS.md    | 1 +
 2 files changed, 8 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 8c72ac33d0..eb199fac70 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -315,6 +315,13 @@ OpenSSL 3.0
 
    *Matt Caswell*
 
+ * Implemented support for fully "pluggable" TLSv1.3 groups. This means that
+   providers may supply their own group implementations (using either the "key
+   exchange" or the "key encapsulation" methods) which will automatically be
+   detected and used by libssl.
+
+   *Matt Caswell, Nicola Tuveri*
+
  * The undocumented function X509_certificate_type() has been deprecated;
    applications can use X509_get0_pubkey() and X509_get0_signature() to
    get the same information.
diff --git a/NEWS.md b/NEWS.md
index 78d0772b9a..13b2511651 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,7 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
+  * Implemented support for fully "pluggable" TLSv1.3 groups
   * Added suport for Kernel TLS (KTLS)
   * Changed the license to the Apache License v2.0.
   * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,

From no-reply at appveyor.com  Mon May 17 00:18:55 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 00:18:55 +0000
Subject: Build failed: openssl master.42063
Message-ID: <20210517001855.1.B05880C6ACAC17FF@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/3bc01007/attachment.html>

From pauli at openssl.org  Mon May 17 00:22:49 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Mon, 17 May 2021 00:22:49 +0000
Subject: [openssl]  master update
Message-ID: <1621210969.331176.22030.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d7970dd963134534340ad00fa62cb1180daf5cb0 (commit)
      from  f5680cd0eb7fdf95db5a55028b889ea56295dac9 (commit)


- Log -----------------------------------------------------------------
commit d7970dd963134534340ad00fa62cb1180daf5cb0
Author: Petr Gotthard <petr.gotthard at centrum.cz>
Date:   Sat May 15 23:29:34 2021 +0200

    Fix pointer passed to provider_unquery_operation
    
    Walking through the `map` modifies the pointer passed to the `unquery`
    operation.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15295)

-----------------------------------------------------------------------

Summary of changes:
 crypto/core_algorithm.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c
index 50344fbe2d..1a2e798c2c 100644
--- a/crypto/core_algorithm.c
+++ b/crypto/core_algorithm.c
@@ -59,11 +59,10 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata)
         map = ossl_provider_query_operation(provider, cur_operation,
                                             &no_store);
         if (map != NULL) {
-            while (map->algorithm_names != NULL) {
-                const OSSL_ALGORITHM *thismap = map++;
+            const OSSL_ALGORITHM *thismap;
 
+            for (thismap = map; thismap->algorithm_names != NULL; thismap++)
                 data->fn(provider, thismap, no_store, data->data);
-            }
         }
         ossl_provider_unquery_operation(provider, cur_operation, map);
 

From no-reply at appveyor.com  Mon May 17 01:12:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 01:12:02 +0000
Subject: Build failed: openssl master.42064
Message-ID: <20210517011202.1.673D7373CB1DCD24@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/1278fa51/attachment.html>

From no-reply at appveyor.com  Mon May 17 02:04:37 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 02:04:37 +0000
Subject: Build failed: openssl master.42065
Message-ID: <20210517020437.1.574CD77B65984158@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/858d142e/attachment.html>

From no-reply at appveyor.com  Mon May 17 03:02:09 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 03:02:09 +0000
Subject: Build failed: openssl master.42066
Message-ID: <20210517030209.1.7FC6A56918BD2E20@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/44afd9fb/attachment.html>

From no-reply at appveyor.com  Mon May 17 03:57:59 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 03:57:59 +0000
Subject: Build failed: openssl master.42067
Message-ID: <20210517035759.1.26BCEB58DF85291D@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/7db727f3/attachment.html>

From tomas at openssl.org  Mon May 17 08:41:58 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Mon, 17 May 2021 08:41:58 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1621240918.373388.23207.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  7e12c2b3d9ccf97186e4d2cb27aafb084c893ce5 (commit)
       via  c054a6d45dab1bbe38e1c89518e40ba9a9660baa (commit)
      from  b743b16113ca0e30c383191c804de37dbfc4f12e (commit)


- Log -----------------------------------------------------------------
commit 7e12c2b3d9ccf97186e4d2cb27aafb084c893ce5
Author: Theo Buehler <tb at openbsd.org>
Date:   Sat May 1 13:09:10 2021 +0200

    Test oct2point for hybrid point encoding of (0, y)
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15112)

commit c054a6d45dab1bbe38e1c89518e40ba9a9660baa
Author: Theo Buehler <tb at openbsd.org>
Date:   Sat May 1 12:25:50 2021 +0200

    Avoid division by zero in hybrid point encoding
    
    In hybrid and compressed point encodings, the form octet contains a bit
    of information allowing to calculate y from x.  For a point on a binary
    curve, this bit is zero if x is zero, otherwise it must match the
    rightmost bit of of the field element y / x.  The existing code only
    considers the second possibility. It could thus incorrecly fail with a
    division by zero error as found by Guido Vranken's cryptofuzz.
    
    This commit adds a few explanatory comments to oct2point. The only
    actual code change is in the last hunk which adds a BN_is_zero(x)
    check to avoid the division by zero.
    
    Fixes #15021
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15112)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec2_oct.c | 41 +++++++++++++++++++++++++++++++++--------
 test/ectest.c       | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 84 insertions(+), 9 deletions(-)

diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 48543265ee..a0ff0496b3 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -247,9 +247,21 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
         return 0;
     }
-    form = buf[0];
-    y_bit = form & 1;
-    form = form & ~1U;
+
+    /*
+     * The first octet is the point converison octet PC, see X9.62, page 4
+     * and section 4.4.2.  It must be:
+     *     0x00          for the point at infinity
+     *     0x02 or 0x03  for compressed form
+     *     0x04          for uncompressed form
+     *     0x06 or 0x07  for hybrid form.
+     * For compressed or hybrid forms, we store the last bit of buf[0] as
+     * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
+     * We error if buf[0] contains any but the above values.
+     */
+    y_bit = buf[0] & 1;
+    form = buf[0] & ~1U;
+
     if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
         && (form != POINT_CONVERSION_UNCOMPRESSED)
         && (form != POINT_CONVERSION_HYBRID)) {
@@ -261,6 +273,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
         return 0;
     }
 
+    /* The point at infinity is represented by a single zero octet. */
     if (form == 0) {
         if (len != 1) {
             ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
@@ -312,11 +325,23 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
             goto err;
         }
         if (form == POINT_CONVERSION_HYBRID) {
-            if (!group->meth->field_div(group, yxi, y, x, ctx))
-                goto err;
-            if (y_bit != BN_is_odd(yxi)) {
-                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                goto err;
+            /*
+             * Check that the form in the encoding was set correctly
+             * according to X9.62 4.4.2.a, 4(c), see also first paragraph
+             * of X9.62, 4.4.1.b.
+             */
+            if (BN_is_zero(x)) {
+                if (y_bit != 0) {
+                    ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
+            } else {
+                if (!group->meth->field_div(group, yxi, y, x, ctx))
+                    goto err;
+                if (y_bit != BN_is_odd(yxi)) {
+                    ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
             }
         }
 
diff --git a/test/ectest.c b/test/ectest.c
index 9bdbf70afb..bb2ff699c6 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1124,7 +1124,56 @@ err:
     BN_free(yplusone);
     return r;
 }
-# endif
+
+static int hybrid_point_encoding_test(void)
+{
+    BIGNUM *x = NULL, *y = NULL;
+    EC_GROUP *group = NULL;
+    EC_POINT *point = NULL;
+    unsigned char *buf = NULL;
+    size_t len;
+    int r = 0;
+
+    if (!TEST_true(BN_dec2bn(&x, "0"))
+        || !TEST_true(BN_dec2bn(&y, "1"))
+        || !TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_sect571k1))
+        || !TEST_ptr(point = EC_POINT_new(group))
+        || !TEST_true(EC_POINT_set_affine_coordinates(group, point, x, y, NULL))
+        || !TEST_size_t_ne(0, (len = EC_POINT_point2oct(group,
+                                                        point,
+                                                        POINT_CONVERSION_HYBRID,
+                                                        NULL,
+                                                        0,
+                                                        NULL)))
+        || !TEST_ptr(buf = OPENSSL_malloc(len))
+        || !TEST_size_t_eq(len, EC_POINT_point2oct(group,
+                                                   point,
+                                                   POINT_CONVERSION_HYBRID,
+                                                   buf,
+                                                   len,
+                                                   NULL)))
+        goto err;
+
+    r = 1;
+
+    /* buf contains a valid hybrid point, check that we can decode it. */
+    if (!TEST_true(EC_POINT_oct2point(group, point, buf, len, NULL)))
+        r = 0;
+
+    /* Flip the y_bit and verify that the invalid encoding is rejected. */
+    buf[0] ^= 1;
+    if (!TEST_false(EC_POINT_oct2point(group, point, buf, len, NULL)))
+        r = 0;
+
+err:
+    BN_free(x);
+    BN_free(y);
+    EC_GROUP_free(group);
+    EC_POINT_free(point);
+    OPENSSL_free(buf);
+    return r;
+}
+#endif
 
 static int internal_curve_test(int n)
 {
@@ -2195,6 +2244,7 @@ int setup_tests(void)
     ADD_ALL_TESTS(cardinality_test, crv_len);
     ADD_TEST(prime_field_tests);
 # ifndef OPENSSL_NO_EC2M
+    ADD_TEST(hybrid_point_encoding_test);
     ADD_TEST(char2_field_tests);
     ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
 # endif

From tomas at openssl.org  Mon May 17 08:53:53 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Mon, 17 May 2021 08:53:53 +0000
Subject: [openssl]  master update
Message-ID: <1621241633.908808.28250.nullmailer@dev.openssl.org>

The branch master has been updated
       via  55373bfd419ca010a15aac18c88c94827e2f3a92 (commit)
      from  d7970dd963134534340ad00fa62cb1180daf5cb0 (commit)


- Log -----------------------------------------------------------------
commit 55373bfd419ca010a15aac18c88c94827e2f3a92
Author: Rich Salz <rsalz at akamai.com>
Date:   Thu May 6 12:56:35 2021 -0400

    Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
    
    Add -client_renegotiation flag support.  The -client_renegotiation flag is
    equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
    the config code, and the documentation.
    
    Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
    always enable it, but there are so many tests so this is the easiest thing
    to do.
    
    Add a test where client tries to renegotiate and it fails as expected. Add
    a test where server tries to renegotiate and it succeeds. The second test
    is supported by a new flag, -immediate_renegotiation, which is ignored on
    the client.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15184)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                           |  6 ++++++
 apps/include/opt.h                   | 10 ++++++++--
 apps/lib/s_cb.c                      |  8 +++-----
 apps/s_client.c                      |  4 +++-
 apps/s_server.c                      |  6 ++++++
 doc/man3/SSL_CONF_cmd.pod            | 20 ++++++++++++++++----
 doc/perlvars.pm                      |  3 +++
 ssl/ssl_conf.c                       |  5 +++++
 ssl/ssl_lib.c                        | 27 +++++++++++++++------------
 ssl/statem/statem_srvr.c             |  6 +++++-
 test/helpers/ssltestlib.c            |  4 +++-
 test/recipes/70-test_renegotiation.t | 35 +++++++++++++++++++++++++++++++++--
 test/recipes/70-test_sslmessages.t   |  1 +
 test/ssl_test.c                      | 24 ++++++++++++++++++------
 14 files changed, 125 insertions(+), 34 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index eb199fac70..12f4c820d9 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -29,6 +29,12 @@ OpenSSL 3.0
 
    * Rich Salz *
 
+ * Client-initiated renegotiation is disabled by default. To allow it, use
+   the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION
+   flag, or the "ClientRenegotiation" config parameter as appropriate.
+
+   * Rich Salz *
+
  * Add "abspath" and "includedir" pragma's to config files, to prevent,
    or modify relative pathname inclusion.
 
diff --git a/apps/include/opt.h b/apps/include/opt.h
index c6ec09f882..5d85877301 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -155,13 +155,14 @@
         OPT_S__FIRST=3000, \
         OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
         OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
-        OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
+        OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \
+        OPT_S_LEGACYCONN, \
         OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
         OPT_S_PRIORITIZE_CHACHA, \
         OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
         OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
         OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
-        OPT_S_MINPROTO, OPT_S_MAXPROTO, \
+        OPT_S_MINPROTO, OPT_S_MAXPROTO, OPT_S_IMMEDIATE_RENEG, \
         OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
 
 # define OPT_S_OPTIONS \
@@ -179,6 +180,8 @@
         {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
         {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
             "Enable use of legacy renegotiation (dangerous)"}, \
+        {"client_renegotiation", OPT_S_CLIENTRENEG, '-', \
+            "Allow client-initiated renegotiation" }, \
         {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
             "Disable all renegotiation."}, \
         {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
@@ -208,6 +211,8 @@
         {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
         {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
         {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
+        {"immediate_renegotiation", OPT_S_IMMEDIATE_RENEG, '-', \
+            "Immediately attempt renegotiation"}, \
         {"record_padding", OPT_S_RECORD_PADDING, 's', \
             "Block size to pad TLS 1.3 records to."}, \
         {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
@@ -228,6 +233,7 @@
         case OPT_S_NOTICKET: \
         case OPT_S_SERVERPREF: \
         case OPT_S_LEGACYRENEG: \
+        case OPT_S_CLIENTRENEG: \
         case OPT_S_LEGACYCONN: \
         case OPT_S_ONRESUMP: \
         case OPT_S_NOLEGACYCONN: \
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index bdd5051ee6..e3d9ec1916 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1233,12 +1233,10 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
     for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
         const char *flag = sk_OPENSSL_STRING_value(str, i);
         const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
+
         if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
-            if (arg != NULL)
-                BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
-                           flag, arg);
-            else
-                BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
+            BIO_printf(bio_err, "Call to SSL_CONF_cmd(%s, %s) failed\n",
+                       flag, arg == NULL ? "<NULL>" : arg);
             ERR_print_errors(bio_err);
             return 0;
         }
diff --git a/apps/s_client.c b/apps/s_client.c
index 1aa7a3b7de..1754d3e1a4 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1047,6 +1047,9 @@ int s_client_main(int argc, char **argv)
         case OPT_BRIEF:
             c_brief = verify_args.quiet = c_quiet = 1;
             break;
+        case OPT_S_IMMEDIATE_RENEG:
+            /* Option ignored on client. */
+            break;
         case OPT_S_CASES:
             if (ssl_args == NULL)
                 ssl_args = sk_OPENSSL_STRING_new_null();
@@ -2673,7 +2676,6 @@ int s_client_main(int argc, char **argv)
             tty_on = 1;
             if (in_init) {
                 in_init = 0;
-
                 if (c_brief) {
                     BIO_puts(bio_err, "CONNECTION ESTABLISHED\n");
                     print_ssl_summary(con);
diff --git a/apps/s_server.c b/apps/s_server.c
index 5d9e8cd568..51b5c9d381 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -78,6 +78,7 @@ static int accept_socket = -1;
 static int s_nbio = 0;
 static int s_nbio_test = 0;
 static int s_crlf = 0;
+static int immediate_reneg = 0;
 static SSL_CTX *ctx = NULL;
 static SSL_CTX *ctx2 = NULL;
 static int www = 0;
@@ -1258,6 +1259,9 @@ int s_server_main(int argc, char *argv[])
             if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
                 goto opthelp;
             break;
+        case OPT_S_IMMEDIATE_RENEG:
+            immediate_reneg = 1;
+            break;
         case OPT_S_CASES:
         case OPT_S_NUM_TICKETS:
         case OPT_ANTI_REPLAY:
@@ -2784,6 +2788,8 @@ static int init_ssl_connection(SSL *con)
     } else {
         do {
             i = SSL_accept(con);
+            if (immediate_reneg)
+                SSL_renegotiate(con);
 
             if (i <= 0)
                 retry = is_retryable(con, i);
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 8da8f7f060..bbd622a687 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -58,9 +58,15 @@ Use server and not client preference order when determining which cipher suite,
 signature algorithm or elliptic curve to use for an incoming connection.
 Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers.
 
+=item B<-client_renegotiation>
+
+Allows servers to accept client-initiated renegotiation. Equivalent to
+setting B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION>.
+Only used by servers.
+
 =item B<-legacyrenegotiation>
 
-permits the use of unsafe legacy renegotiation. Equivalent to setting
+Permits the use of unsafe legacy renegotiation. Equivalent to setting
 B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
 
 =item B<-no_renegotiation>
@@ -70,13 +76,19 @@ B<SSL_OP_NO_RENEGOTIATION>.
 
 =item B<-no_resumption_on_reneg>
 
-set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.
+Sets B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION>. Only used by servers.
 
 =item B<-legacy_server_connect>, B<-no_legacy_server_connect>
 
-permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
+Permits or prohibits the use of unsafe legacy renegotiation for OpenSSL
 clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>.
 
+=item B<-immediate_renegotiation>
+
+Try to do a renegotiation immediately after the handshake.
+This is for debugging and has no option equivalent.
+Ignored by the B<openssl s_client> command.
+
 =item B<-prioritize_chacha>
 
 Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of
@@ -91,7 +103,7 @@ that there will be no forward secrecy for the resumed session.
 
 =item B<-strict>
 
-enables strict mode protocol handling. Equivalent to setting
+Enables strict mode protocol handling. Equivalent to setting
 B<SSL_CERT_FLAG_TLS_STRICT>.
 
 =item B<-sigalgs> I<algs>
diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index 91dd5d8284..ab52a086ee 100644
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -179,9 +179,11 @@ $OpenSSL::safe::opt_s_synopsis = ""
 . "[B<-comp>]\n"
 . "[B<-no_ticket>]\n"
 . "[B<-serverpref>]\n"
+. "[B<-client_renegotiation>]\n"
 . "[B<-legacy_renegotiation>]\n"
 . "[B<-no_renegotiation>]\n"
 . "[B<-no_resumption_on_reneg>]\n"
+. "[B<-immediate_renegotiation>]\n"
 . "[B<-legacy_server_connect>]\n"
 . "[B<-no_legacy_server_connect>]\n"
 . "[B<-allow_no_dhe_kex>]\n"
@@ -201,6 +203,7 @@ $OpenSSL::safe::opt_s_synopsis = ""
 . "[B<-no_middlebox>]";
 $OpenSSL::safe::opt_s_item = ""
 . "=item B<-bugs>, B<-comp>, B<-no_comp>, B<-no_ticket>, B<-serverpref>,\n"
+. "B<-client_renegotiation>, B<_immediate_renegotiation>\n"
 . "B<-legacy_renegotiation>, B<-no_renegotiation>, B<-no_resumption_on_reneg>,\n"
 . "B<-legacy_server_connect>, B<-no_legacy_server_connect>,\n"
 . "B<-allow_no_dhe_kex>, B<-prioritize_chacha>, B<-strict>, B<-sigalgs>\n"
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 8d1663c0cc..b15c847176 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -383,6 +383,8 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
         SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
         SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
                      SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+        SSL_FLAG_TBL("ClientRenegotiation",
+                     SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
         SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
         SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
         SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
@@ -688,6 +690,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_SWITCH("no_ticket", 0),
     SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
     SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("client_renegotiation", SSL_CONF_FLAG_SERVER),
     SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_CLIENT),
     SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
     SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
@@ -766,6 +769,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
     {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
     /* legacy_renegotiation */
     {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
+    /* Allow client renegotiation */
+    {SSL_OP_ALLOW_CLIENT_RENEGOTIATION, 0},
     /* legacy_server_connect */
     {SSL_OP_LEGACY_SERVER_CONNECT, 0},
     /* no_renegotiation */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 047fa1a07d..ff13442e3b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2277,39 +2277,42 @@ int SSL_get_key_update_type(const SSL *s)
     return s->key_update;
 }
 
-int SSL_renegotiate(SSL *s)
+/*
+ * Can we accept a renegotiation request?  If yes, set the flag and
+ * return 1 if yes. If not, raise error and return 0.
+ */
+static int can_renegotiate(const SSL *s)
 {
     if (SSL_IS_TLS13(s)) {
         ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
         return 0;
     }
 
-    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+    if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) {
         ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
         return 0;
     }
 
+    return 1;
+}
+
+int SSL_renegotiate(SSL *s)
+{
+    if (!can_renegotiate(s))
+        return 0;
+
     s->renegotiate = 1;
     s->new_session = 1;
-
     return s->method->ssl_renegotiate(s);
 }
 
 int SSL_renegotiate_abbreviated(SSL *s)
 {
-    if (SSL_IS_TLS13(s)) {
-        ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
+    if (!can_renegotiate(s))
         return 0;
-    }
-
-    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
-        ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
-        return 0;
-    }
 
     s->renegotiate = 1;
     s->new_session = 0;
-
     return s->method->ssl_renegotiate(s);
 }
 
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 768e1110e6..386bd983fc 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1368,6 +1368,10 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)
                                              ext_len);
 }
 
+#define RENEG_OPTIONS_OK(options) \
+    ((options & SSL_OP_NO_RENEGOTIATION) == 0 \
+     && (options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) != 0)
+
 MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
 {
     /* |cookie| will only be initialized for DTLS. */
@@ -1381,7 +1385,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;
         }
-        if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0
+        if (!RENEG_OPTIONS_OK(s->options)
                 || (!s->s3.send_connection_binding
                     && (s->options
                         & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) {
diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c
index 693084e739..daa0416be6 100644
--- a/test/helpers/ssltestlib.c
+++ b/test/helpers/ssltestlib.c
@@ -695,7 +695,9 @@ int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm,
     if (sctx != NULL) {
         if (*sctx != NULL)
             serverctx = *sctx;
-        else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)))
+        else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm))
+            || !TEST_true(SSL_CTX_set_options(serverctx,
+                                              SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
             goto err;
     }
 
diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t
index 256964266c..0dc0594775 100644
--- a/test/recipes/70-test_renegotiation.t
+++ b/test/recipes/70-test_renegotiation.t
@@ -26,6 +26,8 @@ plan skip_all => "$test_name needs the sock feature enabled"
 plan skip_all => "$test_name needs TLS <= 1.2 enabled"
     if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2"));
 
+plan tests => 6;
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 my $proxy = TLSProxy::Proxy->new(
     undef,
@@ -36,15 +38,16 @@ my $proxy = TLSProxy::Proxy->new(
 
 #Test 1: A basic renegotiation test
 $proxy->clientflags("-no_tls1_3");
+$proxy->serverflags("-client_renegotiation");
 $proxy->reneg(1);
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 4;
 ok(TLSProxy::Message->success(), "Basic renegotiation");
 
 #Test 2: Client does not send the Reneg SCSV. Reneg should fail
 $proxy->clear();
 $proxy->filter(\&reneg_filter);
 $proxy->clientflags("-no_tls1_3");
+$proxy->serverflags("-client_renegotiation");
 $proxy->reneg(1);
 $proxy->start();
 ok(TLSProxy::Message->fail(), "No client SCSV");
@@ -58,7 +61,7 @@ SKIP: {
     $proxy->filter(undef);
     $proxy->ciphers("DEFAULT:\@SECLEVEL=0");
     $proxy->clientflags("-no_tls1_3 -cipher AES128-SHA:\@SECLEVEL=0");
-    $proxy->serverflags("-no_tls1_3 -no_tls1_2");
+    $proxy->serverflags("-no_tls1_3 -no_tls1_2 -client_renegotiation");
     $proxy->reneg(1);
     $proxy->start();
     my $chversion;
@@ -87,11 +90,39 @@ SKIP: {
     $proxy->clear();
     $proxy->filter(\&sigalgs_filter);
     $proxy->clientflags("-tls1_2");
+    $proxy->serverflags("-client_renegotiation");
     $proxy->reneg(1);
     $proxy->start();
     ok(TLSProxy::Message->fail(), "client_sig_algs instead of sig_algs");
 }
 
+SKIP: {
+    skip "TLSv1.2 and TLSv1.1 disabled", 1
+        if disabled("tls1_2") && disabled("tls1_1");
+    #Test 5: Client fails to do renegotiation
+    $proxy->clear();
+    $proxy->filter(undef);
+    $proxy->serverflags("-no_tls1_3");
+    $proxy->clientflags("-no_tls1_3");
+    $proxy->reneg(1);
+    $proxy->start();
+    ok(TLSProxy::Message->fail(),
+        "Check client renegotiation failed");
+}
+
+SKIP: {
+    skip "TLSv1.2 and TLSv1.1 disabled", 1
+        if disabled("tls1_2") && disabled("tls1_1");
+    #Test 6: Server can do renegotiation
+    $proxy->clear();
+    $proxy->filter(undef);
+    $proxy->serverflags("-no_tls1_3 -immediate_renegotiation");
+    $proxy->clientflags("-no_tls1_3");
+    $proxy->start();
+    ok(TLSProxy::Message->success(),
+        "Check server renegotiation succeeded");
+}
+
 sub reneg_filter
 {
     my $proxy = shift;
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index 3f57af62d5..befc4c7e9e 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -239,6 +239,7 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
 #Test 7: A handshake with a renegotiation
 $proxy->clear();
 $proxy->clientflags("-no_tls1_3");
+$proxy->serverflags("-client_renegotiation");
 $proxy->reneg(1);
 $proxy->start();
 checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE,
diff --git a/test/ssl_test.c b/test/ssl_test.c
index 9ff766a268..4c2553ce27 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -409,12 +409,16 @@ static int test_handshake(int idx)
 #ifndef OPENSSL_NO_DTLS
     if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
         server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method());
-        if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
+        if (!TEST_true(SSL_CTX_set_options(server_ctx,
+                        SSL_OP_ALLOW_CLIENT_RENEGOTIATION))
+                || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
             goto err;
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
             if (!TEST_ptr(server2_ctx =
-                            SSL_CTX_new_ex(libctx, NULL, DTLS_server_method())))
+                            SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()))
+                    || !TEST_true(SSL_CTX_set_options(server2_ctx,
+                            SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
                 goto err;
         }
         client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method());
@@ -423,7 +427,9 @@ static int test_handshake(int idx)
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
                                                DTLS_server_method());
-            if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
+            if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0))
+                    || !TEST_true(SSL_CTX_set_options(resume_server_ctx,
+                            SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
                 goto err;
             resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
                                                DTLS_client_method());
@@ -446,13 +452,17 @@ static int test_handshake(int idx)
 #endif
 
         server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
-        if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion)))
+        if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion))
+                || !TEST_true(SSL_CTX_set_options(server_ctx,
+                            SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
             goto err;
         /* SNI on resumption isn't supported/tested yet. */
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
             if (!TEST_ptr(server2_ctx =
-                            SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
+                            SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))
+                    || !TEST_true(SSL_CTX_set_options(server2_ctx,
+                            SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
                 goto err;
             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
                                                          maxversion)))
@@ -466,7 +476,9 @@ static int test_handshake(int idx)
             resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
                                                TLS_server_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
-                                                         maxversion)))
+                                                         maxversion))
+                    || !TEST_true(SSL_CTX_set_options(resume_server_ctx,
+                            SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
                 goto err;
             resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
                                                TLS_client_method());

From matt at openssl.org  Mon May 17 09:51:53 2021
From: matt at openssl.org (Matt Caswell)
Date: Mon, 17 May 2021 09:51:53 +0000
Subject: [openssl]  master update
Message-ID: <1621245113.333545.7597.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a227ff336fc934b4a52c4659ae423dfa10efd5f3 (commit)
      from  55373bfd419ca010a15aac18c88c94827e2f3a92 (commit)


- Log -----------------------------------------------------------------
commit a227ff336fc934b4a52c4659ae423dfa10efd5f3
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 14 15:33:40 2021 +0100

    Fix a use-after-free in the child provider code
    
    If the child provider context data gets cleaned up before all usage of
    providers has finished then a use-after-free can occur. We change the
    priority of this data so that it gets freed later.
    
    Fixes #15284
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15286)

-----------------------------------------------------------------------

Summary of changes:
 crypto/provider_child.c     | 2 +-
 include/internal/cryptlib.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/provider_child.c b/crypto/provider_child.c
index 2487d43fd7..14d0054624 100644
--- a/crypto/provider_child.c
+++ b/crypto/provider_child.c
@@ -47,7 +47,7 @@ static void child_prov_ossl_ctx_free(void *vgbl)
 }
 
 static const OSSL_LIB_CTX_METHOD child_prov_ossl_ctx_method = {
-    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
+    OSSL_LIB_CTX_METHOD_LOW_PRIORITY,
     child_prov_ossl_ctx_new,
     child_prov_ossl_ctx_free,
 };
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index d943419a52..966c8f26f1 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -168,6 +168,7 @@ typedef struct ossl_ex_data_global_st {
 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX          18
 # define OSSL_LIB_CTX_MAX_INDEXES                   19
 
+# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY          -1
 # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY       0
 # define OSSL_LIB_CTX_METHOD_PRIORITY_1             1
 # define OSSL_LIB_CTX_METHOD_PRIORITY_2             2

From no-reply at appveyor.com  Mon May 17 09:55:24 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 09:55:24 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42068
Message-ID: <20210517095524.1.CAA6B10B78CDD747@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/96f93786/attachment.html>

From no-reply at appveyor.com  Mon May 17 10:50:09 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 10:50:09 +0000
Subject: Build failed: openssl master.42069
Message-ID: <20210517105009.1.898F68C8989B2541@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/b7435fde/attachment.html>

From no-reply at appveyor.com  Mon May 17 11:44:14 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 17 May 2021 11:44:14 +0000
Subject: Build failed: openssl master.42070
Message-ID: <20210517114414.1.BD831DEBAEABDE02@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210517/880446e4/attachment.html>

From pauli at openssl.org  Tue May 18 02:12:48 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 18 May 2021 02:12:48 +0000
Subject: [openssl]  master update
Message-ID: <1621303968.421358.9622.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c9cddf05424c3292956123e7fa4c16cb80867b3f (commit)
      from  a227ff336fc934b4a52c4659ae423dfa10efd5f3 (commit)


- Log -----------------------------------------------------------------
commit c9cddf05424c3292956123e7fa4c16cb80867b3f
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 10:08:13 2021 +1000

    test: conditionally exclude unused code for no-tls1.2 build
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15301)

-----------------------------------------------------------------------

Summary of changes:
 test/sslapitest.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 21220d5834..0a7295c5cb 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4649,7 +4649,9 @@ static int test_key_exchange(int idx)
     return testresult;
 }
 
-# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH)
+# if !defined(OPENSSL_NO_TLS1_2) \
+     && !defined(OPENSSL_NO_EC)  \
+     && !defined(OPENSSL_NO_DH)
 static int set_ssl_groups(SSL *serverssl, SSL *clientssl, int clientmulti,
                           int isecdhe, int idx)
 {

From no-reply at appveyor.com  Tue May 18 03:04:04 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 18 May 2021 03:04:04 +0000
Subject: Build failed: openssl master.42071
Message-ID: <20210518030404.1.F27807910D0EDC0D@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210518/5a039314/attachment.html>

From pauli at openssl.org  Tue May 18 03:26:43 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 18 May 2021 03:26:43 +0000
Subject: [openssl]  master update
Message-ID: <1621308403.357502.3254.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a94d62ab23e95630c156d00342ee9c3cf2e59515 (commit)
       via  4547a71930a27fca9ae62c38962d6dc67ee0b4bf (commit)
       via  678d0dba6cdcae7dd742d4d0d65da101e9ada1d2 (commit)
       via  84c5ad23e13a95d962fe52a5aeb23c0c525f0166 (commit)
       via  3c18459235331e0562cfd2a9de5ab87040bf55f2 (commit)
       via  634da876e0d6d95a23c5d005b1ac4354a04310d2 (commit)
       via  cef71ebb5c757bafd15926dd6f6f2a2779b9d71a (commit)
      from  c9cddf05424c3292956123e7fa4c16cb80867b3f (commit)


- Log -----------------------------------------------------------------
commit a94d62ab23e95630c156d00342ee9c3cf2e59515
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 18:16:28 2021 +1000

    apps: use else if when checking for headers in the http server code
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15300)

commit 4547a71930a27fca9ae62c38962d6dc67ee0b4bf
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 12:18:53 2021 +1000

    seal: make EVP_SealInit() library context aware
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15300)

commit 678d0dba6cdcae7dd742d4d0d65da101e9ada1d2
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 09:45:33 2021 +1000

    hmac: fix coverity 1484888 negative integer to size_t conversion
    
    More theoretical than real but easy and cheap to check for.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15300)

commit 84c5ad23e13a95d962fe52a5aeb23c0c525f0166
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 09:42:42 2021 +1000

    keymgmt: fix coverity 1484886 unchecked return value
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15300)

commit 3c18459235331e0562cfd2a9de5ab87040bf55f2
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 09:38:29 2021 +1000

    evp: fix coverity 1484885 negative integer to size_t conversion
    
    Theoretically, the IV length can come back negative which would explode.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15300)

commit 634da876e0d6d95a23c5d005b1ac4354a04310d2
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 09:33:10 2021 +1000

    provider: fix coverity 1484884: uninitialised lock use
    
    This actually fixes a more subtle problem that wasn't detected which could
    cause memory leaks.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15300)

commit cef71ebb5c757bafd15926dd6f6f2a2779b9d71a
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 09:26:48 2021 +1000

    apps: clean up the http server code
    
    Clean up some of the null checking in the http server code.
    
    This also "fixes" the false positive from coverity CID 1484883.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15300)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/http_server.c                       | 43 +++++++++++++---------------
 crypto/evp/p_seal.c                          | 22 ++++++++++----
 crypto/hmac/hmac.c                           |  5 +++-
 crypto/provider_core.c                       |  2 +-
 providers/implementations/keymgmt/ec_kmgmt.c |  7 +++--
 test/evp_extra_test.c                        | 18 +++++++++---
 6 files changed, 59 insertions(+), 38 deletions(-)

diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index ae33632598..e7e84fa4c5 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -433,36 +433,33 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
 
         key = inbuf;
         value = strchr(key, ':');
-        if (value != NULL) {
-            *(value++) = '\0';
-            while (*value == ' ')
-                value++;
-            line_end = strchr(value, '\r');
-            if (line_end == NULL)
-                line_end = strchr(value, '\n');
-            if (line_end != NULL)
-                *line_end = '\0';
-        } else {
+        if (value == NULL) {
             log_message(prog, LOG_WARNING,
                         "Error parsing HTTP header: missing ':'");
             (void)http_server_send_status(cbio, 400, "Bad Request");
             goto out;
         }
-        if (value != NULL && line_end != NULL) {
-            /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
-            if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
-                if (strcasecmp(value, "keep-alive") == 0)
-                    *found_keep_alive = 1;
-                if (strcasecmp(value, "close") == 0)
-                    *found_keep_alive = 0;
+        *(value++) = '\0';
+        while (*value == ' ')
+            value++;
+        line_end = strchr(value, '\r');
+        if (line_end == NULL) {
+            line_end = strchr(value, '\n');
+            if (line_end == NULL) {
+                log_message(prog, LOG_WARNING,
+                            "Error parsing HTTP header: missing end of line");
+                (void)http_server_send_status(cbio, 400, "Bad Request");
+                goto out;
             }
-        } else {
-            log_message(prog, LOG_WARNING,
-                        "Error parsing HTTP header: missing end of line");
-            (void)http_server_send_status(cbio, 400, "Bad Request");
-            goto out;
         }
-
+        *line_end = '\0';
+        /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
+        if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
+            if (strcasecmp(value, "keep-alive") == 0)
+                *found_keep_alive = 1;
+            else if (strcasecmp(value, "close") == 0)
+                *found_keep_alive = 0;
+        }
     }
 
 # ifdef HTTP_DAEMON
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 36900e0352..76d3278b8c 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -9,6 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/provider.h"
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
@@ -20,7 +21,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                  EVP_PKEY **pubk, int npubk)
 {
     unsigned char key[EVP_MAX_KEY_LENGTH];
-    int i;
+    const OSSL_PROVIDER *prov = EVP_CIPHER_provider(type);
+    OSSL_LIB_CTX *libctx = prov != NULL ? ossl_provider_libctx(prov) : NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    int i, len;
     int rv = 0;
 
     if (type) {
@@ -34,18 +38,22 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
         return 0;
 
-    if (EVP_CIPHER_CTX_iv_length(ctx)
-            && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+    len = EVP_CIPHER_CTX_iv_length(ctx);
+    if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len) <= 0)
+        goto err;
+
+    len = EVP_CIPHER_CTX_key_length(ctx);
+    if (len < 0)
         goto err;
 
     if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
         goto err;
 
     for (i = 0; i < npubk; i++) {
-        size_t keylen = EVP_CIPHER_CTX_key_length(ctx);
-        EVP_PKEY_CTX *pctx = NULL;
+        size_t keylen = len;
 
-        if ((pctx = EVP_PKEY_CTX_new(pubk[i], NULL)) == NULL) {
+        pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL);
+        if (pctx == NULL) {
             ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -56,8 +64,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
         ekl[i] = (int)keylen;
         EVP_PKEY_CTX_free(pctx);
     }
+    pctx = NULL;
     rv = npubk;
 err:
+    EVP_PKEY_CTX_free(pctx);
     OPENSSL_cleanse(key, sizeof(key));
     return rv;
 }
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 6d142f2cbb..f800cb8f89 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -221,10 +221,13 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
                     unsigned char *md, unsigned int *md_len)
 {
     static unsigned char static_md[EVP_MAX_MD_SIZE];
+    int size = EVP_MD_size(evp_md);
 
+    if (size < 0)
+        return NULL;
     return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_name(evp_md), NULL,
                      key, key_len, data, data_len,
-                     md == NULL ? static_md : md, EVP_MD_size(evp_md), md_len);
+                     md == NULL ? static_md : md, size, md_len);
 }
 
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index b384f74fd2..9d5248de0d 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -306,7 +306,6 @@ static OSSL_PROVIDER *provider_new(const char *name,
 #ifndef HAVE_ATOMICS
         || (prov->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL
 #endif
-        || !ossl_provider_up_ref(prov) /* +1 One reference to be returned */
         || (prov->opbits_lock = CRYPTO_THREAD_lock_new()) == NULL
         || (prov->flag_lock = CRYPTO_THREAD_lock_new()) == NULL
         || (prov->name = OPENSSL_strdup(name)) == NULL) {
@@ -315,6 +314,7 @@ static OSSL_PROVIDER *provider_new(const char *name,
         return NULL;
     }
 
+    prov->refcnt = 1; /* 1 One reference to be returned */
     prov->init_function = init_function;
 #ifndef FIPS_MODULE
     prov->flag_couldbechild = 1;
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 2673619ef4..e901275ce2 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -255,9 +255,10 @@ int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
                                              name))
         return 0;
 
-    if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0)
-        ossl_param_build_set_int(tmpl, params,
-                                 OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0);
+    if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0
+            && !ossl_param_build_set_int(tmpl, params,
+                                         OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0))
+        return 0;
 
     ecdh_cofactor_mode =
         (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 56522e4af9..10ab4bfc9e 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -818,7 +818,11 @@ static int test_EC_priv_only_legacy(void)
 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
 #endif /* OPENSSL_NO_EC */
 
-static int test_EVP_Enveloped(void)
+/*
+ * n = 0 => test using legacy cipher
+ * n = 1 => test using fetched cipher
+ */
+static int test_EVP_Enveloped(int n)
 {
     int ret = 0;
     EVP_CIPHER_CTX *ctx = NULL;
@@ -828,12 +832,16 @@ static int test_EVP_Enveloped(void)
     static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
     int len, kek_len, ciphertext_len, plaintext_len;
     unsigned char ciphertext[32], plaintext[16];
-    const EVP_CIPHER *type = NULL;
+    EVP_CIPHER *type = NULL;
 
     if (nullprov != NULL)
         return TEST_skip("Test does not support a non-default library context");
 
-    type = EVP_aes_256_cbc();
+    if (n == 0)
+        type = (EVP_CIPHER *)EVP_aes_256_cbc();
+    else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
+                                               testpropq)))
+        goto err;
 
     if (!TEST_ptr(keypair = load_example_rsa_key())
             || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
@@ -860,6 +868,8 @@ static int test_EVP_Enveloped(void)
 
     ret = 1;
 err:
+    if (n != 0)
+        EVP_CIPHER_free(type);
     OPENSSL_free(kek);
     EVP_PKEY_free(keypair);
     EVP_CIPHER_CTX_free(ctx);
@@ -2925,7 +2935,7 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
     ADD_TEST(test_EVP_DigestVerifyInit);
     ADD_TEST(test_EVP_Digest);
-    ADD_TEST(test_EVP_Enveloped);
+    ADD_ALL_TESTS(test_EVP_Enveloped, 2);
     ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
     ADD_TEST(test_privatekey_to_pkcs8);
     ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);

From no-reply at appveyor.com  Tue May 18 04:18:07 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 18 May 2021 04:18:07 +0000
Subject: Build failed: openssl master.42072
Message-ID: <20210518041807.1.28E848856237A24A@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210518/c7124b6a/attachment.html>

From tomas at openssl.org  Tue May 18 07:20:36 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 18 May 2021 07:20:36 +0000
Subject: [openssl]  master update
Message-ID: <1621322436.694067.21220.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7d72dc78ee54cc3b9163ef9b23cf22bb85015552 (commit)
      from  a94d62ab23e95630c156d00342ee9c3cf2e59515 (commit)


- Log -----------------------------------------------------------------
commit 7d72dc78ee54cc3b9163ef9b23cf22bb85015552
Author: Rich Salz <rsalz at akamai.com>
Date:   Wed May 12 11:45:37 2021 -0400

    Add -quiet flag to genpkey
    
    Picking up late suggestions to PR #6909 by Philip Prindeville
    <philipp at redfish-solutions.com>.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15249)

-----------------------------------------------------------------------

Summary of changes:
 apps/genpkey.c                  | 28 ++++++++++++++++++++--------
 doc/man1/openssl-genpkey.pod.in |  5 +++++
 2 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/apps/genpkey.c b/apps/genpkey.c
index f10390e1ba..c187cc2a70 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -15,6 +15,8 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
+static int quiet;
+
 static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
                             OSSL_LIB_CTX *libctx, const char *propq);
 static int genpkey_cb(EVP_PKEY_CTX *ctx);
@@ -23,7 +25,7 @@ typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
     OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
-    OPT_CONFIG,
+    OPT_QUIET, OPT_CONFIG,
     OPT_PROV_ENUM
 } OPTION_CHOICE;
 
@@ -35,6 +37,7 @@ const OPTIONS genpkey_options[] = {
 #endif
     {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
     {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
+    {"quiet", OPT_QUIET, 's', "Do not output status while generating keys"},
     {"pkeyopt", OPT_PKEYOPT, 's',
      "Set the public key algorithm option as opt:value"},
      OPT_CONFIG_OPTION,
@@ -111,6 +114,9 @@ int genpkey_main(int argc, char **argv)
             if (!sk_OPENSSL_STRING_push(keyopt, opt_arg()))
                 goto end;
             break;
+        case OPT_QUIET:
+            quiet = 1;
+            break;
         case OPT_GENPARAM:
             do_param = 1;
             break;
@@ -332,16 +338,22 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
 {
     char c = '*';
     BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
-    int p;
-    p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-    if (p == 0)
+
+    if (quiet)
+        return 1;
+
+    switch (EVP_PKEY_CTX_get_keygen_info(ctx, 0)) {
+    case 0:
         c = '.';
-    if (p == 1)
+        break;
+    case 1:
         c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
+        break;
+    case 3:
         c = '\n';
+        break;
+    }
+
     BIO_write(b, &c, 1);
     (void)BIO_flush(b);
     return 1;
diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in
index aa08b01f4f..9cfd9ae441 100644
--- a/doc/man1/openssl-genpkey.pod.in
+++ b/doc/man1/openssl-genpkey.pod.in
@@ -15,6 +15,7 @@ B<openssl> B<genpkey>
 [B<-help>]
 [B<-out> I<filename>]
 [B<-outform> B<DER>|B<PEM>]
+[B<-quiet>]
 [B<-pass> I<arg>]
 [B<-I<cipher>>]
 [B<-paramfile> I<file>]
@@ -51,6 +52,10 @@ See L<openssl-format-options(1)> for details.
 
 When B<-genparam> is given, B<-outform> is ignored.
 
+=item B<-quiet>
+
+Do not output "status dots" while generating keys.
+
 =item B<-pass> I<arg>
 
 The output file password source. For more information about the format of I<arg>

From no-reply at appveyor.com  Tue May 18 08:13:41 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 18 May 2021 08:13:41 +0000
Subject: Build failed: openssl master.42073
Message-ID: <20210518081341.1.E164A8206379B2B9@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210518/1ad8aee1/attachment.html>

From dev at ddvo.net  Tue May 18 09:08:54 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 18 May 2021 09:08:54 +0000
Subject: [openssl]  master update
Message-ID: <1621328934.444036.16412.nullmailer@dev.openssl.org>

The branch master has been updated
       via  80a4ac5783b1cea66983330c65df11611236869e (commit)
       via  88d96983d881254d0bcb36d79b32aac08339e0d3 (commit)
      from  7d72dc78ee54cc3b9163ef9b23cf22bb85015552 (commit)


- Log -----------------------------------------------------------------
commit 80a4ac5783b1cea66983330c65df11611236869e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 12 14:15:31 2021 +0200

    apps/s_server: Add -proxy and -no_proxy options
    
    Strongly related to feature request #6965
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15245)

commit 88d96983d881254d0bcb36d79b32aac08339e0d3
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 12 13:58:52 2021 +0200

    apps/ocsp: Add -proxy and -no_proxy options
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15245)

-----------------------------------------------------------------------

Summary of changes:
 apps/include/apps.h              |  8 ++++----
 apps/ocsp.c                      | 37 ++++++++++++++++++++++++++-----------
 apps/s_server.c                  | 27 ++++++++++++++++++++++++---
 doc/man1/openssl-ocsp.pod.in     | 21 ++++++++++++++++++++-
 doc/man1/openssl-s_server.pod.in | 19 +++++++++++++++++++
 5 files changed, 93 insertions(+), 19 deletions(-)

diff --git a/apps/include/apps.h b/apps/include/apps.h
index 41178a6e22..829c49e34e 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -175,10 +175,10 @@ const EVP_MD *get_digest_from_engine(const char *name);
 const EVP_CIPHER *get_cipher_from_engine(const char *name);
 
 # ifndef OPENSSL_NO_OCSP
-OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
-                                 const char *host, const char *path,
-                                 const char *port, int use_ssl,
-                                 STACK_OF(CONF_VALUE) *headers,
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host,
+                                 const char *port, const char *path,
+                                 const char *proxy, const char *no_proxy,
+                                 int use_ssl, STACK_OF(CONF_VALUE) *headers,
                                  int req_timeout);
 # endif
 
diff --git a/apps/ocsp.c b/apps/ocsp.c
index dd816c4221..9b26af8655 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -87,6 +87,7 @@ static int index_changed(CA_DB *);
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT,
+    OPT_PROXY, OPT_NO_PROXY,
     OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE,
     OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS,
     OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN,
@@ -158,6 +159,13 @@ const OPTIONS ocsp_options[] = {
     {"url", OPT_URL, 's', "Responder URL"},
     {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
     {"port", OPT_PORT, 'p', "Port to run responder on"},
+    {"path", OPT_PATH, 's', "Path to use in OCSP request"},
+    {"proxy", OPT_PROXY, 's',
+     "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"},
+    {"no_proxy", OPT_NO_PROXY, 's',
+     "List of addresses of servers not to use HTTP(S) proxy for"},
+    {OPT_MORE_STR, 0, 0,
+     "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
     {"out", OPT_OUTFILE, '>', "Output filename"},
     {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
     {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
@@ -184,7 +192,6 @@ const OPTIONS ocsp_options[] = {
     {"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
     {"verify_other", OPT_VERIFY_OTHER, '<',
      "Additional certificates to search for signer"},
-    {"path", OPT_PATH, 's', "Path to use in OCSP request"},
     {"cert", OPT_CERT, '<', "Certificate to check"},
     {"serial", OPT_SERIAL, 's', "Serial number to check"},
     {"validity_period", OPT_VALIDITY_PERIOD, 'u',
@@ -225,6 +232,8 @@ int ocsp_main(int argc, char **argv)
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
     char *header, *value, *respdigname = NULL;
     char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
+    char *opt_proxy = NULL;
+    char *opt_no_proxy = NULL;
     char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
     char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
     char *rsignfile = NULL, *rkeyfile = NULL;
@@ -287,6 +296,15 @@ int ocsp_main(int argc, char **argv)
         case OPT_PORT:
             port = opt_arg();
             break;
+        case OPT_PATH:
+            path = opt_arg();
+            break;
+        case OPT_PROXY:
+            opt_proxy = opt_arg();
+            break;
+        case OPT_NO_PROXY:
+            opt_no_proxy = opt_arg();
+            break;
         case OPT_IGNORE_ERR:
             ignore_err = 1;
             break;
@@ -398,9 +416,6 @@ int ocsp_main(int argc, char **argv)
         case OPT_RESPOUT:
             respout = opt_arg();
             break;
-        case OPT_PATH:
-            path = opt_arg();
-            break;
         case OPT_ISSUER:
             issuer = load_cert(opt_arg(), FORMAT_UNDEF, "issuer certificate");
             if (issuer == NULL)
@@ -702,8 +717,8 @@ redo_accept:
             send_ocsp_response(cbio, resp);
     } else if (host != NULL) {
 #ifndef OPENSSL_NO_SOCK
-        resp = process_responder(req, host, path,
-                                 port, use_ssl, headers, req_timeout);
+        resp = process_responder(req, host, port, path, opt_proxy, opt_no_proxy,
+                                 use_ssl, headers, req_timeout);
         if (resp == NULL)
             goto end;
 #else
@@ -1193,10 +1208,10 @@ static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp)
 }
 
 #ifndef OPENSSL_NO_SOCK
-OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
-                                 const char *host, const char *path,
-                                 const char *port, int use_ssl,
-                                 STACK_OF(CONF_VALUE) *headers,
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host,
+                                 const char *port, const char *path,
+                                 const char *proxy, const char *no_proxy,
+                                 int use_ssl, STACK_OF(CONF_VALUE) *headers,
                                  int req_timeout)
 {
     SSL_CTX *ctx = NULL;
@@ -1211,7 +1226,7 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
     }
 
     resp = (OCSP_RESPONSE *)
-        app_http_post_asn1(host, port, path, NULL, NULL /* no proxy used */,
+        app_http_post_asn1(host, port, path, proxy, no_proxy,
                            ctx, headers, "application/ocsp-request",
                            (ASN1_VALUE *)req, ASN1_ITEM_rptr(OCSP_REQUEST),
                            "application/ocsp-response",
diff --git a/apps/s_server.c b/apps/s_server.c
index 51b5c9d381..80c8a08c01 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -439,6 +439,7 @@ typedef struct tlsextstatusctx_st {
     char *respin;
     /* Default responder to use */
     char *host, *path, *port;
+    char *proxy, *no_proxy;
     int use_ssl;
     int verbose;
 } tlsextstatusctx;
@@ -458,6 +459,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
                                         OCSP_RESPONSE **resp)
 {
     char *host = NULL, *port = NULL, *path = NULL;
+    char *proxy = NULL, *no_proxy = NULL;
     int use_ssl;
     STACK_OF(OPENSSL_STRING) *aia = NULL;
     X509 *x = NULL;
@@ -492,6 +494,8 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
         port = srctx->port;
         use_ssl = srctx->use_ssl;
     }
+    proxy = srctx->proxy;
+    no_proxy = srctx->no_proxy;
 
     inctx = X509_STORE_CTX_new();
     if (inctx == NULL)
@@ -523,8 +527,8 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
         if (!OCSP_REQUEST_add_ext(req, ext, -1))
             goto err;
     }
-    *resp = process_responder(req, host, path, port, use_ssl, NULL,
-                             srctx->timeout);
+    *resp = process_responder(req, host, port, path, proxy, no_proxy,
+                              use_ssl, NULL /* headers */, srctx->timeout);
     if (*resp == NULL) {
         BIO_puts(bio_err, "cert_status: error querying responder\n");
         goto done;
@@ -687,7 +691,8 @@ typedef enum OPTION_choice {
     OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE,
     OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF,
     OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
-    OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE,
+    OPT_STATUS_TIMEOUT, OPT_PROXY, OPT_NO_PROXY, OPT_STATUS_URL,
+    OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE,
     OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE,
     OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
     OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK,
@@ -834,6 +839,12 @@ const OPTIONS s_server_options[] = {
     {"status_timeout", OPT_STATUS_TIMEOUT, 'n',
      "Status request responder timeout"},
     {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"},
+    {"proxy", OPT_PROXY, 's',
+     "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"},
+    {"no_proxy", OPT_NO_PROXY, 's',
+     "List of addresses of servers not to use HTTP(S) proxy for"},
+    {OPT_MORE_STR, 0, 0,
+     "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
     {"status_file", OPT_STATUS_FILE, '<',
      "File containing DER encoded OCSP Response"},
 #endif
@@ -1337,6 +1348,16 @@ int s_server_main(int argc, char *argv[])
 #ifndef OPENSSL_NO_OCSP
             s_tlsextstatus = 1;
             tlscstatp.timeout = atoi(opt_arg());
+#endif
+            break;
+        case OPT_PROXY:
+#ifndef OPENSSL_NO_OCSP
+            tlscstatp.proxy = opt_arg();
+#endif
+            break;
+        case OPT_NO_PROXY:
+#ifndef OPENSSL_NO_OCSP
+            tlscstatp.no_proxy = opt_arg();
 #endif
             break;
         case OPT_STATUS_URL:
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index 9fdb25ba5a..168817f608 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -30,9 +30,11 @@ B<openssl> B<ocsp>
 [B<-respin> I<file>]
 [B<-url> I<URL>]
 [B<-host> I<host>:I<port>]
+[B<-path>]
+[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
+[B<-no_proxy> I<addresses>]
 [B<-header>]
 [B<-timeout> I<seconds>]
-[B<-path>]
 [B<-VAfile> I<file>]
 [B<-validity_period> I<n>]
 [B<-status_age> I<n>]
@@ -167,6 +169,23 @@ I<hostname> on port I<port>. The B<-path> option specifies the HTTP pathname
 to use or "/" by default.  This is equivalent to specifying B<-url> with scheme
 http:// and the given hostname, port, and pathname.
 
+=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
+
+The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
+applies, see below.
+The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
+the optional C<http://> or C<https://> prefix is ignored,
+as well as any userinfo and path components.
+Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
+in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
+
+=item B<-no_proxy> I<addresses>
+
+List of IP addresses and/or DNS names of servers
+not to use an HTTP(S) proxy for, separated by commas and/or whitespace
+(where in the latter case the whole argument must be enclosed in "...").
+Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>.
+
 =item B<-header> I<name>=I<value>
 
 Adds the header I<name> with the specified I<value> to the OCSP request
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index f07e2ae3b4..b7c3f10336 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -73,6 +73,8 @@ B<openssl> B<s_server>
 [B<-status>]
 [B<-status_verbose>]
 [B<-status_timeout> I<int>]
+[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
+[B<-no_proxy> I<addresses>]
 [B<-status_url> I<val>]
 [B<-status_file> I<infile>]
 [B<-trace>]
@@ -462,6 +464,23 @@ a verbose printout of the OCSP response.
 
 Sets the timeout for OCSP response to I<int> seconds.
 
+=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
+
+The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
+applies, see below.
+The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
+the optional C<http://> or C<https://> prefix is ignored,
+as well as any userinfo and path components.
+Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
+in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
+
+=item B<-no_proxy> I<addresses>
+
+List of IP addresses and/or DNS names of servers
+not to use an HTTP(S) proxy for, separated by commas and/or whitespace
+(where in the latter case the whole argument must be enclosed in "...").
+Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>.
+
 =item B<-status_url> I<val>
 
 Sets a fallback responder URL to use if no responder URL is present in the

From no-reply at appveyor.com  Tue May 18 10:04:26 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 18 May 2021 10:04:26 +0000
Subject: Build failed: openssl master.42074
Message-ID: <20210518100426.1.83837527FAFF9931@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210518/5b382ed3/attachment-0001.html>

From dev at ddvo.net  Tue May 18 11:03:46 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 18 May 2021 11:03:46 +0000
Subject: [openssl]  master update
Message-ID: <1621335826.380156.3681.nullmailer@dev.openssl.org>

The branch master has been updated
       via  78c44e4f819721eb80ad95fddc360a34f9e93118 (commit)
       via  4a14ae9dc885076028cc4ec69af07b9d99fe9044 (commit)
       via  8a28134104b6e13e596b51225112afccaba4d000 (commit)
       via  f2431fe7df58d1b7f709f5065a2be3a2c01661f9 (commit)
      from  80a4ac5783b1cea66983330c65df11611236869e (commit)


- Log -----------------------------------------------------------------
commit 78c44e4f819721eb80ad95fddc360a34f9e93118
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 17 11:38:01 2021 +0200

    DOC: Fix nits found by improved find-doc-nits -c
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15298)

commit 4a14ae9dc885076028cc4ec69af07b9d99fe9044
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 17 08:48:55 2021 +0200

    ci.yml: Add cmd-nits to the doc-nits CI run
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15298)

commit 8a28134104b6e13e596b51225112afccaba4d000
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 17 08:31:50 2021 +0200

    openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15298)

commit f2431fe7df58d1b7f709f5065a2be3a2c01661f9
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun May 16 19:03:50 2021 +0200

    find-doc-nits: Make -c option (cmd-nits) independent of app build and execution
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15298)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml          |  4 +--
 Configurations/unix-Makefile.tmpl |  2 +-
 apps/{asn1pars.c => asn1parse.c}  |  0
 apps/build.info                   |  2 +-
 apps/{crl2p7.c => crl2pkcs7.c}    |  0
 apps/list.c                       |  4 +--
 doc/man1/openssl-cms.pod.in       |  8 +++++
 doc/man1/openssl-dsa.pod.in       | 17 ++++++++-
 doc/man1/openssl-list.pod.in      | 15 ++++++++
 doc/man1/openssl-rsa.pod.in       | 15 ++++++++
 doc/man1/openssl.pod              | 14 ++++----
 util/find-doc-nits                | 74 ++++++++++++++++++++++++---------------
 12 files changed, 112 insertions(+), 43 deletions(-)
 rename apps/{asn1pars.c => asn1parse.c} (100%)
 rename apps/{crl2p7.c => crl2pkcs7.c} (100%)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 46a096cb75..71750aec7a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,8 +37,8 @@ jobs:
       run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
     - name: make build_generated
       run: make -s build_generated
-    - name: make doc-nits
-      run: make doc-nits
+    - name: make doc-nits cmd-nits
+      run: make doc-nits cmd-nits
 
   # This checks that we use ANSI C language syntax and semantics.
   # We are not as strict with libraries, but rather adapt to what's
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index a80e78e86f..f729416d1d 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1066,7 +1066,7 @@ generate_buildinfo: generate_doc_buildinfo
 doc-nits: build_generated_pods
 	$(PERL) $(SRCDIR)/util/find-doc-nits -n -l -e
 
-cmd-nits: build_generated apps/openssl build_generated_pods
+cmd-nits: build_generated_pods
 	$(PERL) $(SRCDIR)/util/find-doc-nits -c
 
 # This uses "mdl", the markdownlint application, which is written in ruby.
diff --git a/apps/asn1pars.c b/apps/asn1parse.c
similarity index 100%
rename from apps/asn1pars.c
rename to apps/asn1parse.c
diff --git a/apps/build.info b/apps/build.info
index cba9803c65..b2ecdf2e3a 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -12,7 +12,7 @@ ENDIF
 # Source for the 'openssl' program
 $OPENSSLSRC=\
         openssl.c progs.c \
-        asn1pars.c ca.c ciphers.c crl.c crl2p7.c dgst.c \
+        asn1parse.c ca.c ciphers.c crl.c crl2pkcs7.c dgst.c \
         enc.c errstr.c \
         genpkey.c kdf.c mac.c nseq.c passwd.c pkcs7.c \
         pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
diff --git a/apps/crl2p7.c b/apps/crl2pkcs7.c
similarity index 100%
rename from apps/crl2p7.c
rename to apps/crl2pkcs7.c
diff --git a/apps/list.c b/apps/list.c
index bf7c9b1049..37e363ebd1 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1470,7 +1470,7 @@ const OPTIONS list_options[] = {
     {"kdf-algorithms", OPT_KDF_ALGORITHMS, '-',
      "List of key derivation and pseudo random function algorithms"},
     {"random-instances", OPT_RANDOM_INSTANCES, '-',
-     "List the primary, pubic and private random number generator details"},
+     "List the primary, public and private random number generator details"},
     {"random-generators", OPT_RANDOM_GENERATORS, '-',
      "List of random number generators"},
     {"mac-algorithms", OPT_MAC_ALGORITHMS, '-',
@@ -1490,7 +1490,7 @@ const OPTIONS list_options[] = {
      "List of key encapsulation mechanism algorithms" },
     {"signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-',
      "List of signature algorithms" },
-    { "asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-',
+    {"asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-',
       "List of asymmetric cipher algorithms" },
     {"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
      "List of public key algorithms"},
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 0ec906cbc1..5263a5d5be 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -48,6 +48,10 @@ B<openssl> B<cms>
 [B<-md> I<digest>]
 [B<-I<cipher>>]
 [B<-wrap> I<cipher>]
+[B<-aes128-wrap>]
+[B<-aes192-wrap>]
+[B<-aes256-wrap>]
+[B<-des3-wrap>]
 [B<-nointern>]
 [B<-noverify>]
 [B<-nocerts>]
@@ -322,6 +326,10 @@ Cipher algorithm to use for key wrap when encrypting the message using Key
 Agreement for key transport. The algorithm specified should be suitable for key
 wrap.
 
+=item B<-aes128-wrap>, B<-aes192-wrap>, B<-aes256-wrap>, B<-des3-wrap>
+
+Use AES128, AES192, AES256, or 3DES-EDE, respectively, to wrap key.
+
 =item B<-nointern>
 
 When verifying a message normally certificates (if any) included in
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index 68ce5f319c..494cfe8635 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -36,9 +36,12 @@ B<openssl> B<dsa>
 [B<-modulus>]
 [B<-pubin>]
 [B<-pubout>]
+[B<-pvk-strong>]
+[B<-pvk-weak>]
+[B<-pvk-none>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef pvk-string pvk-weak pvk-none engine
+=for openssl ifdef pvk-strong pvk-weak pvk-none engine
 
 =head1 DESCRIPTION
 
@@ -123,6 +126,18 @@ By default, a private key is output. With this option a public
 key will be output instead. This option is automatically set if the input is
 a public key.
 
+=item B<-pvk-strong>
+
+Enable 'Strong' PVK encoding level (default).
+
+=item B<-pvk-weak>
+
+Enable 'Weak' PVK encoding level.
+
+=item B<-pvk-none>
+
+Don't enforce PVK encoding.
+
 {- $OpenSSL::safe::opt_engine_item -}
 
 {- $OpenSSL::safe::opt_provider_item -}
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 74389dca23..2b05fa74d4 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -13,12 +13,14 @@ B<openssl list>
 [B<-select> I<name>]
 [B<-1>]
 [B<-commands>]
+[B<-standard-commands>]
 [B<-digest-algorithms>]
 {- output_off() if $disabled{"deprecated-3.0"}; ""
 -}[B<-digest-commands>]
 {- output_on() if $disabled{"deprecated-3.0"}; ""
 -}[B<-kdf-algorithms>]
 [B<-mac-algorithms>]
+[B<-random-instances>]
 [B<-random-generators>]
 [B<-cipher-algorithms>]
 {- output_off() if $disabled{"deprecated-3.0"}; ""
@@ -38,6 +40,7 @@ B<openssl list>
 -}[B<-engines>]
 {- output_on() if $disabled{"deprecated-3.0"}; ""
 -}[B<-disabled>]
+[B<-missing-help>]
 [B<-objects>]
 [B<-options> I<command>]
 {- $OpenSSL::safe::opt_provider_synopsis -}
@@ -73,6 +76,10 @@ If used, this option must be given first.
 
 Display a list of standard commands.
 
+=item B<-standard-commands>
+
+List of standard commands.
+
 =item B<-digest-commands>
 
 This option is deprecated. Use B<digest-algorithms> instead.
@@ -97,6 +104,10 @@ displayed.
 In verbose mode, the algorithms provided by a provider will get additional
 information on what parameters each implementation supports.
 
+=item B<-random-instances>
+
+List the primary, public and private random number generator details.
+
 =item B<-random-generators>
 
 Display a list of random number generators.
@@ -171,6 +182,10 @@ Display a list of loaded engines.
 Display a list of disabled features, those that were compiled out
 of the installation.
 
+=item B<-missing-help>
+
+List missing detailed help strings.
+
 =item B<-objects>
 
 Display a list of built in objects, i.e. OIDs with names.  They're listed in the
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index fab6408f14..286766e72f 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -40,6 +40,9 @@ B<openssl> B<rsa>
 [B<-pubout>]
 [B<-RSAPublicKey_in>]
 [B<-RSAPublicKey_out>]
+[B<-pvk-strong>]
+[B<-pvk-weak>]
+[B<-pvk-none>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
 =for openssl ifdef pvk-strong pvk-weak pvk-none engine
@@ -133,6 +136,18 @@ the input is a public key.
 
 Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
 
+=item B<-pvk-strong>
+
+Enable 'Strong' PVK encoding level (default).
+
+=item B<-pvk-weak>
+
+Enable 'Weak' PVK encoding level.
+
+=item B<-pvk-none>
+
+Don't enforce PVK encoding.
+
 {- $OpenSSL::safe::opt_engine_item -}
 
 {- $OpenSSL::safe::opt_provider_item -}
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 78b98ab7a6..3b47ae9729 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -13,13 +13,13 @@ I<command>
 
 B<openssl>
 B<list>
-B<-standard-commands> |
-B<-digest-commands> |
-B<-cipher-commands> |
-B<-cipher-algorithms> |
-B<-digest-algorithms> |
-B<-mac-algorithms> |
-B<-public-key-algorithms>
+B<standard-commands> |
+B<digest-commands> |
+B<cipher-commands> |
+B<cipher-algorithms> |
+B<digest-algorithms> |
+B<mac-algorithms> |
+B<public-key-algorithms>
 
 B<openssl> B<no->I<XXX> [ I<options> ]
 
diff --git a/util/find-doc-nits b/util/find-doc-nits
index a5ea78706d..f4cc771e5a 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -28,9 +28,6 @@ use configdata;
 # Set to 1 for debug output
 my $debug = 0;
 
-# Where to find openssl command
-my $openssl = "./util/opensslwrap.sh";
-
 # Options.
 our($opt_d);
 our($opt_e);
@@ -1029,21 +1026,40 @@ my %skips = (
     'digest' => 1,
 );
 
+my %genopts; # generic options parsed from apps/include/opt.h
+
 # Check the flags of a command and see if everything is in the manpage
 sub checkflags {
     my $cmd = shift;
     my $doc = shift;
-    my %cmdopts;
+    my @cmdopts;
     my %docopts;
     my %localskips;
 
-    # Get the list of options in the command.
-    open CFH, "$openssl list --options $cmd|"
-        or die "Can list options for $cmd, $!";
+    # Get the list of options in the command source file.
+    my $active = 0;
+    my $expect_helpstr = "";
+    open CFH, "apps/$cmd.c"
+        or die "Can't open apps/$cmd.c to list options for $cmd, $!";
     while ( <CFH> ) {
         chop;
-        s/ .$//;
-        $cmdopts{$_} = 1;
+        if ($active) {
+            last if m/^\s*};/;
+            if ($expect_helpstr ne "") {
+                next if m/^\s*#\s*if/;
+                err("$cmd does not implement help for -$expect_helpstr") unless m/^\s*"/;
+                $expect_helpstr = "";
+            } elsif (m/\{\s*"([^"]+)"\s*,\s*OPT_[A-Z0-9_]+\s*,\s*('[-\/:<>cEfFlMnNpsuU]'|0)\s*,(.*)$/
+                       && !($cmd eq "s_client" && $1 eq "wdebug")) {
+                push @cmdopts, $1;
+                $expect_helpstr = $1;
+                $expect_helpstr = "" if $3 =~ m/^\s*"/;
+            } elsif (m/[\s,](OPT_[A-Z]+_OPTIONS?)\s*(,|$)/) {
+                push @cmdopts, @{ $genopts{$1} };
+            }
+        } elsif (m/^const\s+OPTIONS\s*/) {
+            $active = 1;
+        }
     }
     close CFH;
 
@@ -1073,15 +1089,16 @@ sub checkflags {
     close CFH;
 
     # See what's in the command not the manpage.
-    my @undocced = sort grep { !defined $docopts{$_} } keys %cmdopts;
+    my @undocced = sort grep { !defined $docopts{$_} } @cmdopts;
     foreach ( @undocced ) {
-        next if /-/; # Skip the -- end-of-flags marker
+        next if $cmd eq "openssl" && $_ eq "help";
         err("$doc: undocumented option -$_");
     }
 
     # See what's in the command not the manpage.
-    my @unimpl = sort grep { !defined $cmdopts{$_} } keys %docopts;
+    my @unimpl = sort grep { my $e = $_; !(grep /^\Q$e\E$/, @cmdopts) } keys %docopts;
     foreach ( @unimpl ) {
+        next if $_ eq "-"; # Skip the -- end-of-flags marker
         next if defined $skips{$_} || defined $localskips{$_};
         err("$doc: $cmd does not implement -$_");
     }
@@ -1097,18 +1114,27 @@ sub checkflags {
 if ( $opt_c ) {
     my @commands = ();
 
-    # Get list of commands.
-    open FH, "$openssl list -1 -commands|"
-        or die "Can't list commands, $!";
-    while ( <FH> ) {
+    # Get the lists of generic options.
+    my $active = "";
+    open OFH, "apps/include/opt.h"
+        or die "Can't open apps/include/opt.h to list generic options, $!";
+    while ( <OFH> ) {
         chop;
-        push @commands, $_;
+        push @{ $genopts{$active} }, $1 if $active ne "" && m/^\s+\{\s*"([^"]+)"\s*,\s*OPT_/;
+        $active = $1 if m/^\s*#\s*define\s+(OPT_[A-Z]+_OPTIONS?)\s*\\\s*$/;
+        $active = "" if m/^\s*$/;
     }
-    close FH;
+    close OFH;
+
+    # Get list of commands.
+    opendir(DIR, "apps");
+    @commands = grep(/\.c$/, readdir(DIR));
+    closedir(DIR);
 
     # See if each has a manpage.
     foreach my $cmd ( @commands ) {
-        next if $cmd eq 'help' || $cmd eq 'exit';
+        $cmd =~ s/\.c$//;
+        next if $cmd eq 'progs' || $cmd eq 'cmp_mock_srv' || $cmd eq 'vms_decc_init';
         my @doc = ( grep { basename($_) eq "openssl-$cmd.pod"
                            # For "tsget" and "CA.pl" pod pages
                            || basename($_) eq "$cmd.pod" }
@@ -1123,16 +1149,6 @@ if ( $opt_c ) {
         }
     }
 
-    # See what help is missing.
-    open FH, "$openssl list --missing-help |"
-        or die "Can't list missing help, $!";
-    while ( <FH> ) {
-        chop;
-        my ($cmd, $flag) = split;
-        err("$cmd has no help for -$flag");
-    }
-    close FH;
-
     exit $status;
 }
 

From no-reply at appveyor.com  Tue May 18 11:56:12 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 18 May 2021 11:56:12 +0000
Subject: Build failed: openssl master.42075
Message-ID: <20210518115612.1.E446F7BDA99AE1BE@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210518/c8cbc5a2/attachment.html>

From dev at ddvo.net  Tue May 18 12:49:56 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 18 May 2021 12:49:56 +0000
Subject: [openssl]  master update
Message-ID: <1621342196.642420.21475.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9be5f9a8698b0d902ef1281716eda73a4d8478ed (commit)
      from  78c44e4f819721eb80ad95fddc360a34f9e93118 (commit)


- Log -----------------------------------------------------------------
commit 9be5f9a8698b0d902ef1281716eda73a4d8478ed
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 17 13:24:20 2021 +0200

    Move ossl_sleep() to e_os.h and use it in apps
    
    Fixes #15304
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15308)

-----------------------------------------------------------------------

Summary of changes:
 apps/cmp.c                  |  2 +-
 apps/lib/http_server.c      |  6 +++---
 apps/s_server.c             |  8 ++------
 crypto/bio/bio_lib.c        |  1 -
 crypto/cmp/cmp_client.c     |  1 +
 e_os.h                      | 48 +++++++++++++++++++++++++++++++++++++++++++++
 include/internal/cryptlib.h | 48 ---------------------------------------------
 test/helpers/ssltestlib.c   |  3 +--
 8 files changed, 56 insertions(+), 61 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index 70ca9a34fd..f289943a55 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2705,7 +2705,7 @@ int cmp_main(int argc, char **argv)
                                            prog, opt_port, 0, 0);
             if (ret == 0) { /* no request yet */
                 if (retry) {
-                    sleep(1);
+                    ossl_sleep(1000);
                     retry = 0;
                     continue;
                 }
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index e7e84fa4c5..b39f218507 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -96,7 +96,7 @@ static void killall(int ret, pid_t *kidpids)
         if (kidpids[i] != 0)
             (void)kill(kidpids[i], SIGTERM);
     OPENSSL_free(kidpids);
-    sleep(1);
+    ossl_sleep(1000);
     exit(ret);
 }
 
@@ -166,7 +166,7 @@ void spawn_loop(const char *prog)
                                WCOREDUMP(status) ? " (core dumped)" :
 # endif
                                "");
-                    sleep(1);
+                    ossl_sleep(1000);
                 }
                 break;
             } else if (errno != EINTR) {
@@ -180,7 +180,7 @@ void spawn_loop(const char *prog)
         switch (fpid = fork()) {
         case -1: /* error */
             /* System critically low on memory, pause and try again later */
-            sleep(30);
+            ossl_sleep(30000);
             break;
         case 0: /* child */
             OPENSSL_free(kidpids);
diff --git a/apps/s_server.c b/apps/s_server.c
index 80c8a08c01..292ffbe762 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3057,9 +3057,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
                     continue;
                 }
 #endif
-#if !defined(OPENSSL_SYS_MSDOS)
-                sleep(1);
-#endif
+                ossl_sleep(1000);
                 continue;
             }
         } else if (i == 0) {    /* end of input */
@@ -3486,9 +3484,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
                     continue;
                 }
 #endif
-#if !defined(OPENSSL_SYS_MSDOS)
-                sleep(1);
-#endif
+                ossl_sleep(1000);
                 continue;
             }
         } else if (i == 0) {    /* end of input */
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 575107634c..3fa8ff4f16 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -11,7 +11,6 @@
 #include <errno.h>
 #include <openssl/crypto.h>
 #include "bio_local.h"
-#include "internal/cryptlib.h"
 
 /*
  * Helper macro for the callback to determine whether an operator expects a
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 54c8f5094b..dce7d0c010 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -11,6 +11,7 @@
 
 #include "cmp_local.h"
 #include "internal/cryptlib.h"
+#include "e_os.h" /* ossl_sleep() */
 
 /* explicit #includes not strictly needed since implied by the above: */
 #include <openssl/bio.h>
diff --git a/e_os.h b/e_os.h
index 8bfc1dcb10..56ea62d06f 100644
--- a/e_os.h
+++ b/e_os.h
@@ -303,6 +303,54 @@ struct servent *getservbyname(const char *name, const char *proto);
 # endif
 /* end vxworks */
 
+/* system-specific variants defining ossl_sleep() */
+#ifdef OPENSSL_SYS_UNIX
+# include <unistd.h>
+static ossl_inline void ossl_sleep(unsigned long millis)
+{
+# ifdef OPENSSL_SYS_VXWORKS
+    struct timespec ts;
+    ts.tv_sec = (long int) (millis / 1000);
+    ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
+    nanosleep(&ts, NULL);
+# elif defined(__TANDEM)
+#  if !defined(_REENTRANT)
+#   include <cextdecs.h(PROCESS_DELAY_)>
+    /* HPNS does not support usleep for non threaded apps */
+    PROCESS_DELAY_(millis * 1000);
+#  elif defined(_SPT_MODEL_)
+#   include <spthread.h>
+#   include <spt_extensions.h>
+    usleep(millis * 1000);
+#  else
+    usleep(millis * 1000);
+#  endif
+# else
+    usleep(millis * 1000);
+# endif
+}
+#elif defined(_WIN32)
+# include <windows.h>
+static ossl_inline void ossl_sleep(unsigned long millis)
+{
+    Sleep(millis);
+}
+#else
+/* Fallback to a busy wait */
+static ossl_inline void ossl_sleep(unsigned long millis)
+{
+    struct timeval start, now;
+    unsigned long elapsedms;
+
+    gettimeofday(&start, NULL);
+    do {
+        gettimeofday(&now, NULL);
+        elapsedms = (((now.tv_sec - start.tv_sec) * 1000000)
+                     + now.tv_usec - start.tv_usec) / 1000;
+    } while (elapsedms < millis);
+}
+#endif /* defined OPENSSL_SYS_UNIX */
+
 /* ----------------------------- HP NonStop -------------------------------- */
 /* Required to support platform variant without getpid() and pid_t. */
 # if defined(__TANDEM) && defined(_GUARDIAN_TARGET)
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index 966c8f26f1..3499025fa1 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -218,54 +218,6 @@ const void *ossl_bsearch(const void *key, const void *base, int num,
                          int size, int (*cmp) (const void *, const void *),
                          int flags);
 
-/* system-specific variants defining ossl_sleep() */
-#ifdef OPENSSL_SYS_UNIX
-# include <unistd.h>
-static ossl_inline void ossl_sleep(unsigned long millis)
-{
-# ifdef OPENSSL_SYS_VXWORKS
-    struct timespec ts;
-    ts.tv_sec = (long int) (millis / 1000);
-    ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
-    nanosleep(&ts, NULL);
-# elif defined(__TANDEM)
-#  if !defined(_REENTRANT)
-#   include <cextdecs.h(PROCESS_DELAY_)>
-    /* HPNS does not support usleep for non threaded apps */
-    PROCESS_DELAY_(millis * 1000);
-#  elif defined(_SPT_MODEL_)
-#   include <spthread.h>
-#   include <spt_extensions.h>
-    usleep(millis * 1000);
-#  else
-    usleep(millis * 1000);
-#  endif
-# else
-    usleep(millis * 1000);
-# endif
-}
-#elif defined(_WIN32)
-# include <windows.h>
-static ossl_inline void ossl_sleep(unsigned long millis)
-{
-    Sleep(millis);
-}
-#else
-/* Fallback to a busy wait */
-static ossl_inline void ossl_sleep(unsigned long millis)
-{
-    struct timeval start, now;
-    unsigned long elapsedms;
-
-    gettimeofday(&start, NULL);
-    do {
-        gettimeofday(&now, NULL);
-        elapsedms = (((now.tv_sec - start.tv_sec) * 1000000)
-                     + now.tv_usec - start.tv_usec) / 1000;
-    } while (elapsedms < millis);
-}
-#endif /* defined OPENSSL_SYS_UNIX */
-
 char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text,
                                    const char *sep, size_t max_len);
 char *ossl_ipaddr_to_asc(unsigned char *p, int len);
diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c
index daa0416be6..52b1799b68 100644
--- a/test/helpers/ssltestlib.c
+++ b/test/helpers/ssltestlib.c
@@ -10,10 +10,9 @@
 #include <string.h>
 
 #include "internal/nelem.h"
-#include "internal/cryptlib.h" /* for ossl_sleep() */
 #include "ssltestlib.h"
 #include "../testutil.h"
-#include "e_os.h"
+#include "e_os.h" /* for ossl_sleep() etc. */
 
 #ifdef OPENSSL_SYS_UNIX
 # include <unistd.h>

From matt at openssl.org  Tue May 18 14:43:43 2021
From: matt at openssl.org (Matt Caswell)
Date: Tue, 18 May 2021 14:43:43 +0000
Subject: [openssl]  master update
Message-ID: <1621349023.011808.20420.nullmailer@dev.openssl.org>

The branch master has been updated
       via  40692ed7c80ae3bb6c92c674fb90a5e15d81052d (commit)
      from  9be5f9a8698b0d902ef1281716eda73a4d8478ed (commit)


- Log -----------------------------------------------------------------
commit 40692ed7c80ae3bb6c92c674fb90a5e15d81052d
Author: Matt Caswell <matt at openssl.org>
Date:   Sat May 15 10:27:09 2021 +0100

    Better error messages if there are no encoders/decoders/store loaders
    
    If you don't have the base or default providers loaded and therefore there
    are no encoders/decoders or store loaders then the error messages can be
    cryptic. We provide better hints about how to fix the problem.
    
    Fixes #13798
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15306)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/decoder_err.c | 2 ++
 crypto/encode_decode/decoder_lib.c | 8 ++++++++
 crypto/encode_decode/encoder_lib.c | 8 ++++++++
 crypto/err/openssl.txt             | 2 ++
 crypto/store/store_err.c           | 4 +++-
 crypto/store/store_lib.c           | 7 ++++++-
 include/crypto/storeerr.h          | 2 +-
 include/openssl/decodererr.h       | 1 +
 include/openssl/storeerr.h         | 1 +
 9 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/crypto/encode_decode/decoder_err.c b/crypto/encode_decode/decoder_err.c
index 1880c8f409..c948d82698 100644
--- a/crypto/encode_decode/decoder_err.c
+++ b/crypto/encode_decode/decoder_err.c
@@ -17,6 +17,8 @@
 static const ERR_STRING_DATA OSSL_DECODER_str_reasons[] = {
     {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT),
     "could not decode object"},
+    {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_DECODER_NOT_FOUND),
+    "decoder not found"},
     {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_MISSING_GET_PARAMS),
     "missing get params"},
     {0, NULL}
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 8a5082c441..c7eac0eddd 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -48,6 +48,14 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
     int ok = 0;
     BIO *new_bio = NULL;
 
+    if (OSSL_DECODER_CTX_get_num_decoders(ctx) == 0) {
+        ERR_raise_data(ERR_LIB_OSSL_DECODER, OSSL_DECODER_R_DECODER_NOT_FOUND,
+                       "No decoders were found. For standard decoders you need "
+                       "at least one of the default or base providers "
+                       "available. Did you forget to load them?");
+        return 0;
+    }
+
     if (BIO_tell(in) < 0) {
         new_bio = BIO_new(BIO_f_readbuffer());
         if (new_bio == NULL)
diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index ea0a556e56..f074c9fb60 100644
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -49,6 +49,14 @@ int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out)
     data.bio = out;
     data.current_encoder_inst_index = OSSL_ENCODER_CTX_get_num_encoders(ctx);
 
+    if (data.current_encoder_inst_index == 0) {
+        ERR_raise_data(ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_ENCODER_NOT_FOUND,
+                       "No encoders were found. For standard encoders you need "
+                       "at least one of the default or base providers "
+                       "available. Did you forget to load them?");
+        return 0;
+    }
+
     return encoder_process(&data) > 0;
 }
 
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 0bbdd886ce..3e9bfc1acf 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -812,6 +812,7 @@ OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest
 OCSP_R_UNKNOWN_NID:120:unknown nid
 OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
 OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT:101:could not decode object
+OSSL_DECODER_R_DECODER_NOT_FOUND:102:decoder not found
 OSSL_DECODER_R_MISSING_GET_PARAMS:100:missing get params
 OSSL_ENCODER_R_ENCODER_NOT_FOUND:101:encoder not found
 OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query
@@ -831,6 +832,7 @@ OSSL_STORE_R_NOT_A_NAME:103:not a name
 OSSL_STORE_R_NOT_A_PRIVATE_KEY:102:not a private key
 OSSL_STORE_R_NOT_A_PUBLIC_KEY:122:not a public key
 OSSL_STORE_R_NOT_PARAMETERS:104:not parameters
+OSSL_STORE_R_NO_LOADERS_FOUND:123:no loaders found
 OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error
 OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute
 OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:119:\
diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c
index ab0a2c6cd2..8aa3444693 100644
--- a/crypto/store/store_err.c
+++ b/crypto/store/store_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,6 +40,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
     "not a public key"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS),
     "not parameters"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NO_LOADERS_FOUND),
+    "no loaders found"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR),
     "passphrase callback error"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE),
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 158b7be79d..1409f3aef4 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -144,8 +144,13 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
     if (loader != NULL)
         OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
 
-    if (loader_ctx == NULL)
+    if (loader_ctx == NULL) {
+        ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NO_LOADERS_FOUND,
+                       "No store loaders were found. For standard store "
+                       "loaders you need at least one of the default or base "
+                       "providers available. Did you forget to load them?");
         goto err;
+    }
 
     OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
 
diff --git a/include/crypto/storeerr.h b/include/crypto/storeerr.h
index 94d4a1cf79..ed4a219509 100644
--- a/include/crypto/storeerr.h
+++ b/include/crypto/storeerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/decodererr.h b/include/openssl/decodererr.h
index 824a0a9253..4212a38bca 100644
--- a/include/openssl/decodererr.h
+++ b/include/openssl/decodererr.h
@@ -22,6 +22,7 @@
  * OSSL_DECODER reason codes.
  */
 # define OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT           101
+# define OSSL_DECODER_R_DECODER_NOT_FOUND                 102
 # define OSSL_DECODER_R_MISSING_GET_PARAMS                100
 
 #endif
diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h
index 45e781d2aa..00529c88b5 100644
--- a/include/openssl/storeerr.h
+++ b/include/openssl/storeerr.h
@@ -35,6 +35,7 @@
 # define OSSL_STORE_R_NOT_A_PRIVATE_KEY                   102
 # define OSSL_STORE_R_NOT_A_PUBLIC_KEY                    122
 # define OSSL_STORE_R_NOT_PARAMETERS                      104
+# define OSSL_STORE_R_NO_LOADERS_FOUND                    123
 # define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR           114
 # define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE               108
 # define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119

From no-reply at appveyor.com  Tue May 18 15:46:51 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 18 May 2021 15:46:51 +0000
Subject: Build completed: openssl master.42076
Message-ID: <20210518154651.1.68F1599736C6C180@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210518/bf91a872/attachment.html>

From pauli at openssl.org  Wed May 19 00:37:22 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 19 May 2021 00:37:22 +0000
Subject: [openssl]  master update
Message-ID: <1621384642.501027.25403.nullmailer@dev.openssl.org>

The branch master has been updated
       via  47c88d453eabdf169861e984a0d5400b06b6d32b (commit)
       via  e53ad1d8f29332c0ce4ec68d071286af01afbc38 (commit)
      from  40692ed7c80ae3bb6c92c674fb90a5e15d81052d (commit)


- Log -----------------------------------------------------------------
commit 47c88d453eabdf169861e984a0d5400b06b6d32b
Author: Rich Salz <rsalz at akamai.com>
Date:   Mon May 17 12:03:19 2021 -0400

    Remove "openssl ifdef" handling
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15311)

commit e53ad1d8f29332c0ce4ec68d071286af01afbc38
Author: Rich Salz <rsalz at akamai.com>
Date:   Mon May 17 11:46:58 2021 -0400

    Remove '=for openssl ifdef'
    
    No longer needed after rewrite of cmd-nits
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15311)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/openssl-ca.pod.in        |  2 --
 doc/man1/openssl-ciphers.pod.in   |  2 --
 doc/man1/openssl-cmp.pod.in       |  2 --
 doc/man1/openssl-cms.pod.in       |  2 --
 doc/man1/openssl-crl.pod.in       |  2 --
 doc/man1/openssl-dhparam.pod.in   |  2 --
 doc/man1/openssl-dsa.pod.in       |  2 --
 doc/man1/openssl-ec.pod.in        |  2 --
 doc/man1/openssl-ecparam.pod.in   |  2 --
 doc/man1/openssl-enc.pod.in       |  2 --
 doc/man1/openssl-gendsa.pod.in    |  2 --
 doc/man1/openssl-genpkey.pod.in   |  2 --
 doc/man1/openssl-genrsa.pod.in    |  2 --
 doc/man1/openssl-ocsp.pod.in      |  2 --
 doc/man1/openssl-passwd.pod.in    |  2 --
 doc/man1/openssl-pkcs12.pod.in    |  2 --
 doc/man1/openssl-pkcs7.pod.in     |  2 --
 doc/man1/openssl-pkcs8.pod.in     |  2 --
 doc/man1/openssl-pkey.pod.in      |  2 --
 doc/man1/openssl-pkeyparam.pod.in |  2 --
 doc/man1/openssl-pkeyutl.pod.in   |  2 --
 doc/man1/openssl-rand.pod.in      |  2 --
 doc/man1/openssl-req.pod.in       |  2 --
 doc/man1/openssl-rsa.pod.in       |  2 --
 doc/man1/openssl-rsautl.pod.in    |  2 --
 doc/man1/openssl-s_client.pod.in  | 10 ----------
 doc/man1/openssl-s_server.pod.in  | 12 ------------
 doc/man1/openssl-s_time.pod.in    |  2 --
 doc/man1/openssl-smime.pod.in     |  2 --
 doc/man1/openssl-speed.pod.in     |  2 --
 doc/man1/openssl-spkac.pod.in     |  2 --
 doc/man1/openssl-srp.pod.in       |  2 --
 doc/man1/openssl-ts.pod.in        |  2 --
 doc/man1/openssl-verify.pod.in    |  2 --
 doc/man1/openssl-x509.pod.in      |  2 --
 util/find-doc-nits                |  9 +--------
 36 files changed, 1 insertion(+), 96 deletions(-)

diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in
index 3e2708ae04..fc0b00c032 100644
--- a/doc/man1/openssl-ca.pod.in
+++ b/doc/man1/openssl-ca.pod.in
@@ -65,8 +65,6 @@ B<openssl> B<ca>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 [I<certreq>...]
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command emulates a CA application.
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index 3964cb525d..658730ec53 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -26,8 +26,6 @@ B<openssl> B<ciphers>
 {- $OpenSSL::safe::opt_provider_synopsis -}
 [I<cipherlist>]
 
-=for openssl ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3 psk srp
-
 =head1 DESCRIPTION
 
 This command converts textual OpenSSL cipher lists into
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 49105ca315..0e482677a0 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -144,8 +144,6 @@ Certificate verification options, for both CMP and TLS:
 
 {- $OpenSSL::safe::opt_v_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 The B<cmp> command is a client implementation for the Certificate
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 5263a5d5be..bdfb607134 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -89,8 +89,6 @@ B<openssl> B<cms>
 {- $OpenSSL::safe::opt_config_synopsis -}
 [I<recipient-cert> ...]
 
-=for openssl ifdef des-wrap engine
-
 =head1 DESCRIPTION
 
 This command handles S/MIME v3.1 mail. It can encrypt, decrypt,
diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in
index e1e31782e8..e642f5c117 100644
--- a/doc/man1/openssl-crl.pod.in
+++ b/doc/man1/openssl-crl.pod.in
@@ -31,8 +31,6 @@ B<openssl> B<crl>
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef hash_old
-
 =head1 DESCRIPTION
 
 This command processes CRL files in DER or PEM format.
diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in
index 7227130693..d358ba95dc 100644
--- a/doc/man1/openssl-dhparam.pod.in
+++ b/doc/man1/openssl-dhparam.pod.in
@@ -24,8 +24,6 @@ B<openssl dhparam>
 {- $OpenSSL::safe::opt_provider_synopsis -}
 [I<numbits>]
 
-=for openssl ifdef dsaparam engine
-
 =head1 DESCRIPTION
 
 This command is used to manipulate DH parameter files.
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
index 494cfe8635..6d15e950b9 100644
--- a/doc/man1/openssl-dsa.pod.in
+++ b/doc/man1/openssl-dsa.pod.in
@@ -41,8 +41,6 @@ B<openssl> B<dsa>
 [B<-pvk-none>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef pvk-strong pvk-weak pvk-none engine
-
 =head1 DESCRIPTION
 
 This command processes DSA keys. They can be converted between various
diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in
index 479485cc80..e38e405934 100644
--- a/doc/man1/openssl-ec.pod.in
+++ b/doc/man1/openssl-ec.pod.in
@@ -33,8 +33,6 @@ B<openssl> B<ec>
 [B<-check>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 The L<openssl-ec(1)> command processes EC keys. They can be converted between
diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in
index e0bdb75cf3..4585050514 100644
--- a/doc/man1/openssl-ecparam.pod.in
+++ b/doc/man1/openssl-ecparam.pod.in
@@ -26,8 +26,6 @@ B<openssl ecparam>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command is used to manipulate or generate EC parameter files.
diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in
index e744c8344b..5c94f49173 100644
--- a/doc/man1/openssl-enc.pod.in
+++ b/doc/man1/openssl-enc.pod.in
@@ -41,8 +41,6 @@ B<openssl> B<enc>|I<cipher>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef z engine ciphers
-
 B<openssl> I<cipher> [B<...>]
 
 =head1 DESCRIPTION
diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in
index 2a4e7692a5..bce1561c7f 100644
--- a/doc/man1/openssl-gendsa.pod.in
+++ b/doc/man1/openssl-gendsa.pod.in
@@ -28,8 +28,6 @@ B<openssl> B<gendsa>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 [I<paramfile>]
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command generates a DSA private key from a DSA parameter file
diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in
index 9cfd9ae441..1815306708 100644
--- a/doc/man1/openssl-genpkey.pod.in
+++ b/doc/man1/openssl-genpkey.pod.in
@@ -26,8 +26,6 @@ B<openssl> B<genpkey>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 {- $OpenSSL::safe::opt_config_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command generates a private key.
diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in
index 1a6c32250a..7cdd44ca0d 100644
--- a/doc/man1/openssl-genrsa.pod.in
+++ b/doc/man1/openssl-genrsa.pod.in
@@ -33,8 +33,6 @@ B<openssl> B<genrsa>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 [B<numbits>]
 
-=for openssl ifdef engine 3
-
 =head1 DESCRIPTION
 
 This command has been deprecated.
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index 168817f608..0aa06834a9 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -74,8 +74,6 @@ B<openssl> B<ocsp>
 {- $OpenSSL::safe::opt_v_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef multi
-
 =head1 DESCRIPTION
 
 The Online Certificate Status Protocol (OCSP) enables applications to
diff --git a/doc/man1/openssl-passwd.pod.in b/doc/man1/openssl-passwd.pod.in
index 8e1f6f2de7..aede5a060a 100644
--- a/doc/man1/openssl-passwd.pod.in
+++ b/doc/man1/openssl-passwd.pod.in
@@ -25,8 +25,6 @@ B<openssl passwd>
 {- $OpenSSL::safe::opt_provider_synopsis -}
 [I<password>]
 
-=for openssl ifdef crypt
-
 =head1 DESCRIPTION
 
 This command computes the hash of a password typed at
diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in
index 7a75d9ca32..92503dc914 100644
--- a/doc/man1/openssl-pkcs12.pod.in
+++ b/doc/man1/openssl-pkcs12.pod.in
@@ -68,8 +68,6 @@ PKCS#12 output (export) options:
 [B<-maciter>]
 [B<-nomac>]
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command allows PKCS#12 files (sometimes referred to as
diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in
index 7c3130c09a..4cbb958a9d 100644
--- a/doc/man1/openssl-pkcs7.pod.in
+++ b/doc/man1/openssl-pkcs7.pod.in
@@ -23,8 +23,6 @@ B<openssl> B<pkcs7>
 [B<-noout>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command processes PKCS#7 files.  Note that it only understands PKCS#7
diff --git a/doc/man1/openssl-pkcs8.pod.in b/doc/man1/openssl-pkcs8.pod.in
index 8e7542611e..a504ea8f18 100644
--- a/doc/man1/openssl-pkcs8.pod.in
+++ b/doc/man1/openssl-pkcs8.pod.in
@@ -30,8 +30,6 @@ B<openssl> B<pkcs8>
 {- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine scrypt scrypt_N scrypt_r scrypt_p
-
 =head1 DESCRIPTION
 
 This command processes private keys in PKCS#8 format. It can handle
diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in
index d297b19638..bf45643bce 100644
--- a/doc/man1/openssl-pkey.pod.in
+++ b/doc/man1/openssl-pkey.pod.in
@@ -32,8 +32,6 @@ B<openssl> B<pkey>
 [B<-ec_conv_form> I<arg>]
 [B<-ec_param_enc> I<arg>]
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command processes public or private keys. They can be
diff --git a/doc/man1/openssl-pkeyparam.pod.in b/doc/man1/openssl-pkeyparam.pod.in
index a9431c34eb..b700a91e33 100644
--- a/doc/man1/openssl-pkeyparam.pod.in
+++ b/doc/man1/openssl-pkeyparam.pod.in
@@ -20,8 +20,6 @@ B<openssl> B<pkeyparam>
 [B<-check>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command processes public key algorithm parameters.
diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
index b57640992c..06365ef76d 100644
--- a/doc/man1/openssl-pkeyutl.pod.in
+++ b/doc/man1/openssl-pkeyutl.pod.in
@@ -39,8 +39,6 @@ B<openssl> B<pkeyutl>
 {- $OpenSSL::safe::opt_provider_synopsis -}
 {- $OpenSSL::safe::opt_config_synopsis -}
 
-=for openssl ifdef engine engine_impl
-
 =head1 DESCRIPTION
 
 This command can be used to perform low-level public key
diff --git a/doc/man1/openssl-rand.pod.in b/doc/man1/openssl-rand.pod.in
index c674c80e1d..53d7f4b67d 100644
--- a/doc/man1/openssl-rand.pod.in
+++ b/doc/man1/openssl-rand.pod.in
@@ -16,8 +16,6 @@ B<openssl rand>
 {- $OpenSSL::safe::opt_provider_synopsis -}
 I<num>
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command generates I<num> random bytes using a cryptographically
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index 32ae4b2e32..32434852ed 100644
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -56,8 +56,6 @@ B<openssl> B<req>
 {- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine keygen_engine
-
 =head1 DESCRIPTION
 
 This command primarily creates and processes certificate requests (CSRs)
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index 286766e72f..35bd300429 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -45,8 +45,6 @@ B<openssl> B<rsa>
 [B<-pvk-none>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef pvk-strong pvk-weak pvk-none engine
-
 =head1 DESCRIPTION
 
 This command processes RSA keys. They can be converted between
diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in
index a16c0bda15..186e49e5e4 100644
--- a/doc/man1/openssl-rsautl.pod.in
+++ b/doc/man1/openssl-rsautl.pod.in
@@ -30,8 +30,6 @@ B<openssl> B<rsautl>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command has been deprecated.
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 33e8f313b6..985ca4125d 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -126,16 +126,6 @@ B<openssl> B<s_client>
 {- $OpenSSL::safe::opt_v_synopsis -}
 [I<host>:I<port>]
 
-=for openssl ifdef engine ssl_client_engine ct noct ctlogfile
-
-=for openssl ifdef ssl3 unix 4 6 use_srtp status trace wdebug nextprotoneg
-
-=for openssl ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3 dtls mtu dtls1 dtls1_2
-
-=for openssl ifdef sctp_label_bug sctp
-
-=for openssl ifdef srpuser srppass srp_lateuser srp_moregroups srp_strength
-
 =head1 DESCRIPTION
 
 This command implements a generic SSL/TLS client which
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index b7c3f10336..c7ce886b6f 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -145,18 +145,6 @@ B<openssl> B<s_server>
 {- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef unix 4 6 unlink no_dhe nextprotoneg use_srtp engine
-
-=for openssl ifdef status status_verbose status_timeout status_url status_file
-
-=for openssl ifdef psk_hint srpvfile srpuserseed sctp sctp_label_bug
-
-=for openssl ifdef sctp sctp_label_bug trace mtu timeout listen
-
-=for openssl ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3 dtls mtu dtls1 dtls1_2
-
-=for openssl ifdef sendfile
-
 =head1 DESCRIPTION
 
 This command implements a generic SSL/TLS server which
diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in
index 90e54f03c2..b874f390ac 100644
--- a/doc/man1/openssl-s_time.pod.in
+++ b/doc/man1/openssl-s_time.pod.in
@@ -30,8 +30,6 @@ B<openssl> B<s_time>
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3
-
 =head1 DESCRIPTION
 
 This command implements a generic SSL/TLS client which
diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in
index 8b9064761a..e438c866c3 100644
--- a/doc/man1/openssl-smime.pod.in
+++ b/doc/man1/openssl-smime.pod.in
@@ -52,8 +52,6 @@ B<openssl> B<smime>
 {- $OpenSSL::safe::opt_config_synopsis -}
 I<recipcert> ...
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command handles S/MIME mail. It can encrypt, decrypt, sign
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index 7e38b79b9e..c834a74ebc 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -27,8 +27,6 @@ B<openssl speed>
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 [I<algorithm> ...]
 
-=for openssl ifdef hmac cmac multi async_jobs engine
-
 =head1 DESCRIPTION
 
 This command is used to test the performance of cryptographic algorithms.
diff --git a/doc/man1/openssl-spkac.pod.in b/doc/man1/openssl-spkac.pod.in
index 4d994de3b4..5669be13eb 100644
--- a/doc/man1/openssl-spkac.pod.in
+++ b/doc/man1/openssl-spkac.pod.in
@@ -26,8 +26,6 @@ B<openssl> B<spkac>
 [B<-verify>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command processes Netscape signed public key and challenge
diff --git a/doc/man1/openssl-srp.pod.in b/doc/man1/openssl-srp.pod.in
index cb210880e0..c15d866704 100644
--- a/doc/man1/openssl-srp.pod.in
+++ b/doc/man1/openssl-srp.pod.in
@@ -25,8 +25,6 @@ B<openssl srp>
 {- $OpenSSL::safe::opt_provider_synopsis -}
 [I<user> ...]
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command is deprecated. It is used to maintain an SRP (secure remote
diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in
index 015bbf794d..cf7d5f0260 100644
--- a/doc/man1/openssl-ts.pod.in
+++ b/doc/man1/openssl-ts.pod.in
@@ -57,8 +57,6 @@ B<-verify>
 {- $OpenSSL::safe::opt_v_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command is a basic Time Stamping Authority (TSA) client and
diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in
index 8a807d21f6..ef9ced3a5c 100644
--- a/doc/man1/openssl-verify.pod.in
+++ b/doc/man1/openssl-verify.pod.in
@@ -23,8 +23,6 @@ B<openssl> B<verify>
 [B<-->]
 [I<certificate> ...]
 
-=for openssl ifdef engine
-
 =head1 DESCRIPTION
 
 This command verifies certificate chains. If a certificate chain has multiple
diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index 0dcad3fd9b..24c7a5a34a 100644
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -78,8 +78,6 @@ B<openssl> B<x509>
 {- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
 
-=for openssl ifdef engine subject_hash_old issuer_hash_old
-
 =head1 DESCRIPTION
 
 This command is a multi-purposes certificate handling command.
diff --git a/util/find-doc-nits b/util/find-doc-nits
index f4cc771e5a..8a27a00bdf 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -1034,7 +1034,6 @@ sub checkflags {
     my $doc = shift;
     my @cmdopts;
     my %docopts;
-    my %localskips;
 
     # Get the list of options in the command source file.
     my $active = 0;
@@ -1069,12 +1068,6 @@ sub checkflags {
     while ( <CFH> ) {
         chop;
         last if /DESCRIPTION/;
-        if ( /=for openssl ifdef (.*)/ ) {
-            foreach my $f ( split / /, $1 ) {
-                $localskips{$f} = 1;
-            }
-            next;
-        }
         my $opt;
         if ( /\[B<-([^ >]+)/ ) {
             $opt = $1;
@@ -1099,7 +1092,7 @@ sub checkflags {
     my @unimpl = sort grep { my $e = $_; !(grep /^\Q$e\E$/, @cmdopts) } keys %docopts;
     foreach ( @unimpl ) {
         next if $_ eq "-"; # Skip the -- end-of-flags marker
-        next if defined $skips{$_} || defined $localskips{$_};
+        next if defined $skips{$_};
         err("$doc: $cmd does not implement -$_");
     }
 }

From pauli at openssl.org  Wed May 19 03:09:02 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 19 May 2021 03:09:02 +0000
Subject: [openssl]  master update
Message-ID: <1621393742.966381.30638.nullmailer@dev.openssl.org>

The branch master has been updated
       via  753f1f24ac18e31eb6feaa9bde752f57a7bde9e7 (commit)
       via  a51ccd5be7cef0cb668a5ec98c491676db7714f4 (commit)
      from  47c88d453eabdf169861e984a0d5400b06b6d32b (commit)


- Log -----------------------------------------------------------------
commit 753f1f24ac18e31eb6feaa9bde752f57a7bde9e7
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 17 19:00:13 2021 +0200

    Avoid failing label removal if label is not there
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15309)

commit a51ccd5be7cef0cb668a5ec98c491676db7714f4
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 17 12:20:54 2021 +0200

    Separate FIPS checksum and labelling into different workflows
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15309)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/fips-checksums.yml | 60 ++++++++++++++++++++++++++++++++++++
 .github/workflows/fips-label.yml     | 48 +++++++++++++++++++++++++++++
 2 files changed, 108 insertions(+)
 create mode 100644 .github/workflows/fips-checksums.yml
 create mode 100644 .github/workflows/fips-label.yml

diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml
new file mode 100644
index 0000000000..973778b62f
--- /dev/null
+++ b/.github/workflows/fips-checksums.yml
@@ -0,0 +1,60 @@
+name: FIPS Checksums
+on: [pull_request]
+
+jobs:
+  compute-checksums:
+    runs-on: ubuntu-latest
+    steps:
+      - name: install unifdef
+        run: |
+            sudo apt-get update
+            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
+      - uses: actions/checkout at v2
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
+      - name: create build dirs
+        run: |
+          mkdir ./build-pristine
+          mkdir ./build
+          mkdir ./empty
+          touch ./empty/placeholder
+      - name: config pristine
+        run: ../config enable-fips && perl configdata.pm --dump
+        working-directory: ./build-pristine
+      - name: make build_generated pristine
+        run: make -s build_generated
+        working-directory: ./build-pristine
+      - name: make fips-checksums pristine
+        run: make fips-checksums
+        working-directory: ./build-pristine
+      - uses: actions/checkout at v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          clean: false
+      - name: config
+        run: ../config enable-fips && perl configdata.pm --dump
+        working-directory: ./build
+      - name: make build_generated
+        run: make -s build_generated
+        working-directory: ./build
+      - name: make fips-checksums
+        run: make fips-checksums
+        working-directory: ./build
+      - name: update checksums pristine
+        run: touch providers/fips.checksum.new && make update-fips-checksums
+        working-directory: ./build-pristine
+      - name: make diff-fips-checksums
+        run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV
+        working-directory: ./build
+      - name: save artifact fips_changed
+        if: ${{ env.fips_changed }}
+        uses: actions/upload-artifact at v2
+        with:
+          name: fips_changed
+          path: empty/
+      - name: save artifact fips_unchanged
+        if: ${{ env.fips_unchanged }}
+        uses: actions/upload-artifact at v2
+        with:
+          name: fips_unchanged
+          path: empty/
diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml
new file mode 100644
index 0000000000..536b227260
--- /dev/null
+++ b/.github/workflows/fips-label.yml
@@ -0,0 +1,48 @@
+name: FIPS Changed Label
+on:
+  workflow_run:
+    workflows: ["FIPS Checksums"]
+    types:
+      - completed
+
+jobs:
+  apply-label:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.event == 'pull_request' }}
+    steps:
+      - name: 'Check artifact and apply'
+        if: ${{ github.event.workflow_run.conclusion == 'success' }}
+        uses: actions/github-script at v4
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }},
+            });
+            if ( artifacts.data.artifacts[0].name == 'fips_changed' ) {
+              github.issues.addLabels({
+                issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                labels: ['severity: fips change']
+              });
+            } else if ( artifacts.data.artifacts[0].name == 'fips_unchanged' ) {
+              var labels = await github.issues.listLabelsOnIssue({
+                issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+              });
+
+              for ( var label in labels.data ) {
+                if (labels.data[label].name == 'severity: fips change') {
+                  github.issues.removeLabel({
+                    issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    name: 'severity: fips change'
+                  });
+                }
+              }
+            }

From pauli at openssl.org  Wed May 19 03:26:34 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 19 May 2021 03:26:34 +0000
Subject: [openssl]  master update
Message-ID: <1621394794.570868.2273.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c4fca3f705a220fba8e15354d57d258e69a2d9b4 (commit)
      from  753f1f24ac18e31eb6feaa9bde752f57a7bde9e7 (commit)


- Log -----------------------------------------------------------------
commit c4fca3f705a220fba8e15354d57d258e69a2d9b4
Author: Pauli <pauli at openssl.org>
Date:   Wed May 19 13:15:14 2021 +1000

    fips: remove unnecessary commas to get CI working
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15337)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/fips-label.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml
index 536b227260..a46f213f1c 100644
--- a/.github/workflows/fips-label.yml
+++ b/.github/workflows/fips-label.yml
@@ -19,7 +19,7 @@ jobs:
             var artifacts = await github.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
-              run_id: ${{ github.event.workflow_run.id }},
+              run_id: ${{ github.event.workflow_run.id }}
             });
             if ( artifacts.data.artifacts[0].name == 'fips_changed' ) {
               github.issues.addLabels({
@@ -32,7 +32,7 @@ jobs:
               var labels = await github.issues.listLabelsOnIssue({
                 issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
                 owner: context.repo.owner,
-                repo: context.repo.repo,
+                repo: context.repo.repo
               });
 
               for ( var label in labels.data ) {

From dev at ddvo.net  Wed May 19 07:24:24 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Wed, 19 May 2021 07:24:24 +0000
Subject: [openssl]  master update
Message-ID: <1621409064.877126.26241.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8a734d3aaf4e4784581b87cdf2a4b3e2c2403b97 (commit)
       via  1b96cc70eb466f12b5abd9d90900e875a2236509 (commit)
       via  6b83d032a64848a66b60ca54729bcd79493f36ef (commit)
       via  7c701c590d4b368fedf5dad222b4f3b8103b2381 (commit)
       via  184238794fe52353f5e042fa9b943fbc59a5b9cb (commit)
      from  c4fca3f705a220fba8e15354d57d258e69a2d9b4 (commit)


- Log -----------------------------------------------------------------
commit 8a734d3aaf4e4784581b87cdf2a4b3e2c2403b97
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 3 21:58:02 2021 +0200

    CMS_get0_SignerInfos(): Prevent spurious error on cms_get0_signed() failure
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12959)

commit 1b96cc70eb466f12b5abd9d90900e875a2236509
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Sep 28 08:29:59 2020 +0200

    apps/cms.c: Simplify make_receipt_request() and load_content_info(()
    
    Also improve adherence to code formatting rules.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12959)

commit 6b83d032a64848a66b60ca54729bcd79493f36ef
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Sep 23 10:19:50 2020 +0200

    apps/cms.c: Make -sign and -verify handle binary input
    
    Fixes #8940
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12959)

commit 7c701c590d4b368fedf5dad222b4f3b8103b2381
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Sep 23 10:17:58 2020 +0200

    Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12959)

commit 184238794fe52353f5e042fa9b943fbc59a5b9cb
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Sep 23 10:11:53 2020 +0200

    bio_lib: Add BIO_get_line, correct doc of BIO_gets
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12959)

-----------------------------------------------------------------------

Summary of changes:
 apps/cms.c                   | 104 ++++++++++++++++++++++++++-----------------
 crypto/asn1/asn_mime.c       |  82 +++++++++++++++++++++++-----------
 crypto/bio/bio_lib.c         |  31 +++++++++++++
 crypto/cms/cms_io.c          |   6 +--
 crypto/cms/cms_sd.c          |   6 ++-
 crypto/pkcs7/pk7_mime.c      |   2 +-
 doc/man3/BIO_read.pod        |  35 ++++++++++++---
 doc/man3/SMIME_read_ASN1.pod |  13 ++++--
 doc/man3/SMIME_read_CMS.pod  |  12 +++--
 include/openssl/asn1.h.in    |   2 +-
 include/openssl/bio.h.in     |   1 +
 include/openssl/cms.h.in     |   2 +-
 test/recipes/80-test_cms.t   |  47 +++++++++++++++++--
 test/smcont.bin              | Bin 0 -> 8000 bytes
 util/libcrypto.num           |   1 +
 15 files changed, 250 insertions(+), 94 deletions(-)
 create mode 100644 test/smcont.bin

diff --git a/apps/cms.c b/apps/cms.c
index f40049edac..d2225d51af 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -24,9 +24,9 @@
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int cms_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(CMS_ContentInfo *cms);
-static CMS_ReceiptRequest *make_receipt_request(
-    STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
-    STACK_OF(OPENSSL_STRING) *rr_from, OSSL_LIB_CTX *libctx);
+static CMS_ReceiptRequest
+*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
+                      STACK_OF(OPENSSL_STRING) *rr_from);
 static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
                               STACK_OF(OPENSSL_STRING) *param);
 
@@ -159,7 +159,7 @@ const OPTIONS cms_options[] = {
     {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
     {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
     {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
-    {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+    {"binary", OPT_BINARY, '-', "Treat input as binary: do not translate to canonical form"},
     {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
     {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
     {"nocerts", OPT_NOCERTS, '-',
@@ -227,21 +227,19 @@ const OPTIONS cms_options[] = {
     {NULL}
 };
 
-static CMS_ContentInfo *load_content_info(int informat, BIO *in, BIO **indata,
-                                          const char *name,
-                                          OSSL_LIB_CTX *libctx,
-                                          const char *propq)
+static CMS_ContentInfo *load_content_info(int informat, BIO *in, int flags,
+                                          BIO **indata, const char *name)
 {
     CMS_ContentInfo *ret, *ci;
 
-    ret = CMS_ContentInfo_new_ex(libctx, propq);
+    ret = CMS_ContentInfo_new_ex(app_get0_libctx(), app_get0_propq());
     if (ret == NULL) {
         BIO_printf(bio_err, "Error allocating CMS_contentinfo\n");
         return NULL;
     }
     switch (informat) {
     case FORMAT_SMIME:
-        ci = SMIME_read_CMS_ex(in, indata, &ret);
+        ci = SMIME_read_CMS_ex(in, flags, indata, &ret);
         break;
     case FORMAT_PEM:
         ci = PEM_read_bio_CMS(in, &ret, NULL, NULL);
@@ -258,11 +256,33 @@ static CMS_ContentInfo *load_content_info(int informat, BIO *in, BIO **indata,
         goto err;
     }
     return ret;
-err:
+ err:
     CMS_ContentInfo_free(ret);
     return NULL;
 }
 
+static void warn_binary(const char *file)
+{
+    BIO *bio;
+    unsigned char linebuf[1024], *cur, *end;
+    int len;
+
+    if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL)
+        return; /* cannot give a proper warning since there is an error */
+    while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) {
+        end = linebuf + len;
+        for (cur = linebuf; cur < end; cur++) {
+            if (*cur == '\0' || *cur >= 0x80) {
+                BIO_printf(bio_err, "Warning: input file '%s' contains %s"
+                           " character; better use -binary option\n",
+                           file, *cur == '\0' ? "NUL" : "8-bit");
+                break;
+            }
+        }
+    }
+    BIO_free(bio);
+}
+
 int cms_main(int argc, char **argv)
 {
     CONF *conf = NULL;
@@ -452,8 +472,7 @@ int cms_main(int argc, char **argv)
                                 OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
                     goto opthelp;
             } else {
-                rcms = load_content_info(rctformat, rctin, NULL, "recipient",
-                                         libctx, app_get0_propq());
+                rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient");
             }
             break;
         case OPT_CERTFILE:
@@ -582,8 +601,8 @@ int cms_main(int argc, char **argv)
             signerfile = opt_arg();
             break;
         case OPT_ORIGINATOR:
-             originatorfile = opt_arg();
-             break;
+            originatorfile = opt_arg();
+            break;
         case OPT_INKEY:
             /* If previous -inkey argument add signer to list */
             if (keyfile != NULL) {
@@ -784,13 +803,12 @@ int cms_main(int argc, char **argv)
     if (!(operation & SMIME_SIGNERS))
         flags &= ~CMS_DETACHED;
 
-    if (!(operation & SMIME_OP))
-        if (flags & CMS_BINARY)
+    if ((flags & CMS_BINARY) != 0) {
+        if (!(operation & SMIME_OP))
             outformat = FORMAT_BINARY;
-
-    if (!(operation & SMIME_IP))
-        if (flags & CMS_BINARY)
+        if (!(operation & SMIME_IP))
             informat = FORMAT_BINARY;
+    }
 
     if (operation == SMIME_ENCRYPT) {
         if (!cipher) {
@@ -838,8 +856,8 @@ int cms_main(int argc, char **argv)
     if (originatorfile != NULL) {
         if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
                                     "originator certificate file")) == NULL) {
-             ERR_print_errors(bio_err);
-             goto end;
+            ERR_print_errors(bio_err);
+            goto end;
         }
     }
 
@@ -867,16 +885,21 @@ int cms_main(int argc, char **argv)
             goto end;
     }
 
-    in = bio_open_default(infile, 'r', informat);
+    if ((flags & CMS_BINARY) == 0)
+        warn_binary(infile);
+    in = bio_open_default(infile, 'r',
+                          (flags & CMS_BINARY) != 0 ? FORMAT_BINARY : informat);
     if (in == NULL)
         goto end;
 
     if (operation & SMIME_IP) {
-        cms = load_content_info(informat, in, &indata, "SMIME", libctx, app_get0_propq());
+        cms = load_content_info(informat, in, flags, &indata, "SMIME");
         if (cms == NULL)
             goto end;
         if (contfile != NULL) {
             BIO_free(indata);
+            if ((flags & CMS_BINARY) == 0)
+                warn_binary(contfile);
             if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
                 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
                 goto end;
@@ -897,13 +920,13 @@ int cms_main(int argc, char **argv)
 
     if (rctfile != NULL) {
         char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+
         if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
             BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
             goto end;
         }
 
-        rcms = load_content_info(rctformat, rctin, NULL, "recipient", libctx,
-                                 app_get0_propq());
+        rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient");
         if (rcms == NULL)
             goto end;
     }
@@ -938,7 +961,8 @@ int cms_main(int argc, char **argv)
         for (i = 0; i < sk_X509_num(encerts); i++) {
             CMS_RecipientInfo *ri;
             cms_key_param *kparam;
-            int tflags = flags | CMS_KEY_PARAM; /* This flag enforces allocating the EVP_PKEY_CTX for the recipient here */
+            int tflags = flags | CMS_KEY_PARAM;
+            /* This flag enforces allocating the EVP_PKEY_CTX for the recipient here */
             EVP_PKEY_CTX *pctx;
             X509 *x = sk_X509_value(encerts, i);
             int res;
@@ -1032,13 +1056,11 @@ int cms_main(int argc, char **argv)
             if (econtent_type != NULL)
                 CMS_set1_eContentType(cms, econtent_type);
 
-            if (rr_to != NULL) {
-                rr = make_receipt_request(rr_to, rr_allorfirst, rr_from, libctx);
-                if (rr == NULL) {
-                    BIO_puts(bio_err,
-                             "Signed Receipt Request Creation Error\n");
-                    goto end;
-                }
+            if (rr_to != NULL
+                && ((rr = make_receipt_request(rr_to, rr_allorfirst, rr_from))
+                    == NULL)) {
+                BIO_puts(bio_err, "Signed Receipt Request Creation Error\n");
+                goto end;
             }
         } else {
             flags |= CMS_REUSE_DIGEST;
@@ -1390,13 +1412,12 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
     return NULL;
 }
 
-static CMS_ReceiptRequest *make_receipt_request(
-   STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
-   STACK_OF(OPENSSL_STRING) *rr_from,
-   OSSL_LIB_CTX *libctx)
+static CMS_ReceiptRequest
+*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
+                      STACK_OF(OPENSSL_STRING) *rr_from)
 {
     STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
-    CMS_ReceiptRequest *rr;
+
     rct_to = make_names_stack(rr_to);
     if (rct_to == NULL)
         goto err;
@@ -1407,9 +1428,8 @@ static CMS_ReceiptRequest *make_receipt_request(
     } else {
         rct_from = NULL;
     }
-    rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
-                                       rct_to, libctx);
-    return rr;
+    return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
+                                         rct_to, app_get0_libctx());
  err:
     sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
     return NULL;
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 8ee0970dc6..68e0c5affd 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -54,7 +54,7 @@ static int mime_param_cmp(const MIME_PARAM *const *a,
                           const MIME_PARAM *const *b);
 static void mime_param_free(MIME_PARAM *param);
 static int mime_bound_check(char *line, int linelen, const char *bound, int blen);
-static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret);
+static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **ret);
 static int strip_eol(char *linebuf, int *plen, int flags);
 static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name);
 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name);
@@ -209,9 +209,9 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
             goto err;
 
         default:
-            if (have_unknown)
+            if (have_unknown) {
                 write_comma = 0;
-            else {
+            } else {
                 BIO_puts(out, "unknown");
                 have_unknown = 1;
             }
@@ -292,9 +292,9 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
 
     /* Determine smime-type header */
 
-    if (ctype_nid == NID_pkcs7_enveloped)
+    if (ctype_nid == NID_pkcs7_enveloped) {
         msg_type = "enveloped-data";
-    else if (ctype_nid == NID_pkcs7_signed) {
+    } else if (ctype_nid == NID_pkcs7_signed) {
         if (econt_nid == NID_id_smime_ct_receipt)
             msg_type = "signed-receipt";
         else if (sk_X509_ALGOR_num(mdalgs) >= 0)
@@ -388,7 +388,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
  * opaque this is set to NULL
  */
 
-ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, BIO **bcont, const ASN1_ITEM *it,
+ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, const ASN1_ITEM *it,
                                ASN1_VALUE **x)
 {
     BIO *asnin;
@@ -424,7 +424,7 @@ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, BIO **bcont, const ASN1_ITEM *it,
             ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
             return NULL;
         }
-        ret = multi_split(bio, prm->param_value, &parts);
+        ret = multi_split(bio, flags, prm->param_value, &parts);
         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
         if (!ret || (sk_BIO_num(parts) != 2)) {
             ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
@@ -471,8 +471,9 @@ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, BIO **bcont, const ASN1_ITEM *it,
             *bcont = sk_BIO_value(parts, 0);
             BIO_free(asnin);
             sk_BIO_free(parts);
-        } else
+        } else {
             sk_BIO_pop_free(parts, BIO_vfree);
+        }
         return val;
     }
 
@@ -497,7 +498,7 @@ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, BIO **bcont, const ASN1_ITEM *it,
 
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 {
-    return SMIME_read_ASN1_ex(bio, bcont, it, NULL);
+    return SMIME_read_ASN1_ex(bio, 0, bcont, it, NULL);
 }
 
 /* Copy text from one BIO to another making the output CRLF at EOL */
@@ -524,7 +525,7 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
             BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
         while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
             eol = strip_eol(linebuf, &len, flags);
-            if (len) {
+            if (len > 0) {
                 /* Not EOF: write out all CRLF */
                 if (flags & SMIME_ASCIICRLF) {
                     int i;
@@ -535,10 +536,11 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
                 BIO_write(out, linebuf, len);
                 if (eol)
                     BIO_write(out, "\r\n", 2);
-            } else if (flags & SMIME_ASCIICRLF)
+            } else if (flags & SMIME_ASCIICRLF) {
                 eolcnt++;
-            else if (eol)
+            } else if (eol) {
                 BIO_write(out, "\r\n", 2);
+            }
         }
     }
     (void)BIO_flush(out);
@@ -584,7 +586,7 @@ int SMIME_text(BIO *in, BIO *out)
  * canonical parts in a STACK of bios
  */
 
-static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
+static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **ret)
 {
     char linebuf[MAX_SMLEN];
     int len, blen;
@@ -601,7 +603,7 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
     *ret = parts;
     if (*ret == NULL)
         return 0;
-    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+    while ((len = BIO_get_line(bio, linebuf, MAX_SMLEN)) > 0) {
         state = mime_bound_check(linebuf, len, bound, blen);
         if (state == 1) {
             first = 1;
@@ -612,9 +614,9 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
                 return 0;
             }
             return 1;
-        } else if (part) {
-            /* Strip CR+LF from linebuf */
-            next_eol = strip_eol(linebuf, &len, 0);
+        } else if (part != 0) {
+            /* Strip (possibly CR +) LF from linebuf */
+            next_eol = strip_eol(linebuf, &len, flags);
             if (first) {
                 first = 0;
                 if (bpart)
@@ -626,10 +628,20 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
                 if (bpart == NULL)
                     return 0;
                 BIO_set_mem_eof_return(bpart, 0);
-            } else if (eol)
-                BIO_write(bpart, "\r\n", 2);
+            } else if (eol) {
+                if (
+#ifndef OPENSSL_NO_CMS
+                    (flags & CMS_BINARY) == 0
+#else
+                    1
+#endif
+                        || (flags & SMIME_CRLFEOL) != 0)
+                    BIO_write(bpart, "\r\n", 2);
+                else
+                    BIO_write(bpart, "\n", 1);
+            }
             eol = next_eol;
-            if (len)
+            if (len > 0)
                 BIO_write(bpart, linebuf, len);
         }
     }
@@ -753,15 +765,16 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
                 goto err;
             mhdr = new_hdr;
             new_hdr = NULL;
-        } else if (state == MIME_VALUE)
+        } else if (state == MIME_VALUE) {
             mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        }
         if (p == linebuf)
             break;              /* Blank line means end of headers */
     }
 
     return headers;
 
-err:
+ err:
     mime_hdr_free(new_hdr);
     sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
     return NULL;
@@ -883,8 +896,8 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *va
 static int mime_hdr_cmp(const MIME_HEADER *const *a,
                         const MIME_HEADER *const *b)
 {
-    if (!(*a)->name || !(*b)->name)
-        return ! !(*a)->name - ! !(*b)->name;
+    if ((*a)->name == NULL || (*b)->name == NULL)
+        return ((*a)->name != NULL) - ((*b)->name != NULL);
 
     return strcmp((*a)->name, (*b)->name);
 }
@@ -892,8 +905,8 @@ static int mime_hdr_cmp(const MIME_HEADER *const *a,
 static int mime_param_cmp(const MIME_PARAM *const *a,
                           const MIME_PARAM *const *b)
 {
-    if (!(*a)->param_name || !(*b)->param_name)
-        return ! !(*a)->param_name - ! !(*b)->param_name;
+    if ((*a)->param_name == NULL || (*b)->param_name == NULL)
+        return ((*a)->param_name != NULL) - ((*b)->param_name != NULL);
     return strcmp((*a)->param_name, (*b)->param_name);
 }
 
@@ -973,11 +986,26 @@ static int strip_eol(char *linebuf, int *plen, int flags)
     char *p, c;
     int is_eol = 0;
 
+#ifndef OPENSSL_NO_CMS
+    if ((flags & CMS_BINARY) != 0) {
+        if (len <= 0 || linebuf[len - 1] != '\n')
+            return 0;
+        if ((flags & SMIME_CRLFEOL) != 0) {
+            if (len <= 1 || linebuf[len - 2] != '\r')
+                return 0;
+            len--;
+        }
+        len--;
+        *plen = len;
+        return 1;
+    }
+#endif
+
     for (p = linebuf + len - 1; len > 0; len--, p--) {
         c = *p;
         if (c == '\n') {
             is_eol = 1;
-        } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) {
+        } else if (is_eol && (flags & SMIME_ASCIICRLF) != 0 && c == 32) {
             /* Strip trailing space on a line; 32 == ASCII for ' ' */
             continue;
         } else if (c != '\r') {
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 3fa8ff4f16..9f25376e95 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -477,6 +477,37 @@ int BIO_gets(BIO *b, char *buf, int size)
     return ret;
 }
 
+int BIO_get_line(BIO *bio, char *buf, int size)
+{
+    int ret = 0;
+    char *ptr = buf;
+
+    if (buf == NULL) {
+        ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    if (size <= 0) {
+        ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_ARGUMENT);
+        return -1;
+    }
+    *buf = '\0';
+
+    if (bio == NULL) {
+        ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    if (!bio->init) {
+        ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED);
+        return -1;
+    }
+
+    while (size-- > 1 && (ret = BIO_read(bio, ptr, 1)) > 0)
+        if (*ptr++ == '\n')
+            break;
+    *ptr = '\0';
+    return ret > 0 || BIO_eof(bio) ? ptr - buf : ret;
+}
+
 int BIO_indent(BIO *b, int indent, int max)
 {
     if (indent < 0)
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
index 6b71ddfa90..9c260d0904 100644
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
@@ -90,11 +90,11 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
                                ossl_cms_ctx_get0_propq(ctx));
 }
 
-CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, BIO **bcont, CMS_ContentInfo **cms)
+CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **cms)
 {
     CMS_ContentInfo *ci;
 
-    ci = (CMS_ContentInfo *)SMIME_read_ASN1_ex(bio, bcont,
+    ci = (CMS_ContentInfo *)SMIME_read_ASN1_ex(bio, flags, bcont,
                                                ASN1_ITEM_rptr(CMS_ContentInfo),
                                                (ASN1_VALUE **)cms);
     if (ci != NULL)
@@ -104,5 +104,5 @@ CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, BIO **bcont, CMS_ContentInfo **cms)
 
 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
 {
-    return SMIME_read_CMS_ex(bio, bcont, NULL);
+    return SMIME_read_CMS_ex(bio, 0, bcont, NULL);
 }
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index d208822c4b..c0235b6962 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -496,9 +496,13 @@ void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms)
 {
     int i;
     CMS_SignerInfo *si;
-    STACK_OF(CMS_SignerInfo) *sinfos = CMS_get0_SignerInfos(cms);
+    STACK_OF(CMS_SignerInfo) *sinfos;
     const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
 
+    ERR_set_mark();
+    sinfos = CMS_get0_SignerInfos(cms);
+    ERR_pop_to_mark(); /* removes error in case sinfos == NULL */
+
     for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
         si = sk_CMS_SignerInfo_value(sinfos, i);
         if (si != NULL)
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index e191e4e3b8..b446423384 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -50,7 +50,7 @@ PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7)
 {
     PKCS7 *ret;
 
-    ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, bcont, ASN1_ITEM_rptr(PKCS7),
+    ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, 0, bcont, ASN1_ITEM_rptr(PKCS7),
                                       (ASN1_VALUE **)p7);
     if (ret != NULL)
         ossl_pkcs7_resolve_libctx(ret);
diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod
index abaf4cb6a4..3b89b25a34 100644
--- a/doc/man3/BIO_read.pod
+++ b/doc/man3/BIO_read.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts
+BIO_read_ex, BIO_write_ex, BIO_read, BIO_write,
+BIO_gets, BIO_get_line, BIO_puts
 - BIO I/O functions
 
 =head1 SYNOPSIS
@@ -14,6 +15,7 @@ BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts
 
  int BIO_read(BIO *b, void *data, int dlen);
  int BIO_gets(BIO *b, char *buf, int size);
+ int BIO_get_line(BIO *b, char *buf, int size);
  int BIO_write(BIO *b, const void *data, int dlen);
  int BIO_puts(BIO *b, const char *buf);
 
@@ -36,6 +38,16 @@ however; for example, BIO_gets() on a digest BIO will calculate and
 return the digest and other BIOs may not support BIO_gets() at all.
 The returned string is always NUL-terminated and the '\n' is preserved
 if present in the input data.
+On binary input there may be NUL characters within the string;
+in this case the return value (if nonnegative) may give an incorrect length.
+
+BIO_get_line() attempts to read from BIO <b> a line of data up to the next '\n'
+or the maximum length B<size-1> is reached and places the data in B<buf>.
+The returned string is always NUL-terminated and the '\n' is preserved
+if present in the input data.
+On binary input there may be NUL characters within the string;
+in this case the return value (if nonnegative) gives the actual length read.
+For implementing this, unfortunately the data needs to be read byte-by-byte.
 
 BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
 
@@ -46,11 +58,18 @@ BIO_puts() attempts to write a NUL-terminated string B<buf> to BIO B<b>.
 BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or
 written, and 0 otherwise.
 
+BIO_gets() returns -2 if the "gets" operation is not implemented by the BIO
+or -1 on other errors.
+Otherwise it typically returns the amount of data read,
+but depending on the implementation it may return only the length up to
+the first NUL character contained in the data read.
+In any case the trailing NUL that is added after the data read
+is not included in the length returned.
+
 All other functions return either the amount of data successfully read or
 written (if the return value is positive) or that no data was successfully
 read or written if the result is 0 or -1. If the return value is -2 then
-the operation is not implemented in the specific BIO type.  The trailing
-NUL is not included in the length returned by BIO_gets().
+the operation is not implemented in the specific BIO type.
 
 =head1 NOTES
 
@@ -72,9 +91,9 @@ a retry instead of blocking.
 See L<BIO_should_retry(3)> for details of how to
 determine the cause of a retry and other I/O issues.
 
-If the BIO_gets() function is not supported by a BIO then it possible to
-work around this by adding a buffering BIO L<BIO_f_buffer(3)>
-to the chain.
+If the "gets" method is not supported by a BIO then BIO_get_line() can be used.
+It is also possible to make BIO_gets() usable even if the "gets" method is not
+supported by adding a buffering BIO L<BIO_f_buffer(3)> to the chain.
 
 =head1 SEE ALSO
 
@@ -82,9 +101,11 @@ L<BIO_should_retry(3)>
 
 =head1 HISTORY
 
-BIO_gets() on 1.1.0 and older when called on BIO_fd() based BIO does not
+BIO_gets() on 1.1.0 and older when called on BIO_fd() based BIO did not
 keep the '\n' at the end of the line in the buffer.
 
+BIO_get_line() was added in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/SMIME_read_ASN1.pod b/doc/man3/SMIME_read_ASN1.pod
index 189c1ef5e4..cb4a2ac9f9 100644
--- a/doc/man3/SMIME_read_ASN1.pod
+++ b/doc/man3/SMIME_read_ASN1.pod
@@ -9,15 +9,20 @@ SMIME_read_ASN1_ex, SMIME_read_ASN1
 
  #include <openssl/asn1.h>
 
- ASN1_VALUE *SMIME_read_ASN1_ex(BIO *in, BIO **bcont, const ASN1_ITEM *it,
-                                ASN1_VALUE **x);
+ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *in, int flags, BIO **bcont,
+                                const ASN1_ITEM *it, ASN1_VALUE **x);
  ASN1_VALUE *SMIME_read_ASN1(BIO *in, BIO **bcont, const ASN1_ITEM *it);
 
 =head1 DESCRIPTION
 
 SMIME_read_ASN1_ex() parses a message in S/MIME format.
 
-I<in> is a BIO to read the message from. I<x> can be used to optionally supply
+I<in> is a BIO to read the message from.
+If the I<flags> argument contains B<CMS_BINARY> then the input is assumed to be
+in binary format and is not translated to canonical form.
+If in addition B<SMIME_ASCIICRLF> is set then the binary input is assumed
+to be followed by B<CR> and B<LF> characters, else only by an B<LF> character.
+I<x> can be used to optionally supply
 a previously created I<it> ASN1_VALUE object (such as CMS_ContentInfo or PKCS7),
 it can be set to NULL. Valid values that can be used by ASN.1 structure I<it>
 are ASN1_ITEM_rptr(PKCS7) or ASN1_ITEM_rptr(CMS_ContentInfo).
@@ -28,7 +33,7 @@ written to I<*bcont>, otherwise I<*bcont> is set to NULL.
 The parsed ASN1_VALUE structure is returned or NULL if an error occurred.
 
 SMIME_read_ASN1() is similar to SMIME_read_ASN1_ex() but sets the value of I<x>
-to NULL.
+to NULL and the value of I<flags> to 0.
 
 =head1 NOTES
 
diff --git a/doc/man3/SMIME_read_CMS.pod b/doc/man3/SMIME_read_CMS.pod
index 36ef6dc846..9f0c855263 100644
--- a/doc/man3/SMIME_read_CMS.pod
+++ b/doc/man3/SMIME_read_CMS.pod
@@ -8,7 +8,7 @@ SMIME_read_CMS_ex, SMIME_read_CMS - parse S/MIME message
 
  #include <openssl/cms.h>
 
- CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, BIO **bcont,
+ CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont,
                                     CMS_ContentInfo **cms);
  CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
 
@@ -24,10 +24,14 @@ written to B<*bcont>, otherwise B<*bcont> is set to NULL.
 The parsed CMS_ContentInfo structure is returned or NULL if an
 error occurred.
 
-SMIME_read_CMS_ex() is similar to SMIME_read_CMS() but can optionally supply a
-previously created I<cms> CMS_ContentInfo object. If I<cms> is NULL then it is
-identical to SMIME_read_CMS().
+SMIME_read_CMS_ex() is similar to SMIME_read_CMS() but optionally a previously
+created I<cms> CMS_ContentInfo object can be supplied as well as some I<flags>.
 To create a I<cms> object use L<CMS_ContentInfo_new_ex(3)>.
+If the I<flags> argument contains B<CMS_BINARY> then the input is assumed to be
+in binary format and is not translated to canonical form.
+If in addition B<SMIME_ASCIICRLF> is set then the binary input is assumed
+to be followed by B<CR> and B<LF> characters, else only by an B<LF> character.
+If I<flags> is 0 and I<cms> is NULL then it is identical to SMIME_read_CMS().
 
 =head1 NOTES
 
diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in
index 0ee82e7d58..36abcff28c 100644
--- a/include/openssl/asn1.h.in
+++ b/include/openssl/asn1.h.in
@@ -919,7 +919,7 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                         STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it,
                         OSSL_LIB_CTX *libctx, const char *propq);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
-ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, BIO **bcont, const ASN1_ITEM *it,
+ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, const ASN1_ITEM *it,
                                ASN1_VALUE **x);
 int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
 int SMIME_text(BIO *in, BIO *out);
diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
index 66ebfc5c7e..4e2fbb5f07 100644
--- a/include/openssl/bio.h.in
+++ b/include/openssl/bio.h.in
@@ -609,6 +609,7 @@ int BIO_up_ref(BIO *a);
 int BIO_read(BIO *b, void *data, int dlen);
 int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
 int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_get_line(BIO *bio, char *buf, int size);
 int BIO_write(BIO *b, const void *data, int dlen);
 int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
 int BIO_puts(BIO *bp, const char *buf);
diff --git a/include/openssl/cms.h.in b/include/openssl/cms.h.in
index 451191b796..da20ddf2f4 100644
--- a/include/openssl/cms.h.in
+++ b/include/openssl/cms.h.in
@@ -114,7 +114,7 @@ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
 int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
                              int flags);
 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
-CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, BIO **bcont, CMS_ContentInfo **ci);
+CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **ci);
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index a371f21ad8..0e20b807c8 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -12,7 +12,7 @@ use warnings;
 
 use POSIX;
 use File::Spec::Functions qw/catfile/;
-use File::Compare qw/compare_text/;
+use File::Compare qw/compare_text compare/;
 use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/;
 
 use OpenSSL::Test::Utils;
@@ -50,8 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
 
 $no_rc2 = 1 if disabled("legacy");
 
-plan tests =>
-    + 10;
+plan tests => 11;
 
 unless ($no_fips) {
     @config = ( "-config", srctop_file("test", "fips-and-base.cnf") );
@@ -812,6 +811,48 @@ subtest "CAdES ko tests\n" => sub {
     }
 };
 
+subtest "CMS binary input tests\n" => sub {
+    my $input = srctop_file("test", "smcont.bin");
+    my $signed = "smcont.signed";
+    my $verified = "smcont.verified";
+    my $cert = srctop_file("test", "certs", "ee-self-signed.pem");
+    my $key = srctop_file("test", "certs", "ee-key.pem");
+
+    plan tests => 11;
+
+    ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
+                "-signer", $cert, "-inkey", $key,
+                "-binary", "-in", $input, "-out", $signed])),
+       "sign binary input with -binary");
+    ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
+                "-binary", "-in", $signed, "-out", $verified])),
+       "verify binary input with -binary");
+    is(compare($input, $verified), 0, "binary input retained with -binary");
+    ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
+                "-signer", $cert, "-inkey", $key,
+                "-in", $input, "-out", $signed])),
+       "sign binary input without -binary");
+    ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
+                "-in", $signed, "-out", $verified])),
+       "verify binary input without -binary");
+    is(compare($input, $verified), 1, "binary input not retained without -binary");
+    ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
+                "-binary", "-in", $signed, "-out", $verified])),
+       "verify binary input wrong crlfeol");
+
+    ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-crlfeol",
+                "-signer", $cert, "-inkey", $key,
+                "-binary", "-in", $input, "-out", $signed.".crlf"])),
+       "sign binary input crlfeol");
+    ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
+                "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])),
+       "verify binary input crlfeol");
+    is(compare($input, $verified.".crlf"), 0);
+    ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
+                "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])),
+       "verify binary input missing crlfeol");
+};
+
 sub check_availability {
     my $tnam = shift;
 
diff --git a/test/smcont.bin b/test/smcont.bin
new file mode 100644
index 0000000000..2a5ce10224
Binary files /dev/null and b/test/smcont.bin differ
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 67bf50af4d..f83bb186e2 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5409,6 +5409,7 @@ PKCS5_pbkdf2_set_ex                     ?	3_0_0	EXIST::FUNCTION:
 BIO_new_from_core_bio                   ?	3_0_0	EXIST::FUNCTION:
 BIO_new_ex                              ?	3_0_0	EXIST::FUNCTION:
 BIO_s_core                              ?	3_0_0	EXIST::FUNCTION:
+BIO_get_line                            ?	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_from_dispatch          ?	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_child                  ?	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get0_dispatch             ?	3_0_0	EXIST::FUNCTION:

From levitte at openssl.org  Wed May 19 08:14:41 2021
From: levitte at openssl.org (Richard Levitte)
Date: Wed, 19 May 2021 08:14:41 +0000
Subject: [openssl]  master update
Message-ID: <1621412081.020643.26141.nullmailer@dev.openssl.org>

The branch master has been updated
       via  2660b7cfbad710dcd9df26e68c18d6c7d6ebaca0 (commit)
       via  da51dc5f68c9e7924be3d5071ba8aea439a4d1c9 (commit)
      from  8a734d3aaf4e4784581b87cdf2a4b3e2c2403b97 (commit)


- Log -----------------------------------------------------------------
commit 2660b7cfbad710dcd9df26e68c18d6c7d6ebaca0
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 14:33:16 2021 +0200

    Rework how a build file (Makefile, ...) is produced
    
    The memory footprint of how we produced the Makefile was quite...
    important, because we have all the processing in one perl snippet, and
    generate the details of the build file by appending to the "magic"
    variable $OUT.  The result is that this variable gets to hold the
    majority of the build file text, and depending on memory reallocation
    strategies for strings, the heap may hold multiple (possibly not just
    a few) copies of this string, almost all of them "freed" but still
    taking up space.  This has resulted in memory exhaustion.
    
    We therefore change strategy, and generate the build file in two
    phases, where the first phase generates the full template using small
    perl snippets for each detail, and the second phase processes this
    template.  This is much kinder to process memory.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15310)

commit da51dc5f68c9e7924be3d5071ba8aea439a4d1c9
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 14:25:12 2021 +0200

    Move some OpenSSL perl utility functions to OpenSSL::Util
    
    quotify1() and quotify_l() were in OpenSSL::Template, but should be
    more widely usable.
    
    configdata.pm.in's out_item() is also more widely useful and is
    therefore moved to OpenSSL::Util as well, and renamed to dump_data().
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15310)

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                           |   1 +
 Configurations/common.tmpl           | 492 -------------------------------
 Configurations/descrip.mms.tmpl      |   1 +
 Configurations/gentemplate.pm        | 549 +++++++++++++++++++++++++++++++++++
 Configurations/unix-Makefile.tmpl    |   2 +
 Configurations/windows-makefile.tmpl |   1 +
 Configure                            |   6 +-
 configdata.pm.in                     | 162 ++++-------
 tools/c_rehash.in                    |   2 +-
 util/perl/OpenSSL/Template.pm        |  45 ---
 util/perl/OpenSSL/Util.pm            | 136 ++++++++-
 11 files changed, 754 insertions(+), 643 deletions(-)
 delete mode 100644 Configurations/common.tmpl
 create mode 100644 Configurations/gentemplate.pm

diff --git a/.gitignore b/.gitignore
index b88ede1d59..038ccb9773 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 /.dir-locals.el
 
 # Top level excludes
+/Makefile.in
 /Makefile
 /MINFO
 /TABLE
diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl
deleted file mode 100644
index 32190352aa..0000000000
--- a/Configurations/common.tmpl
+++ /dev/null
@@ -1,492 +0,0 @@
-{- # -*- Mode: perl -*-
-
- use File::Basename;
-
- my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
- my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
-
- # A cache of objects for which a recipe has already been generated
- my %cache;
-
- # collectdepends, expanddepends and reducedepends work together to make
- # sure there are no duplicate or weak dependencies and that they are in
- # the right order.  This is used to sort the list of libraries  that a
- # build depends on.
- sub extensionlesslib {
-     my @result = map { $_ =~ /(\.a)?$/; $` } @_;
-     return @result if wantarray;
-     return $result[0];
- }
-
- # collectdepends dives into the tree of dependencies and returns
- # a list of all the non-weak ones.
- sub collectdepends {
-     return () unless @_;
-
-     my $thing = shift;
-     my $extensionlessthing = extensionlesslib($thing);
-     my @listsofar = @_;    # to check if we're looping
-     my @list = @{$unified_info{depends}->{$thing} //
-                      $unified_info{depends}->{$extensionlessthing}};
-     my @newlist = ();
-
-     print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
-         if $debug_resolvedepends;
-     foreach my $item (@list) {
-         my $extensionlessitem = extensionlesslib($item);
-         # It's time to break off when the dependency list starts looping
-         next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
-         # Don't add anything here if the dependency is weak
-         next if defined $unified_info{attributes}->{depends}->{$thing}->{$item}->{'weak'};
-         my @resolved = collectdepends($item, @listsofar, $item);
-         push @newlist, $item, @resolved;
-     }
-     print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
-         if $debug_resolvedepends;
-     @newlist;
- }
-
- # expanddepends goes through a list of stuff, checks if they have any
- # dependencies, and adds them at the end of the current position if
- # they aren't already present later on.
- sub expanddepends {
-     my @after = ( @_ );
-     print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
-         if $debug_resolvedepends;
-     my @before = ();
-     while (@after) {
-         my $item = shift @after;
-         print STDERR "DEBUG[expanddepends]\\  ", join(' ', @before), "\n"
-             if $debug_resolvedepends;
-         print STDERR "DEBUG[expanddepends] - ", $item, "\n"
-             if $debug_resolvedepends;
-         my @middle = (
-             $item,
-             map {
-                 my $x = $_;
-                 my $extlessx = extensionlesslib($x);
-                 if (grep { $extlessx eq extensionlesslib($_) } @before
-                     and
-                     !grep { $extlessx eq extensionlesslib($_) } @after) {
-                     print STDERR "DEBUG[expanddepends] + ", $x, "\n"
-                         if $debug_resolvedepends;
-                     ( $x )
-                 } else {
-                     print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
-                         if $debug_resolvedepends;
-                     ()
-                 }
-             } @{$unified_info{depends}->{$item} // []}
-         );
-         print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
-             if $debug_resolvedepends;
-         print STDERR "DEBUG[expanddepends]/  ", join(' ', @after), "\n"
-             if $debug_resolvedepends;
-         push @before, @middle;
-     }
-     print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
-         if $debug_resolvedepends;
-     @before;
- }
-
- # reducedepends looks through a list, and checks if each item is
- # repeated later on.  If it is, the earlier copy is dropped.
- sub reducedepends {
-     my @list = @_;
-     print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
-         if $debug_resolvedepends;
-     my @newlist = ();
-     my %replace = ();
-     while (@list) {
-         my $item = shift @list;
-         my $extensionlessitem = extensionlesslib($item);
-         if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
-             if ($item ne $extensionlessitem) {
-                 # If this instance of the library is explicitly static, we
-                 # prefer that to any shared library name, since it must have
-                 # been done on purpose.
-                 $replace{$extensionlessitem} = $item;
-             }
-         } else {
-             push @newlist, $item;
-         }
-     }
-     @newlist = map { $replace{$_} // $_; } @newlist;
-     print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
-         if $debug_resolvedepends;
-     @newlist;
- }
-
- # Do it all
- # This takes multiple inputs and combine them into a single list of
- # interdependent things.  The returned value will include all the input.
- # Callers are responsible for taking away the things they are building.
- sub resolvedepends {
-     print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
-         if $debug_resolvedepends;
-     my @all =
-         reducedepends(expanddepends(map { ( $_, collectdepends($_) ) } @_));
-     print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
-         join(',', map { "\n    $_" } @all), "\n"
-         if $debug_resolvedepends;
-     @all;
- }
-
- # dogenerate is responsible for producing all the recipes that build
- # generated source files.  It recurses in case a dependency is also a
- # generated source file.
- sub dogenerate {
-     my $src = shift;
-     # Safety measure
-     return "" unless defined $unified_info{generate}->{$_};
-     return "" if $cache{$src};
-     my $obj = shift;
-     my $bin = shift;
-     my %opts = @_;
-     if ($unified_info{generate}->{$src}) {
-         die "$src is generated by Configure, should not appear in build file\n"
-             if ref $unified_info{generate}->{$src} eq "";
-         my $script = $unified_info{generate}->{$src}->[0];
-         $OUT .= generatesrc(src => $src,
-                             product => $bin,
-                             generator => $unified_info{generate}->{$src},
-                             generator_incs => $unified_info{includes}->{$script},
-                             generator_deps => $unified_info{depends}->{$script},
-                             deps => $unified_info{depends}->{$src},
-                             incs => [ defined $obj
-                                           ? @{$unified_info{includes}->{$obj}}
-                                           : (),
-                                       defined $bin
-                                           ? @{$unified_info{includes}->{$bin}}
-                                           : () ],
-                             defs => [ defined $obj
-                                           ? @{$unified_info{defines}->{$obj}}
-                                           : (),
-                                       defined $bin
-                                           ? @{$unified_info{defines}->{$bin}}
-                                           : () ],
-                             %opts);
-         foreach (@{$unified_info{depends}->{$src}}) {
-             dogenerate($_, $obj, $bin, %opts);
-         }
-     }
-     $cache{$src} = 1;
- }
-
- sub dotarget {
-     my $target = shift;
-     return "" if $cache{$target};
-     $OUT .= generatetarget(target => $target,
-                            deps => $unified_info{depends}->{$target});
-     foreach (@{$unified_info{depends}->{$target}}) {
-         dogenerate($_);
-     }
-     $cache{$target} = 1;
- }
-
- # doobj is responsible for producing all the recipes that build
- # object files as well as dependency files.
- sub doobj {
-     my $obj = shift;
-     return "" if $cache{$obj};
-     my $bin = shift;
-     my %opts = @_;
-     if (@{$unified_info{sources}->{$obj}}) {
-         my @srcs = @{$unified_info{sources}->{$obj}};
-         my @deps = @{$unified_info{depends}->{$obj}};
-         my @incs = ( @{$unified_info{includes}->{$obj}},
-                      @{$unified_info{includes}->{$bin}} );
-         my @defs = ( @{$unified_info{defines}->{$obj}},
-                      @{$unified_info{defines}->{$bin}} );
-         print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
-             join(",", map { "\n    $_" } @srcs), "\n"
-             if $debug_rules;
-         print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
-             join(",", map { "\n    $_" } @deps), "\n"
-             if $debug_rules;
-         print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
-             join(",", map { "\n    $_" } @incs), "\n"
-             if $debug_rules;
-         print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
-             join(",", map { "\n    $_" } @defs), "\n"
-             if $debug_rules;
-         print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
-             join(",", map { "\n    $_ = $opts{$_}" } sort keys %opts), "\n"
-             if $debug_rules;
-         $OUT .= src2obj(obj => $obj, product => $bin,
-                         srcs => [ @srcs ], deps => [ @deps ],
-                         incs => [ @incs ], defs => [ @defs ],
-                         %opts);
-         foreach ((@{$unified_info{sources}->{$obj}},
-                   @{$unified_info{depends}->{$obj}})) {
-             dogenerate($_, $obj, $bin, %opts);
-         }
-     }
-     $cache{$obj} = 1;
- }
-
- # Helper functions to grab all applicable intermediary files.
- # This is particularly useful when a library is given as source
- # rather than a dependency.  In that case, we consider it to be a
- # container with object file references, or possibly references
- # to further libraries to pilfer in the same way.
- sub getsrclibs {
-     my $section = shift;
-
-     # For all input, see if it sources static libraries.  If it does,
-     # return them together with the result of a recursive call.
-     map { ( $_, getsrclibs($section, $_) ) }
-     grep { $_ =~ m|\.a$| }
-     map { @{$unified_info{$section}->{$_} // []} }
-     @_;
- }
-
- sub getlibobjs {
-     my $section = shift;
-
-     # For all input, see if it's an intermediary file (library or object).
-     # If it is, collect the result of a recursive call, or if that returns
-     # an empty list, the element itself.  Return the result.
-     map {
-         my @x = getlibobjs($section, @{$unified_info{$section}->{$_}});
-         @x ? @x : ( $_ );
-     }
-     grep { defined $unified_info{$section}->{$_} }
-     @_;
- }
-
- # dolib is responsible for building libraries.  It will call
- # obj2shlib if shared libraries are produced, and obj2lib in all
- # cases.  It also makes sure all object files for the library are
- # built.
- sub dolib {
-     my $lib = shift;
-     return "" if $cache{$lib};
-
-     my %attrs = %{$unified_info{attributes}->{libraries}->{$lib}};
-
-     my @deps = ( resolvedepends(getsrclibs('sources', $lib)) );
-
-     # We support two types of objs, those who are specific to this library
-     # (they end up in @objs) and those that we get indirectly, via other
-     # libraries (they end up in @foreign_objs).  We get the latter any time
-     # someone has done something like this in build.info:
-     #     SOURCE[libfoo.a]=libbar.a
-     # The indirect object files must be kept in a separate array so they
-     # don't get rebuilt unnecessarily (and with incorrect auxiliary
-     # information).
-     #
-     # Object files can't be collected commonly for shared and static
-     # libraries, because we contain their respective object files in
-     # {shared_sources} and {sources}, and because the implications are
-     # slightly different for each library form.
-     #
-     # We grab all these "foreign" object files recursively with getlibobjs().
-
-     unless ($disabled{shared} || $lib =~ /\.a$/) {
-         my $obj2shlib = defined &obj2shlib ? \&obj2shlib : \&libobj2shlib;
-         # If this library sources other static libraries and those
-         # libraries are marked {noinst}, there's no need to include
-         # all of their object files.  Instead, we treat those static
-         # libraries as dependents alongside any other library this
-         # one depends on, and let symbol resolution do its job.
-         my @sourced_libs = ();
-         my @objs = ();
-         my @foreign_objs = ();
-         my @deps = ();
-         foreach (@{$unified_info{shared_sources}->{$lib}}) {
-             if ($_ !~ m|\.a$|) {
-                 push @objs, $_;
-             } elsif ($unified_info{attributes}->{libraries}->{$_}->{noinst}) {
-                 push @deps, $_;
-             } else {
-                 push @deps, getsrclibs('sources', $_);
-                 push @foreign_objs, getlibobjs('sources', $_);
-             }
-         }
-         @deps = ( grep { $_ ne $lib } resolvedepends($lib, @deps) );
-         print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
-             join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-             if %attrs && $debug_rules;
-         print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
-             join(",", map { "\n    $_" } @deps), "\n"
-             if @deps && $debug_rules;
-         print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
-             join(",", map { "\n    $_" } @objs), "\n"
-             if @objs && $debug_rules;
-         print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
-             join(",", map { "\n    $_" } @foreign_objs), "\n"
-             if @foreign_objs && $debug_rules;
-         $OUT .= $obj2shlib->(lib => $lib,
-                              attrs => { %attrs },
-                              objs => [ @objs, @foreign_objs ],
-                              deps => [ @deps ]);
-         foreach (@objs) {
-             # If this is somehow a compiled object, take care of it that way
-             # Otherwise, it might simply be generated
-             if (defined $unified_info{sources}->{$_}) {
-                 if($_ =~ /\.a$/) {
-                     dolib($_);
-                 } else {
-                     doobj($_, $lib, intent => "shlib", attrs => { %attrs });
-                 }
-             } else {
-                 dogenerate($_, undef, undef, intent => "lib");
-             }
-         }
-     }
-     {
-         # When putting static libraries together, we cannot rely on any
-         # symbol resolution, so for all static libraries used as source for
-         # this one, as well as other libraries they depend on, we simply
-         # grab all their object files unconditionally,
-         # Symbol resolution will happen when any program, module or shared
-         # library is linked with this one.
-         my @objs = ();
-         my @sourcedeps = ();
-         my @foreign_objs = ();
-         foreach (@{$unified_info{sources}->{$lib}}) {
-             if ($_ !~ m|\.a$|) {
-                 push @objs, $_;
-             } else {
-                 push @sourcedeps, $_;
-             }
-         }
-         @sourcedeps = ( grep { $_ ne $lib } resolvedepends(@sourcedeps) );
-         print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
-             join(",", map { "\n    $_" } @sourcedeps), "\n"
-             if @sourcedeps && $debug_rules;
-         @foreign_objs = getlibobjs('sources', @sourcedeps);
-         print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
-             join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-             if %attrs && $debug_rules;
-         print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
-             join(",", map { "\n    $_" } @objs), "\n"
-             if @objs && $debug_rules;
-         print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
-             join(",", map { "\n    $_" } @foreign_objs), "\n"
-             if @foreign_objs && $debug_rules;
-         $OUT .= obj2lib(lib => $lib, attrs => { %attrs },
-                         objs => [ @objs, @foreign_objs ]);
-         foreach (@objs) {
-             doobj($_, $lib, intent => "lib", attrs => { %attrs });
-         }
-     }
-     $cache{$lib} = 1;
- }
-
- # domodule is responsible for building modules.  It will call
- # obj2dso, and also makes sure all object files for the library
- # are built.
- sub domodule {
-     my $module = shift;
-     return "" if $cache{$module};
-     my %attrs = %{$unified_info{attributes}->{modules}->{$module}};
-     my @objs = @{$unified_info{sources}->{$module}};
-     my @deps = ( grep { $_ ne $module }
-                  resolvedepends($module) );
-     print STDERR "DEBUG[domodule] \%attrs for $module :",
-         join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-         if $debug_rules;
-     print STDERR "DEBUG[domodule] \@objs for $module : ",
-         join(",", map { "\n    $_" } @objs), "\n"
-         if $debug_rules;
-     print STDERR "DEBUG[domodule] \@deps for $module : ",
-         join(",", map { "\n    $_" } @deps), "\n"
-         if $debug_rules;
-     $OUT .= obj2dso(module => $module,
-                     attrs => { %attrs },
-                     objs => [ @objs ],
-                     deps => [ @deps ]);
-     foreach (@{$unified_info{sources}->{$module}}) {
-         # If this is somehow a compiled object, take care of it that way
-         # Otherwise, it might simply be generated
-         if (defined $unified_info{sources}->{$_}) {
-             doobj($_, $module, intent => "dso", attrs => { %attrs });
-         } else {
-             dogenerate($_, undef, $module, intent => "dso");
-         }
-     }
-     $cache{$module} = 1;
- }
-
- # dobin is responsible for building programs.  It will call obj2bin,
- # and also makes sure all object files for the library are built.
- sub dobin {
-     my $bin = shift;
-     return "" if $cache{$bin};
-     my %attrs = %{$unified_info{attributes}->{programs}->{$bin}};
-     my @objs = @{$unified_info{sources}->{$bin}};
-     my @deps = ( grep { $_ ne $bin } resolvedepends($bin) );
-     print STDERR "DEBUG[dobin] \%attrs for $bin : ",
-         join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-         if %attrs && $debug_rules;
-     print STDERR "DEBUG[dobin] \@objs for $bin : ",
-         join(",", map { "\n    $_" } @objs), "\n"
-         if @objs && $debug_rules;
-     print STDERR "DEBUG[dobin] \@deps for $bin : ",
-         join(",", map { "\n    $_" } @deps), "\n"
-         if @deps && $debug_rules;
-     $OUT .= obj2bin(bin => $bin,
-                     attrs => { %attrs },
-                     objs => [ @objs ],
-                     deps => [ @deps ]);
-     foreach (@objs) {
-         doobj($_, $bin, intent => "bin", attrs => { %attrs });
-     }
-     $cache{$bin} = 1;
- }
-
- # doscript is responsible for building scripts from templates.  It will
- # call in2script.
- sub doscript {
-     my $script = shift;
-     return "" if $cache{$script};
-     $OUT .= in2script(script => $script,
-                       attrs => $unified_info{attributes}->{$script},
-                       sources => $unified_info{sources}->{$script});
-     $cache{$script} = 1;
- }
-
- sub dodir {
-     my $dir = shift;
-     return "" if !exists(&generatedir) or $cache{$dir};
-     $OUT .= generatedir(dir => $dir,
-                         deps => $unified_info{dirinfo}->{$dir}->{deps},
-                         %{$unified_info{dirinfo}->{$_}->{products}});
-     $cache{$dir} = 1;
- }
-
- # dodocs is responsible for building documentation from .pods.
- # It will call generatesrc.
- sub dodocs {
-     my $type = shift;
-     my $section = shift;
-     foreach my $doc (@{$unified_info{"${type}docs"}->{$section}}) {
-         next if $cache{$doc};
-         $OUT .= generatesrc(src => $doc,
-                             generator => $unified_info{generate}->{$doc});
-         foreach ((@{$unified_info{depends}->{$doc}})) {
-             dogenerate($_, undef, undef, %opts);
-         }
-         $cache{$doc} = 1;
-     }
- }
-
- # Start with populating the cache with all the overrides
- %cache = map { $_ => 1 } @{$unified_info{overrides}};
-
- # Build mandatory header file generators
- foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
-
- # Build all known targets, libraries, modules, programs and scripts.
- # Everything else will be handled as a consequence.
- foreach (@{$unified_info{targets}})   { dotarget($_); }
- foreach (@{$unified_info{libraries}}) { dolib($_);    }
- foreach (@{$unified_info{modules}})   { domodule($_); }
- foreach (@{$unified_info{programs}})  { dobin($_);    }
- foreach (@{$unified_info{scripts}})   { doscript($_); }
- foreach (sort keys %{$unified_info{htmldocs}}) { dodocs('html', $_); }
- foreach (sort keys %{$unified_info{mandocs}})  { dodocs('man', $_); }
- foreach (sort keys %{$unified_info{dirinfo}})  { dodir($_); }
--}
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 920c0abfeb..a357ae5c3b 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -4,6 +4,7 @@
 {-
   use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
   use File::Basename;
+  use OpenSSL::Util;
 
   (our $osslprefix_q = platform->osslprefix()) =~ s/\$/\\\$/;
 
diff --git a/Configurations/gentemplate.pm b/Configurations/gentemplate.pm
new file mode 100644
index 0000000000..4acc017e3b
--- /dev/null
+++ b/Configurations/gentemplate.pm
@@ -0,0 +1,549 @@
+package gentemplate;
+
+use strict;
+use warnings;
+use Carp;
+
+use Exporter;
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+ at ISA = qw(Exporter);
+ at EXPORT = qw(gentemplate);
+
+use File::Basename;
+
+sub gentemplate {
+    my %opts = @_;
+
+    my $generator = OpenSSL::GenTemplate->new(%opts);
+
+    # Build mandatory header file generators
+    foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
+
+    # Build all known targets, libraries, modules, programs and scripts.
+    # Everything else will be handled as a consequence.
+    foreach (@{$generator->{info}->{targets}})   { $generator->dotarget($_); }
+    foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_);    }
+    foreach (@{$generator->{info}->{modules}})   { $generator->domodule($_); }
+    foreach (@{$generator->{info}->{programs}})  { $generator->dobin($_);    }
+    foreach (@{$generator->{info}->{scripts}})   { $generator->doscript($_); }
+    foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
+    foreach (sort keys %{$generator->{info}->{mandocs}})  { $generator->dodocs('man', $_); }
+    foreach (sort keys %{$generator->{info}->{dirinfo}})  { $generator->dodir($_); }
+}
+
+package OpenSSL::GenTemplate;
+
+use OpenSSL::Util;
+
+sub new {
+    my $class = shift;
+    my %opts = @_;
+
+    my $data = {
+        output   => $opts{output},
+        config   => $opts{config} // {},
+        disabled => $opts{disabled} // {},
+        info     => $opts{unified_info} // {},
+    };
+
+    return bless $data, $class;
+};
+
+sub emit {
+    my $self = shift;
+    my $name = shift;
+    my %opts = @_;
+    my $fh = $self->{output};
+
+    die "No name?" unless $name;
+    print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}";
+}
+
+my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
+my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
+
+# A cache of objects for which a recipe has already been generated
+our %cache;
+
+# collectdepends, expanddepends and reducedepends work together to make
+# sure there are no duplicate or weak dependencies and that they are in
+# the right order.  This is used to sort the list of libraries  that a
+# build depends on.
+sub extensionlesslib {
+    my @result = map { $_ =~ /(\.a)?$/; $` } @_;
+    return @result if wantarray;
+    return $result[0];
+}
+
+# collectdepends dives into the tree of dependencies and returns
+# a list of all the non-weak ones.
+sub collectdepends {
+    my $self = shift;
+    return () unless @_;
+
+    my $thing = shift;
+    my $extensionlessthing = extensionlesslib($thing);
+    my @listsofar = @_;    # to check if we're looping
+    my @list = @{ $self->{info}->{depends}->{$thing} //
+                  $self->{info}->{depends}->{$extensionlessthing}
+                  // [] };
+    my @newlist = ();
+
+    print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
+        if $debug_resolvedepends;
+    foreach my $item (@list) {
+        my $extensionlessitem = extensionlesslib($item);
+        # It's time to break off when the dependency list starts looping
+        next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
+        # Don't add anything here if the dependency is weak
+        next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
+        my @resolved = $self->collectdepends($item, @listsofar, $item);
+        push @newlist, $item, @resolved;
+    }
+    print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
+        if $debug_resolvedepends;
+    @newlist;
+}
+
+# expanddepends goes through a list of stuff, checks if they have any
+# dependencies, and adds them at the end of the current position if
+# they aren't already present later on.
+sub expanddepends {
+    my $self = shift;
+    my @after = ( @_ );
+    print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
+        if $debug_resolvedepends;
+    my @before = ();
+    while (@after) {
+        my $item = shift @after;
+        print STDERR "DEBUG[expanddepends]\\  ", join(' ', @before), "\n"
+            if $debug_resolvedepends;
+        print STDERR "DEBUG[expanddepends] - ", $item, "\n"
+            if $debug_resolvedepends;
+        my @middle = (
+            $item,
+            map {
+                my $x = $_;
+                my $extlessx = extensionlesslib($x);
+                if (grep { $extlessx eq extensionlesslib($_) } @before
+                    and
+                    !grep { $extlessx eq extensionlesslib($_) } @after) {
+                    print STDERR "DEBUG[expanddepends] + ", $x, "\n"
+                        if $debug_resolvedepends;
+                    ( $x )
+                } else {
+                    print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
+                        if $debug_resolvedepends;
+                    ()
+                }
+            } @{$self->{info}->{depends}->{$item} // []}
+            );
+        print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
+            if $debug_resolvedepends;
+        print STDERR "DEBUG[expanddepends]/  ", join(' ', @after), "\n"
+            if $debug_resolvedepends;
+        push @before, @middle;
+    }
+    print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
+        if $debug_resolvedepends;
+    @before;
+}
+
+# reducedepends looks through a list, and checks if each item is
+# repeated later on.  If it is, the earlier copy is dropped.
+sub reducedepends {
+    my @list = @_;
+    print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
+        if $debug_resolvedepends;
+    my @newlist = ();
+    my %replace = ();
+    while (@list) {
+        my $item = shift @list;
+        my $extensionlessitem = extensionlesslib($item);
+        if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
+            if ($item ne $extensionlessitem) {
+                # If this instance of the library is explicitly static, we
+                # prefer that to any shared library name, since it must have
+                # been done on purpose.
+                $replace{$extensionlessitem} = $item;
+            }
+        } else {
+            push @newlist, $item;
+        }
+    }
+    @newlist = map { $replace{$_} // $_; } @newlist;
+    print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
+        if $debug_resolvedepends;
+    @newlist;
+}
+
+# Do it all
+# This takes multiple inputs and combine them into a single list of
+# interdependent things.  The returned value will include all the input.
+# Callers are responsible for taking away the things they are building.
+sub resolvedepends {
+    my $self = shift;
+    print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
+        if $debug_resolvedepends;
+    my @all =
+        reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
+    print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
+        join(',', map { "\n    $_" } @all), "\n"
+        if $debug_resolvedepends;
+    @all;
+}
+
+# dogenerate is responsible for producing all the recipes that build
+# generated source files.  It recurses in case a dependency is also a
+# generated source file.
+sub dogenerate {
+    my $self = shift;
+    my $src = shift;
+    # Safety measure
+    return "" unless defined $self->{info}->{generate}->{$_};
+    return "" if $cache{$src};
+    my $obj = shift;
+    my $bin = shift;
+    my %opts = @_;
+    if ($self->{info}->{generate}->{$src}) {
+        die "$src is generated by Configure, should not appear in build file\n"
+            if ref $self->{info}->{generate}->{$src} eq "";
+        my $script = $self->{info}->{generate}->{$src}->[0];
+        $self->emit('generatesrc',
+             src => $src,
+             product => $bin,
+             generator => $self->{info}->{generate}->{$src},
+             generator_incs => $self->{info}->{includes}->{$script} // [],
+             generator_deps => $self->{info}->{depends}->{$script} // [],
+             deps => $self->{info}->{depends}->{$src} // [],
+             incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
+                       defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
+             defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
+                       defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
+             %opts);
+        foreach (@{$self->{info}->{depends}->{$src} // []}) {
+            $self->dogenerate($_, $obj, $bin, %opts);
+        }
+    }
+    $cache{$src} = 1;
+}
+
+sub dotarget {
+    my $self = shift;
+    my $target = shift;
+    return "" if $cache{$target};
+    $self->emit('generatetarget',
+         target => $target,
+         deps => $self->{info}->{depends}->{$target} // []);
+    foreach (@{$self->{info}->{depends}->{$target} // []}) {
+        $self->dogenerate($_);
+    }
+    $cache{$target} = 1;
+}
+
+# doobj is responsible for producing all the recipes that build
+# object files as well as dependency files.
+sub doobj {
+    my $self = shift;
+    my $obj = shift;
+    return "" if $cache{$obj};
+    my $bin = shift;
+    my %opts = @_;
+    if (@{$self->{info}->{sources}->{$obj} // []}) {
+        my @srcs = @{$self->{info}->{sources}->{$obj}};
+        my @deps = @{$self->{info}->{depends}->{$obj} // []};
+        my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
+                     @{$self->{info}->{includes}->{$bin} // []} );
+        my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
+                     @{$self->{info}->{defines}->{$bin} // []} );
+        print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
+            join(",", map { "\n    $_" } @srcs), "\n"
+            if $debug_rules;
+        print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
+            join(",", map { "\n    $_" } @deps), "\n"
+            if $debug_rules;
+        print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
+            join(",", map { "\n    $_" } @incs), "\n"
+            if $debug_rules;
+        print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
+            join(",", map { "\n    $_" } @defs), "\n"
+            if $debug_rules;
+        print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
+            join(",", map { "\n    $_ = $opts{$_}" } sort keys %opts), "\n"
+            if $debug_rules;
+        $self->emit('src2obj',
+             obj => $obj, product => $bin,
+             srcs => [ @srcs ], deps => [ @deps ],
+             incs => [ @incs ], defs => [ @defs ],
+             %opts);
+        foreach ((@{$self->{info}->{sources}->{$obj}},
+                  @{$self->{info}->{depends}->{$obj} // []})) {
+            $self->dogenerate($_, $obj, $bin, %opts);
+        }
+    }
+    $cache{$obj} = 1;
+}
+
+# Helper functions to grab all applicable intermediary files.
+# This is particularly useful when a library is given as source
+# rather than a dependency.  In that case, we consider it to be a
+# container with object file references, or possibly references
+# to further libraries to pilfer in the same way.
+sub getsrclibs {
+    my $self = shift;
+    my $section = shift;
+
+    # For all input, see if it sources static libraries.  If it does,
+    # return them together with the result of a recursive call.
+    map { ( $_, getsrclibs($section, $_) ) }
+    grep { $_ =~ m|\.a$| }
+    map { @{$self->{info}->{$section}->{$_} // []} }
+    @_;
+}
+
+sub getlibobjs {
+    my $self = shift;
+    my $section = shift;
+
+    # For all input, see if it's an intermediary file (library or object).
+    # If it is, collect the result of a recursive call, or if that returns
+    # an empty list, the element itself.  Return the result.
+    map {
+        my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
+        @x ? @x : ( $_ );
+    }
+    grep { defined $self->{info}->{$section}->{$_} }
+    @_;
+}
+
+# dolib is responsible for building libraries.  It will call
+# obj2shlib if shared libraries are produced, and obj2lib in all
+# cases.  It also makes sure all object files for the library are
+# built.
+sub dolib {
+    my $self = shift;
+    my $lib = shift;
+    return "" if $cache{$lib};
+
+    my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
+
+    my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
+
+    # We support two types of objs, those who are specific to this library
+    # (they end up in @objs) and those that we get indirectly, via other
+    # libraries (they end up in @foreign_objs).  We get the latter any time
+    # someone has done something like this in build.info:
+    #     SOURCE[libfoo.a]=libbar.a
+    # The indirect object files must be kept in a separate array so they
+    # don't get rebuilt unnecessarily (and with incorrect auxiliary
+    # information).
+    #
+    # Object files can't be collected commonly for shared and static
+    # libraries, because we contain their respective object files in
+    # {shared_sources} and {sources}, and because the implications are
+    # slightly different for each library form.
+    #
+    # We grab all these "foreign" object files recursively with getlibobjs().
+
+    unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
+        # If this library sources other static libraries and those
+        # libraries are marked {noinst}, there's no need to include
+        # all of their object files.  Instead, we treat those static
+        # libraries as dependents alongside any other library this
+        # one depends on, and let symbol resolution do its job.
+        my @sourced_libs = ();
+        my @objs = ();
+        my @foreign_objs = ();
+        my @deps = ();
+        foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
+            if ($_ !~ m|\.a$|) {
+                push @objs, $_;
+            } elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
+                push @deps, $_;
+            } else {
+                push @deps, $self->getsrclibs('sources', $_);
+                push @foreign_objs, $self->getlibobjs('sources', $_);
+            }
+        }
+        @deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
+        print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
+            join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
+            if %attrs && $debug_rules;
+        print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
+            join(",", map { "\n    $_" } @deps), "\n"
+            if @deps && $debug_rules;
+        print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
+            join(",", map { "\n    $_" } @objs), "\n"
+            if @objs && $debug_rules;
+        print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
+            join(",", map { "\n    $_" } @foreign_objs), "\n"
+            if @foreign_objs && $debug_rules;
+        $self->emit('obj2shlib',
+             lib => $lib,
+             attrs => { %attrs },
+             objs => [ @objs, @foreign_objs ],
+             deps => [ @deps ]);
+        foreach (@objs) {
+            # If this is somehow a compiled object, take care of it that way
+            # Otherwise, it might simply be generated
+            if (defined $self->{info}->{sources}->{$_}) {
+                if($_ =~ /\.a$/) {
+                    $self->dolib($_);
+                } else {
+                    $self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
+                }
+            } else {
+                $self->dogenerate($_, undef, undef, intent => "lib");
+            }
+        }
+    }
+    {
+        # When putting static libraries together, we cannot rely on any
+        # symbol resolution, so for all static libraries used as source for
+        # this one, as well as other libraries they depend on, we simply
+        # grab all their object files unconditionally,
+        # Symbol resolution will happen when any program, module or shared
+        # library is linked with this one.
+        my @objs = ();
+        my @sourcedeps = ();
+        my @foreign_objs = ();
+        foreach (@{$self->{info}->{sources}->{$lib}}) {
+            if ($_ !~ m|\.a$|) {
+                push @objs, $_;
+            } else {
+                push @sourcedeps, $_;
+            }
+        }
+        @sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
+        print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
+            join(",", map { "\n    $_" } @sourcedeps), "\n"
+            if @sourcedeps && $debug_rules;
+        @foreign_objs = $self->getlibobjs('sources', @sourcedeps);
+        print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
+            join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
+            if %attrs && $debug_rules;
+        print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
+            join(",", map { "\n    $_" } @objs), "\n"
+            if @objs && $debug_rules;
+        print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
+            join(",", map { "\n    $_" } @foreign_objs), "\n"
+            if @foreign_objs && $debug_rules;
+        $self->emit('obj2lib',
+             lib => $lib, attrs => { %attrs },
+             objs => [ @objs, @foreign_objs ]);
+        foreach (@objs) {
+            $self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
+        }
+    }
+    $cache{$lib} = 1;
+}
+
+# domodule is responsible for building modules.  It will call
+# obj2dso, and also makes sure all object files for the library
+# are built.
+sub domodule {
+    my $self = shift;
+    my $module = shift;
+    return "" if $cache{$module};
+    my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
+    my @objs = @{$self->{info}->{sources}->{$module}};
+    my @deps = ( grep { $_ ne $module }
+                 $self->resolvedepends($module) );
+    print STDERR "DEBUG[domodule] \%attrs for $module :",
+        join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
+        if $debug_rules;
+    print STDERR "DEBUG[domodule] \@objs for $module : ",
+        join(",", map { "\n    $_" } @objs), "\n"
+        if $debug_rules;
+    print STDERR "DEBUG[domodule] \@deps for $module : ",
+        join(",", map { "\n    $_" } @deps), "\n"
+        if $debug_rules;
+    $self->emit('obj2dso',
+         module => $module,
+         attrs => { %attrs },
+         objs => [ @objs ],
+         deps => [ @deps ]);
+    foreach (@{$self->{info}->{sources}->{$module}}) {
+        # If this is somehow a compiled object, take care of it that way
+        # Otherwise, it might simply be generated
+        if (defined $self->{info}->{sources}->{$_}) {
+            $self->doobj($_, $module, intent => "dso", attrs => { %attrs });
+        } else {
+            $self->dogenerate($_, undef, $module, intent => "dso");
+        }
+    }
+    $cache{$module} = 1;
+}
+
+# dobin is responsible for building programs.  It will call obj2bin,
+# and also makes sure all object files for the library are built.
+sub dobin {
+    my $self = shift;
+    my $bin = shift;
+    return "" if $cache{$bin};
+    my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
+    my @objs = @{$self->{info}->{sources}->{$bin}};
+    my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
+    print STDERR "DEBUG[dobin] \%attrs for $bin : ",
+        join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
+        if %attrs && $debug_rules;
+    print STDERR "DEBUG[dobin] \@objs for $bin : ",
+        join(",", map { "\n    $_" } @objs), "\n"
+        if @objs && $debug_rules;
+    print STDERR "DEBUG[dobin] \@deps for $bin : ",
+        join(",", map { "\n    $_" } @deps), "\n"
+        if @deps && $debug_rules;
+    $self->emit('obj2bin',
+         bin => $bin,
+         attrs => { %attrs },
+         objs => [ @objs ],
+         deps => [ @deps ]);
+    foreach (@objs) {
+        $self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
+    }
+    $cache{$bin} = 1;
+}
+
+# doscript is responsible for building scripts from templates.  It will
+# call in2script.
+sub doscript {
+    my $self = shift;
+    my $script = shift;
+    return "" if $cache{$script};
+    $self->emit('in2script',
+         script => $script,
+         attrs => $self->{info}->{attributes}->{$script} // {},
+         sources => $self->{info}->{sources}->{$script});
+    $cache{$script} = 1;
+}
+
+sub dodir {
+    my $self = shift;
+    my $dir = shift;
+    return "" if !exists(&generatedir) or $cache{$dir};
+    $self->emit('generatedir',
+         dir => $dir,
+         deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
+         %{$self->{info}->{dirinfo}->{$_}->{products}});
+    $cache{$dir} = 1;
+}
+
+# dodocs is responsible for building documentation from .pods.
+# It will call generatesrc.
+sub dodocs {
+    my $self = shift;
+    my $type = shift;
+    my $section = shift;
+    foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
+        next if $cache{$doc};
+        $self->emit('generatesrc',
+             src => $doc,
+             generator => $self->{info}->{generate}->{$doc});
+        foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
+            $self->dogenerate($_, undef, undef);
+        }
+        $cache{$doc} = 1;
+    }
+}
+
+1;
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index f729416d1d..8b45e75f57 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -3,6 +3,8 @@
 ##
 ## {- join("\n## ", @autowarntext) -}
 {-
+     use OpenSSL::Util;
+
      our $makedep_scheme = $config{makedep_scheme};
      our $makedepcmd = platform->makedepcmd();
 
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 014c1eb8d1..a7123f6a5e 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -4,6 +4,7 @@
 ## {- join("\n## ", @autowarntext) -}
 {-
  use File::Basename;
+ use OpenSSL::Util;
 
  our $sover_dirname = platform->shlib_version_as_filename();
 
diff --git a/Configure b/Configure
index 2996cd1b4a..cd40abedf7 100755
--- a/Configure
+++ b/Configure
@@ -1918,9 +1918,7 @@ if ($builder eq "unified") {
     $config{build_file_templates}
       = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"),
                     $blddir),
-          $build_file_template,
-          cleanfile($srcdir, catfile("Configurations", "common.tmpl"),
-                    $blddir) ];
+           $build_file_template ];
 
     my @build_dirs = ( [ ] );   # current directory
 
@@ -2789,7 +2787,7 @@ my %template_vars = (
 my $configdata_outname = 'configdata.pm';
 print "Creating $configdata_outname\n";
 open CONFIGDATA, ">$configdata_outname.new"
-            or die "Trying to create $configdata_outname.new: $!";
+    or die "Trying to create $configdata_outname.new: $!";
 my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir);
 my $configdata_tmpl =
     OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname);
diff --git a/configdata.pm.in b/configdata.pm.in
index 3481eab277..6c0d30baa0 100644
--- a/configdata.pm.in
+++ b/configdata.pm.in
@@ -1,65 +1,6 @@
 #! {- $config{HASHBANGPERL} -}
 # -*- mode: perl -*-
 {-
- sub out_item {
-     my $ref = shift;
-     # Available options:
-     # indent           => callers indentation (int)
-     # delimiters       => 1 if outer delimiters should be added
-     my %opts = @_;
-
-     my $indent = $opts{indent} // 0;
-     # Indentation of the whole structure, where applicable
-     my $nlindent1 = "\n" . ' ' x $indent;
-     # Indentation of individual items, where applicable
-     my $nlindent2 = "\n" . ' ' x ($indent + 4);
-
-     my $product;      # Finished product, or reference to a function that
-                       # produces a string, given $_
-     # The following are only used when $product is a function reference
-     my $delim_l;      # Left delimiter of structure
-     my $delim_r;      # Right delimiter of structure
-     my $separator;    # Item separator
-     my @items;        # Items to iterate over
-
-     if (ref($ref) eq "ARRAY") {
-         if (scalar @$ref == 0) {
-             $product = $opts{delimiters} ? '[]' : '';
-         } else {
-             $product = sub {
-                 out_item(\$_, delimiters => 1, indent => $indent + 4)
-             };
-             $delim_l = ($opts{delimiters} ? '[' : '').$nlindent2;
-             $delim_r = $nlindent1.($opts{delimiters} ? ']' : '');
-             $separator = ",$nlindent2";
-             @items = @$ref;
-         }
-     } elsif (ref($ref) eq "HASH") {
-         if (scalar keys %$ref == 0) {
-             $product = $opts{delimiters} ? '{}' : '';
-         } else {
-             $product = sub {
-                 quotify1($_) . " => "
-                 . out_item($ref->{$_}, delimiters => 1, indent => $indent + 4)
-             };
-             $delim_l = ($opts{delimiters} ? '{' : '').$nlindent2;
-             $delim_r = $nlindent1.($opts{delimiters} ? '}' : '');
-             $separator = ",$nlindent2";
-             @items = sort keys %$ref;
-         }
-     } elsif (ref($ref) eq "SCALAR") {
-         $product = defined $$ref ? quotify1 $$ref : "undef";
-     } else {
-         $product = defined $ref ? quotify1 $ref : "undef";
-     }
-
-     if (ref($product) eq "CODE") {
-         $delim_l . join($separator, map { &$product } @items) . $delim_r;
-     } else {
-         $product;
-     }
- }
-
  # We must make sourcedir() return an absolute path, because configdata.pm
  # may be loaded as a module from any script in any directory, making
  # relative paths untrustable.  Because the result is used with 'use lib',
@@ -73,6 +14,8 @@
  sub sourcefile {
      return abs_path(catfile($config{sourcedir}, @_));
  }
+ use lib sourcedir('util', 'perl');
+ use OpenSSL::Util;
 -}
 package configdata;
 
@@ -86,23 +29,23 @@ our @EXPORT = qw(
     @disablables @disablables_int
 );
 
-our %config = ({- out_item(\%config); -});
-our %target = ({- out_item(\%target); -});
-our @disablables = ({- out_item(\@disablables) -});
-our @disablables_int = ({- out_item(\@disablables_int) -});
-our %disabled = ({- out_item(\%disabled); -});
-our %withargs = ({- out_item(\%withargs); -});
-our %unified_info = ({- out_item(\%unified_info); -});
+our %config = ({- dump_data(\%config, indent => 0); -});
+our %target = ({- dump_data(\%target, indent => 0); -});
+our @disablables = ({- dump_data(\@disablables, indent => 0) -});
+our @disablables_int = ({- dump_data(\@disablables_int, indent => 0) -});
+our %disabled = ({- dump_data(\%disabled, indent => 0); -});
+our %withargs = ({- dump_data(\%withargs, indent => 0); -});
+our %unified_info = ({- dump_data(\%unified_info, indent => 0); -});
 
 # Unexported, only used by OpenSSL::Test::Utils::available_protocols()
 our %available_protocols = (
-    tls  => [{- out_item(\@tls) -}],
-    dtls => [{- out_item(\@dtls) -}],
+    tls  => [{- dump_data(\@tls, indent => 0) -}],
+    dtls => [{- dump_data(\@dtls, indent => 0) -}],
 );
 
 # The following data is only used when this files is use as a script
-my @makevars = ({- out_item(\@makevars); -});
-my %disabled_info = ({- out_item(\%disabled_info); -});
+my @makevars = ({- dump_data(\@makevars, indent => 0); -});
+my %disabled_info = ({- dump_data(\%disabled_info, indent => 0); -});
 my @user_crossable = qw( {- join (' ', @user_crossable) -} );
 
 # If run directly, we can give some answers, and even reconfigure
@@ -110,6 +53,7 @@ unless (caller) {
     use Getopt::Long;
     use File::Spec::Functions;
     use File::Basename;
+    use File::Copy;
     use Pod::Usage;
 
     use lib '{- sourcedir('util', 'perl') -}';
@@ -119,6 +63,39 @@ unless (caller) {
 
     if (scalar @ARGV == 0) {
         # With no arguments, re-create the build file
+        # We do that in two steps, where the first step emits perl
+        # snipets.
+
+        my $buildfile = $target{build_file};
+        my $buildfile_template = "$buildfile.in";
+        my @autowarntext = (
+            'WARNING: do not edit!',
+            "Generated by configdata.pm from "
+            .join(", ", @{$config{build_file_templates}}),
+            "via $buildfile_template"
+        );
+        my %gendata = (
+            config => \%config,
+            target => \%target,
+            disabled => \%disabled,
+            withargs => \%withargs,
+            unified_info => \%unified_info,
+            autowarntext => \@autowarntext,
+            );
+
+        use lib '.';
+        use lib '{- sourcedir('Configurations') -}';
+        use gentemplate;
+
+        print 'Creating ',$buildfile_template,"\n";
+        open my $buildfile_template_fh, ">$buildfile_template"
+            or die "Trying to create $buildfile_template: $!";
+        foreach (@{$config{build_file_templates}}) {
+            copy($_, $buildfile_template_fh)
+                or die "Trying to copy $_ into $buildfile_template: $!";
+        }
+        gentemplate(output => $buildfile_template_fh, %gendata);
+        close $buildfile_template_fh;
 
         use OpenSSL::Template;
 
@@ -130,36 +107,23 @@ use lib '{- $config{builddir} -}';
 use platform;
 _____
 
-        my @autowarntext = (
-            'WARNING: do not edit!',
-            "Generated by configdata.pm from "
-            .join(", ", @{$config{build_file_templates}})
-        );
-
-        print 'Creating ',$target{build_file},"\n";
-        open BUILDFILE, ">$target{build_file}.new"
-            or die "Trying to create $target{build_file}.new: $!";
-        foreach (@{$config{build_file_templates}}) {
-            my $tmpl = OpenSSL::Template->new(TYPE => 'FILE',
-                                              SOURCE => $_);
-            $tmpl->fill_in(FILENAME => $_,
-                           OUTPUT => \*BUILDFILE,
-                           HASH => { config => \%config,
-                                     target => \%target,
-                                     disabled => \%disabled,
-                                     withargs => \%withargs,
-                                     unified_info => \%unified_info,
-                                     autowarntext => \@autowarntext },
-                           PREPEND => $prepend,
-                           # To ensure that global variables and functions
-                           # defined in one template stick around for the
-                           # next, making them combinable
-                           PACKAGE => 'OpenSSL::safe')
-                or die $Text::Template::ERROR;
-        }
+        print 'Creating ',$buildfile,"\n";
+        open BUILDFILE, ">$buildfile.new"
+            or die "Trying to create $buildfile.new: $!";
+        my $tmpl = OpenSSL::Template->new(TYPE => 'FILE',
+                                          SOURCE => $buildfile_template);
+        $tmpl->fill_in(FILENAME => $_,
+                       OUTPUT => \*BUILDFILE,
+                       HASH => \%gendata,
+                       PREPEND => $prepend,
+                       # To ensure that global variables and functions
+                       # defined in one template stick around for the
+                       # next, making them combinable
+                       PACKAGE => 'OpenSSL::safe')
+            or die $Text::Template::ERROR;
         close BUILDFILE;
-        rename("$target{build_file}.new", $target{build_file})
-            or die "Trying to rename $target{build_file}.new to $target{build_file}: $!";
+        rename("$buildfile.new", $buildfile)
+            or die "Trying to rename $buildfile.new to $buildfile: $!";
 
         exit(0);
     }
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index 1566d141d3..54cad6138b 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -1,5 +1,5 @@
 #!{- $config{HASHBANGPERL} -}
-
+{- use OpenSSL::Util; -}
 # {- join("\n# ", @autowarntext) -}
 # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
diff --git a/util/perl/OpenSSL/Template.pm b/util/perl/OpenSSL/Template.pm
index ed89d15085..bed13d20f9 100644
--- a/util/perl/OpenSSL/Template.pm
+++ b/util/perl/OpenSSL/Template.pm
@@ -130,51 +130,6 @@ sub output_off {
 
 # Helper functions for the templates #################################
 
-# It might be practical to quotify some strings and have them protected
-# from possible harm.  These functions primarily quote things that might
-# be interpreted wrongly by a perl eval.
-
-# NOTE THAT THESE AREN'T CLASS METHODS!
-
-=over 4
-
-=item quotify1 STRING
-
-This adds quotes (") around the given string, and escapes any $, @, \,
-" and ' by prepending a \ to them.
-
-=back
-
-=cut
-
-sub quotify1 {
-    my $s = shift @_;
-    $s =~ s/([\$\@\\"'])/\\$1/g;
-    '"'.$s.'"';
-}
-
-=over 4
-
-=item quotify_l LIST
-
-For each defined element in LIST (i.e. elements that aren't undef), have
-it quotified with 'quotify1'.
-Undefined elements are ignored.
-
-=back
-
-=cut
-
-sub quotify_l {
-    map {
-        if (!defined($_)) {
-            ();
-        } else {
-            quotify1($_);
-        }
-    } @_;
-}
-
 =head1 SEE ALSO
 
 L<Text::Template>
diff --git a/util/perl/OpenSSL/Util.pm b/util/perl/OpenSSL/Util.pm
index 1c8c6afa44..8b3743aa2a 100644
--- a/util/perl/OpenSSL/Util.pm
+++ b/util/perl/OpenSSL/Util.pm
@@ -6,7 +6,7 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
-package OpenSSL::Ordinals;
+package OpenSSL::Util;
 
 use strict;
 use warnings;
@@ -16,7 +16,7 @@ use Exporter;
 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
 $VERSION = "0.1";
 @ISA = qw(Exporter);
- at EXPORT = qw(cmp_versions);
+ at EXPORT = qw(cmp_versions quotify1 quotify_l dump_data);
 @EXPORT_OK = qw();
 
 =head1 NAME
@@ -85,4 +85,136 @@ sub cmp_versions {
     return $verdict;
 }
 
+# It might be practical to quotify some strings and have them protected
+# from possible harm.  These functions primarily quote things that might
+# be interpreted wrongly by a perl eval.
+
+=over 4
+
+=item quotify1 STRING
+
+This adds quotes (") around the given string, and escapes any $, @, \,
+" and ' by prepending a \ to them.
+
+=back
+
+=cut
+
+sub quotify1 {
+    my $s = shift @_;
+    $s =~ s/([\$\@\\"'])/\\$1/g;
+    '"'.$s.'"';
+}
+
+=over 4
+
+=item quotify_l LIST
+
+For each defined element in LIST (i.e. elements that aren't undef), have
+it quotified with 'quotify1'.
+Undefined elements are ignored.
+
+=cut
+
+sub quotify_l {
+    map {
+        if (!defined($_)) {
+            ();
+        } else {
+            quotify1($_);
+        }
+    } @_;
+}
+
+=item dump_data REF, OPTS
+
+Dump the data from REF into a string that can be evaluated into the same
+data by Perl.
+
+OPTS is the rest of the arguments, expected to be pairs formed with C<< => >>.
+The following OPTS keywords are understood:
+
+=over 4
+
+=item B<delimiters =E<gt> 0 | 1>
+
+Include the outer delimiter of the REF type in the resulting string if C<1>,
+otherwise not.
+
+=item B<indent =E<gt> num>
+
+The indentation of the caller, i.e. an initial value.  If not given, there
+will be no indentation at all, and the string will only be one line.
+
+=back
+
+=cut
+
+sub dump_data {
+    my $ref = shift;
+    # Available options:
+    # indent           => callers indentation ( undef for no indentation,
+    #                     an integer otherwise )
+    # delimiters       => 1 if outer delimiters should be added
+    my %opts = @_;
+
+    my $indent = $opts{indent} // 1;
+    # Indentation of the whole structure, where applicable
+    my $nlindent1 = defined $opts{indent} ? "\n" . ' ' x $indent : ' ';
+    # Indentation of individual items, where applicable
+    my $nlindent2 = defined $opts{indent} ? "\n" . ' ' x ($indent + 4) : ' ';
+    my %subopts = ();
+
+    $subopts{delimiters} = 1;
+    $subopts{indent} = $opts{indent} + 4 if defined $opts{indent};
+
+    my $product;      # Finished product, or reference to a function that
+                      # produces a string, given $_
+    # The following are only used when $product is a function reference
+    my $delim_l;      # Left delimiter of structure
+    my $delim_r;      # Right delimiter of structure
+    my $separator;    # Item separator
+    my @items;        # Items to iterate over
+
+     if (ref($ref) eq "ARRAY") {
+         if (scalar @$ref == 0) {
+             $product = $opts{delimiters} ? '[]' : '';
+         } else {
+             $product = sub {
+                 dump_data(\$_, %subopts)
+             };
+             $delim_l = ($opts{delimiters} ? '[' : '').$nlindent2;
+             $delim_r = $nlindent1.($opts{delimiters} ? ']' : '');
+             $separator = ",$nlindent2";
+             @items = @$ref;
+         }
+     } elsif (ref($ref) eq "HASH") {
+         if (scalar keys %$ref == 0) {
+             $product = $opts{delimiters} ? '{}' : '';
+         } else {
+             $product = sub {
+                 quotify1($_) . " => " . dump_data($ref->{$_}, %subopts);
+             };
+             $delim_l = ($opts{delimiters} ? '{' : '').$nlindent2;
+             $delim_r = $nlindent1.($opts{delimiters} ? '}' : '');
+             $separator = ",$nlindent2";
+             @items = sort keys %$ref;
+         }
+     } elsif (ref($ref) eq "SCALAR") {
+         $product = defined $$ref ? quotify1 $$ref : "undef";
+     } else {
+         $product = defined $ref ? quotify1 $ref : "undef";
+     }
+
+     if (ref($product) eq "CODE") {
+         $delim_l . join($separator, map { &$product } @items) . $delim_r;
+     } else {
+         $product;
+     }
+}
+
+=back
+
+=cut
+
 1;

From levitte at openssl.org  Wed May 19 10:40:28 2021
From: levitte at openssl.org (Richard Levitte)
Date: Wed, 19 May 2021 10:40:28 +0000
Subject: [openssl]  master update
Message-ID: <1621420828.143564.12479.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bba402ece781db0918e0a27289cf38479bafb023 (commit)
       via  31be74d3ca8809752b7dfd37394f28c76c519fa5 (commit)
       via  8ba3a15816c6e417967eac13ee415325c52675b4 (commit)
       via  0cbb6f6a9ac5aa3ff813ef2e5afe6e443708ee20 (commit)
       via  cfc73c230d1766903314f6b088a8da37fec1e9f0 (commit)
       via  0c1428f4418cbd4d449bd43100017b85db17b17d (commit)
       via  a1181fbdd0df70109c04283c564718b6f8d6ec18 (commit)
       via  a2625c0fc8ad229871874782ee2b5c46e66f9716 (commit)
       via  22119050ab21ed5c9cf361d29aabc6b5da9c8aad (commit)
       via  58ad786aa7b5c19021686c74e02ead3968050da6 (commit)
      from  2660b7cfbad710dcd9df26e68c18d6c7d6ebaca0 (commit)


- Log -----------------------------------------------------------------
commit bba402ece781db0918e0a27289cf38479bafb023
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue May 18 14:12:51 2021 +0200

    Tweak apps/build.info for VMS
    
    A bit of quoting is all that's needed, and it doesn't hurt other platforms.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit 31be74d3ca8809752b7dfd37394f28c76c519fa5
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 23:40:32 2021 +0200

    VMS need to build DSO with name shortening, because of provider code
    
    We have pretty long symbol names, so they need to be shortened to fit
    in the linker's 31 character limit on symbols.
    
    Symbol name shortening with the VMS C compiler works in such a way
    that a symbol name that's longer than 31 characters is mangled into
    its first original 22 characters, followed by a dollar sign and the
    32-bit CRC of the original symbol name in hexadecimal.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit 8ba3a15816c6e417967eac13ee415325c52675b4
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 21:40:24 2021 +0200

    Configurations/descrip.mms.tmpl: Add another inclusion hack
    
    crypto/ec/curve448/ has a series of inclusions that throws VMS C
    off, so we compensate for it the same way as we have done before.
    
    Fixes #14247
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit 0cbb6f6a9ac5aa3ff813ef2e5afe6e443708ee20
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 16:56:28 2021 +0200

    Configurations/descrip.mms.tmpl: Change strategy for include directories
    
    Instead of what we used to do, put all include directories in a number
    of DCL variables and generate the /INCLUDE qualifier value on the
    command line, we instead generate VMS C specific header files with
    include directory pragmas, to be used with the VMS C's /FIRST_INCLUDE
    qualifier.  This also shortens the command line, the size of which is
    limited.
    
    VMS C needs to have those include directories specified in a Unix
    form, to be able to safely merge #include paths with them when
    searching through them.
    
    Fixes #14247
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit cfc73c230d1766903314f6b088a8da37fec1e9f0
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 18:21:45 2021 +0200

    Thrown away all special descrip.mms variables
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit 0c1428f4418cbd4d449bd43100017b85db17b17d
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 17:20:58 2021 +0200

    Fix configdata.pm.in's "use lib" for VMS
    
    `use lib` needs Unix formatted paths.  For VMS, it means that we must
    make sure to convert paths, and we may as well generalise it.
    
    In this case, we need to adapt the functions sourcedir() and sourcefile()
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit a1181fbdd0df70109c04283c564718b6f8d6ec18
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 15:13:41 2021 +0200

    Fix The VMS variant of platform->staticname()
    
    It was looking in the wrong place in %unified_info to determine if the
    library would be installed or not.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit a2625c0fc8ad229871874782ee2b5c46e66f9716
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 15:04:42 2021 +0200

    Fix OpenSSL::fallback for VMS
    
    VMS unpackers will typically convert any period ('.') in directory
    names to underscores, since the period is a path separator on VMS,
    just like '/' is a path separator on Unix.  Our fallback mechanism
    needs to account for that.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit 22119050ab21ed5c9cf361d29aabc6b5da9c8aad
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 14:53:48 2021 +0200

    Configurations/descrip.mms.tmpl: Diverse updates
    
    Get it back in sync with the other templates, and correct a few syntax
    errors that have crept in.
    
    Fixes #14247
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

commit 58ad786aa7b5c19021686c74e02ead3968050da6
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 14:44:01 2021 +0200

    Turn off VMS C's info about unsupported pragmas
    
    VMS C can be notoriously informative about certain things, such as
    unsupported pragmas.  The case here is that it doesn't support
    "#pragma once", and since we use those quite a lot, that's a lot of
    repeated information.  We simply turn that warning off.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15317)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/10-main.conf     |  15 +-
 Configurations/descrip.mms.tmpl | 561 ++++++++++++++++++++++------------------
 Configurations/platform/VMS.pm  |   3 +-
 apps/build.info                 |   4 +-
 configdata.pm.in                |  34 ++-
 util/perl/OpenSSL/fallback.pm   |  19 +-
 6 files changed, 364 insertions(+), 272 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 8427a561e3..122d3f46db 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -134,7 +134,9 @@ sub vms_info {
     }
 
     unless (%$vms_info) {
-        $vms_info->{disable_warns} = [ ];
+        $vms_info->{disable_warns} = [
+            "CXXPRAGMANA",      # Shut up about unknown / unsupported pragmas
+        ];
         $vms_info->{pointer_size} = $pointer_size_str;
         if ($pointer_size_str eq "64") {
             `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`;
@@ -1820,6 +1822,7 @@ my %targets = (
                               @{vms_info()->{disable_warns}};
                           @warnings
                               ? "/WARNINGS=DISABLE=(".join(",", at warnings).")" : (); }),
+        cflag_incfirst   => '/FIRST_INCLUDE=',
         lib_defines      =>
             add("OPENSSL_USE_NODELETE",
                 sub {
@@ -1834,10 +1837,12 @@ my %targets = (
         # and binaries instead.
         bin_cflags       => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"),
         lib_cflags       => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"),
-        # For modules specifically, we assume that they only use public
-        # OpenSSL symbols, and therefore don't need to mangle names on
-        # their own.
-        dso_cflags       => "",
+        # Strictly speaking, DSOs should not need to have name shortening,
+        # as all their exported symbols should be short enough to fit the
+        # linker's 31 character per symbol name limit.  However, providers
+        # may be composed of more than one object file, and internal symbols
+        # may and do surpass the 31 character limit.
+        dso_cflags       => add("/NAMES=(SHORTENED)"),
         ex_libs          => add(sub { return vms_info()->{zlib} || (); }),
         shared_target    => "vms-shared",
         # def_flag made to empty string so a .opt file gets generated
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index a357ae5c3b..873d74f651 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -13,6 +13,16 @@
 
   our $sourcedir = $config{sourcedir};
   our $builddir = $config{builddir};
+  sub make_unix_path {
+      # Split the native path
+      (my $vol, my $dirs, my $file) = File::Spec->splitpath($_[0]);
+      my @dirs = File::Spec->splitdir($dirs);
+
+      # Reassemble it as a Unix path
+      $vol =~ s|:$||;
+      return File::Spec::Unix->catpath(
+          '', File::Spec::Unix->catdir('', $vol ? $vol : (), @dirs), $file);
+  }
   sub sourcefile {
       catfile($sourcedir, @_);
   }
@@ -29,7 +39,6 @@
       (my $x = shift) =~ s|\]$|...]|;
       $x
   }
-  }
 
   # Because we need to make two computations of these data,
   # we store them in arrays for reuse
@@ -67,6 +76,134 @@
              && $unified_info{attributes}->{scripts}->{$_}->{misc} }
       @{$unified_info{scripts}};
 
+  # Configured flags
+
+  our @cnf_asflags = ($target{asflags} || (), @{$config{asflags}});
+  our @cnf_defines = (@{$target{defines}}, @{$config{defines}});
+  our @cnf_includes = (@{$target{includes}}, @{$config{includes}});
+  our @cnf_cppflags = ($target{cppflags} || (), @{$config{cppflags}});
+  our @cnf_cflags = ($target{cflags} || (), @{$config{cflags}});
+  our @cnf_cxxflags = ($target{cxxflags} || (), @{$config{cxxflags}});
+  our @cnf_ldflags = ($target{lflags} || (), @{$config{lflags}});
+  our @cnf_ex_libs = (map{ ",$_" } @{$target{ex_libs}}, @{$config{ex_libs}});
+
+  # Variables starting with $lib_ are used to build library object files
+  # and shared libraries.
+  # Variables starting with $dso_ are used to build DSOs and their object files.
+  # Variables starting with $bin_ are used to build programs and their object
+  # files.
+
+  # The following array is special and is treated separately from the rest of
+  # the lib_ variables.
+  our @lib_cppincludes = (@{$target{lib_includes}}, @{$target{shared_includes}},
+                          @{$config{lib_includes}}, @{$config{shared_includes}},
+                          @cnf_includes);
+
+  our $lib_cppdefines =
+      join(',', @{$target{lib_defines}}, @{$target{shared_defines}},
+                @{$config{lib_defines}}, @{$config{shared_defines}},
+                @cnf_defines,
+                'OPENSSLDIR="""$(OPENSSLDIR_C)"""',
+                'ENGINESDIR="""$(ENGINESDIR_C)"""',
+                'MODULESDIR="""$(MODULESDIR_C)"""',
+                #'$(DEFINES)'
+                )
+      . "'extradefines'";
+  our $lib_asflags =
+      join(' ', $target{lib_asflags} || (), @{$config{lib_asflags}},
+                @cnf_asflags, '$(ASFLAGS)');
+  our $lib_cppflags =
+      join('', $target{lib_cppflags} || (), $target{shared_cppflags} || (),
+               @{$config{lib_cppflags}}, @{$config{shared_cppflag}},
+               @cnf_cppflags, '/DEFINE=('.$lib_cppdefines.')', '$(CPPFLAGS)');
+  my @lib_cflags = ( $target{lib_cflags} // () );
+  my @lib_cflags_no_inst = ( $target{no_inst_lib_cflags} // @lib_cflags );
+  my @lib_cflags_cont = ( $target{shared_cflag} || (),
+                          @{$config{lib_cflags}}, @{$config{shared_cflag}},
+                          $cnf_cflags, '$(CFLAGS)');
+  our $lib_cflags = join('', @lib_cflags, @lib_cflags_cont );
+  our $lib_cflags_no_inst = join('', @lib_cflags_no_inst, @lib_cflags_cont );
+  our $lib_ldflags =
+      join('', $target{lib_lflags} || (), $target{shared_ldflag} || (),
+               @{$config{lib_lflags}}, @{$config{shared_ldflag}},
+               @cnf_ldflags, '$(LDFLAGS)');
+  our $lib_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)');
+
+  # The following array is special and is treated separately from the rest of
+  # the dso_ variables.
+  our @dso_cppincludes = (@{$target{dso_includes}}, @{$target{module_includes}},
+                          @{$config{dso_includes}}, @{$config{module_includes}},
+                          @cnf_includes);
+
+  our $dso_cppdefines =
+      join(',', @{$target{dso_defines}}, @{$target{module_defines}},
+                @{$config{dso_defines}}, @{$config{module_defines}},
+                @cnf_defines,
+                #'$(DEFINES)'
+                )
+      . "'extradefines'";
+  our $dso_asflags =
+      join(' ', $target{dso_asflags} || (), $target{module_asflags} || (),
+                @{$config{dso_asflags}}, @{$config{module_asflags}},
+                @cnf_asflags, '$(ASFLAGS)');
+  our $dso_cppflags =
+      join('', $target{dso_cppflags} || (), $target{module_cppflags} || (),
+               @{$config{dso_cppflags}}, @{$config{module_cppflag}},
+               @cnf_cppflags,
+               '/DEFINE=('.$dso_cppdefines.')',
+               '$(CPPFLAGS)');
+  my @dso_cflags = ( $target{dso_cflags} // () );
+  my @dso_cflags_no_inst = ( $target{no_inst_dso_cflags} // @dso_cflags );
+  my @dso_cflags_cont = ( $target{module_cflag} || (),
+                          @{$config{dso_cflags}}, @{$config{module_cflag}},
+                          $cnf_cflags, '$(CFLAGS)');
+  our $dso_cflags = join('', @dso_cflags, @dso_cflags_cont );
+  our $dso_cflags_no_inst = join('', @dso_cflags_no_inst, @dso_cflags_cont );
+  our $dso_ldflags =
+      join('', $target{dso_lflags} || (), $target{module_ldflag} || (),
+               @{$config{dso_lflags}}, @{$config{module_ldflag}},
+               @cnf_ldflags, '$(LDFLAGS)');
+  our $dso_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)');
+
+  # The following array is special and is treated separately from the rest of
+  # the bin_ variables.
+  our @bin_cppincludes = (@{$target{bin_includes}},
+                          @{$config{bin_includes}},
+                          @cnf_includes);
+
+  our $bin_cppdefines =
+      join(',', @{$target{bin_defines}},
+                @{$config{bin_defines}},
+                @cnf_defines,
+                #'$(DEFINES)'
+                )
+      . "'extradefines'";
+  our $bin_asflags =
+      join(' ', $target{bin_asflags} || (),
+                @{$config{bin_asflags}},
+                @cnf_asflags, '$(ASFLAGS)');
+  our $bin_cppflags =
+      join('', $target{bin_cppflags} || (),
+               @{$config{bin_cppflags}},
+               @cnf_cppflags,
+               '/DEFINE=('.$bin_cppdefines.')',
+               '$(CPPFLAGS)');
+  my @bin_cflags = ( $target{bin_cflags} // () );
+  my @bin_cflags_no_inst = ( $target{no_inst_bin_cflags} // @bin_cflags );
+  my @bin_cflags_cont = ( @{$config{bin_cflags}},
+                          $cnf_cflags, '$(CFLAGS)');
+  our $bin_cflags = join('', @bin_cflags, @bin_cflags_cont );
+  our $bin_cflags_no_inst = join('', @bin_cflags_no_inst, @bin_cflags_cont );
+  our $bin_cflags =
+      join('', $target{bin_cflags} || (),
+               @{$config{bin_cflags}},
+               @cnf_cflags, '$(CFLAGS)');
+  our $bin_ldflags =
+      join('', $target{bin_lflags} || (),
+               @{$config{bin_lflags}},
+               @cnf_ldflags, '$(LDFLAGS)');
+  our $bin_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)');
+
   # This is a horrible hack, but is needed because recursive inclusion of files
   # in different directories does not work well with HP C.
   my $sd = sourcedir("crypto", "async", "arch");
@@ -78,6 +215,19 @@
       $unified_info{after}->{$obj}
           = qq(deassign arch);
   }
+  my $sd32 = sourcedir("crypto", "ec", "curve448", "arch_32");
+  my $sd64 = sourcedir("crypto", "ec", "curve448", "arch_64");
+  foreach (grep /\[\.crypto\.ec\.curve448.*?\].*?\.o$/, keys %{$unified_info{sources}}) {
+      my $obj = platform->obj($_);
+      $unified_info{before}->{$obj}
+          = qq(arch_32_include = F\$PARSE("$sd32","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define arch_32 'arch_32_include'
+        arch_64_include = F\$PARSE("$sd64","A.;",,,"SYNTAX_ONLY") - "A.;"
+        define arch_64 'arch_64_include');
+      $unified_info{after}->{$obj}
+          = qq(deassign arch_64
+        deassign arch_32);
+  }
   my $sd1 = sourcedir("ssl","record");
   my $sd2 = sourcedir("ssl","statem");
   my @ssl_locl_users = grep(/^\[\.(?:ssl\.(?:record|statem)|test)\].*\.o$/,
@@ -93,6 +243,7 @@
           = qq(deassign statem
         deassign record);
   }
+
   # This makes sure things get built in the order they need
   # to. You're welcome.
   sub dependmagic {
@@ -139,7 +290,20 @@ DEPS={- our @deps = map { platform->isobj($_) ? platform->dep($_) : $_ }
                     keys %{$unified_info{sources}};
         join(", ", map { "-\n\t".$_ } @deps); -}
 {- output_on() if $disabled{makedepend}; "" -}
-GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
+GENERATED_MANDATORY={- join(", ",
+                            map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
+GENERATED_PODS={- # common0.tmpl provides @generated
+                  join(", ",
+                       map { my $x = $_;
+                             (
+                               grep { 
+                                      $unified_info{attributes}->{depends}
+                                      ->{$x}->{$_}->{pod} // 0
+                                    }
+                                   keys %{$unified_info{attributes}->{depends}->{$x}}
+                             ) ? "-\n\t".$x : ();
+                           }
+                           @generated) -}
 GENERATED={- # common0.tmpl provides @generated
              join(", ", map { platform->convertext($_) } @generated) -}
 
@@ -186,9 +350,9 @@ MODULESDIR_C={- platform->osslprefix() -}MODULES{- $sover_dirname.$target{pointe
 
 CC={- $config{CC} -}
 CPP={- $config{CPP} -}
-DEFINES={- our $defines1 = join('', map { ",$_" } @{$config{CPPDEFINES}}) -}
-INCLUDES={- our $includes1 = join(',', @{$config{CPPINCLUDES}}) -}
-CPPFLAGS={- our $cppflags1 = join('', @{$config{CPPFLAGS}}) -}
+DEFINES={- our $defines = join('', map { ",$_" } @{$config{CPPDEFINES}}) -}
+#INCLUDES={- our $includes = join(',', @{$config{CPPINCLUDES}}) -}
+CPPFLAGS={- our $cppflags = join('', @{$config{CPPFLAGS}}) -}
 CFLAGS={- join('', @{$config{CFLAGS}}) -}
 LDFLAGS={- join('', @{$config{LFLAGS}}) -}
 EX_LIBS={- join('', map { ",$_" } @{$config{LDLIBS}}) -}
@@ -202,153 +366,12 @@ ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
 
 ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
 
-##### Project flags ##################################################
-
-# Variables starting with CNF_ are common variables for all product types
-
-CNF_ASFLAGS={- join('', $target{asflags} || (),
-                        @{$config{asflags}}) -}
-CNF_DEFINES={- our $defines2 = join('', (map { ",$_" } @{$target{defines}},
-                                                       @{$config{defines}}),
-                                        "'extradefines'") -}
-CNF_INCLUDES={- our $includes2 = join(',', @{$target{includes}},
-                                           @{$config{includes}}) -}
-CNF_CPPFLAGS={- our $cppflags2 = join('', $target{cppflags} || (),
-                                          @{$config{cppflags}}) -}
-CNF_CFLAGS={- join('', $target{cflags} || (),
-                       @{$config{cflags}}) -}
-CNF_CXXFLAGS={- join('', $target{cxxflags} || (),
-                         @{$config{cxxflags}}) -}
-CNF_LDFLAGS={- join('', $target{lflags} || (),
-                        @{$config{lflags}}) -}
-CNF_EX_LIBS={- join('', map{ ",$_" } @{$target{ex_libs}},
-                                     @{$config{ex_libs}}) -}
-
-# Variables starting with LIB_ are used to build library object files
-# and shared libraries.
-# Variables starting with DSO_ are used to build DSOs and their object files.
-# Variables starting with BIN_ are used to build programs and their object
-# files.
-
-LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (),
-                         @{$config{lib_asflags}},
-                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
-LIB_DEFINES={- our $lib_defines =
-               join('', (map { ",$_" } @{$target{lib_defines}},
-                                       @{$target{shared_defines}},
-                                       @{$config{lib_defines}},
-                                       @{$config{shared_defines}}));
-               join('', $lib_defines,
-                        (map { ",$_" } 'OPENSSLDIR="""$(OPENSSLDIR_C)"""',
-                                       'ENGINESDIR="""$(ENGINESDIR_C)"""',
-                                       'MODULESDIR="""$(MODULESDIR_C)"""'),
-                        '$(CNF_DEFINES)', '$(DEFINES)') -}
-LIB_INCLUDES={- our $lib_includes =
-                join(',', @{$target{lib_includes}},
-                          @{$target{shared_includes}},
-                          @{$config{lib_includes}},
-                          @{$config{shared_includes}}) -}
-LIB_CPPFLAGS={- our $lib_cppflags =
-                join('', $target{lib_cppflags} || (),
-                         $target{shared_cppflags} || (),
-                         @{$config{lib_cppflags}},
-                         @{$config{shared_cppflag}});
-                join('', "'qual_includes'",
-                         '/DEFINE=(__dummy$(LIB_DEFINES))',
-                         $lib_cppflags,
-                         '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
-LIB_CFLAGS={- join('', $target{lib_cflags} || (),
-                       $target{shared_cflag} || (),
-                       @{$config{lib_cflags}},
-                       @{$config{shared_cflag}},
-                       '$(CNF_CFLAGS)', '$(CFLAGS)') -}
-LIB_LDFLAGS={- join('', $target{lib_lflags} || (),
-                        $target{shared_ldflag} || (),
-                        @{$config{lib_lflags}},
-                        @{$config{shared_ldflag}},
-                        '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
-LIB_EX_LIBS=$(CNF_EX_LIBS)$(EX_LIBS)
-DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
-                         $target{module_asflags} || (),
-                         @{$config{dso_asflags}},
-                         @{$config{module_asflags}},
-                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
-DSO_DEFINES={- join('', (map { ",$_" } @{$target{dso_defines}},
-                                       @{$target{module_defines}},
-                                       @{$config{dso_defines}},
-                                       @{$config{module_defines}}),
-                        '$(CNF_DEFINES)', '$(DEFINES)') -}
-DSO_INCLUDES={- join(',', @{$target{dso_includes}},
-                          @{$target{module_includes}},
-                          @{$config{dso_includes}},
-                          @{$config{module_includes}}) -}
-DSO_CPPFLAGS={- join('', "'qual_includes'",
-                         '/DEFINE=(__dummy$(DSO_DEFINES))',
-                         $target{dso_cppflags} || (),
-                         $target{module_cppflags} || (),
-                         @{$config{dso_cppflags}},
-                         @{$config{module_cppflags}},
-                         '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
-DSO_CFLAGS={- join('', $target{dso_cflags} || (),
-                       $target{module_cflags} || (),
-                       @{$config{dso_cflags}},
-                       @{$config{module_cflags}},
-                       '$(CNF_CFLAGS)', '$(CFLAGS)') -}
-DSO_LDFLAGS={- join('', $target{dso_lflags} || (),
-                        $target{module_ldflags} || (),
-                        @{$config{dso_lflags}},
-                        @{$config{module_ldflags}},
-                        '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
-DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
-BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (),
-                         @{$config{bin_asflags}},
-                         '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
-BIN_DEFINES={- join('', (map { ",$_" } @{$target{bin_defines}},
-                                       @{$config{bin_defines}}),
-                        '$(CNF_DEFINES)', '$(DEFINES)') -}
-BIN_INCLUDES={- join(',', @{$target{bin_includes}},
-                          @{$config{bin_includes}}) -}
-BIN_CPPFLAGS={- join('', "'qual_includes'",
-                         '/DEFINE=(__dummy$(DSO_DEFINES))',
-                         $target{bin_cppflags} || (),
-                         @{$config{bin_cppflag}},
-                         '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
-BIN_CFLAGS={- join('', $target{bin_cflags} || (),
-                       @{$config{bin_cflags}},
-                       '$(CNF_CFLAGS)', '$(CFLAGS)') -}
-BIN_LDFLAGS={- join('', $target{bin_lflags} || (),
-                        @{$config{bin_lflags}} || (),
-                        '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
-BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
-NO_INST_LIB_CFLAGS={- join('', $target{no_inst_lib_cflags}
-                               // $target{lib_cflags}
-                               // (),
-                               $target{shared_cflag} || (),
-                               @{$config{lib_cflags}},
-                               @{$config{shared_cflag}},
-                               '$(CNF_CFLAGS)', '$(CFLAGS)') -}
-NO_INST_DSO_CFLAGS={- join('', $target{no_inst_dso_cflags}
-                               // $target{dso_cflags}
-                               // (),
-                               $target{no_inst_module_cflags}
-                               // $target{module_cflags}
-                               // (),
-                               @{$config{dso_cflags}},
-                               @{$config{module_cflags}},
-                               '$(CNF_CFLAGS)', '$(CFLAGS)') -}
-NO_INST_BIN_CFLAGS={- join('', $target{no_inst_bin_cflags}
-                               // $target{bin_cflags}
-                               // (),
-                               @{$config{bin_cflags}},
-                               '$(CNF_CFLAGS)', '$(CFLAGS)') -}
-
 PERLASM_SCHEME={- $target{perlasm_scheme} -}
 
 # CPPFLAGS_Q is used for one thing only: to build up buildinf.h
-CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags2.$cppflags1) =~ s|"|""|g;
-              (my $d = $lib_defines.$defines2.$defines1) =~ s|"|""|g;
-              my $i = join(',', $lib_includes || (), $includes2 || (),
-                                $includes1 || ());
+CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags) =~ s|"|""|g;
+              (my $d = $lib_cppdefines) =~ s|"|""|g;
+              my $i = join(',', @lib_cppincludes || (), '$(INCLUDES)');
               my $x = $c;
               $x .= "/INCLUDE=($i)" if $i;
               $x .= "/DEFINE=($d)" if $d;
@@ -366,16 +389,9 @@ CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags2.$cppflags1) =~ s|"|""|g;
 # given with /INCLUDE is a fantasy, unfortunately.
 NODEBUG=@
 .FIRST :
-        $(NODEBUG) sourcetop = F$PARSE("$(SRCDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
+        $(NODEBUG) sourcetop = F$PARSE("$(SRCDIR)","[]A.;",,,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
         $(NODEBUG) DEFINE ossl_sourceroot 'sourcetop'
         $(NODEBUG) !
-        $(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;"
-        $(NODEBUG) openssl_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.openssl]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
-        $(NODEBUG) internal_inc1 = F$PARSE("[.crypto.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;"
-        $(NODEBUG) internal_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
-        $(NODEBUG) internal_inc3 = F$PARSE("{- catdir($config{sourcedir},"[.crypto.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
-        $(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2'
-        $(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2','internal_inc3'
         $(NODEBUG) staging_dir = "$(DESTDIR)"
         $(NODEBUG) staging_instdir = ""
         $(NODEBUG) staging_datadir = ""
@@ -404,6 +420,12 @@ NODEBUG=@
         $(NODEBUG) DEFINE ossl_installroot 'installtop'
         $(NODEBUG) DEFINE ossl_dataroot 'datatop'
         $(NODEBUG) !
+        $(NODEBUG) ! Override disturbing system logicals.  We can't deassign
+        $(NODEBUG) ! them, so we create it instead.  This is an unfortunate
+        $(NODEBUG) ! necessity.
+        $(NODEBUG) !
+        $(NODEBUG) DEFINE openssl "{- sourcedir('include/openssl') -}
+        $(NODEBUG) !
         $(NODEBUG) ! Figure out the architecture
         $(NODEBUG) !
         $(NODEBUG) arch = f$edit( f$getsyi( "arch_name"), "upcase")
@@ -417,7 +439,6 @@ NODEBUG=@
         $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } @shlibs) || "!" -}
         $(NODEBUG) DEASSIGN ossl_dataroot
         $(NODEBUG) DEASSIGN ossl_installroot
-        $(NODEBUG) DEASSIGN internal
         $(NODEBUG) DEASSIGN openssl
 .DEFAULT :
         @ ! MMS cannot handle no actions...
@@ -429,14 +450,15 @@ NODEBUG=@
 {- dependmagic('build_modules'); -} : build_modules_nodep
 {- dependmagic('build_programs'); -} : build_programs_nodep
 
+build_generated_pods : $(GENERATED_PODS)
+build_docs : build_html_docs
+build_html_docs : $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7)
+
 build_generated : $(GENERATED_MANDATORY)
 build_libs_nodep : $(LIBS), $(SHLIBS)
 build_modules_nodep : $(MODULES)
 build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
 
-build_docs: build_html_docs
-build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7)
-
 # Kept around for backward compatibility
 build_apps build_tests : build_programs
 
@@ -452,7 +474,8 @@ build_all_generated : $(GENERATED_MANDATORY) $(GENERATED) build_docs
 all : build_sw build_docs
 
 test : tests
-{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep copy-utils
+{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep copy-utils run_tests
+run_tests :
         @ ! {- output_off() if $disabled{tests}; "" -}
         DEFINE SRCTOP "$(SRCDIR)"
         DEFINE BLDTOP "$(BLDDIR)"
@@ -539,7 +562,7 @@ install_docs : install_html_docs
 
 uninstall_docs : uninstall_html_docs
 
-install_fips: install_sw
+install_fips : install_sw
 	@ WRITE SYS$OUTPUT "*** Installing FIPS module configuration"
 	@ WRITE SYS$OUTPUT "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
 	openssl fipsinstall -
@@ -547,7 +570,7 @@ install_fips: install_sw
 		-out ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf -
 		-macopt "hexkey:$(FIPSKEY)"
 
-uninstall_fips: uninstall_sw
+uninstall_fips : uninstall_sw
 	@ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration"
 	DELETE ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf;*
 
@@ -742,6 +765,7 @@ reconfigure reconf :
 {-
   use File::Basename;
   use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
+  use File::Spec::Unix;
 
   # Helper function to figure out dependencies on libraries
   # It takes a list of library names and outputs a list of dependencies
@@ -756,45 +780,79 @@ reconfigure reconf :
   }
 
   # Helper function to deal with inclusion directory specs.
-  # We have to deal with two things:
-  # 1. comma separation and no possibility of trailing comma
-  # 2. no inclusion directories given at all
-  # 3. long compiler command lines
-  # To resolve 1, we need to iterate through the sources of inclusion
-  # directories, and only add a comma when needed.
-  # To resolve 2, we need to have a variable that will hold the whole
-  # inclusion qualifier, or be the empty string if there are no inclusion
-  # directories.  That's the symbol 'qual_includes' that's used in CPPFLAGS
-  # To resolve 3, we create a logical name TMP_INCLUDES: to hold the list
-  # of inclusion directories.
+  # We're dealing with two issues:
+  # 1. A lot of include directory specs take up a lot of command line real
+  #    estate, and the DCL command line is very limited (2KiB).
+  # 2. For optimal usage, include directory paths must be in Unix form,
+  #    that's the only way the C compiler can merge multiple include paths
+  #    in a sane way (we can stop worrying about 1.h including foo/2.h
+  #    including ../3.h).
+  #
+  # To resolve 1, we need to create a file with include directory pragmas,
+  # and let the compiler use it with /FIRST_INCLUDE=.
+  # To resolve 2, we convert all include directory specs we get to Unix,
+  # with available File::Spec functions.
   #
-  # This function returns a list of two lists, one being the collection of
-  # commands to execute before the compiler is called, and the other being
-  # the collection of commands to execute after.  It takes as arguments the
-  # collection of strings to include as directory specs.
-  sub includes {
-      my @stuff = ( @_ );
-      my @before = (
-          'qual_includes :=',
-      );
-      my @after = (
-          'DELETE/SYMBOL/LOCAL qual_includes',
-      );
-
-      if (scalar @stuff > 0) {
-          push @before, 'tmp_includes := '.shift(@stuff);
-          while (@stuff) {
-              push @before, 'tmp_add := '.shift(@stuff);
-              push @before, 'IF tmp_includes .NES. "" .AND. tmp_add .NES. "" THEN tmp_includes = tmp_includes + ","';
-              push @before, 'tmp_includes = tmp_includes + tmp_add';
+  # We use CRC-24 from https://tools.ietf.org/html/rfc4880#section-6,
+  # reimplemented in Perl to get a workable and constant file name for each
+  # combination of include directory specs.  It is assumed that the order of
+  # these directories don't matter.
+  #
+  # This function takes as input a list of include directories
+  # This function returns a list two things:
+  # 1. The file name to use with /FIRST_INCLUDE=
+  # 2. Text to insert into descrip.mms (may be the empty string)
+  sub crc24 {
+      my $input = shift;
+
+      my $init_value = 0x00B704CE;
+      my $poly_value = 0x01864CFB;
+
+      my $crc = $init_value;
+
+      foreach my $x (unpack ('C*', $input)) {
+          $crc ^= $x << 16;
+
+          for (my $i; $i < 8; $i++) {
+              $crc <<= 1;
+              if ($crc & 0x01000000) {
+                  $crc ^= $poly_value;
+              }
           }
-          push @before, "IF tmp_includes .NES. \"\" THEN DEFINE tmp_includes 'tmp_includes'";
-          push @before, 'IF tmp_includes .NES. "" THEN qual_includes := /INCLUDE=(tmp_includes:)';
-          push @before, 'DELETE/SYMBOL/LOCAL tmp_includes';
-          push @before, 'DELETE/SYMBOL/LOCAL tmp_add';
-          push @after, 'DEASSIGN tmp_includes:'
       }
-      return ([ @before ], [ @after ]);
+      $crc &= 0xFFFFFF;
+
+      return $crc;
+  }
+  my %includefile_cache;
+  sub make_includefile {
+      my %dirs = map {
+          my $udir = make_unix_path(rel2abs($_));
+
+          $udir => 1;
+      } @_;
+      my @dirs = sort keys %dirs;
+      my $filename = sprintf 'incdirs_%x.h', crc24(join(',', @dirs));
+
+      if ($includefile_cache{$filename}) {
+          return ($filename, "");
+      }
+
+      my $scripture = <<"EOF";
+$filename :
+	open/write inc_output $filename
+EOF
+      foreach (@dirs) {
+          $scripture .= <<"EOF";
+	write inc_output "#pragma include_directory ""$_"""
+EOF
+      }
+      $scripture .= <<"EOF";
+	close inc_output
+EOF
+      $includefile_cache{$filename} = $scripture;
+
+      return ($filename, $scripture);
   }
 
   sub generatetarget {
@@ -821,9 +879,14 @@ EOF
           my $pod = $gen0;
           my $mkpod2html = sourcefile('util', 'mkpod2html.pl');
           return <<"EOF";
-$args{src}: $pod
+$args{src} : $pod
 	\$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "\$(SRCDIR)/doc"
 EOF
+      } elsif ($args{src} =~ /\.(\d)$/) {
+          #
+          # Man-page generator, on VMS we simply ignore man-pages
+          #
+          return "";
       } elsif (platform->isdef($args{src})) {
           #
           # Linker script-ish generator
@@ -844,21 +907,11 @@ EOF
           #
           # Assembler generator
           #
-          my $cppflags = {
-              shlib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)',
-              lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)',
-              dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)',
-              bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)'
-          } -> {$args{intent}};
-          my @incs_cmds = includes({ shlib => '$(LIB_INCLUDES)',
-                                     lib => '$(LIB_INCLUDES)',
-                                     dso => '$(DSO_INCLUDES)',
-                                     bin => '$(BIN_INCLUDES)' } -> {$args{intent}},
-                                   '$(CNF_INCLUDES)',
-                                   '$(INCLUDES)',
-                                   @{$args{incs}});
-          my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
-          my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
+          my $cppflags =
+              { shlib => "$lib_cflags $lib_cppflags",
+                lib => "$lib_cflags $lib_cppflags",
+                dso => "$dso_cflags $dso_cppflags",
+                bin => "$bin_cflags $bin_cppflags" } -> {$args{intent}};
           my $defs = join("", map { ",".$_ } @{$args{defs}});
           my $target = platform->asm($args{src});
 
@@ -879,12 +932,10 @@ EOF
                    return <<"EOF";
 $target : $gen0 $deps
 	$generator \$\@-S
-        \@ $incs_on
         \@ extradefines = "$defs"
 	PIPE \$(CPP) $cppflags \$\@-S | -
              \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
         \@ DELETE/SYMBOL/LOCAL extradefines
-        \@ $incs_off
         RENAME \$\@-i \$\@
         DELETE \$\@-S;
 EOF
@@ -892,22 +943,17 @@ EOF
               # Otherwise....
               return <<"EOF";
 $target : $gen0 $deps
-        \@ $incs_on
         \@ extradefines = "$defs"
 	$generator \$\@
         \@ DELETE/SYMBOL/LOCAL extradefines
-        \@ $incs_off
 EOF
           }
           return <<"EOF";
 $target : $gen0 $deps
-        \@ $incs_on
         \@ extradefines = "$defs"
-        SHOW SYMBOL qual_includes
         PIPE \$(CPP) $cppflags $gen0 | -
         \$(PERL) "-ne" "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@
         \@ DELETE/SYMBOL/LOCAL extradefines
-        \@ $incs_off
 EOF
       } elsif ($gen0 =~ m|^.*\.in$|) {
           #
@@ -923,7 +969,7 @@ EOF
           @modules = map { '"-M'.basename($_, '.pm').'"' } @modules;
           my $modules = join(' ', '', sort keys %moduleincs, @modules);
           return <<"EOF";
-$target : $gen0 $deps
+$args{src} : $gen0 $deps
 	\$(PERL)$modules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@
 EOF
       } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) {
@@ -950,7 +996,7 @@ EOF
           # Also redo $gen0, to ensure that we have the proper extension
           $gen0 = platform->bin($gen0);
           return <<"EOF";
-$args{src}: $gen0 $deps
+$args{src} : $gen0 $deps
 	PIPE $gen0$gen_args > \$@
 EOF
       } else {
@@ -958,7 +1004,7 @@ EOF
           # Generic generator using Perl
           #
           return <<"EOF";
-$target : $gen0 $deps
+$args{src} : $gen0 $deps
 	\$(PERL)$gen_incs $gen0$gen_args > \$\@
 EOF
       }
@@ -995,37 +1041,25 @@ EOF
 
       my $cflags;
       if ($args{attrs}->{noinst}) {
-          $cflags = { shlib => '$(NO_INST_LIB_CFLAGS)',
-                      lib => '$(NO_INST_LIB_CFLAGS)',
-                      dso => '$(NO_INST_DSO_CFLAGS)',
-                      bin => '$(NO_INST_BIN_CFLAGS)' } -> {$args{intent}};
+          $cflags .= { shlib => $lib_cflags_no_inst,
+                       lib => $lib_cflags_no_inst,
+                       dso => $dso_cflags_no_inst,
+                       bin => $bin_cflags_no_inst } -> {$args{intent}};
       } else {
-          $cflags = { shlib => '$(LIB_CFLAGS)',
-                      lib => '$(LIB_CFLAGS)',
-                      dso => '$(DSO_CFLAGS)',
-                      bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
+          $cflags .= { shlib => $lib_cflags,
+                       lib => $lib_cflags,
+                       dso => $dso_cflags,
+                       bin => $bin_cflags } -> {$args{intent}};
       }
-      $cflags .= { shlib => '$(LIB_CPPFLAGS)',
-		   lib => '$(LIB_CPPFLAGS)',
-		   dso => '$(DSO_CPPFLAGS)',
-		   bin => '$(BIN_CPPFLAGS)' } -> {$args{intent}};
+      $cflags .= { shlib => $lib_cppflags,
+		   lib => $lib_cppflags,
+		   dso => $dso_cppflags,
+		   bin => $bin_cppflags } -> {$args{intent}};
       my $defs = join("", map { ",".$_ } @{$args{defs}});
-      my $asflags = { shlib => ' $(LIB_ASFLAGS)',
-		      lib => ' $(LIB_ASFLAGS)',
-		      dso => ' $(DSO_ASFLAGS)',
-		      bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
-
-      my @incs_cmds = includes({ shlib => '$(LIB_INCLUDES)',
-                                 lib => '$(LIB_INCLUDES)',
-                                 dso => '$(DSO_INCLUDES)',
-                                 bin => '$(BIN_INCLUDES)' } -> {$args{intent}},
-                               '$(INCLUDES)',
-                               map {
-                                   file_name_is_absolute($_)
-                                   ? $_ : catdir($backward,$_)
-                               } @{$args{incs}});
-      my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
-      my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
+      my $asflags = { shlib => $lib_asflags,
+		      lib => $lib_asflags,
+		      dso => $dso_asflags,
+		      bin => $bin_asflags } -> {$args{intent}};
 
       if ($srcs[0] =~ /\Q${asmext}\E$/) {
           return <<"EOF";
@@ -1056,6 +1090,18 @@ $obj : $deps
 EOF
       }
 
+      my ($incdir_filename, $incdir_scripture) =
+          make_includefile(@{ { shlib => [ @lib_cppincludes ],
+                                lib => [ @lib_cppincludes ],
+                                dso => [ @dso_cppincludes ],
+                                bin => [ @bin_cppincludes ] } -> {$args{intent}} },
+                           @{$args{incs}});
+      $deps .= ", -\n\t\t$incdir_filename";
+      $cflags =
+          $target{cflag_incfirst}
+          . '"'.make_unix_path(rel2abs($incdir_filename)).'"'
+          . $cflags;
+
       my $depbuild = $disabled{makedepend} ? ""
           : " /MMS=(FILE=${depd}${depn},TARGET=$obj)";
 
@@ -1071,6 +1117,7 @@ $obj : $deps
         SET DEFAULT $backward
         ${after}
         - PURGE $obj
+$incdir_scripture
 EOF
   }
   sub obj2shlib {
@@ -1112,7 +1159,7 @@ $shlib : $deps
         $write_opt1
         $write_opt2
         CLOSE OPT_FILE
-        LINK \$(LIB_LDFLAGS)/SHARE=\$\@ $defs[0]-translated/OPT,-
+        LINK ${lib_ldflags}/SHARE=\$\@ $defs[0]-translated/OPT,-
                 $shlibname-components.OPT/OPT \$(LIB_EX_LIBS)
         DELETE $defs[0]-translated;*,$shlibname-components.OPT;*
         PURGE $shlibname.EXE,$shlibname.MAP
@@ -1157,7 +1204,7 @@ $dso : $deps
         $write_opt1
         $write_opt2
         CLOSE OPT_FILE
-        LINK \$(DSO_LDFLAGS)/SHARE=\$\@ $defs[0]/OPT,-
+        LINK ${dso_ldflags}/SHARE=\$\@ $defs[0]/OPT,-
 		$dsoname-components.OPT/OPT \$(DSO_EX_LIBS)
         - PURGE $dsoname.EXE,$dsoname.OPT,$dsoname.MAP
 EOF
@@ -1256,7 +1303,7 @@ $bin : $deps
         @ CLOSE OPT_FILE
         TYPE $binname.OPT ! For debugging
         - pipe SPAWN/WAIT/NOLOG/OUT=$binname.LINKLOG -
-                    LINK \$(BIN_LDFLAGS)/EXEC=\$\@ $binname.OPT/OPT \$(BIN_EX_LIBS) ; -
+                    LINK ${bin_ldflags}/EXEC=\$\@ $binname.OPT/OPT \$(BIN_EX_LIBS) ; -
                link_status = \$status ; link_severity = link_status .AND. 7
         @ search_severity = 1
         -@ IF link_severity .EQ. 0 THEN -
diff --git a/Configurations/platform/VMS.pm b/Configurations/platform/VMS.pm
index 7aeb20bb3b..7d7835afea 100644
--- a/Configurations/platform/VMS.pm
+++ b/Configurations/platform/VMS.pm
@@ -39,7 +39,8 @@ sub staticname {
     # Non-installed libraries are *always* static, and their names remain
     # the same, except for the mandatory extension
     my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname if $unified_info{attributes}->{$_[1]}->{noinst};
+    return $in_libname
+        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
 
     return platform::BASE::__concat($_[0]->osslprefix(),
                                     platform::BASE->staticname($_[1]),
diff --git a/apps/build.info b/apps/build.info
index b2ecdf2e3a..50a85be18f 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -62,8 +62,8 @@ IF[{- !$disabled{apps} -}]
   DEPEND[openssl]=libapps.a ../libssl
 
   DEPEND[${OPENSSLSRC/.c/.o}]=progs.h
-  GENERATE[progs.c]=progs.pl -C $(APPS_OPENSSL)
-  GENERATE[progs.h]=progs.pl -H $(APPS_OPENSSL)
+  GENERATE[progs.c]=progs.pl "-C" $(APPS_OPENSSL)
+  GENERATE[progs.h]=progs.pl "-H" $(APPS_OPENSSL)
   # progs.pl tries to read all 'openssl' sources, including progs.c, so we make
   # sure things are generated in the correct order.
   DEPEND[progs.h]=progs.c
diff --git a/configdata.pm.in b/configdata.pm.in
index 6c0d30baa0..57ad440fa4 100644
--- a/configdata.pm.in
+++ b/configdata.pm.in
@@ -4,15 +4,39 @@
  # We must make sourcedir() return an absolute path, because configdata.pm
  # may be loaded as a module from any script in any directory, making
  # relative paths untrustable.  Because the result is used with 'use lib',
- # we must ensure that it returns a Unix style path.  Cwd::abs_path does
- # that (File::Spec::Functions::rel2abs return O/S specific paths)
- use File::Spec::Functions;
+ # we must ensure that it returns a Unix style path.  Mixing File::Spec
+ # and File::Spec::Unix does just that.
+ use File::Spec::Unix;
+ use File::Spec;
  use Cwd qw(abs_path);
+ sub _fixup_path {
+     my $path = shift;
+
+     # Make the path absolute at all times
+     $path = abs_path($path);
+
+     if ($^O eq 'VMS') {
+         # Convert any path of the VMS form VOLUME:[DIR1.DIR2]FILE to the
+         # Unix form /VOLUME/DIR1/DIR2/FILE, which is what VMS perl supports
+         # for 'use lib'.
+
+         # Start with spliting the native path
+         (my $vol, my $dirs, my $file) = File::Spec->splitpath($path);
+         my @dirs = File::Spec->splitdir($dirs);
+
+         # Reassemble it as a Unix path
+         $vol =~ s|:$||;
+         $dirs = File::Spec::Unix->catdir('', $vol, @dirs);
+         $path = File::Spec::Unix->catpath('', $dirs, $file);
+     }
+
+     return $path;
+ }
  sub sourcedir {
-     return abs_path(catdir($config{sourcedir}, @_));
+     return _fixup_path(File::Spec->catdir($config{sourcedir}, @_))
  }
  sub sourcefile {
-     return abs_path(catfile($config{sourcedir}, @_));
+     return _fixup_path(File::Spec->catfile($config{sourcedir}, @_))
  }
  use lib sourcedir('util', 'perl');
  use OpenSSL::Util;
diff --git a/util/perl/OpenSSL/fallback.pm b/util/perl/OpenSSL/fallback.pm
index 8f45971bd9..041fb30ba3 100644
--- a/util/perl/OpenSSL/fallback.pm
+++ b/util/perl/OpenSSL/fallback.pm
@@ -89,9 +89,24 @@ sub import {
             while (my $l = <$fh>) {
                 $l =~ s|\R$||;        # Better chomp
                 my $d = "$dir/$l";
+                my $checked = $d;
+
+                if ($^O eq 'VMS') {
+                    # Some VMS unpackers replace periods with underscores
+                    # We must be real careful not to convert the directories
+                    # '.' and '..', though.
+                    $checked =
+                        join('/',
+                             map { my $x = $_;
+                                   $x =~ s|\.|_|g
+                                       if ($x ne '..' && $x ne '.');
+                                   $x }
+                             split(m|/|, $checked))
+                        unless -e $checked && -d $checked;
+                }
                 croak "All lines in $path must be a directory, not a file: $l"
-                    unless -e $d && -d $d;
-                push @INC, $d;
+                    unless -e $checked && -d $checked;
+                push @INC, $checked;
             }
         } else {                # It's a directory
             push @INC, $path;

From levitte at openssl.org  Wed May 19 10:42:34 2021
From: levitte at openssl.org (Richard Levitte)
Date: Wed, 19 May 2021 10:42:34 +0000
Subject: [openssl]  master update
Message-ID: <1621420954.862874.14675.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bf991b25caa6e915d858dd56c98ee774f248f03c (commit)
       via  d2f53212933f751ef76acca9cc05bcb67d799964 (commit)
       via  857cbe176f28e3f178e492159fa9f2f203e845cd (commit)
       via  fea559085bbe873f0f81751653cf673a7b00a95c (commit)
       via  ac2aa13aaf6d4c5457fd99edd82659cb5b662816 (commit)
      from  bba402ece781db0918e0a27289cf38479bafb023 (commit)


- Log -----------------------------------------------------------------
commit bf991b25caa6e915d858dd56c98ee774f248f03c
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 22:58:27 2021 +0200

    Make sure to include "crypto/ctype.h" to get ossl_isdigit()
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15319)

commit d2f53212933f751ef76acca9cc05bcb67d799964
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 21:38:51 2021 +0200

    Make sure to include "internal/numbers.h" to get SIZE_MAX
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15319)

commit 857cbe176f28e3f178e492159fa9f2f203e845cd
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 20:20:35 2021 +0200

    Fix crypto/bio/b_sock.c for VMS
    
    Current VMS C-RTL does not have <sys/select.h>.  <sys/socket.h> is
    a good enough replacement to get fd_set.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15319)

commit fea559085bbe873f0f81751653cf673a7b00a95c
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 15:16:58 2021 +0200

    Fix include/internal/sockets.h for VMS
    
    It needs to include <openssl/opensslconf.h>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15319)

commit ac2aa13aaf6d4c5457fd99edd82659cb5b662816
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 15:15:44 2021 +0200

    Fix include/openssl/e_os2.h for VMS
    
    It would try to define OPENSSL_SYS_VMS if that macro is defined.
    That's just not right.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15319)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/b_sock.c                              | 12 ++++++++----
 crypto/evp/m_sigver.c                            |  1 +
 crypto/evp/p_lib.c                               |  1 +
 crypto/evp/signature.c                           |  1 +
 engines/e_loader_attic.c                         |  1 +
 include/internal/sockets.h                       |  3 ++-
 include/openssl/e_os2.h                          |  4 ++--
 providers/implementations/storemgmt/file_store.c |  1 +
 8 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index d0cdae7b3d..ca45886739 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -29,11 +29,15 @@ static int wsa_init_done = 0;
 #  if defined(OPENSSL_TANDEM_FLOSS)
 #   include <floss.h(floss_select)>
 #  endif
-# elif !defined _WIN32
-#  include <unistd.h>
-#  include <sys/select.h>
-# else
+# elif defined _WIN32
 #  include <winsock.h> /* for type fd_set */
+# else
+#  include <unistd.h>
+#  if defined __VMS
+#   include <sys/socket.h>
+#  else
+#   include <sys/select.h>
+#  endif
 # endif
 
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 0a51493efb..17565554e0 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -14,6 +14,7 @@
 #include <openssl/x509.h>
 #include "crypto/evp.h"
 #include "internal/provider.h"
+#include "internal/numbers.h"   /* includes SIZE_MAX */
 #include "evp_local.h"
 
 #ifndef FIPS_MODULE
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 6a8dc9bbbb..00a310d4e4 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -34,6 +34,7 @@
 #include <openssl/encoder.h>
 #include <openssl/core_names.h>
 
+#include "internal/numbers.h"   /* includes SIZE_MAX */
 #include "internal/ffc.h"
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index c945eaae5e..e80d4f503d 100644
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -11,6 +11,7 @@
 #include <stdlib.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "internal/numbers.h"   /* includes SIZE_MAX */
 #include "internal/cryptlib.h"
 #include "internal/provider.h"
 #include "internal/core.h"
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 4cb98280a5..faa598f85e 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -33,6 +33,7 @@
 #include "internal/asn1.h"       /* For asn1_d2i_read_bio */
 #include "internal/o_dir.h"
 #include "internal/cryptlib.h"
+#include "crypto/ctype.h"        /* For ossl_isdigit */
 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
 
 #include "e_loader_attic_err.c"
diff --git a/include/internal/sockets.h b/include/internal/sockets.h
index 5ef5ef1756..6e882fa6aa 100644
--- a/include/internal/sockets.h
+++ b/include/internal/sockets.h
@@ -7,11 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
-
 #ifndef OSSL_INTERNAL_SOCKETS_H
 # define OSSL_INTERNAL_SOCKETS_H
 # pragma once
 
+# include <openssl/opensslconf.h>
+
 # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 #  define NO_SYS_PARAM_H
 # endif
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index f17a373493..4ee41cad26 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -102,11 +102,11 @@ extern "C" {
 # endif
 
 /* ------------------------------- OpenVMS -------------------------------- */
-# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS)
+# if defined(__VMS) || defined(VMS)
 #  if !defined(OPENSSL_SYS_VMS)
 #   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_VMS
 #  endif
-#  define OPENSSL_SYS_VMS
 #  if defined(__DECC)
 #   define OPENSSL_SYS_VMS_DECC
 #  elif defined(__DECCXX)
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index b9bb3b36c0..04021f49c2 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -26,6 +26,7 @@
 #include "internal/cryptlib.h"
 #include "internal/o_dir.h"
 #include "crypto/decoder.h"
+#include "crypto/ctype.h"        /* ossl_isdigit() */
 #include "prov/implementations.h"
 #include "prov/bio.h"
 #include "file_store_local.h"

From no-reply at appveyor.com  Wed May 19 11:28:45 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 19 May 2021 11:28:45 +0000
Subject: Build failed: openssl master.42081
Message-ID: <20210519112845.1.530FAD29149876FE@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210519/589671ca/attachment.html>

From pauli at openssl.org  Wed May 19 12:12:32 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 19 May 2021 12:12:32 +0000
Subject: [openssl]  master update
Message-ID: <1621426352.930559.12031.nullmailer@dev.openssl.org>

The branch master has been updated
       via  cad4f3facc2ff5dce97b08b9ab8718783358b30c (commit)
      from  bf991b25caa6e915d858dd56c98ee774f248f03c (commit)


- Log -----------------------------------------------------------------
commit cad4f3facc2ff5dce97b08b9ab8718783358b30c
Author: Jake Cooke <jcooke2297 at outlook.com>
Date:   Tue May 18 18:20:54 2021 +0930

    Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15316)

-----------------------------------------------------------------------

Summary of changes:
 engines/e_capi.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/engines/e_capi.c b/engines/e_capi.c
index dd66518d3f..2ea3cd2059 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1120,10 +1120,19 @@ static char *wide_to_asc(LPCWSTR wstr)
 {
     char *str;
     int len_0, sz;
+    size_t len_1;
 
     if (!wstr)
         return NULL;
-    len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+
+    len_1 = wcslen(wstr) + 1;
+
+    if (len_1 > INT_MAX) {
+	    CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+	    return NULL;
+    }
+
+    len_0 = (int)len_1; /* WideCharToMultiByte expects int */
     sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
     if (!sz) {
         CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);

From dev at ddvo.net  Wed May 19 12:13:55 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Wed, 19 May 2021 12:13:55 +0000
Subject: [openssl]  master update
Message-ID: <1621426435.892559.13755.nullmailer@dev.openssl.org>

The branch master has been updated
       via  25fad2ece854afe582b3c37913993fcaf19ca26a (commit)
       via  e34307b8ac51a57d300e3a302de410eb6c726b40 (commit)
       via  5bac37cb14f1e056891a0339d42b5c6db4344553 (commit)
      from  cad4f3facc2ff5dce97b08b9ab8718783358b30c (commit)


- Log -----------------------------------------------------------------
commit 25fad2ece854afe582b3c37913993fcaf19ca26a
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 18 11:30:01 2021 +0200

    apps/list: Remove obsolete -missing-help option
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15329)

commit e34307b8ac51a57d300e3a302de410eb6c726b40
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 18 11:23:13 2021 +0200

    find-doc-nits -c: Fix handling in case expected helpstr is not found
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15329)

commit 5bac37cb14f1e056891a0339d42b5c6db4344553
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 18 11:18:26 2021 +0200

    unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15329)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/ci.yml          |  4 ++--
 Configurations/unix-Makefile.tmpl |  9 +++------
 apps/list.c                       | 29 +----------------------------
 doc/man1/openssl-list.pod.in      |  5 -----
 util/find-doc-nits                |  5 ++---
 5 files changed, 8 insertions(+), 44 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 71750aec7a..46a096cb75 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,8 +37,8 @@ jobs:
       run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
     - name: make build_generated
       run: make -s build_generated
-    - name: make doc-nits cmd-nits
-      run: make doc-nits cmd-nits
+    - name: make doc-nits
+      run: make doc-nits
 
   # This checks that we use ANSI C language syntax and semantics.
   # We are not as strict with libraries, but rather adapt to what's
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 8b45e75f57..92e181befb 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -569,7 +569,7 @@ clean: libclean
 	-find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d -exec $(RM) {} \;
 	-find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \;
 	$(RM) core
-	$(RM) tags TAGS doc-nits cmd-nits md-nits
+	$(RM) tags TAGS doc-nits md-nits
 	$(RM) -r test/test-runs
 	$(RM) providers/fips*.new
 	$(RM) openssl.pc libcrypto.pc libssl.pc
@@ -1064,12 +1064,9 @@ generate: generate_apps generate_crypto_bn generate_crypto_objects \
 
 generate_buildinfo: generate_doc_buildinfo
 
-.PHONY: doc-nits cmd-nits md-nits
+.PHONY: doc-nits md-nits
 doc-nits: build_generated_pods
-	$(PERL) $(SRCDIR)/util/find-doc-nits -n -l -e
-
-cmd-nits: build_generated_pods
-	$(PERL) $(SRCDIR)/util/find-doc-nits -c
+	$(PERL) $(SRCDIR)/util/find-doc-nits -c -n -l -e
 
 # This uses "mdl", the markdownlint application, which is written in ruby.
 # The source is at https://github.com/markdownlint/markdownlint
diff --git a/apps/list.c b/apps/list.c
index 37e363ebd1..b0a1b6a0c5 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -964,25 +964,6 @@ static void list_keyexchanges(void)
         BIO_printf(bio_out, " -\n");
 }
 
-static void list_missing_help(void)
-{
-    const FUNCTION *fp;
-    const OPTIONS *o;
-
-    for (fp = functions; fp->name != NULL; fp++) {
-        if ((o = fp->help) != NULL) {
-            /* If there is help, list what flags are not documented. */
-            for ( ; o->name != NULL; o++) {
-                if (o->helpstr == NULL)
-                    BIO_printf(bio_out, "%s %s\n", fp->name, o->name);
-            }
-        } else if (fp->func != dgst_main) {
-            /* If not aliased to the dgst command, */
-            BIO_printf(bio_out, "%s *\n", fp->name);
-        }
-    }
-}
-
 static void list_objects(void)
 {
     int max_nid = OBJ_new_nid(0);
@@ -1443,7 +1424,7 @@ typedef enum HELPLIST_CHOICE {
     OPT_ENCODERS, OPT_DECODERS, OPT_KEYMANAGERS, OPT_KEYEXCHANGE_ALGORITHMS,
     OPT_KEM_ALGORITHMS, OPT_SIGNATURE_ALGORITHMS, OPT_ASYM_CIPHER_ALGORITHMS,
     OPT_PROVIDER_INFO,
-    OPT_MISSING_HELP, OPT_OBJECTS, OPT_SELECT_NAME,
+    OPT_OBJECTS, OPT_SELECT_NAME,
 #ifndef OPENSSL_NO_DEPRECATED_3_0
     OPT_ENGINES, 
 #endif
@@ -1503,8 +1484,6 @@ const OPTIONS list_options[] = {
      "List of loaded engines"},
 #endif
     {"disabled", OPT_DISABLED, '-', "List of disabled features"},
-    {"missing-help", OPT_MISSING_HELP, '-',
-     "List missing detailed help strings"},
     {"options", OPT_OPTIONS, 's',
      "List options for specified command"},
     {"objects", OPT_OBJECTS, '-',
@@ -1543,7 +1522,6 @@ int list_main(int argc, char **argv)
         unsigned int engines:1;
 #endif
         unsigned int disabled:1;
-        unsigned int missing_help:1;
         unsigned int objects:1;
         unsigned int options:1;
     } todo = { 0, };
@@ -1629,9 +1607,6 @@ opthelp:
         case OPT_DISABLED:
             todo.disabled = 1;
             break;
-        case OPT_MISSING_HELP:
-            todo.missing_help = 1;
-            break;
         case OPT_OBJECTS:
             todo.objects = 1;
             break;
@@ -1700,8 +1675,6 @@ opthelp:
 #endif
     if (todo.disabled)
         list_disabled();
-    if (todo.missing_help)
-        list_missing_help();
     if (todo.objects)
         list_objects();
 
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 2b05fa74d4..7ece8c3031 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -40,7 +40,6 @@ B<openssl list>
 -}[B<-engines>]
 {- output_on() if $disabled{"deprecated-3.0"}; ""
 -}[B<-disabled>]
-[B<-missing-help>]
 [B<-objects>]
 [B<-options> I<command>]
 {- $OpenSSL::safe::opt_provider_synopsis -}
@@ -182,10 +181,6 @@ Display a list of loaded engines.
 Display a list of disabled features, those that were compiled out
 of the installation.
 
-=item B<-missing-help>
-
-List missing detailed help strings.
-
 =item B<-objects>
 
 Display a list of built in objects, i.e. OIDs with names.  They're listed in the
diff --git a/util/find-doc-nits b/util/find-doc-nits
index 8a27a00bdf..fd465f6d0b 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -1048,7 +1048,8 @@ sub checkflags {
                 next if m/^\s*#\s*if/;
                 err("$cmd does not implement help for -$expect_helpstr") unless m/^\s*"/;
                 $expect_helpstr = "";
-            } elsif (m/\{\s*"([^"]+)"\s*,\s*OPT_[A-Z0-9_]+\s*,\s*('[-\/:<>cEfFlMnNpsuU]'|0)\s*,(.*)$/
+            }
+            if (m/\{\s*"([^"]+)"\s*,\s*OPT_[A-Z0-9_]+\s*,\s*('[-\/:<>cEfFlMnNpsuU]'|0)\s*,(.*)$/
                        && !($cmd eq "s_client" && $1 eq "wdebug")) {
                 push @cmdopts, $1;
                 $expect_helpstr = $1;
@@ -1141,8 +1142,6 @@ if ( $opt_c ) {
             checkflags($cmd, @doc);
         }
     }
-
-    exit $status;
 }
 
 # Populate %state

From dev at ddvo.net  Wed May 19 13:14:56 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Wed, 19 May 2021 13:14:56 +0000
Subject: [openssl]  master update
Message-ID: <1621430096.327308.24382.nullmailer@dev.openssl.org>

The branch master has been updated
       via  cf6cba90d53dca58cc41da59687ca7d1edf75458 (commit)
      from  25fad2ece854afe582b3c37913993fcaf19ca26a (commit)


- Log -----------------------------------------------------------------
commit cf6cba90d53dca58cc41da59687ca7d1edf75458
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 19 15:03:15 2021 +0200

    80-test_cms.t: Disable new tests for binary input in Windows
    
    This is a quick workaround for #15347.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15351)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/80-test_cms.t | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 0e20b807c8..7896bc9b12 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -818,6 +818,7 @@ subtest "CMS binary input tests\n" => sub {
     my $cert = srctop_file("test", "certs", "ee-self-signed.pem");
     my $key = srctop_file("test", "certs", "ee-key.pem");
 
+    plan skip_all => "Binary input tests currently disabled on Windows" if $^O =~ /^MSWin32$/;
     plan tests => 11;
 
     ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",

From tomas at openssl.org  Wed May 19 14:03:37 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 19 May 2021 14:03:37 +0000
Subject: [openssl]  master update
Message-ID: <1621433017.615820.8133.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b41ebb991e8bbce736cf73b9c3d6b7c3e208b2b0 (commit)
      from  cf6cba90d53dca58cc41da59687ca7d1edf75458 (commit)


- Log -----------------------------------------------------------------
commit b41ebb991e8bbce736cf73b9c3d6b7c3e208b2b0
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 18 15:23:04 2021 +0200

    speed: Document the deficiencies of the command
    
    Fixes #7032
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15330)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/openssl-speed.pod.in | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index c834a74ebc..fc1a388a19 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -30,9 +30,6 @@ B<openssl speed>
 =head1 DESCRIPTION
 
 This command is used to test the performance of cryptographic algorithms.
-To see the list of supported algorithms, use C<openssl list -digest-commands>
-or C<openssl list -cipher-commands> command. The global CSPRNG is denoted by
-the B<rand> algorithm name.
 
 =head1 OPTIONS
 
@@ -55,6 +52,10 @@ If I<algo> is an AEAD cipher, then you can pass B<-aead> to benchmark a
 TLS-like sequence. And if I<algo> is a multi-buffer capable cipher, e.g.
 aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation.
 
+To see the algorithms supported with this option, use
+C<openssl list -digest-algorithms> or C<openssl list -cipher-algorithms>
+command.
+
 =item B<-multi> I<num>
 
 Run multiple operations in parallel.
@@ -110,6 +111,15 @@ pre-compiled grand selection is tested.
 
 =back
 
+=head1 BUGS
+
+The I<algorithm> can be selected only from a pre-compiled subset of things
+that the C<openssl speed> command knows about. To test any additional digest
+or cipher algorithm supported by OpenSSL use the C<-evp> option.
+
+There is no way to test the speed of any additional public key algorithms
+supported by third party providers with the C<openssl speed> command.
+
 =head1 HISTORY
 
 The B<-engine> option was deprecated in OpenSSL 3.0.

From no-reply at appveyor.com  Wed May 19 14:10:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 19 May 2021 14:10:02 +0000
Subject: Build failed: openssl master.42082
Message-ID: <20210519141002.1.AA05058F12111AD8@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210519/34b0c052/attachment.html>

From no-reply at appveyor.com  Wed May 19 16:49:29 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 19 May 2021 16:49:29 +0000
Subject: Build failed: openssl master.42083
Message-ID: <20210519164929.1.0A402638C5277EAD@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210519/794f60e0/attachment.html>

From levitte at openssl.org  Wed May 19 17:46:47 2021
From: levitte at openssl.org (Richard Levitte)
Date: Wed, 19 May 2021 17:46:47 +0000
Subject: [openssl]  master update
Message-ID: <1621446407.101238.28764.nullmailer@dev.openssl.org>

The branch master has been updated
       via  da750b15c0e69f809243d56eceb37d56a8fc9cfd (commit)
       via  dd05c7938d70b620204f2808812f3bf7c535db48 (commit)
      from  b41ebb991e8bbce736cf73b9c3d6b7c3e208b2b0 (commit)


- Log -----------------------------------------------------------------
commit da750b15c0e69f809243d56eceb37d56a8fc9cfd
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue May 18 18:22:57 2021 +0200

    Make apps/progs.pl not look at apps/progs.c
    
    apps/progs.pl will have apps/progs.c as output, and on some systems,
    the output file of a program is locked against reading.
    Unfortunately, apps/progs.c is also part of the sources that make up
    apps/openssl, so it's necessary to mark that file in a way that makes
    progs.pl skip over it.
    
    Fortunately, this is easily done with a special attribute in
    apps/build.info and a simple adaptation of apps/progs.pl.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15332)

commit dd05c7938d70b620204f2808812f3bf7c535db48
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue May 18 18:21:51 2021 +0200

    build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15332)

-----------------------------------------------------------------------

Summary of changes:
 Configure                        | 53 ++++++++++++++++++++++++++++++++--------
 apps/build.info                  |  9 +++++--
 apps/progs.pl                    |  3 ++-
 doc/internal/man7/build.info.pod | 14 +++++++++++
 4 files changed, 66 insertions(+), 13 deletions(-)

diff --git a/Configure b/Configure
index cd40abedf7..635dc1c84e 100755
--- a/Configure
+++ b/Configure
@@ -2186,14 +2186,14 @@ if ($builder eq "unified") {
                                 undef, undef,
                                 tokenize($expand_variables->($+{VALUE})))
                          if !@skip || $skip[$#skip] > 0; },
-            qr/^\s* SOURCE ${index_re} = ${value_re} $/x
+            qr/^\s* SOURCE ${index_re} ${attribs_re} = ${value_re} $/x
             => sub { $push_to->(\%sources, $expand_variables->($+{INDEX}),
-                                undef, undef,
+                                \$attributes{sources}, $+{ATTRIBS},
                                 tokenize($expand_variables->($+{VALUE})))
                          if !@skip || $skip[$#skip] > 0; },
-            qr/^\s* SHARED_SOURCE ${index_re} = ${value_re} $/x
+            qr/^\s* SHARED_SOURCE ${index_re} ${attribs_re} = ${value_re} $/x
             => sub { $push_to->(\%shared_sources, $expand_variables->($+{INDEX}),
-                                undef, undef,
+                                \$attributes{sources}, $+{ATTRIBS},
                                 tokenize($expand_variables->($+{VALUE})))
                          if !@skip || $skip[$#skip] > 0; },
             qr/^\s* INCLUDE ${index_re} = ${value_re} $/x
@@ -2279,10 +2279,10 @@ EOF
                 if ($s eq $src_configdata || $generate{$_} || ! -f $s) {
                     $s = cleanfile($buildd, $_, $blddir);
                 }
+                my $o = $_;
                 # We recognise C++, C and asm files
                 if ($s =~ /\.(cc|cpp|c|s|S)$/) {
                     push @{$check_exist{$s}}, $ddest;
-                    my $o = $_;
                     $o =~ s/\.[csS]$/.o/; # C and assembler
                     $o =~ s/\.(cc|cpp)$/_cc.o/; # C++
                     $o = cleanfile($buildd, $o, $blddir);
@@ -2291,7 +2291,6 @@ EOF
                 } elsif ($s =~ /\.rc$/) {
                     # We also recognise resource files
                     push @{$check_exist{$s}}, $ddest;
-                    my $o = $_;
                     $o =~ s/\.rc$/.res/; # Resource configuration
                     $o = cleanfile($buildd, $o, $blddir);
                     $unified_info{sources}->{$ddest}->{$o} = -1;
@@ -2300,6 +2299,17 @@ EOF
                     push @{$check_exist{$s}}, $ddest;
                     $unified_info{sources}->{$ddest}->{$s} = 1;
                 }
+                # Fix up associated attributes
+                if ($o ne $_) {
+                    $unified_info{attributes}->{sources}->{$ddest}->{$o} =
+                        $unified_info{attributes}->{sources}->{$o}->{$s} =
+                        $attributes{sources}->{$dest}->{$_}
+                        if defined $attributes{sources}->{$dest}->{$_};
+                } else {
+                    $unified_info{attributes}->{sources}->{$ddest}->{$s} =
+                        $attributes{sources}->{$dest}->{$_}
+                        if defined $attributes{sources}->{$dest}->{$_};
+                }
             }
         }
 
@@ -2315,10 +2325,10 @@ EOF
                     $s = cleanfile($buildd, $_, $blddir);
                 }
 
+                my $o = $_;
                 if ($s =~ /\.(cc|cpp|c|s|S)$/) {
                     # We recognise C++, C and asm files
                     push @{$check_exist{$s}}, $ddest;
-                    my $o = $_;
                     $o =~ s/\.[csS]$/.o/; # C and assembler
                     $o =~ s/\.(cc|cpp)$/_cc.o/; # C++
                     $o = cleanfile($buildd, $o, $blddir);
@@ -2327,7 +2337,6 @@ EOF
                 } elsif ($s =~ /\.rc$/) {
                     # We also recognise resource files
                     push @{$check_exist{$s}}, $ddest;
-                    my $o = $_;
                     $o =~ s/\.rc$/.res/; # Resource configuration
                     $o = cleanfile($buildd, $o, $blddir);
                     $unified_info{shared_sources}->{$ddest}->{$o} = -1;
@@ -2336,11 +2345,22 @@ EOF
                     # We also recognise linker scripts (or corresponding)
                     # We know they are generated files
                     push @{$check_exist{$s}}, $ddest;
-                    my $ld = cleanfile($buildd, $_, $blddir);
-                    $unified_info{shared_sources}->{$ddest}->{$ld} = 1;
+                    $o = cleanfile($buildd, $_, $blddir);
+                    $unified_info{shared_sources}->{$ddest}->{$o} = 1;
                 } else {
                     die "unrecognised source file type for shared library: $s\n";
                 }
+                # Fix up associated attributes
+                if ($o ne $_) {
+                    $unified_info{attributes}->{shared_sources}->{$ddest}->{$o} =
+                        $unified_info{attributes}->{sources}->{$o}->{$s} =
+                        $attributes{sources}->{$dest}->{$_}
+                        if defined $attributes{sources}->{$dest}->{$_};
+                } else {
+                    $unified_info{attributes}->{shared_sources}->{$ddest}->{$o} =
+                        $attributes{sources}->{$dest}->{$_}
+                        if defined $attributes{sources}->{$dest}->{$_};
+                }
             }
         }
 
@@ -2644,6 +2664,19 @@ EOF
                             $unified_info{$dst}->{$prod}->{$newobj} = 1;
                             foreach my $src (@{$prod_sources{$_}}) {
                                 $unified_info{sources}->{$newobj}->{$src} = 1;
+                                # Adjust source attributes
+                                my $attrs = $unified_info{attributes}->{sources};
+                                if (defined $attrs->{$prod}
+                                    && defined $attrs->{$prod}->{$_}) {
+                                    $attrs->{$prod}->{$newobj} =
+                                        $attrs->{$prod}->{$_};
+                                    delete $attrs->{$prod}->{$_};
+                                }
+                                foreach my $objsrc (keys %{$attrs->{$_} // {}}) {
+                                    $attrs->{$newobj}->{$objsrc} =
+                                        $attrs->{$_}->{$objsrc};
+                                    delete $attrs->{$_}->{$objsrc};
+                                }
                             }
                             # Adjust dependencies
                             foreach my $deps (keys %{$unified_info{depends}->{$_}}) {
diff --git a/apps/build.info b/apps/build.info
index 50a85be18f..308f4d94f8 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -11,7 +11,7 @@ ENDIF
 
 # Source for the 'openssl' program
 $OPENSSLSRC=\
-        openssl.c progs.c \
+        openssl.c \
         asn1parse.c ca.c ciphers.c crl.c crl2pkcs7.c dgst.c \
         enc.c errstr.c \
         genpkey.c kdf.c mac.c nseq.c passwd.c pkcs7.c \
@@ -61,7 +61,12 @@ IF[{- !$disabled{apps} -}]
   INCLUDE[openssl]=.. ../include include
   DEPEND[openssl]=libapps.a ../libssl
 
-  DEPEND[${OPENSSLSRC/.c/.o}]=progs.h
+  # The nocheck attribute is picked up by progs.pl as a signal not to look
+  # at that file; some systems may have locked it as the output file, and
+  # therefore don't allow it to be read at the same time, making progs.pl
+  # fail.
+  SOURCE[openssl]{nocheck}=progs.c
+  DEPEND[${OPENSSLSRC/.c/.o} progs.o]=progs.h
   GENERATE[progs.c]=progs.pl "-C" $(APPS_OPENSSL)
   GENERATE[progs.h]=progs.pl "-H" $(APPS_OPENSSL)
   # progs.pl tries to read all 'openssl' sources, including progs.c, so we make
diff --git a/apps/progs.pl b/apps/progs.pl
index ff39f85325..8a5759a961 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -28,7 +28,8 @@ my $YEAR         = [localtime()]->[5] + 1900;
 # the lookups in %unified_info
 my @openssl_source =
     map { @{$unified_info{sources}->{$_}} }
-    grep { /\.o$/ }
+    grep { /\.o$/
+           && !$unified_info{attributes}->{sources}->{$apps_openssl}->{$_}->{nocheck} }
         @{$unified_info{sources}->{$apps_openssl}};
 
 foreach my $filename (@openssl_source) {
diff --git a/doc/internal/man7/build.info.pod b/doc/internal/man7/build.info.pod
index c959f1060d..8c651b37e6 100644
--- a/doc/internal/man7/build.info.pod
+++ b/doc/internal/man7/build.info.pod
@@ -492,6 +492,17 @@ Static libraries may be sources.  In that case, its object files are
 used directly when building I<item> instead of relying on library
 dependency and symbol resolution (through B<DEPEND> statements).
 
+B<SOURCE> statements may have attributes, which apply to each
+individual dependency in such a statement.  For example:
+
+    SOURCE[prog]=prog_a.c
+    SOURCE[prog]{check}=prog_b.c prog_c.c
+
+With those statements, the association between C<prog> and C<prog_a.c>
+comes with no extra attributes, while the association between C<prog>
+and C<prog_b.c> as well as C<prog_c.c> comes with the extra attribute
+C<check>.
+
 =item B<SHARED_SOURCE[>I<item>B<]> B<=> I<file> ...
 
 Collects filenames that will be used as source files for I<item>.
@@ -501,6 +512,9 @@ given with B<LIBS> or B<MODULES>.  For libraries, the given filenames
 are only used for their shared form, so if the item is a library name
 ending with C<.a>, the filenames will be ignored.
 
+B<SHARED_SOURCE> statements may have attributes, just as B<SOURCE>
+statements.
+
 =item B<DEFINE[>I<items>B<]> B<=> I<name>[B<=>I<value>] ...
 
 Collects I<name> / I<value> pairs (or just I<name> with no defined

From dev at ddvo.net  Wed May 19 18:16:14 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Wed, 19 May 2021 18:16:14 +0000
Subject: [openssl]  master update
Message-ID: <1621448174.675358.32195.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e34e91d7e575a2f69119601f2d34655cb6816148 (commit)
       via  d6bf19a465968b6ecc98b479fc770651deaa4e01 (commit)
       via  558f2a014646bb057f3876b28e32b13d8178400e (commit)
       via  fc48b5c825352f519538ed26f2caa8aeca8b9ba0 (commit)
       via  e2abc685b70bc7d6525d4c1aab9e031b1986ddd8 (commit)
       via  aaa584cee7d2172b6a4a5165d685b473b07a0de3 (commit)
      from  da750b15c0e69f809243d56eceb37d56a8fc9cfd (commit)


- Log -----------------------------------------------------------------
commit e34e91d7e575a2f69119601f2d34655cb6816148
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Mar 4 21:18:45 2021 +0100

    danetest.c: Improve code formatting
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14422)

commit d6bf19a465968b6ecc98b479fc770651deaa4e01
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Mar 4 21:18:09 2021 +0100

    X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14422)

commit 558f2a014646bb057f3876b28e32b13d8178400e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Mar 4 21:17:31 2021 +0100

    X509 build_chain(): Fix two potential memory leaks on issuer variable
    
    This also removes an inadequate guard: if (num == ctx->num_untrusted)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14422)

commit fc48b5c825352f519538ed26f2caa8aeca8b9ba0
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Mar 4 17:35:46 2021 +0100

    X509 build_chain(): Make the variable 'curr' local to the loop body
    
    This increases readability and maintainability.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14422)

commit e2abc685b70bc7d6525d4c1aab9e031b1986ddd8
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Mar 4 10:59:18 2021 +0100

    X509 build_chain(): Rename variable 'depth' to 'max_depth'
    
    This should increase readability and maintainability.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14422)

commit aaa584cee7d2172b6a4a5165d685b473b07a0de3
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Mar 4 10:56:27 2021 +0100

    X509 build_chain(): Restrict scope of 'self_signed' variable
    
    This should increase readability and maintainability.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14422)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_lu.c                      |  9 ++----
 crypto/x509/x509_vfy.c                     | 50 ++++++++++++++----------------
 doc/man3/X509_STORE_set_verify_cb_func.pod | 49 +++++++++++++++++------------
 test/danetest.c                            | 20 ++++++------
 util/missingcrypto.txt                     |  1 -
 5 files changed, 65 insertions(+), 64 deletions(-)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index bce0fa760c..b36ddb69a1 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -321,7 +321,6 @@ int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
     stmp.type = X509_LU_NONE;
     stmp.data.ptr = NULL;
 
-
     X509_STORE_lock(store);
     tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name);
     X509_STORE_unlock(store);
@@ -728,12 +727,10 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
     if (ctx->check_issued(ctx, x, obj->data.x509)) {
         if (ossl_x509_check_cert_time(ctx, obj->data.x509, -1)) {
             *issuer = obj->data.x509;
-            if (!X509_up_ref(*issuer)) {
-                *issuer = NULL;
-                ok = -1;
-            }
+            /* |*issuer| has taken over the cert reference from |obj| */
+            obj->type = X509_LU_NONE;
             X509_OBJECT_free(obj);
-            return ok;
+            return 1;
         }
     }
     X509_OBJECT_free(obj);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4e6ce11f4e..ddb3378eee 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2965,10 +2965,10 @@ static int dane_verify(X509_STORE_CTX *ctx)
 }
 
 /*
- * Get issuer, without duplicate suppression
+ * Get trusted issuer, without duplicate suppression
  * Returns -1 on internal error.
  */
-static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert)
+static int get1_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert)
 {
     STACK_OF(X509) *saved_chain = ctx->chain;
     int ok;
@@ -2985,15 +2985,13 @@ static int build_chain(X509_STORE_CTX *ctx)
 {
     SSL_DANE *dane = ctx->dane;
     int num = sk_X509_num(ctx->chain);
-    X509 *curr = sk_X509_value(ctx->chain, num - 1); /* current end of chain */
-    int self_signed = X509_self_signed(curr, 0); /* always refers to curr */
     STACK_OF(X509) *sk_untrusted = NULL;
     unsigned int search;
     int may_trusted = 0;
     int may_alternate = 0;
     int trust = X509_TRUST_UNTRUSTED;
     int alt_untrusted = 0;
-    int depth;
+    int max_depth;
     int ok = 0;
     int prev_error = ctx->error;
     int i;
@@ -3001,8 +2999,6 @@ static int build_chain(X509_STORE_CTX *ctx)
     /* Our chain starts with a single untrusted element. */
     if (!ossl_assert(num == 1 && ctx->num_untrusted == num))
         goto int_err;
-    if (self_signed < 0)
-        goto int_err;
 
 #define S_DOUNTRUSTED (1 << 0) /* Search untrusted chain */
 #define S_DOTRUSTED   (1 << 1) /* Search trusted store */
@@ -3051,10 +3047,10 @@ static int build_chain(X509_STORE_CTX *ctx)
      * Build chains up to one longer the limit, later fail if we hit the limit,
      * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code.
      */
-    depth = ctx->param->depth + 1;
+    max_depth = ctx->param->depth + 1;
 
     while (search != 0) {
-        X509 *issuer = NULL;
+        X509 *curr, *issuer = NULL;
 
         num = sk_X509_num(ctx->chain);
         ctx->error_depth = num - 1;
@@ -3094,7 +3090,8 @@ static int build_chain(X509_STORE_CTX *ctx)
             }
             curr = sk_X509_value(ctx->chain, i - 1);
 
-            ok = num > depth ? 0 : get_issuer(&issuer, ctx, curr);
+            /* Note: get1_trusted_issuer() must be used even if self-signed. */
+            ok = num > max_depth ? 0 : get1_trusted_issuer(&issuer, ctx, curr);
 
             if (ok < 0) {
                 trust = -1;
@@ -3103,6 +3100,12 @@ static int build_chain(X509_STORE_CTX *ctx)
             }
 
             if (ok > 0) {
+                int self_signed = X509_self_signed(curr, 0);
+
+                if (self_signed < 0) {
+                    X509_free(issuer);
+                    goto int_err;
+                }
                 /*
                  * Alternative trusted issuer for a mid-chain untrusted cert?
                  * Pop the untrusted cert's successors and retry.  We might now
@@ -3143,14 +3146,13 @@ static int build_chain(X509_STORE_CTX *ctx)
                  * trusted matching issuer.  Otherwise, grow the chain.
                  */
                 if (!self_signed) {
-                    curr = issuer;
-                    if ((self_signed = X509_self_signed(curr, 0)) < 0)
-                        goto int_err;
-                    if (!sk_X509_push(ctx->chain, curr)) {
+                    if (!sk_X509_push(ctx->chain, issuer)) {
                         X509_free(issuer);
                         goto memerr;
                     }
-                } else if (num == ctx->num_untrusted) {
+                    if ((self_signed = X509_self_signed(issuer, 0)) < 0)
+                        goto int_err;
+                } else {
                     /*
                      * We have a self-signed certificate that has the same
                      * subject name (and perhaps keyid and/or serial number) as
@@ -3165,8 +3167,6 @@ static int build_chain(X509_STORE_CTX *ctx)
                         X509_free(curr);
                         ctx->num_untrusted = --num;
                         (void)sk_X509_set(ctx->chain, num, issuer);
-                        curr = issuer;
-                        /* no need to update self_signed */
                     }
                 }
 
@@ -3212,7 +3212,6 @@ static int build_chain(X509_STORE_CTX *ctx)
                 /* Search for a trusted issuer of a shorter chain */
                 search |= S_DOALTERNATE;
                 alt_untrusted = ctx->num_untrusted - 1;
-                self_signed = 0;
             }
         }
 
@@ -3224,11 +3223,11 @@ static int build_chain(X509_STORE_CTX *ctx)
             if (!ossl_assert(num == ctx->num_untrusted))
                 goto int_err;
             curr = sk_X509_value(ctx->chain, num - 1);
-            issuer = (self_signed || num > depth) ?
+            issuer = (X509_self_signed(curr, 0) || num > max_depth) ?
                 NULL : find_issuer(ctx, sk_untrusted, curr);
             if (issuer == NULL) {
                 /*
-                 * Once we have reached a self-signed cert or num exceeds depth
+                 * Once we have reached a self-signed cert or num > max_depth
                  * or can't find an issuer in the untrusted list we stop looking
                  * there and start looking only in the trust store if enabled.
                  */
@@ -3245,9 +3244,6 @@ static int build_chain(X509_STORE_CTX *ctx)
                 goto int_err;
 
             ++ctx->num_untrusted;
-            curr = issuer;
-            if ((self_signed = X509_self_signed(curr, 0)) < 0)
-                goto int_err;
 
             /* Check for DANE-TA trust of the topmost untrusted certificate. */
             trust = check_dane_issuer(ctx, ctx->num_untrusted - 1);
@@ -3265,7 +3261,7 @@ static int build_chain(X509_STORE_CTX *ctx)
      * signers, or else direct leaf PKIX trust.
      */
     num = sk_X509_num(ctx->chain);
-    if (num <= depth) {
+    if (num <= max_depth) {
         if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane))
             trust = check_dane_pkeys(ctx);
         if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted)
@@ -3293,14 +3289,14 @@ static int build_chain(X509_STORE_CTX *ctx)
         case X509_V_OK:
             break;
         }
-        CB_FAIL_IF(num > depth,
+        CB_FAIL_IF(num > max_depth,
                    ctx, NULL, num - 1, X509_V_ERR_CERT_CHAIN_TOO_LONG);
         CB_FAIL_IF(DANETLS_ENABLED(dane)
                        && (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0),
                    ctx, NULL, num - 1, X509_V_ERR_DANE_NO_MATCH);
-        if (self_signed)
+        if (X509_self_signed(sk_X509_value(ctx->chain, num - 1), 0))
             return verify_cb_cert(ctx, NULL, num - 1,
-                                  sk_X509_num(ctx->chain) == 1
+                                  num == 1
                                   ? X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
                                   : X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
         return verify_cb_cert(ctx, NULL, num - 1,
diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod
index 515a427aa3..5e59cbe5cc 100644
--- a/doc/man3/X509_STORE_set_verify_cb_func.pod
+++ b/doc/man3/X509_STORE_set_verify_cb_func.pod
@@ -22,6 +22,7 @@ X509_STORE_get_check_revocation,
 X509_STORE_set_check_revocation,
 X509_STORE_get_check_issued,
 X509_STORE_set_check_issued,
+X509_STORE_CTX_get1_issuer,
 X509_STORE_get_get_issuer,
 X509_STORE_set_get_issuer,
 X509_STORE_CTX_get_verify,
@@ -64,10 +65,10 @@ X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
  void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
  X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
 
+ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+ X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
  void X509_STORE_set_get_issuer(X509_STORE *ctx,
                                 X509_STORE_CTX_get_issuer_fn get_issuer);
- X509_STORE_CTX_get_issuer_fn
-     X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
 
  void X509_STORE_set_check_issued(X509_STORE *ctx,
                                   X509_STORE_CTX_check_issued_fn check_issued);
@@ -121,14 +122,14 @@ X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
 
 =head1 DESCRIPTION
 
-X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
-B<verify_cb> overwriting the previous callback.
+X509_STORE_set_verify_cb() sets the verification callback of I<ctx> to
+I<verify_cb> overwriting the previous callback.
 The callback assigned with this function becomes a default for the one
 that can be assigned directly to the corresponding B<X509_STORE_CTX>,
 please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
 
 X509_STORE_set_verify() sets the final chain verification function for
-B<ctx> to B<verify>.
+I<ctx> to I<verify>.
 Its purpose is to go through the chain of certificates and check that
 all signatures are valid and that the current time is within the
 limits of each certificate's first and last validity time.
@@ -137,17 +138,24 @@ on success.
 I<If no chain verification function is provided, the internal default
 function will be used instead.>
 
-X509_STORE_set_get_issuer() sets the function to get the issuer
-certificate that verifies the given certificate B<x>.
-When found, the issuer certificate must be assigned to B<*issuer>.
-This function must return 0 on failure and 1 on success.
-I<If no function to get the issuer is provided, the internal default
-function will be used instead.>
+X509_STORE_CTX_get1_issuer() tries to find a certificate from the I<store>
+component of I<ctx> with a subject name matching the issuer name of I<x>.
+On success it assigns to I<*issuer> the first match that is currently valid,
+or at least the most recently expired match if there is no currently valid one.
+If the function returns 1 the caller is responsible for freeing I<*issuer>.
+
+X509_STORE_set_get_issuer() sets the function I<get_issuer>
+to get the "best" candidate issuer certificate of the given certificate I<x>.
+When such a certificate is found, I<get_issuer> must up-ref and assign it
+to I<*issuer> and then return 1.
+Otherwise I<get_issuer> must return 0 if not found and -1 (or 0) on failure.
+If X509_STORE_set_get_issuer() is not used or I<get_issuer> is NULL
+then X509_STORE_CTX_get1_issuer() is used as the default implementation.
 
 X509_STORE_set_check_issued() sets the function to check that a given
-certificate B<x> is issued by the issuer certificate B<issuer>.
-This function must return 0 on failure (among others if B<x> hasn't
-been issued with B<issuer>) and 1 on success.
+certificate I<x> is issued by the issuer certificate I<issuer>.
+This function must return 0 on failure (among others if I<x> hasn't
+been issued with I<issuer>) and 1 on success.
 I<If no function to get the issuer is provided, the internal default
 function will be used instead.>
 
@@ -160,20 +168,20 @@ I<If no function to get the issuer is provided, the internal default
 function will be used instead.>
 
 X509_STORE_set_get_crl() sets the function to get the crl for a given
-certificate B<x>.
-When found, the crl must be assigned to B<*crl>.
+certificate I<x>.
+When found, the crl must be assigned to I<*crl>.
 This function must return 0 on failure and 1 on success.
 I<If no function to get the issuer is provided, the internal default
 function will be used instead.>
 
 X509_STORE_set_check_crl() sets the function to check the validity of
-the given B<crl>.
+the given I<crl>.
 This function must return 0 on failure and 1 on success.
 I<If no function to get the issuer is provided, the internal default
 function will be used instead.>
 
 X509_STORE_set_cert_crl() sets the function to check the revocation
-status of the given certificate B<x> against the given B<crl>.
+status of the given certificate I<x> against the given I<crl>.
 This function must return 0 on failure and 1 on success.
 I<If no function to get the issuer is provided, the internal default
 function will be used instead.>
@@ -186,7 +194,7 @@ function will be used instead.>
 
 X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
 functions to look up all the certs or all the CRLs that match the
-given name B<nm>.
+given name I<nm>.
 These functions return NULL on failure and a pointer to a stack of
 certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
 success.
@@ -237,6 +245,9 @@ The X509_STORE_set_*() functions do not return a value.
 The X509_STORE_get_*() functions return a pointer of the appropriate
 function type.
 
+X509_STORE_CTX_get1_issuer() returns
+1 if a suitable certificate is found, 0 if not found, -1 on other error.
+
 =head1 SEE ALSO
 
 L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>,
diff --git a/test/danetest.c b/test/danetest.c
index 7d4b0c88a7..6217e5470d 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -20,7 +20,7 @@
 #include <openssl/err.h>
 #include <openssl/conf.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include "testutil.h"
 
@@ -68,10 +68,10 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
                                                      ssl)))
         goto end;
 
-    X509_STORE_CTX_set_default(store_ctx,
-            SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
+    X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl)
+                               ? "ssl_client" : "ssl_server");
     X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
-            SSL_get0_param(ssl));
+                           SSL_get0_param(ssl));
     store_ctx_dane_init(store_ctx, ssl);
 
     if (SSL_get_verify_callback(ssl) != NULL)
@@ -95,7 +95,7 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
     char *header = 0;
     unsigned char *data = 0;
     long len;
-    char *errtype = 0;                /* if error: cert or pkey? */
+    char *errtype = 0; /* if error: cert or pkey? */
     STACK_OF(X509) *chain;
     typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
 
@@ -107,8 +107,8 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
          && PEM_read_bio(fp, &name, &header, &data, &len) == 1;
          ++count) {
         if (strcmp(name, PEM_STRING_X509) == 0
-                    || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
-                    || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+                || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+                || strcmp(name, PEM_STRING_X509_OLD) == 0) {
             d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0
                 ? d2i_X509_AUX : d2i_X509;
             X509 *cert;
@@ -391,10 +391,8 @@ static int run_tlsatest(void)
             || !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method()))
             || !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0)
             || !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile))
-            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1),
-                            0)
-            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2),
-                            0)
+            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0)
+            || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0)
             || !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0))
         goto end;
     ret = 1;
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 5847e6446b..0946be28a0 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -1297,7 +1297,6 @@ X509_STORE_CTX_get0_policy_tree(3)
 X509_STORE_CTX_get0_store(3)
 X509_STORE_CTX_get1_certs(3)
 X509_STORE_CTX_get1_crls(3)
-X509_STORE_CTX_get1_issuer(3)
 X509_STORE_CTX_get_by_subject(3)
 X509_STORE_CTX_get_explicit_policy(3)
 X509_STORE_CTX_get_obj_by_subject(3)

From no-reply at appveyor.com  Wed May 19 19:39:42 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 19 May 2021 19:39:42 +0000
Subject: Build failed: openssl master.42084
Message-ID: <20210519193942.1.888C41B04315AD73@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210519/95c680a2/attachment.html>

From kaduk at mit.edu  Wed May 19 21:57:14 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Wed, 19 May 2021 21:57:14 +0000
Subject: [openssl]  master update
Message-ID: <1621461434.378202.22321.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6e495312fda0e669d105172c1ac8a8c0bf52da6d (commit)
       via  a0bbcb42a94cc6bc4f72d567c5e701b4cecf5be6 (commit)
       via  7c73fefe38f4fce9437b1d24d90dd5aa411c7e28 (commit)
      from  e34e91d7e575a2f69119601f2d34655cb6816148 (commit)


- Log -----------------------------------------------------------------
commit 6e495312fda0e669d105172c1ac8a8c0bf52da6d
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Thu Apr 8 18:41:46 2021 -0700

    Update SSL_new_session_ticket() manual for triggered send
    
    Document the recently added functionality.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14817)

commit a0bbcb42a94cc6bc4f72d567c5e701b4cecf5be6
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Thu Apr 8 17:09:18 2021 -0700

    Test new SSL_new_session_ticket() functionality
    
    Now that we can become "in init" directly after the call, test the
    various scenarios where explicit SSL_do_handshake() calls can come
    into play.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14817)

commit 7c73fefe38f4fce9437b1d24d90dd5aa411c7e28
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Fri Apr 2 10:04:24 2021 -0700

    Let SSL_new_session_ticket() enter init immediately
    
    The initial implementation always deferred the generation of the
    requested ticket(s) until the next application write, but this
    is not a great fit for what it actually does, architecturally wise.
    A request to send a session ticket means entering back into the
    handshake state machine (or "in init", as it's known in the
    implementation).  The state machine transition is not something that
    only occurs at an application-data write, and in general could occur at
    any time.  The only constraint is that we can't enter "init" while in
    the middle of writing application data.  In such cases we will need to
    wait until the next TLS record boundary to enter the state machine,
    as is currently done.
    
    However, there is no reason why we cannot enter the handshake state
    machine immediately in SSL_new_session_ticket() if there are no
    application writes pending.  Doing so provides a cleaner API surface to
    the application, as then calling SSL_do_handshake() suffices to drive
    the actual ticket generation.  In the previous state of affairs a dummy
    zero-length SSL_write() would be needed to trigger the ticket
    generation, which is a logical mismatch in the type of operation being
    performed.
    
    This commit should only change whether SSL_do_handshake() vs zero-length
    SSL_write() is needed to immediately generate a ticket after the
    SSL_new_session_ticket() call -- the default behavior is still to defer
    the actual write until there is other application data to write, unless
    the application requests otherwise.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14817)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_set_num_tickets.pod | 27 ++++++++++++++++-----------
 ssl/ssl_lib.c                        |  6 +++++-
 test/sslapitest.c                    | 26 +++++++++++++++++++++++---
 3 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod
index aa673bd8d0..7ab62d3ad3 100644
--- a/doc/man3/SSL_CTX_set_num_tickets.pod
+++ b/doc/man3/SSL_CTX_set_num_tickets.pod
@@ -45,17 +45,22 @@ sent.
 To issue tickets after other events (such as application-layer changes),
 SSL_new_session_ticket() is used by a server application to request that a new
 ticket be sent when it is safe to do so.  New tickets are only allowed to be
-sent in this manner after the initial handshake has completed, and only for TLS
-1.3 connections.  The ticket generation and transmission are delayed until the
-server is starting a new write operation, so that it is bundled with other
-application data being written and properly aligned to a record boundary.
-SSL_new_session_ticket() can be called more than once to request additional
-tickets be sent; all such requests are queued and written together when it is
-safe to do so.  Note that a successful return from SSL_new_session_ticket()
-indicates only that the request to send a ticket was processed, not that the
-ticket itself was sent.  To be notified when the ticket itself is sent, a
-new-session callback can be registered with L<SSL_CTX_sess_set_new_cb(3)> that
-will be invoked as the ticket or tickets are generated.
+sent in this manner after the initial handshake has completed, and only for
+TLS 1.3 connections.  By default, the ticket generation and transmission are
+delayed until the server is starting a new write operation, so that it is
+bundled with other application data being written and properly aligned to a
+record boundary.  If the connection was at a record boundary when
+SSL_new_session_ticket() was called, the ticket can be sent immediately
+(without waiting for the next application write) by calling
+SSL_do_handshake().  SSL_new_session_ticket() can be called more than once to
+request additional tickets be sent; all such requests are queued and written
+together when it is safe to do so and triggered by SSL_write() or
+SSL_do_handshake().  Note that a successful return from
+SSL_new_session_ticket() indicates only that the request to send a ticket was
+processed, not that the ticket itself was sent.  To be notified when the
+ticket itself is sent, a new-session callback can be registered with
+L<SSL_CTX_sess_set_new_cb(3)> that will be invoked as the ticket or tickets
+are generated.
 
 SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of
 tickets set by a previous call to SSL_CTX_set_num_tickets() or
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ff13442e3b..f35eaf07c5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2327,10 +2327,14 @@ int SSL_renegotiate_pending(const SSL *s)
 
 int SSL_new_session_ticket(SSL *s)
 {
-    if (SSL_in_init(s) || SSL_IS_FIRST_HANDSHAKE(s) || !s->server
+    /* If we are in init because we're sending tickets, okay to send more. */
+    if ((SSL_in_init(s) && s->ext.extra_tickets_expected == 0)
+            || SSL_IS_FIRST_HANDSHAKE(s) || !s->server
             || !SSL_IS_TLS13(s))
         return 0;
     s->ext.extra_tickets_expected++;
+    if (s->rlayer.wbuf[0].left == 0 && !SSL_in_init(s))
+        ossl_statem_set_in_init(s, 1);
     return 1;
 }
 
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 0a7295c5cb..28e9852dbb 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -2516,11 +2516,22 @@ static int test_extra_tickets(int idx)
             || !TEST_int_eq(4, new_called))
         goto end;
 
+    /* Once more, but with SSL_do_handshake() to drive the ticket generation */
+    c = '4';
+    new_called = 0;
+    if (!TEST_true(SSL_new_session_ticket(serverssl))
+            || !TEST_true(SSL_new_session_ticket(serverssl))
+            || !TEST_true(SSL_do_handshake(serverssl))
+            || !TEST_int_eq(2, new_called)
+            || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes))
+            || !TEST_int_eq(4, new_called))
+        goto end;
+
     /*
      * Use the always-retry BIO to exercise the logic that forces ticket
      * generation to wait until a record boundary.
      */
-    c = '4';
+    c = '5';
     new_called = 0;
     tmp = SSL_get_wbio(serverssl);
     if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
@@ -2536,9 +2547,14 @@ static int test_extra_tickets(int idx)
     /* Restore a BIO that will let the write succeed */
     SSL_set0_wbio(serverssl, tmp);
     tmp = NULL;
-    /* These calls should just queue the request and not send anything. */
+    /*
+     * These calls should just queue the request and not send anything
+     * even if we explicitly try to hit the state machine.
+     */
     if (!TEST_true(SSL_new_session_ticket(serverssl))
             || !TEST_true(SSL_new_session_ticket(serverssl))
+            || !TEST_int_eq(0, new_called)
+            || !TEST_true(SSL_do_handshake(serverssl))
             || !TEST_int_eq(0, new_called))
         goto end;
     /* Re-do the write; still no tickets sent */
@@ -2551,8 +2567,12 @@ static int test_extra_tickets(int idx)
             || !TEST_int_eq(c, buf[0])
             || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &nbytes)))
         goto end;
+    /* Even trying to hit the state machine now will still not send tickets */
+    if (!TEST_true(SSL_do_handshake(serverssl))
+            || !TEST_int_eq(0, new_called))
+        goto end;
     /* Now the *next* write should send the tickets */
-    c = '5';
+    c = '6';
     if (!TEST_true(SSL_write_ex(serverssl, &c, 1, &nbytes))
             || !TEST_size_t_eq(1, nbytes)
             || !TEST_int_eq(2, new_called)

From no-reply at appveyor.com  Wed May 19 22:21:53 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 19 May 2021 22:21:53 +0000
Subject: Build failed: openssl master.42085
Message-ID: <20210519222153.1.1F5506D2585DF972@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210519/e8e0b6f5/attachment.html>

From matt at openssl.org  Thu May 20 07:47:12 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 07:47:12 +0000
Subject: [openssl]  master update
Message-ID: <1621496832.762817.32666.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b7140b0604bdfaa034452d97648a9c23a97568e4 (commit)
      from  6e495312fda0e669d105172c1ac8a8c0bf52da6d (commit)


- Log -----------------------------------------------------------------
commit b7140b0604bdfaa034452d97648a9c23a97568e4
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sun Mar 28 17:22:40 2021 +1000

    Add migration guide for 3.0
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14710)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                 |  719 ++---------
 NEWS.md                                    |    1 +
 README-FIPS.md                             |  407 +------
 doc/build.info                             |   12 +
 doc/man3/DH_size.pod                       |   16 +-
 doc/man3/PEM_read_CMS.pod                  |    2 +-
 doc/man3/PEM_read_bio_PrivateKey.pod       |    2 +-
 doc/man7/OSSL_PROVIDER-legacy.pod          |    7 +-
 doc/man7/crypto.pod                        |    3 +-
 README-FIPS.md => doc/man7/fips_module.pod |  221 ++--
 doc/man7/migration_guide.pod               | 1804 ++++++++++++++++++++++++++++
 11 files changed, 2006 insertions(+), 1188 deletions(-)
 copy README-FIPS.md => doc/man7/fips_module.pod (67%)
 create mode 100644 doc/man7/migration_guide.pod

diff --git a/CHANGES.md b/CHANGES.md
index 12f4c820d9..b53216512f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -21,6 +21,13 @@ OpenSSL Releases
 OpenSSL 3.0
 -----------
 
+For OpenSSL 3.0 a [Migration guide][] has been added, so the CHANGES entries
+listed here are only a brief description.
+The migration guide contains more detailed information related to new features,
+breaking changes, and mappings for the large list of deprecated functions.
+
+[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
  * The signatures of the functions to get and set options on SSL and
@@ -41,53 +48,21 @@ OpenSSL 3.0
    * Rich Salz *
 
  * OpenSSL includes a cryptographic module that is intended to be FIPS 140-2
-   validated. The module is implemented as an OpenSSL provider, the so-called
-   FIPS provider. A list of all changes related to the FIPS provider would go
-   beyond the scope of this CHANGES file, please consult the README-FIPS and
+   validated. Please consult the README-FIPS and
    README-PROVIDERS files, as well as the migration guide.
 
-   The FIPS provider is disabled by default and needs to be enabled explicitly
-   at configuration time using the `enable-fips` option. If it is enabled,
-   the FIPS provider gets built and installed in addition to the default and
-   the legacy provider. No separate installation procedure is necessary.
-   There is however a dedicated `install_fips` make target, which serves the
-   special purpose of installing only the FIPS provider into an existing
-   OpenSSL installation.
-
    *OpenSSL team members and many third party contributors*
 
  * For the key types DH and DHX the allowed settable parameters are now different.
-   Previously (in 1.1.1) these conflicting parameters were allowed, but will now
-   result in errors. See EVP_PKEY-DH(7) for further details. This affects the
-   behaviour of openssl-genpkey(1) for DH parameter generation.
 
    *Shane Lontis*
 
  * The openssl commands that read keys, certificates, and CRLs now
-   automatically detect the PEM or DER format of the input files so it is not
-   necessary to explicitly specify the input format anymore. However if the
-   input format option is used the specified format will be required.
+   automatically detect the PEM or DER format of the input files.
 
    *David von Oheimb, Richard Levitte, and Tom?? Mr?z*
 
- * Added enhanced PKCS#12 APIs which accept a library context `OSSL_LIB_CTX`
-   and (where relevant) a property query. Other APIs which handle PKCS#7 and
-   PKCS#8 objects have also been enhanced where required. This includes:
-
-   PKCS12_add_key_ex(), PKCS12_add_safe_ex(), PKCS12_add_safes_ex(),
-   PKCS12_create_ex(), PKCS12_decrypt_skey_ex(), PKCS12_init_ex(),
-   PKCS12_item_decrypt_d2i_ex(), PKCS12_item_i2d_encrypt_ex(),
-   PKCS12_key_gen_asc_ex(), PKCS12_key_gen_uni_ex(), PKCS12_key_gen_utf8_ex(),
-   PKCS12_pack_p7encdata_ex(), PKCS12_pbe_crypt_ex(), PKCS12_PBE_keyivgen_ex(),
-   PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(), PKCS5_pbe2_set_iv_ex(),
-   PKCS5_pbe_set0_algor_ex(), PKCS5_pbe_set_ex(), PKCS5_pbkdf2_set_ex(),
-   PKCS5_v2_PBE_keyivgen_ex(), PKCS5_v2_scrypt_keyivgen_ex(),
-   PKCS8_decrypt_ex(), PKCS8_encrypt_ex(), PKCS8_set0_pbe_ex().
-
-   As part of this change the EVP_PBE_xxx APIs can also accept a library
-   context and property query and will call an extended version of the key/IV
-   derivation function which supports these parameters. This includes
-   EVP_PBE_CipherInit_ex(), EVP_PBE_find_ex() and EVP_PBE_scrypt_ex().
+ * Added enhanced PKCS#12 APIs which accept a library context.
 
    *Jon Spillett*
 
@@ -95,17 +70,12 @@ OpenSSL 3.0
 
    *Matt Caswell*
 
- * Added support for Kernel TLS (KTLS). In order to use KTLS, support for it
-   must be compiled in using the "enable-ktls" compile time option. It must
-   also be enabled at run time using the SSL_OP_ENABLE_KTLS option.
+ * Added support for Kernel TLS (KTLS).
 
    *Boris Pismenny, John Baldwin and Andrew Gallatin*
 
  * Support for RFC 5746 secure renegotiation is now required by default for
-   SSL or TLS connections to succeed.  Applications that require the ability
-   to connect to legacy peers will need to explicitly set
-   SSL_OP_LEGACY_SERVER_CONNECT.  Accordingly, SSL_OP_LEGACY_SERVER_CONNECT
-   is no longer set as part of SSL_OP_ALL.
+   SSL or TLS connections to succeed.
 
    *Benjamin Kaduk*
 
@@ -119,47 +89,29 @@ OpenSSL 3.0
    *David von Oheimb*
 
  * The error return values from some control calls (ctrl) have changed.
-   One significant change is that controls which used to return -2 for
-   invalid inputs, now return -1 indicating a generic error condition instead.
 
    *Paul Dale*
 
  * A public key check is now performed during EVP_PKEY_derive_set_peer().
-   Previously DH was internally doing this during EVP_PKEY_derive().
-   To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0). This
-   may mean that an error can occur in EVP_PKEY_derive_set_peer() rather than
-   during EVP_PKEY_derive().
 
    *Shane Lontis*
 
  * The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
    EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
    EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
-   are deprecated. They are not invoked by the OpenSSL library anymore and
-   are replaced by direct checks of the key operation against the key type
-   when the operation is initialized.
+   are deprecated.
 
    *Tom?? Mr?z*
 
  * The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
-   more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
-   Previously (in 1.1.1) they would return -2. For key types that do not have
-   parameters then EVP_PKEY_param_check() will always return 1.
+   more key types.
 
  * The output from the command line applications may have minor
-   changes.  These are primarily changes in capitalisation and white
-   space.  However, in some cases, there are additional differences.
-   For example, the DH parameters output from `dhparam` now lists 'P',
-   'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup
-   order' and 'counter' respectively.
+   changes.
 
    *Paul Dale*
 
- * The output from numerous "printing" functions such as X509_signature_print(),
-   X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
-   amended such that there may be cosmetic differences between the output
-   observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
-   x509 and crl applications.
+ * The output from numerous "printing" may have minor changes.
 
    *David von Oheimb*
 
@@ -194,26 +146,13 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
- * The implementation of the EVP ciphers CAST5-ECB, CAST5-CBC, CAST5-OFB,
-   CAST5-CFB, BF-ECB, BF-CBC, BF-OFB, BF-CFB, IDEA-ECB, IDEC-CBC, IDEA-OFB,
-   IDEA-CFB, SEED-ECB, SEED-CBC, SEED-OFB, SEED-CFB, RC2-ECB, RC2-CBC,
-   RC2-40-CBC, RC2-64-CBC, RC2-OFB, RC2-CFB, RC4, RC4-40, RC4-HMAC-MD5, RC5-ECB,
-   RC5-CBC, RC5-OFB, RC5-CFB, DESX-CBC, DES-ECB, DES-CBC, DES-OFB, DES-CFB,
-   DES-CFB1 and DES-CFB8 have been moved to the legacy provider. Applications
-   using the EVP APIs to access these ciphers should instead use more modern
-   ciphers. If that is not possible then these applications should ensure that
-   the legacy provider has been loaded. This can be achieved either
-   programmatically or via configuration. See the provider(7) man page for
-   further details.
+ * The implementation of older EVP ciphers related to CAST, IDEA, SEED, RC2, RC4,
+   RC5, DESX and DES have been moved to the legacy provider.
 
    *Matt Caswell*
 
  * The implementation of the EVP digests MD2, MD4, MDC2, WHIRLPOOL and
-   RIPEMD-160 have been moved to the legacy provider. Applications using the
-   EVP APIs to access these digests should instead use more modern digests. If
-   that is not possible then these applications should ensure that the legacy
-   provider has been loaded. This can be achieved either programmatically or via
-   configuration. See the provider(7) man page for further details.
+   RIPEMD-160 have been moved to the legacy provider.
 
    *Matt Caswell*
 
@@ -225,60 +164,28 @@ OpenSSL 3.0
  * The deprecated functions EVP_PKEY_get0_RSA(),
    EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_DH(),
    EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and EVP_PKEY_get0_siphash() as
-   well as the similarly named "get1" functions behave slightly differently in
-   OpenSSL 3.0. Previously they returned a pointer to the low-level key used
-   internally by libcrypto. From OpenSSL 3.0 this key may now be held in a
-   provider. Calling these functions will only return a handle on the internal
-   key where the EVP_PKEY was constructed using this key in the first place, for
-   example using a function or macro such as EVP_PKEY_assign_RSA(),
-   EVP_PKEY_set1_RSA(), etc. Where the EVP_PKEY holds a provider managed key,
-   then these functions now return a cached copy of the key. Changes to
-   the internal provider key that take place after the first time the cached key
-   is accessed will not be reflected back in the cached copy. Similarly any
-   changes made to the cached copy by application code will not be reflected
-   back in the internal provider key.
-
-   For the above reasons the keys returned from these functions should typically
-   be treated as read-only. To emphasise this the value returned from
-   EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
-   EVP_PKEY_get0_EC_KEY() and EVP_PKEY_get0_DH() has been made const. This may
-   break some existing code. Applications broken by this change should be
-   modified. The preferred solution is to refactor the code to avoid the use of
-   these deprecated functions. Failing this the code should be modified to use a
-   const pointer instead. The EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(),
-   EVP_PKEY_get1_EC_KEY() and EVP_PKEY_get1_DH() functions continue to return a
-   non-const pointer to enable them to be "freed". However they should also be
-   treated as read-only.
+   well as the similarly named "get1" functions behave differently in
+   OpenSSL 3.0.
 
    *Matt Caswell*
 
  * A number of functions handling low-level keys or engines were deprecated
    including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(),
    EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and
-   EVP_PKEY_get0_siphash(). Applications using engines should instead use
-   providers. Applications getting or setting low-level keys in an EVP_PKEY
-   should instead use the OSSL_ENCODER or OSSL_DECODER APIs, or alternatively
-   use EVP_PKEY_fromdata() or EVP_PKEY_get_params().
+   EVP_PKEY_get0_siphash().
 
    *Matt Caswell*
 
  * Deprecated obsolete EVP_PKEY_CTX_get0_dh_kdf_ukm() and
-   EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions. They are not needed
-   and require returning octet ptr parameters from providers that
-   would like to support them which complicates provider implementations.
+   EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions.
 
    *Tom?? Mr?z*
 
- * The RAND_METHOD APIs have been deprecated.  The functions deprecated are:
-   RAND_OpenSSL(), RAND_get_rand_method(), RAND_set_rand_engine() and
-   RAND_set_rand_method().  Provider based random number generators should
-   be used instead via EVP_RAND(3).
+ * The RAND_METHOD APIs have been deprecated.
 
    *Paul Dale*
 
- * The SRP APIs have been deprecated. The old APIs do not work via providers,
-   and there is no EVP interface to them. Unfortunately there is no replacement
-   for these APIs at this time.
+ * The SRP APIs have been deprecated.
 
    *Matt Caswell*
 
@@ -288,20 +195,12 @@ OpenSSL 3.0
 
    *Paul Dale*
 
- * The default algorithms for pkcs12 creation with the PKCS12_create() function
-   were changed to more modern PBKDF2 and AES based algorithms. The default
-   MAC iteration count was changed to PKCS12_DEFAULT_ITER to make it equal
-   with the password-based encryption iteration count. The default digest
-   algorithm for the MAC computation was changed to SHA-256. The pkcs12
-   application now supports -legacy option that restores the previous
-   default algorithms to support interoperability with legacy systems.
+ * pkcs12 now uses defaults of PBKDF2, AES and SHA-256, with a MAC iteration
+   count of PKCS12_DEFAULT_ITER.
 
    *Tom?? Mr?z and Sahana Prasad*
 
- * The openssl speed command does not use low-level API calls anymore. This
-   implies some of the performance numbers might not be fully comparable
-   with the previous releases due to higher overhead. This applies
-   particularly to measuring performance on smaller data chunks.
+ * The openssl speed command does not use low-level API calls anymore.
 
    *Tom?? Mr?z*
 
@@ -311,13 +210,6 @@ OpenSSL 3.0
    *Ilya Albrekht, Sergey Kirillov, Andrey Matyukov (Intel Corp)*
 
  * Combining the Configure options no-ec and no-dh no longer disables TLSv1.3.
-   Typically if OpenSSL has no EC or DH algorithms then it cannot support
-   connections with TLSv1.3. However OpenSSL now supports "pluggable" groups
-   through providers. Therefore third party providers may supply group
-   implementations even where there are no built-in ones. Attempting to create
-   TLS connections in such a build without also disabling TLSv1.3 at run time or
-   using third party provider groups may result in handshake failures. TLSv1.3
-   can be disabled at compile time using the "no-tls1_3" Configure option.
 
    *Matt Caswell*
 
@@ -329,14 +221,10 @@ OpenSSL 3.0
    *Matt Caswell, Nicola Tuveri*
 
  * The undocumented function X509_certificate_type() has been deprecated;
-   applications can use X509_get0_pubkey() and X509_get0_signature() to
-   get the same information.
 
    *Rich Salz*
 
- * Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range()
-   functions. They are identical to BN_rand() and BN_rand_range()
-   respectively.
+ * Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range().
 
    *Tom?? Mr?z*
 
@@ -347,65 +235,38 @@ OpenSSL 3.0
 
    *Rich Salz*
 
- * Deprecated the obsolete X9.31 RSA key generation related functions
-   BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and
-   BN_X931_generate_prime_ex().
+ * Deprecated the obsolete X9.31 RSA key generation related functions.
 
    *Tom?? Mr?z*
 
  * The default key generation method for the regular 2-prime RSA keys was
-   changed to the FIPS 186-4 B.3.6 method (Generation of Probable Primes with
-   Conditions Based on Auxiliary Probable Primes). This method is slower
-   than the original method.
+   changed to the FIPS 186-4 B.3.6 method.
 
    *Shane Lontis*
 
  * Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions.
-   They are replaced with the BN_check_prime() function that avoids possible
-   misuse and always uses at least 64 rounds of the Miller-Rabin
-   primality test. At least 64 rounds of the Miller-Rabin test are now also
-   used for all prime generation, including RSA key generation.
-   This increases key generation time, especially for larger keys.
 
    *Kurt Roeckx*
 
- * Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
-   as they are not useful with non-deprecated functions.
+ * Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn().
 
    *Rich Salz*
 
- * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
-   OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
-   OCSP_REQ_CTX_i2d() and its special form OCSP_REQ_CTX_set1_req(),
-   OCSP_REQ_CTX_nbio(),
-   OCSP_REQ_CTX_nbio_d2i() and its special form OCSP_sendreq_nbio(),
-   OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length().  These
-   were used to collect all necessary data to form a HTTP request, and to
-   perform the HTTP transfer with that request.  With OpenSSL 3.0, the
-   type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
-   with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(),
-   OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(),
-   OSSL_HTTP_REQ_CTX_set1_req(),
-   OSSL_HTTP_REQ_CTX_nbio(), OSSL_HTTP_REQ_CTX_nbio_d2i(),
-   OSSL_HTTP_REQ_CTX_get0_mem_bio(), and
-   OSSL_HTTP_REQ_CTX_set_max_response_length().
+ * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_*() and
+   replaced with OSSL_HTTP_REQ_CTX and the functions OSSL_HTTP_REQ_CTX_*().
 
    *Rich Salz, Richard Levitte, and David von Oheimb*
 
- * Deprecated `X509_http_nbio()` and `X509_CRL_http_nbio()`,
-   which are superseded by `X509_load_http()` and `X509_CRL_load_http()`.
+ * Deprecated `X509_http_nbio()` and `X509_CRL_http_nbio()`.
 
    *David von Oheimb*
 
- * Deprecated `OCSP_parse_url()`, which is replaced with `OSSL_HTTP_parse_url`.
+ * Deprecated `OCSP_parse_url()`.
 
    *David von Oheimb*
 
  * Validation of SM2 keys has been separated from the validation of regular EC
-   keys, allowing to improve the SM2 validation process to reject loaded private
-   keys that are not conforming to the SM2 ISO standard.
-   In particular, a private scalar `k` outside the range `1 <= k < n-1` is now
-   correctly rejected.
+   keys.
 
    *Nicola Tuveri*
 
@@ -432,79 +293,18 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
- * All of the low-level EC_KEY functions have been deprecated including:
-
-   EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
-   EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
-   EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
-   EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
-   EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
-   EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
-   EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign,
-   EC_KEY_METHOD_get_verify,
-   EC_KEY_new_ex, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags,
-   EC_KEY_clear_flags, EC_KEY_decoded_from_explicit_params,
-   EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
-   EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine,
-   EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
-   EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
-   EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form,
-   EC_KEY_set_conv_form, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
-   EC_KEY_set_asn1_flag, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_can_sign,
-   EC_KEY_set_public_key_affine_coordinates, EC_KEY_key2buf, EC_KEY_oct2key,
-   EC_KEY_oct2priv, EC_KEY_priv2oct and EC_KEY_priv2buf.
-   Applications that need to implement an EC_KEY_METHOD need to consider
-   implementation of the functionality in a special provider.
-   For replacement of the functions manipulating the EC_KEY objects
-   see the L<EVP_PKEY-EC(7)> manual page.
-   A simple way of generating EC keys is L<EVP_EC_gen(3)>.
-
-   Additionally functions that read and write EC_KEY objects such as
-   o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
-   d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio,
-   d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp,
-   i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio,
-   i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio and i2d_EC_PUBKEY_fp
-   have also been deprecated. Applications should instead use the
-   OSSL_DECODER and OSSL_ENCODER APIs to read and write EC files.
-
-   Finally functions that assign or obtain EC_KEY objects from an EVP_PKEY such as
-   EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get1_EC_KEY and
-   EVP_PKEY_set1_EC_KEY are also deprecated. Applications should instead either
-   read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER
-   APIs. Or load an EVP_PKEY directly from EC data using EVP_PKEY_fromdata().
+ * All of the low level EC_KEY functions have been deprecated.
 
    *Shane Lontis, Paul Dale, Richard Levitte, and Tom?? Mr?z*
 
  * Deprecated all the libcrypto and libssl error string loading
-   functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(),
-   ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(),
-   ERR_load_CMS_strings(), ERR_load_COMP_strings(), ERR_load_CONF_strings(),
-   ERR_load_CRYPTO_strings(), ERR_load_CT_strings(), ERR_load_DH_strings(),
-   ERR_load_DSA_strings(), ERR_load_EC_strings(), ERR_load_ENGINE_strings(),
-   ERR_load_ERR_strings(), ERR_load_EVP_strings(), ERR_load_KDF_strings(),
-   ERR_load_OBJ_strings(), ERR_load_OCSP_strings(), ERR_load_PEM_strings(),
-   ERR_load_PKCS12_strings(), ERR_load_PKCS7_strings(), ERR_load_RAND_strings(),
-   ERR_load_RSA_strings(), ERR_load_OSSL_STORE_strings(), ERR_load_TS_strings(),
-   ERR_load_UI_strings(), ERR_load_X509_strings(), ERR_load_X509V3_strings().
-
-   Calling these functions is not necessary since OpenSSL 1.1.0, as OpenSSL
-   now loads error strings automatically.
+   functions.
 
    *Richard Levitte*
 
  * The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as
    well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been
-   deprecated. These are used to set the Diffie-Hellman (DH) parameters that
-   are to be used by servers requiring ephemeral DH keys. Instead applications
-   should consider using the built-in DH parameters that are available by
-   calling SSL_CTX_set_dh_auto() or SSL_set_dh_auto(). If custom parameters are
-   necessary then applications can use the alternative functions
-   SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey(). There is no direct
-   replacement for the "callback" functions. The callback was originally useful
-   in order to have different parameters for export and non-export ciphersuites.
-   Export ciphersuites are no longer supported by OpenSSL. Use of the callback
-   functions should be replaced by one of the other methods described above.
+   deprecated.
 
    *Matt Caswell*
 
@@ -518,32 +318,17 @@ OpenSSL 3.0
    *Rich Salz*
 
  * Add support for AES Key Wrap inverse ciphers to the EVP layer.
-   The algorithms are:
-   "AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV",
-   "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV".
-   The inverse ciphers use AES decryption for wrapping, and
-   AES encryption for unwrapping.
 
    *Shane Lontis*
 
  * Deprecated EVP_PKEY_set1_tls_encodedpoint() and
-   EVP_PKEY_get1_tls_encodedpoint(). These functions were previously used by
-   libssl to set or get an encoded public key in/from an EVP_PKEY object. With
-   OpenSSL 3.0 these are replaced by the more generic functions
-   EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key().
-   The old versions have been converted to deprecated macros that just call the
-   new functions.
+   EVP_PKEY_get1_tls_encodedpoint().
 
    *Matt Caswell*
 
  * The security callback, which can be customised by application code, supports
-   the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
-   in the "other" parameter. In most places this is what is passed. All these
-   places occur server side. However there was one client side call of this
-   security operation and it passed a DH object instead. This is incorrect
-   according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
-   of the other locations. Therefore this client side call has been changed to
-   pass an EVP_PKEY instead.
+   the security operation SSL_SECOP_TMP_DH. One location of the "other" parameter
+   was incorrectly passing a DH object. It now passed an EVP_PKEY in all cases.
 
    *Matt Caswell*
 
@@ -558,11 +343,7 @@ OpenSSL 3.0
 
    *Paul Dale*
 
- * Removed EVP_PKEY_set_alias_type().  This function was previously
-   needed as a workaround to recognise SM2 keys.  With OpenSSL 3.0, this key
-   type is internally recognised so the workaround is no longer needed.
-
-   This is a breaking change from previous OpenSSL versions.
+ * Removed EVP_PKEY_set_alias_type().
 
    *Richard Levitte*
 
@@ -579,18 +360,6 @@ OpenSSL 3.0
 
  * Remove the RAND_DRBG API
 
-   The RAND_DRBG API did not fit well into the new provider concept as
-   implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
-   RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
-   and some of its API calls are rather low-level. This holds in particular
-   for the callback mechanism (`RAND_DRBG_set_callbacks()`).
-
-   Adding a compatibility layer to continue supporting the RAND_DRBG API as
-   a legacy API for a regular deprecation period turned out to come at the
-   price of complicating the new provider API unnecessarily. Since the
-   RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
-   to drop it entirely.
-
    *Paul Dale and Matthias St. Pierre*
 
  * Allow `SSL_set1_host()` and `SSL_add1_host()` to take IP literal addresses
@@ -645,25 +414,6 @@ OpenSSL 3.0
    other libraries can use to form a separate context within which
    libcrypto operations are performed.
 
-   There are two ways this can be used:
-
-   - Directly, by passing a library context to functions that take
-     such an argument, such as `EVP_CIPHER_fetch` and similar algorithm
-     fetching functions.
-   - Indirectly, by creating a new library context and then assigning
-     it as the new default, with `OSSL_LIB_CTX_set0_default`.
-
-   All public OpenSSL functions that take an `OSSL_LIB_CTX` pointer,
-   apart from the functions directly related to `OSSL_LIB_CTX`, accept
-   NULL to indicate that the default library context should be used.
-
-   Library code that changes the default library context using
-   `OSSL_LIB_CTX_set0_default` should take care to restore it with a
-   second call before returning to the caller.
-
-   _(Note: the library context was initially called `OPENSSL_CTX` and
-   renamed to `OSSL_LIB_CTX` in version 3.0.0 alpha7.)_
-
    *Richard Levitte*
 
  * Handshake now fails if Extended Master Secret extension is dropped
@@ -671,36 +421,25 @@ OpenSSL 3.0
 
    *Tom?? Mr?z*
 
- * Dropped interactive mode from the `openssl` program.  From now on,
-   running it without arguments is equivalent to `openssl help`.
+ * Dropped interactive mode from the `openssl` program.
 
    *Richard Levitte*
 
- * Deprecated `EVP_PKEY_cmp()` and `EVP_PKEY_cmp_parameters()` since their
-   return values were confusing: Unlike other `_cmp()` functions
-   they do not return 0 when their arguments are equal.
-   The new replacement functions `EVP_PKEY_eq()` and `EVP_PKEY_parameters_eq()`
-   should be used.
+ * Deprecated `EVP_PKEY_cmp()` and `EVP_PKEY_cmp_parameters()`.
 
    *David von Oheimb and Shane Lontis*
 
- * Deprecated `EC_METHOD_get_field_type()`. Applications should switch to
-   `EC_GROUP_get_field_type()`.
+ * Deprecated `EC_METHOD_get_field_type()`.
 
    *Billy Bob Brumley*
 
  * Deprecated EC_GFp_simple_method(), EC_GFp_mont_method(),
    EC_GF2m_simple_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method()
    EC_GFp_nistp256_method(), and EC_GFp_nistp521_method().
-   Applications should rely on the library automatically assigning a suitable
-   EC_METHOD internally upon EC_GROUP construction.
 
    *Billy Bob Brumley*
 
  * Deprecated EC_GROUP_new(), EC_GROUP_method_of(), and EC_POINT_method_of().
-   EC_METHOD is now an internal-only concept and a suitable EC_METHOD is
-   assigned internally without application intervention.
-   Users of EC_GROUP_new() should switch to a different suitable constructor.
 
    *Billy Bob Brumley*
 
@@ -714,48 +453,33 @@ OpenSSL 3.0
    *Antonio Iacono*
 
  * Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM
-   parameter (RFC 5084) for the Cryptographic Message Syntax (CMS). Its purpose
-   is to support encryption and decryption of a digital envelope that is both
-   authenticated and encrypted using AES GCM mode.
+   parameter (RFC 5084) for the Cryptographic Message Syntax (CMS).
 
    *Jakub Zelenka*
 
- * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These
-   functions are not widely used and now OpenSSL automatically perform this
-   conversion when needed.
+ * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine().
 
    *Billy Bob Brumley*
 
  * Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and
-   EC_KEY_precompute_mult(). These functions are not widely used and
-   applications should instead switch to named curves which OpenSSL has
-   hardcoded lookup tables for.
+   EC_KEY_precompute_mult().
 
    *Billy Bob Brumley*
 
- * Deprecated EC_POINTs_mul(). This function is not widely used and applications
-   should instead use the L<EC_POINT_mul(3)> function.
+ * Deprecated EC_POINTs_mul().
 
    *Billy Bob Brumley*
 
- * Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's
-   that are not applicable to the new provider model. Applications should
-   instead use EVP_default_properties_is_fips_enabled() and
-   EVP_default_properties_enable_fips().
+ * Removed FIPS_mode() and FIPS_mode_set().
 
    *Shane Lontis*
 
- * The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option
-   is set, an unexpected EOF is ignored, it pretends a close notify was received
-   instead and so the returned error becomes SSL_ERROR_ZERO_RETURN.
+ * The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced.
 
    *Dmitry Belyavskiy*
 
  * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and
-   EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely
-   used and applications should instead use the
-   L<EC_POINT_set_affine_coordinates(3)> and
-   L<EC_POINT_get_affine_coordinates(3)> functions.
+   EC_POINT_get_Jprojective_coordinates_GFp().
 
    *Billy Bob Brumley*
 
@@ -768,15 +492,7 @@ OpenSSL 3.0
    *Paul Dale*
 
  * The security strength of SHA1 and MD5 based signatures in TLS has been
-   reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
-   working at the default security level of 1 and instead requires security
-   level 0. The security level can be changed either using the cipher string
-   with `@SECLEVEL`, or calling `SSL_CTX_set_security_level()`. This also means
-   that where the signature algorithms extension is missing from a ClientHello
-   then the handshake will fail in TLS 1.2 at security level 1. This is because,
-   although this extension is optional, failing to provide one means that
-   OpenSSL will fallback to a default set of signature algorithms. This default
-   set requires the availability of SHA1.
+   reduced.
 
    *Kurt Roeckx*
 
@@ -786,8 +502,6 @@ OpenSSL 3.0
    *Richard Levitte*
 
  * ASN1_verify(), ASN1_digest() and ASN1_sign() have been deprecated.
-   They are old functions that we don't use, and that you could disable with
-   the macro NO_ASN1_OLD.  This goes all the way back to OpenSSL 0.9.7.
 
    *Richard Levitte*
 
@@ -855,70 +569,12 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
- * All of the low-level RSA functions have been deprecated including:
-
-   RSA_new, RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params,
-   RSA_get_version, RSA_get0_engine, RSA_generate_key_ex,
-   RSA_generate_multi_prime_key, RSA_X931_derive_ex, RSA_X931_generate_key_ex,
-   RSA_check_key, RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
-   RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method,
-   RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method,
-   RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify,
-   RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING, RSA_blinding_on,
-   RSA_blinding_off, RSA_setup_blinding, RSA_padding_add_PKCS1_type_1,
-   RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2,
-   RSA_padding_check_PKCS1_type_2, PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP,
-   RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1,
-   RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23,
-   RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none,
-   RSA_padding_add_X931, RSA_padding_check_X931, RSA_X931_hash_id,
-   RSA_verify_PKCS1_PSS, RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1,
-   RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data,
-   RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
-   RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
-   RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_get_pub_enc,
-   RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
-   RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
-   RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
-   RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init,
-   RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish,
-   RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify,
-   RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
-   RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
-
-   Use of these low-level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
-   L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
-   L<EVP_PKEY_decrypt(3)>.
-   For replacement of the functions manipulating the RSA objects
-   see the L<EVP_PKEY-RSA(7)> manual page.
-   A simple way of generating RSA keys is L<EVP_RSA_gen(3)>.
-
-   All of these low-level RSA functions have been deprecated without
-   replacement:
-
-   RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
-   RSAPrivateKey_dup, RSAPublicKey_dup, RSA_set_flags, RSA_setup_blinding and
-   RSA_test_flags.
-
-   All of these RSA flags have been deprecated without replacement:
-
-   RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC,
-   RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and
-   RSA_METHOD_FLAG_NO_CHECK.
+ * All of the low level RSA functions have been deprecated.
 
    *Paul Dale*
 
  * X509 certificates signed using SHA1 are no longer allowed at security
    level 1 and above.
-   In TLS/SSL the default security level is 1. It can be set either
-   using the cipher string with `@SECLEVEL`, or calling
-   `SSL_CTX_set_security_level()`. If the leaf certificate is signed with SHA-1,
-   a call to `SSL_CTX_use_certificate()` will fail if the security level is not
-   lowered first.
-   Outside TLS/SSL, the default security level is -1 (effectively 0). It can
-   be set using `X509_VERIFY_PARAM_set_auth_level()` or using the `-auth_level`
-   options of the commands.
 
    *Kurt Roeckx*
 
@@ -929,7 +585,6 @@ OpenSSL 3.0
    *Paul Dale*
 
  * The command line utility rsautl has been deprecated.
-   Instead use the pkeyutl program.
 
    *Paul Dale*
 
@@ -939,120 +594,24 @@ OpenSSL 3.0
 
    *Paul Dale*
 
- * All of the low-level DH functions have been deprecated including:
-
-   DH_OpenSSL, DH_set_default_method, DH_get_default_method, DH_set_method,
-   DH_new_method, DH_new, DH_free, DH_up_ref, DH_bits, DH_set0_pqg, DH_size,
-   DH_security_bits, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data,
-   DH_generate_parameters_ex, DH_check_params_ex, DH_check_ex, DH_check_pub_key_ex,
-   DH_check, DH_check_pub_key, DH_generate_key, DH_compute_key,
-   DH_compute_key_padded, DHparams_print_fp, DHparams_print, DH_get_nid,
-   DH_KDF_X9_42, DH_get0_engine, DH_meth_new, DH_meth_free, DH_meth_dup,
-   DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags,
-   DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key,
-   DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key,
-   DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init,
-   DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish,
-   DH_meth_get_generate_params and DH_meth_set_generate_params.
-
-   Use of these low-level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_PKEY_derive_init(3)>
-   and L<EVP_PKEY_derive(3)>.
-
-   These low-level DH functions have been deprecated without replacement:
-
-   DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
-   DH_set_flags and DH_test_flags.
-
-   The DH_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
-   The DH_FLAG_TYPE_DH and DH_FLAG_TYPE_DHX have been deprecated.  Use
-   EVP_PKEY_is_a() to determine the type of a key.  There is no replacement for
-   setting these flags.
-
-   Additionally functions that read and write DH objects such as d2i_DHparams,
-   i2d_DHparams, PEM_read_DHparam, PEM_write_DHparams and other similar
-   functions have also been deprecated. Applications should instead use the
-   OSSL_DECODER and OSSL_ENCODER APIs to read and write DH files.
-
-   Finally functions that assign or obtain DH objects from an EVP_PKEY such as
-   `EVP_PKEY_assign_DH()`, `EVP_PKEY_get0_DH()`, `EVP_PKEY_get1_DH()`, and
-   `EVP_PKEY_set1_DH()` are also deprecated.
-   Applications should instead either read or write an
-   EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs.
-   Or load an EVP_PKEY directly from DH data using `EVP_PKEY_fromdata()`.
+ * All of the low level DH functions have been deprecated.
 
    *Paul Dale and Matt Caswell*
 
- * All of the low-level DSA functions have been deprecated including:
-
-   DSA_new, DSA_free, DSA_up_ref, DSA_bits, DSA_get0_pqg, DSA_set0_pqg,
-   DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g,
-   DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags,
-   DSA_set_flags, DSA_do_sign, DSA_do_verify, DSA_OpenSSL,
-   DSA_set_default_method, DSA_get_default_method, DSA_set_method,
-   DSA_get_method, DSA_new_method, DSA_size, DSA_security_bits,
-   DSA_sign_setup, DSA_sign, DSA_verify, DSA_get_ex_new_index,
-   DSA_set_ex_data, DSA_get_ex_data, DSA_generate_parameters_ex,
-   DSA_generate_key, DSA_meth_new, DSA_get0_engine, DSA_meth_free,
-   DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags,
-   DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data,
-   DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup,
-   DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify,
-   DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp,
-   DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init,
-   DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen,
-   DSA_meth_set_paramgen, DSA_meth_get_keygen and DSA_meth_set_keygen.
-
-   Use of these low-level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_DigestSignInit_ex(3)>,
-   L<EVP_DigestSignUpdate(3)> and L<EVP_DigestSignFinal(3)>.
-
-   These low-level DSA functions have been deprecated without replacement:
-
-   DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
-   DSA_test_flags.
-
-   The DSA_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
-
-   Finally functions that assign or obtain DSA objects from an EVP_PKEY such as
-   `EVP_PKEY_assign_DSA()`, `EVP_PKEY_get0_DSA()`, `EVP_PKEY_get1_DSA()`, and
-   `EVP_PKEY_set1_DSA()` are also deprecated.
-   Applications should instead either read or write an
-   EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER APIs,
-   or load an EVP_PKEY directly from DSA data using `EVP_PKEY_fromdata()`.
+ * All of the low level DSA functions have been deprecated.
 
    *Paul Dale*
 
  * Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
-   automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This is a breaking
-   change from previous OpenSSL versions.
-
-   Unlike in previous OpenSSL versions, this means that applications must not
-   call `EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)` to get SM2 computations.
-   The `EVP_PKEY_set_alias_type` function has now been removed.
-
-   Parameter and key generation is also reworked to make it possible
-   to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
-   SM2 keys directly and must not create an EVP_PKEY_EC key first.
+   automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC.
 
    *Richard Levitte*
 
- * Deprecated low-level ECDH and ECDSA functions.  These include:
-
-   ECDH_compute_key, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify,
-   ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify and
-   ECDSA_size.
-
-   Use of these low-level functions has been informally discouraged for a long
-   time.  Instead applications should use the EVP_PKEY_derive(3),
-   EVP_DigestSign(3) and EVP_DigestVerify(3) functions.
+ * Deprecated low level ECDH and ECDSA functions.
 
    *Paul Dale*
 
- * Deprecated EVP_PKEY_decrypt_old(), please use EVP_PKEY_decrypt_init()
-   and EVP_PKEY_decrypt() instead.
-   Deprecated EVP_PKEY_encrypt_old(), please use EVP_PKEY_encrypt_init()
-   and EVP_PKEY_encrypt() instead.
+ * Deprecated EVP_PKEY_decrypt_old() and EVP_PKEY_encrypt_old().
 
    *Richard Levitte*
 
@@ -1064,20 +623,10 @@ OpenSSL 3.0
    *Richard Levitte*
 
  * The SSL_CTX_set_tlsext_ticket_key_cb(3) function has been deprecated.
-   Instead used the new SSL_CTX_set_tlsext_ticket_key_evp_cb(3) function.
 
    *Paul Dale*
 
- * All low level HMAC functions except for HMAC have been deprecated including:
-
-   HMAC_size, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free,
-   HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags
-   and HMAC_CTX_get_md.
-
-   Use of these low-level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
-   L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
-   and L<EVP_MAC_final(3)> or the single-shot MAC function L<EVP_Q_mac(3)>.
+ * All of the low level HMAC functions have been deprecated.
 
    *Paul Dale and David von Oheimb*
 
@@ -1093,40 +642,12 @@ OpenSSL 3.0
 
    *Rich Salz*
 
- * All of the low-level CMAC functions have been deprecated including:
-
-   CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_free, CMAC_CTX_get0_cipher_ctx,
-   CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
-
-   Use of these low-level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
-   L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
-   and L<EVP_MAC_final(3)>.
+ * All of the low level CMAC functions have been deprecated.
 
    *Paul Dale*
 
  * The low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256,
    SHA384, SHA512 and Whirlpool digest functions have been deprecated.
-   These include:
-
-   MD2, MD2_options, MD2_Init, MD2_Update, MD2_Final, MD4, MD4_Init,
-   MD4_Update, MD4_Final, MD4_Transform, MD5, MD5_Init, MD5_Update,
-   MD5_Final, MD5_Transform, MDC2, MDC2_Init, MDC2_Update, MDC2_Final,
-   RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final,
-   RIPEMD160_Transform, SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
-   SHA224_Init, SHA224_Update, SHA224_Final, SHA224_Transform,
-   SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform,
-   SHA384_Init, SHA384_Update, SHA384_Final,
-   SHA512_Init, SHA512_Update, SHA512_Final, SHA512_Transform,
-   WHIRLPOOL, WHIRLPOOL_Init,
-   WHIRLPOOL_Update, WHIRLPOOL_BitUpdate and WHIRLPOOL_Final.
-
-   Use of these low-level functions has been informally discouraged
-   for a long time.  Applications should use the L<EVP_DigestInit_ex(3)>,
-   L<EVP_DigestUpdate(3)>, and L<EVP_DigestFinal_ex(3)> functions instead.
-   Alternatively, the quick one-shot function L<EVP_Q_digest(3)> can be used.
-   SHA1, SHA224, SHA256, SHA384 and SHA512 have changed from functions to macros
-   like this: (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL).
 
    *Paul Dale and David von Oheimb*
 
@@ -1140,42 +661,7 @@ OpenSSL 3.0
 
    *Richard Levitte*
 
- * All of the low-level cipher functions have been deprecated including:
-
-   AES_options, AES_set_encrypt_key, AES_set_decrypt_key, AES_encrypt,
-   AES_decrypt, AES_ecb_encrypt, AES_cbc_encrypt, AES_cfb128_encrypt,
-   AES_cfb1_encrypt, AES_cfb8_encrypt, AES_ofb128_encrypt,
-   AES_wrap_key, AES_unwrap_key, BF_set_key, BF_encrypt, BF_decrypt,
-   BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt,
-   BF_options, Camellia_set_key, Camellia_encrypt, Camellia_decrypt,
-   Camellia_ecb_encrypt, Camellia_cbc_encrypt, Camellia_cfb128_encrypt,
-   Camellia_cfb1_encrypt, Camellia_cfb8_encrypt, Camellia_ofb128_encrypt,
-   Camellia_ctr128_encrypt, CAST_set_key, CAST_encrypt, CAST_decrypt,
-   CAST_ecb_encrypt, CAST_cbc_encrypt, CAST_cfb64_encrypt,
-   CAST_ofb64_encrypt, DES_options, DES_encrypt1, DES_encrypt2,
-   DES_encrypt3, DES_decrypt3, DES_cbc_encrypt, DES_ncbc_encrypt,
-   DES_pcbc_encrypt, DES_xcbc_encrypt, DES_cfb_encrypt, DES_cfb64_encrypt,
-   DES_ecb_encrypt, DES_ofb_encrypt, DES_ofb64_encrypt, DES_random_key,
-   DES_set_odd_parity, DES_check_key_parity, DES_is_weak_key, DES_set_key,
-   DES_key_sched, DES_set_key_checked, DES_set_key_unchecked,
-   DES_string_to_key, DES_string_to_2keys, DES_fixup_key_parity,
-   DES_ecb2_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt,
-   DES_ede2_ofb64_encrypt, DES_ecb3_encrypt, DES_ede3_cbc_encrypt,
-   DES_ede3_cfb64_encrypt, DES_ede3_cfb_encrypt, DES_ede3_ofb64_encrypt,
-   DES_cbc_cksum, DES_quad_cksum, IDEA_encrypt, IDEA_options,
-   IDEA_ecb_encrypt, IDEA_set_encrypt_key, IDEA_set_decrypt_key,
-   IDEA_cbc_encrypt, IDEA_cfb64_encrypt, IDEA_ofb64_encrypt, RC2_set_key,
-   RC2_encrypt, RC2_decrypt, RC2_ecb_encrypt, RC2_cbc_encrypt,
-   RC2_cfb64_encrypt, RC2_ofb64_encrypt, RC4, RC4_options, RC4_set_key,
-   RC5_32_set_key, RC5_32_encrypt, RC5_32_decrypt, RC5_32_ecb_encrypt,
-   RC5_32_cbc_encrypt, RC5_32_cfb64_encrypt, RC5_32_ofb64_encrypt,
-   SEED_set_key, SEED_encrypt, SEED_decrypt, SEED_ecb_encrypt,
-   SEED_cbc_encrypt, SEED_cfb128_encrypt and SEED_ofb128_encrypt.
-
-   Use of these low-level functions has been informally discouraged for
-   a long time. Applications should use the high level EVP APIs, e.g.
-   EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the
-   equivalently named decrypt functions instead.
+ * All of the low level cipher functions have been deprecated.
 
    *Matt Caswell and Paul Dale*
 
@@ -1223,21 +709,7 @@ OpenSSL 3.0
    *Rich Salz*
 
  * Introduced a new method type and API, OSSL_ENCODER, to
-   represent generic encoders.  An implementation is expected to
-   be able to encode an object associated with a given name (such
-   as an algorithm name for an asymmetric key) into forms given by
-   implementation properties.
-
-   Encoders are primarily used from inside libcrypto, through
-   calls to functions like EVP_PKEY_print_private(),
-   PEM_write_bio_PrivateKey() and similar.
-
-   Encoders are specified in such a way that they can be made to
-   directly handle the provider side portion of an object, if this
-   provider side part comes from the same provider as the encoder
-   itself, but can also be made to handle objects in parametrized
-   form (as an OSSL_PARAM array of data).  This allows a provider to
-   offer generic encoders as a service for any other provider.
+   represent generic encoders.
 
    *Richard Levitte*
 
@@ -1254,11 +726,7 @@ OpenSSL 3.0
 
    *Richard Levitte*
 
- * Added functionality to create an EVP_PKEY from user data.  This
-   is effectively the same as creating a RSA, DH or DSA object and
-   then assigning them to an EVP_PKEY, but directly using algorithm
-   agnostic EVP functions.  A benefit is that this should be future
-   proof for public key algorithms to come.
+ * Added functionality to create an EVP_PKEY from user data.
 
    *Richard Levitte*
 
@@ -1362,13 +830,9 @@ OpenSSL 3.0
    ERR_peek_error_data(), ERR_peek_last_error_data(), ERR_get_error_all(),
    ERR_peek_error_all() and ERR_peek_last_error_all().
 
-   These functions have become deprecated: ERR_get_error_line(),
-   ERR_get_error_line_data(), ERR_peek_error_line_data(),
-   ERR_peek_last_error_line_data() and ERR_func_error_string().
-
-   Users are recommended to use ERR_get_error_all(), or to pick information
-   with ERR_peek functions and finish off with getting the error code by using
-   ERR_get_error().
+   Deprecate ERR functions ERR_get_error_line(), ERR_get_error_line_data(),
+   ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and
+   ERR_func_error_string().
 
    *Richard Levitte*
 
@@ -1575,12 +1039,6 @@ OpenSSL 3.0
    *Tom?? Mr?z*
 
  * Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898.
-   This checks that the salt length is at least 128 bits, the derived key
-   length is at least 112 bits, and that the iteration count is at least 1000.
-   For backwards compatibility these checks are disabled by default in the
-   default provider, but are enabled by default in the fips provider.
-   To enable or disable these checks use the control
-   EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE.
 
    *Shane Lontis*
 
@@ -1614,14 +1072,7 @@ OpenSSL 3.0
    *Richard Levitte*
 
  * The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been
-   deprecated. These undocumented functions were never integrated into the EVP
-   layer and implement the AES Infinite Garble Extension (IGE) mode and AES
-   Bi-directional IGE mode. These modes were never formally standardised and
-   usage of these functions is believed to be very small. In particular
-   AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
-   is ever used. The security implications are believed to be minimal, but
-   this issue was never fixed for backwards compatibility reasons. New code
-   should not use these modes.
+   deprecated.
 
    *Matt Caswell*
 
@@ -1652,17 +1103,7 @@ OpenSSL 3.0
    *Richard Levitte*
 
  * Added a new generic trace API which provides support for enabling
-   instrumentation through trace output. This feature is mainly intended
-   as an aid for developers and is disabled by default. To utilize it,
-   OpenSSL needs to be configured with the `enable-trace` option.
-
-   If the tracing API is enabled, the application can activate trace output
-   by registering BIOs as trace channels for a number of tracing and debugging
-   categories.
-
-   The `openssl` program has been expanded to enable any of the types
-   available via environment variables defined by the user, and serves as
-   one possible example on how to use this functionality.
+   instrumentation through trace output.
 
    *Richard Levitte & Matthias St. Pierre*
 
@@ -1780,8 +1221,7 @@ OpenSSL 3.0
 
    *Richard Levitte*
 
- * Deprecate ECDH_KDF_X9_62() and mark its replacement as internal. Users
-   should use the EVP interface instead (EVP_PKEY_CTX_set_ecdh_kdf_type).
+ * Deprecate ECDH_KDF_X9_62().
 
    *Antoine Salon*
 
@@ -1822,11 +1262,7 @@ OpenSSL 3.0
 
    *Boris Pismenny*
 
- * The SSL option SSL_OP_CLEANSE_PLAINTEXT is introduced. If that
-   option is set, openssl cleanses (zeroize) plaintext bytes from
-   internal buffers after delivering them to the application. Note,
-   the application is still responsible for cleansing other copies
-   (e.g.: data received by SSL_read(3)).
+ * The SSL option SSL_OP_CLEANSE_PLAINTEXT is introduced.
 
    *Martin Elshuber*
 
@@ -1835,12 +1271,7 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
- * Deprecated pthread fork support methods. These were unused so no
-   replacement is required.
-
-   - OPENSSL_fork_prepare()
-   - OPENSSL_fork_parent()
-   - OPENSSL_fork_child()
+ * Deprecated pthread fork support methods.
 
    *Randall S. Becker*
 
@@ -4951,7 +4382,6 @@ OpenSSL 1.0.2
    would be an erroneous display of the certificate in text format.
 
    This issue was reported to OpenSSL by the OSS-Fuzz project.
-   ([CVE-2017-3735])
 
    *Rich Salz*
 
@@ -5227,7 +4657,6 @@ OpenSSL 1.0.2
    bytes.
 
    This issue was reported by Juraj Somorovsky using TLS-Attacker.
-   ([CVE-2016-2107])
 
    *Kurt Roeckx*
 
diff --git a/NEWS.md b/NEWS.md
index 13b2511651..50a2fd36e2 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,7 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
+  * Added migration guide to man7
   * Implemented support for fully "pluggable" TLSv1.3 groups
   * Added suport for Kernel TLS (KTLS)
   * Changed the license to the Apache License v2.0.
diff --git a/README-FIPS.md b/README-FIPS.md
index 3dc6c35b89..a8be9ddb31 100644
--- a/README-FIPS.md
+++ b/README-FIPS.md
@@ -58,411 +58,10 @@ If you configured OpenSSL to be installed to a different location, the paths wil
 vary accordingly. In the rare case that you need to install the fipsmodule.cnf
 to non-standard location, you can execute the `openssl fipsinstall` command manually.
 
-
 Using the FIPS Module in applications
 =====================================
 
-There are a number of different ways that OpenSSL can be used in conjunction
-with the FIPS module. Which is the correct approach to use will depend on your
-own specific circumstances and what you are attempting to achieve. Note that the
-old functions `FIPS_mode()` and `FIPS_mode_set()` are no longer present so you
-must remove them from your application if you use them.
-
-Applications written to use the OpenSSL 3.0 FIPS module should not use any
-legacy APIs or features that avoid the FIPS module. Specifically this includes:
-
-- Low level cryptographic APIs (use the high level APIs, such as EVP, instead)
-- Engines
-- Any functions that create or modify custom "METHODS" (for example
-`EVP_MD_meth_new`, `EVP_CIPHER_meth_new`, `EVP_PKEY_meth_new`, `RSA_meth_new`,
-`EC_KEY_METHOD_new`, etc.)
-
-All of the above APIs are deprecated in OpenSSL 3.0 - so a simple rule is to
-avoid using all deprecated functions.
-
-Making all applications use the FIPS module by default
-------------------------------------------------------
-
-One simple approach is to cause all applications that are using OpenSSL to only
-use the FIPS module for cryptographic algorithms by default.
-
-This approach can be done purely via configuration. As long as applications are
-built and linked against OpenSSL 3.0 and do not override the loading of the
-default config file or its settings then they can automatically start using the
-FIPS module without the need for any further code changes.
-
-To do this the default OpenSSL config file will have to be modified. The
-location of this config file will depend on the platform, and any options that
-were given during the build process. You can check the location of the config
-file by running this command:
-
-    $ openssl version -d
-    OPENSSLDIR: "/usr/local/ssl"
-
-Caution: Many Operating Systems install OpenSSL by default. It is a common error
-to not have the correct version of OpenSSL on your $PATH. Check that you are
-running an OpenSSL 3.0 version like this:
-
-    $ openssl version -v
-    OpenSSL 3.0.0-dev xx XXX xxxx (Library: OpenSSL 3.0.0-dev xx XXX xxxx)
-
-The OPENSSLDIR value above gives the directory name for where the default config
-file is stored. So in this case the default config file will be called
-`/usr/local/ssl/openssl.cnf`
-
-Edit the config file to add the following lines near the beginning:
-
-    openssl_conf = openssl_init
-
-    .include /usr/local/ssl/fipsmodule.cnf
-
-    [openssl_init]
-    providers = provider_sect
-
-    [provider_sect]
-    fips = fips_sect
-    base = base_sect
-
-    [base_sect]
-    activate = 1
-
-Obviously the include file location above should match the name of the FIPS
-module config file that you installed earlier.
-
-Any applications that use OpenSSL 3.0 and are started after these changes are
-made will start using only the FIPS module unless those applications take
-explicit steps to avoid this default behaviour. Note that this configuration
-also activates the "base" provider. The base provider does not include any
-cryptographic algorithms (and therefore does not impact the validation status of
-any cryptographic operations), but does include other supporting algorithms that
-may be required. It is designed to be used in conjunction with the FIPS module.
-
-This approach has the primary advantage that it is simple, and no code changes
-are required in applications in order to benefit from the FIPS module. There are
-some disadvantages to this approach:
-
-- You may not want all applications to use the FIPS module. It may be the case
-that some applications should and some should not.
-- If applications take explicit steps to not load the default config file or set
-different settings then this method will not work for them
-- The algorithms available in the FIPS module are a subset of the algorithms
-that are available in the default OpenSSL Provider. If those applications
-attempt to use any algorithms that are not present, then they will fail.
-- Usage of certain deprecated APIs avoids the use of the FIPS module. If any
-applications use those APIs then the FIPS module will not be used.
-
-Selectively making applications use the FIPS module by default
---------------------------------------------------------------
-
-A variation on the above approach is to do the same thing on an individual
-application basis. The default OpenSSL config file depends on the compiled in
-value for OPENSSLDIR as described in the section above. However it is also
-possible to override the config file to be used via the `OPENSSL_CONF`
-environment variable. For example the following on Unix will cause the
-application to be executed with a non-standard config file location:
-
-    $ OPENSSL_CONF=/my/non-default/openssl.cnf myapplication
-
-Using this mechanism you can control which config file is loaded (and hence
-whether the FIPS module is loaded) on an application by application basis.
-
-This removes the disadvantage listed above that you may not want all
-applications to use the FIPS module. All the other advantages and disadvantages
-still apply.
-
-Programmatically loading the FIPS module (default library context)
-------------------------------------------------------------------
-
-Applications may choose to load the FIPS provider explicitly rather than relying
-on config to do this. The config file is still necessary in order to hold the
-FIPS module config data (such as its self test status and integrity data). But
-in this case we do not automatically activate the FIPS provider via that config
-file.
-
-To do things this way configure as per the section "Making all applications use
-the FIPS module by default" above, but edit the `fipsmodule.cnf` file to remove
-or comment out the line which says `activate = 1` (note that setting this value
-to 0 is **not** sufficient). This means all the required config information will
-be available to load the FIPS module, but it is not actually automatically
-loaded when the application starts. The FIPS provider can then be loaded
-programmatically like this:
-
-    #include <openssl/provider.h>
-
-    int main(void)
-    {
-        OSSL_PROVIDER *fips;
-        OSSL_PROVIDER *base;
-
-        fips = OSSL_PROVIDER_load(NULL, "fips");
-        if (fips == NULL) {
-            printf("Failed to load FIPS provider\n");
-            exit(EXIT_FAILURE);
-        }
-        base = OSSL_PROVIDER_load(NULL, "base");
-        if (base == NULL) {
-            OSSL_PROVIDER_unload(fips);
-            printf("Failed to load base provider\n");
-            exit(EXIT_FAILURE);
-        }
-
-        /* Rest of application */
-
-        OSSL_PROVIDER_unload(base);
-        OSSL_PROVIDER_unload(fips);
-        exit(EXIT_SUCCESS);
-    }
-
-Note that this should be one of the first things that you do in your
-application. If any OpenSSL functions get called that require the use of
-cryptographic functions before this occurs then, if no provider has yet been
-loaded, then the default provider will be automatically loaded. If you then
-later explicitly load the FIPS provider then you will have both the FIPS and the
-default provider loaded at the same time. It is undefined which implementation
-of an algorithm will be used if multiple implementations are available and you
-have not explicitly specified via a property query (see below) which one should
-be used.
-
-Also note that in this example we have additionally loaded the "base" provider.
-This loads a sub-set of algorithms that are also available in the default
-provider - specifically non cryptographic ones which may be used in conjunction
-with the FIPS provider. For example this contains algorithms for encoding and
-decoding keys. If you decide not to load the default provider then you
-will usually want to load the base provider instead.
-
-In this example we are using the "default" library context. OpenSSL functions
-operate within the scope of a library context. If no library context is
-explicitly specified then the default library context is used. For further
-details about library contexts see the `OSSL_LIB_CTX(3)` man page.
-
-Loading the FIPS module at the same time as other providers
------------------------------------------------------------
-
-It is possible to have the FIPS provider and other providers (such as the
-default provider) all loaded at the same time into the same library context. You
-can use a property query string during algorithm fetches to specify which
-implementation you would like to use.
-
-For example to fetch an implementation of SHA256 which conforms to FIPS
-standards you can specify the property query `fips=yes` like this:
-
-    EVP_MD *sha256;
-
-    sha256 = EVP_MD_fetch(NULL, "SHA2-256", "fips=yes");
-
-If no property query is specified, or more than one implementation matches the
-property query then it is undefined which implementation of a particular
-algorithm will be returned.
-
-This example shows an explicit request for an implementation of SHA256 from the
-default provider:
-
-    EVP_MD *sha256;
-
-    sha256 = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
-
-It is also possible to set a default property query string. The following
-example sets the default property query of "fips=yes" for all fetches within the
-default library context:
-
-    EVP_set_default_properties(NULL, "fips=yes");
-
-If a fetch function has both an explicit property query specified, and a
-default property query is defined then the two queries are merged together and
-both apply. The local property query overrides the default properties if the
-same property name is specified in both.
-
-There are two important built-in properties that you should be aware of:
-
-The "provider" property enables you to specify which provider you want an
-implementation to be fetched from, e.g. `provider=default` or `provider=fips`.
-All algorithms implemented in a provider have this property set on them.
-
-There is also the `fips` property. All FIPS algorithms match against the
-property query `fips=yes`. There are also some non-cryptographic algorithms
-available in the default and base providers that also have the `fips=yes`
-property defined for them. These are the encoder and decoder algorithms that
-can (for example) be used to write out a key generated in the FIPS provider to a
-file. The encoder and decoder algorithms are not in the FIPS module itself but
-are allowed to be used in conjunction with the FIPS algorithms.
-
-It is possible to specify default properties within a config file. For example
-the following config file automatically loads the default and fips providers and
-sets the default property value to be `fips=yes`. Note that this config file
-does not load the "base" provider. All supporting algorithms that are in "base"
-are also in "default", so it is unnecessary in this case:
-
-    openssl_conf = openssl_init
-
-    .include /usr/local/ssl/fipsmodule.cnf
-
-    [openssl_init]
-    providers = provider_sect
-    alg_section = algorithm_sect
-
-    [provider_sect]
-    fips = fips_sect
-    default = default_sect
-
-    [default_sect]
-    activate = 1
-
-    [algorithm_sect]
-    default_properties = fips=yes
-
-Programmatically loading the FIPS module (non-default library context)
-----------------------------------------------------------------------
-
-In addition to using properties to separate usage of the FIPS module from other
-usages this can also be achieved using library contexts. In this example we
-create two library contexts. In one we assume the existence of a config file
-called "openssl-fips.cnf" that automatically loads and configures the FIPS and
-base providers. The other library context will just use the default provider.
-
-    OSSL_LIB_CTX *fipslibctx, *nonfipslibctx;
-    OSSL_PROVIDER *defctxnull = NULL;
-    EVP_MD *fipssha256 = NULL, *nonfipssha256 = NULL;
-    int ret = 1;
-
-    /*
-     * Create two non-default library contexts. One for fips usage and one for
-     * non-fips usage
-     */
-    fipslibctx = OSSL_LIB_CTX_new();
-    nonfipslibctx = OSSL_LIB_CTX_new();
-    if (fipslibctx == NULL || nonfipslibctx == NULL)
-        goto err;
-
-    /* Prevent anything from using the default library context */
-    defctxnull = OSSL_PROVIDER_load(NULL, "null");
-
-    /*
-     * Load config file for the FIPS library context. We assume that this
-     * config file will automatically activate the FIPS and base providers so we
-     * don't need to explicitly load them here.
-     */
-    if (!OSSL_LIB_CTX_load_config(fipslibctx, "openssl-fips.cnf"))
-        goto err;
-
-    /*
-     * We don't need to do anything special to load the default provider into
-     * nonfipslibctx. This happens automatically if no other providers are
-     * loaded. Because we don't call OSSL_LIB_CTX_load_config() explicitly for
-     * nonfipslibctx it will just use the default config file.
-     */
-
-    /* As an example get some digests */
-
-    /* Get a FIPS validated digest */
-    fipssha256 = EVP_MD_fetch(fipslibctx, "SHA2-256", NULL);
-    if (fipssha256 == NULL)
-        goto err;
-
-    /* Get a non-FIPS validated digest */
-    nonfipssha256 = EVP_MD_fetch(nonfipslibctx, "SHA2-256", NULL);
-    if (nonfipssha256 == NULL)
-        goto err;
-
-    /* Use the digests */
-
-    printf("Success\n");
-    ret = 0;
-
-    err:
-    EVP_MD_free(fipssha256);
-    EVP_MD_free(nonfipssha256);
-    OSSL_LIB_CTX_free(fipslibctx);
-    OSSL_LIB_CTX_free(nonfipslibctx);
-    OSSL_PROVIDER_unload(defctxnull);
-
-    return ret;
-
-Note that we have made use of the special "null" provider here which we load
-into the default library context. We could have chosen to use the default
-library context for FIPS usage, and just create one additional library context
-for other usages - or vice versa. However if code has not been converted to use
-library contexts then the default library context will be automatically used.
-This could be the case for your own existing applications as well as certain
-parts of OpenSSL itself. Not all parts of OpenSSL are library context aware. If
-this happens then you could "accidentally" use the wrong library context for a
-particular operation. To be sure this doesn't happen you can load the "null"
-provider into the default library context. Because a provider has been
-explicitly loaded, the default provider will not automatically load. This means
-code using the default context by accident will fail because no algorithms will
-be available.
-
-Using Encoders and Decoders with the FIPS module
-------------------------------------------------
-
-Encoders and decoders are used to read and write keys or parameters from or to
-some external format (for example a PEM file). If your application generates
-keys or parameters that then need to be written into PEM or DER format
-then it is likely that you will need to use an encoder to do this. Similarly
-you need a decoder to read previously saved keys and parameters. In most cases
-this will be invisible to you if you are using APIs that existed in
-OpenSSL 1.1.1 or earlier such as i2d_PrivateKey. However the appropriate
-encoder/decoder will need to be available in the library context associated with
-the key or parameter object. The built-in OpenSSL encoders and decoders are
-implemented in both the default and base providers and are not in the FIPS
-module boundary. However since they are not cryptographic algorithms themselves
-it is still possible to use them in conjunction with the FIPS module, and
-therefore these encoders/decoders have the "fips=yes" property against them.
-You should ensure that either the default or base provider is loaded into the
-library context in this case.
-
-Using the FIPS module in SSL/TLS
---------------------------------
-
-Writing an application that uses libssl in conjunction with the FIPS module is
-much the same as writing a normal libssl application. If you are using global
-properties and the default library context to specify usage of FIPS validated
-algorithms then this will happen automatically for all cryptographic algorithms
-in libssl. If you are using a non-default library context to load the FIPS
-provider then you can supply this to libssl using the function
-`SSL_CTX_new_ex()`. This works as a drop in replacement for the function
-`SSL_CTX_new()` except it provides you with the capability to specify the
-library context to be used. You can also use the same function to specify
-libssl specific properties to use.
-
-In this first example we create two SSL_CTX objects using two different library
-contexts.
-
-    /*
-     * We assume that a non-default library context with the FIPS provider
-     * loaded has been created called fips_libctx.
-     /
-    SSL_CTX *fips_ssl_ctx = SSL_CTX_new_ex(fips_libctx, NULL, TLS_method());
-    /*
-     * We assume that a non-default library context with the default provider
-     * loaded has been created called non_fips_libctx.
-     */
-    SSL_CTX *non_fips_ssl_ctx = SSL_CTX_new_ex(non_fips_libctx, NULL,
-                                               TLS_method());
-
-In this second example we create two SSL_CTX objects using different properties
-to specify FIPS usage:
-
-    /*
-     * The "fips=yes" property includes all FIPS approved algorithms as well as
-     * encoders from the default provider that are allowed to be used. The NULL
-     * below indicates that we are using the default library context.
-     */
-    SSL_CTX *fips_ssl_ctx = SSL_CTX_new_ex(NULL, "fips=yes", TLS_method());
-    /*
-     * The "provider!=fips" property allows algorithms from any provider except
-     * the FIPS provider
-     */
-    SSL_CTX *non_fips_ssl_ctx = SSL_CTX_new_ex(NULL, "provider!=fips",
-                                               TLS_method());
-
-Confirming that an algorithm is being provided by the FIPS module
------------------------------------------------------------------
-
-A chain of links needs to be followed to go from an algorithm instance to the
-provider that implements it. The process is similar for all algorithms. Here the
-example of a digest is used.
+Documentation about using the FIPS module is available on the [fips_module(7)]
+manual page.
 
-To go from an `EVP_MD_CTX` to an `EVP_MD`, use the `EVP_MD_CTX_md()` call. To go
-from the `EVP_MD` to its `OSSL_PROVIDER`, use the `EVP_MD_provider()` call. To
-extract the name from the `OSSL_PROVIDER`, use the `OSSL_PROVIDER_name()` call.
-Finally, use `strcmp(3)` or `printf(3)` on the name.
+ [fips_module(7)]: https://www.openssl.org/docs/manmaster/man7/fips_module.html
diff --git a/doc/build.info b/doc/build.info
index 02882af91e..f64919a7c4 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -4292,6 +4292,10 @@ DEPEND[html/man7/evp.html]=man7/evp.pod
 GENERATE[html/man7/evp.html]=man7/evp.pod
 DEPEND[man/man7/evp.7]=man7/evp.pod
 GENERATE[man/man7/evp.7]=man7/evp.pod
+DEPEND[html/man7/fips_module.html]=man7/fips_module.pod
+GENERATE[html/man7/fips_module.html]=man7/fips_module.pod
+DEPEND[man/man7/fips_module.7]=man7/fips_module.pod
+GENERATE[man/man7/fips_module.7]=man7/fips_module.pod
 DEPEND[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod
 GENERATE[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod
 DEPEND[man/man7/life_cycle-kdf.7]=man7/life_cycle-kdf.pod
@@ -4304,6 +4308,10 @@ DEPEND[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod
 GENERATE[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod
 DEPEND[man/man7/life_cycle-rand.7]=man7/life_cycle-rand.pod
 GENERATE[man/man7/life_cycle-rand.7]=man7/life_cycle-rand.pod
+DEPEND[html/man7/migration_guide.html]=man7/migration_guide.pod
+GENERATE[html/man7/migration_guide.html]=man7/migration_guide.pod
+DEPEND[man/man7/migration_guide.7]=man7/migration_guide.pod
+GENERATE[man/man7/migration_guide.7]=man7/migration_guide.pod
 DEPEND[html/man7/openssl-core.h.html]=man7/openssl-core.h.pod
 GENERATE[html/man7/openssl-core.h.html]=man7/openssl-core.h.pod
 DEPEND[man/man7/openssl-core.h.7]=man7/openssl-core.h.pod
@@ -4496,9 +4504,11 @@ html/man7/crypto.html \
 html/man7/ct.html \
 html/man7/des_modes.html \
 html/man7/evp.html \
+html/man7/fips_module.html \
 html/man7/life_cycle-kdf.html \
 html/man7/life_cycle-mac.html \
 html/man7/life_cycle-rand.html \
+html/man7/migration_guide.html \
 html/man7/openssl-core.h.html \
 html/man7/openssl-core_dispatch.h.html \
 html/man7/openssl-core_names.h.html \
@@ -4599,9 +4609,11 @@ man/man7/crypto.7 \
 man/man7/ct.7 \
 man/man7/des_modes.7 \
 man/man7/evp.7 \
+man/man7/fips_module.7 \
 man/man7/life_cycle-kdf.7 \
 man/man7/life_cycle-mac.7 \
 man/man7/life_cycle-rand.7 \
+man/man7/migration_guide.7 \
 man/man7/openssl-core.h.7 \
 man/man7/openssl-core_dispatch.h.7 \
 man/man7/openssl-core_names.h.7 \
diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod
index cb30b27ff5..e4b7e429a0 100644
--- a/doc/man3/DH_size.pod
+++ b/doc/man3/DH_size.pod
@@ -9,26 +9,26 @@ security bits
 
  #include <openssl/dh.h>
 
- int DH_bits(const DH *dh);
-
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
 
+ int DH_bits(const DH *dh);
+
  int DH_size(const DH *dh);
 
  int DH_security_bits(const DH *dh);
 
 =head1 DESCRIPTION
 
+The functions described on this page are deprecated.
+Applications should instead use L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
 DH_bits() returns the number of significant bits.
 
 B<dh> and B<dh-E<gt>p> must not be B<NULL>.
 
-The remaining functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_security_bits(3)> and
-L<EVP_PKEY_size(3)>.
-
 DH_size() returns the Diffie-Hellman prime size in bytes. It can be used
 to determine how much memory must be allocated for the shared secret
 computed by L<DH_compute_key(3)>.
@@ -55,9 +55,7 @@ L<BN_num_bits(3)>
 
 =head1 HISTORY
 
-The DH_size() and DH_security_bits() functions were deprecated in OpenSSL 3.0.
-
-The DH_bits() function was added in OpenSSL 1.1.0.
+All functions were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod
index 6c24c437e5..4024b3219c 100644
--- a/doc/man3/PEM_read_CMS.pod
+++ b/doc/man3/PEM_read_CMS.pod
@@ -85,7 +85,7 @@ L<openssl_user_macros(7)>:
 =head1 DESCRIPTION
 
 All of the functions described on this page are deprecated.
-Applications should use OSSL_ENCODER_to_bio() and OSSL_ENCODER_from_bio()
+Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio()
 instead.
 
 In the description below, B<I<TYPE>> is used
diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod
index 2addbb4d61..c053d03a21 100644
--- a/doc/man3/PEM_read_bio_PrivateKey.pod
+++ b/doc/man3/PEM_read_bio_PrivateKey.pod
@@ -194,7 +194,7 @@ L<openssl_user_macros(7)>:
 
 All of the functions described on this page that have a I<TYPE> of B<DH>, B<DSA>
 and B<RSA> are deprecated. Applications should use OSSL_ENCODER_to_bio() and
-OSSL_ENCODER_from_bio() instead.
+OSSL_DECODER_from_bio() instead.
 
 The PEM functions read or write structures in PEM format. In
 this sense PEM format is simply base64 encoded data surrounded
diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod
index 86ac3fa9a0..1fa86ab2cd 100644
--- a/doc/man7/OSSL_PROVIDER-legacy.pod
+++ b/doc/man7/OSSL_PROVIDER-legacy.pod
@@ -64,7 +64,8 @@ Not all of these symmetric cipher algorithms are enabled by default.
 
 =item DES
 
-=item IDEA
+The algorithm names are: DES_ECB, DES_CBC, DES_OFB, DES_CFB, DES_CFB1, DES_CFB8
+and DESX_CBC.
 
 =item RC2
 
@@ -83,8 +84,6 @@ Disabled by default. Use I<enable-rc5> config option to enable.
 When algorithms for other operations start appearing, the
 following =head2 titles are appropriate to use:
 
-- Symmetric Ciphers
-
 - Message Authentication Code (MAC)
 
 - Key Derivation Function (KDF)
@@ -108,7 +107,7 @@ L<provider(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod
index 9db62e5aab..b45404cce0 100644
--- a/doc/man7/crypto.pod
+++ b/doc/man7/crypto.pod
@@ -75,6 +75,7 @@ Similarly when the application exits the default library context is
 automatically destroyed. No explicit de-initialisation steps need to be taken.
 
 See L<OSSL_LIB_CTX(3)> for more information about library contexts.
+See also L</ALGORITHM FETCHING>.
 
 =head2 Multi-threaded applications
 
@@ -303,7 +304,7 @@ provider can also be selected with the property "fips=yes". The FIPS provider
 may also contain non-approved algorithm implementations and these can be
 selected with the property "fips=no".
 
-See L<OSSL_PROVIDER-FIPS(7)>.
+See L<OSSL_PROVIDER-FIPS(7)> and L<fips_module(7)>.
 
 =head2 Legacy provider
 
diff --git a/README-FIPS.md b/doc/man7/fips_module.pod
similarity index 67%
copy from README-FIPS.md
copy to doc/man7/fips_module.pod
index 3dc6c35b89..b8a343eb09 100644
--- a/README-FIPS.md
+++ b/doc/man7/fips_module.pod
@@ -1,72 +1,21 @@
-OpenSSL FIPS support
-====================
+=pod
 
-This release of OpenSSL includes a cryptographic module that is intended to be
-FIPS 140-2 validated. The module is implemented as an OpenSSL provider.
-A provider is essentially a dynamically loadable module which implements
-cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
-for further details.
+=head1 NAME
 
-The OpenSSL FIPS provider comes as shared library called `fips.so` (on Unix)
-resp. `fips.dll` (on Windows). The FIPS provider does not get built and
-installed automatically. To enable it, you need to configure OpenSSL using
-the `enable-fips` option.
+fips_module - OpenSSL fips module guide
 
-Installing the FIPS module
-==========================
+=head1 SYNOPSIS
 
-If the FIPS provider is enabled, it gets installed automatically during the
-normal installation process. Simply follow the normal procedure (configure,
-make, make test, make install) as described in the [INSTALL](INSTALL.md) file.
+See the individual manual pages for details.
 
-For example, on Unix the final command
+=head1 DESCRIPTION
 
-    $ make install
-
-effectively executes the following install targets
-
-    $ make install_sw
-    $ make install_ssldirs
-    $ make install_docs
-    $ make install_fips     # for `enable-fips` only
-
-The `install_fips` make target can also be invoked explicitly to install
-the FIPS provider independently, without installing the rest of OpenSSL.
-
-The Installation of the FIPS provider consists of two steps. In the first step,
-the shared library is copied to its installed location, which by default is
-
-    /usr/local/lib/ossl-modules/fips.so                  on Unix, and
-    C:\Program Files\OpenSSL\lib\ossl-modules\fips.dll   on Windows.
-
-In the second step, the `openssl fipsinstall` command is executed, which completes
-the installation by doing the following two things:
-
-- Runs the FIPS module self tests
-- Generates the so-called FIPS module configuration file containing information
-  about the module such as the self test status, and the module checksum.
-
-The FIPS module must have the self tests run, and the FIPS module config file
-output generated on every machine that it is to be used on. You must not copy
-the FIPS module config file output data from one machine to another.
-
-On Unix the `openssl fipsinstall` command will be invoked as follows by default:
-
-    $ openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib/ossl-modules/fips.so
-
-If you configured OpenSSL to be installed to a different location, the paths will
-vary accordingly. In the rare case that you need to install the fipsmodule.cnf
-to non-standard location, you can execute the `openssl fipsinstall` command manually.
-
-
-Using the FIPS Module in applications
-=====================================
-
-There are a number of different ways that OpenSSL can be used in conjunction
+This guide details different ways that OpenSSL can be used in conjunction
 with the FIPS module. Which is the correct approach to use will depend on your
-own specific circumstances and what you are attempting to achieve. Note that the
-old functions `FIPS_mode()` and `FIPS_mode_set()` are no longer present so you
-must remove them from your application if you use them.
+own specific circumstances and what you are attempting to achieve.
+
+Note that the old functions 'FIPS_mode()` and `FIPS_mode_set()` are no longer
+present so you must remove them from your application if you use them.
 
 Applications written to use the OpenSSL 3.0 FIPS module should not use any
 legacy APIs or features that avoid the FIPS module. Specifically this includes:
@@ -78,10 +27,10 @@ legacy APIs or features that avoid the FIPS module. Specifically this includes:
 `EC_KEY_METHOD_new`, etc.)
 
 All of the above APIs are deprecated in OpenSSL 3.0 - so a simple rule is to
-avoid using all deprecated functions.
+avoid using all deprecated functions. See L<migration_guide(7)> for a list of
+deprecated functions.
 
-Making all applications use the FIPS module by default
-------------------------------------------------------
+=head2 Making all applications use the FIPS module by default
 
 One simple approach is to cause all applications that are using OpenSSL to only
 use the FIPS module for cryptographic algorithms by default.
@@ -100,7 +49,7 @@ file by running this command:
     OPENSSLDIR: "/usr/local/ssl"
 
 Caution: Many Operating Systems install OpenSSL by default. It is a common error
-to not have the correct version of OpenSSL on your $PATH. Check that you are
+to not have the correct version of OpenSSL in your $PATH. Check that you are
 running an OpenSSL 3.0 version like this:
 
     $ openssl version -v
@@ -126,8 +75,9 @@ Edit the config file to add the following lines near the beginning:
     [base_sect]
     activate = 1
 
-Obviously the include file location above should match the name of the FIPS
-module config file that you installed earlier.
+Obviously the include file location above should match the path and name of the
+FIPS module config file that you installed earlier.
+See L<https://github.com/openssl/openssl/blob/master/README-FIPS.md>.
 
 Any applications that use OpenSSL 3.0 and are started after these changes are
 made will start using only the FIPS module unless those applications take
@@ -141,27 +91,40 @@ This approach has the primary advantage that it is simple, and no code changes
 are required in applications in order to benefit from the FIPS module. There are
 some disadvantages to this approach:
 
-- You may not want all applications to use the FIPS module. It may be the case
-that some applications should and some should not.
-- If applications take explicit steps to not load the default config file or set
-different settings then this method will not work for them
-- The algorithms available in the FIPS module are a subset of the algorithms
-that are available in the default OpenSSL Provider. If those applications
-attempt to use any algorithms that are not present, then they will fail.
-- Usage of certain deprecated APIs avoids the use of the FIPS module. If any
-applications use those APIs then the FIPS module will not be used.
+=over 4
+
+=item You may not want all applications to use the FIPS module.
 
-Selectively making applications use the FIPS module by default
---------------------------------------------------------------
+It may be the case that some applications should and some should not use the
+FIPS module.
+
+=item If applications take explicit steps to not load the default config file or
+set different settings.
+
+This method will not work for these cases.
+
+=item The algorithms available in the FIPS module are a subset of the algorithms
+that are available in the default OpenSSL Provider.
+
+If any applications attempt to use any algorithms that are not present,
+then they will fail.
+
+-=item Usage of certain deprecated APIs avoids the use of the FIPS module.
+
+If any applications use those APIs then the FIPS module will not be used.
+
+=back
+
+=head2 Selectively making applications use the FIPS module by default
 
 A variation on the above approach is to do the same thing on an individual
 application basis. The default OpenSSL config file depends on the compiled in
 value for OPENSSLDIR as described in the section above. However it is also
 possible to override the config file to be used via the `OPENSSL_CONF`
-environment variable. For example the following on Unix will cause the
+environment variable. For example the following, on Unix, will cause the
 application to be executed with a non-standard config file location:
 
-    $ OPENSSL_CONF=/my/non-default/openssl.cnf myapplication
+    $ OPENSSL_CONF=/my/nondefault/openssl.cnf myapplication
 
 Using this mechanism you can control which config file is loaded (and hence
 whether the FIPS module is loaded) on an application by application basis.
@@ -170,8 +133,7 @@ This removes the disadvantage listed above that you may not want all
 applications to use the FIPS module. All the other advantages and disadvantages
 still apply.
 
-Programmatically loading the FIPS module (default library context)
-------------------------------------------------------------------
+=head2 Programmatically loading the FIPS module (default library context)
 
 Applications may choose to load the FIPS provider explicitly rather than relying
 on config to do this. The config file is still necessary in order to hold the
@@ -179,13 +141,13 @@ FIPS module config data (such as its self test status and integrity data). But
 in this case we do not automatically activate the FIPS provider via that config
 file.
 
-To do things this way configure as per the section "Making all applications use
-the FIPS module by default" above, but edit the `fipsmodule.cnf` file to remove
-or comment out the line which says `activate = 1` (note that setting this value
-to 0 is **not** sufficient). This means all the required config information will
-be available to load the FIPS module, but it is not actually automatically
-loaded when the application starts. The FIPS provider can then be loaded
-programmatically like this:
+To do things this way configure as per
+L</Making all applications use the FIPS module by default> above, but edit the
+`fipsmodule.cnf` file to remove or comment out the line which says
+`activate = 1` (note that setting this value to 0 is I<not> sufficient).
+This means all the required config information will be available to load the
+FIPS module, but it is not automatically loaded when the application starts. The
+FIPS provider can then be loaded programmatically like this:
 
     #include <openssl/provider.h>
 
@@ -233,10 +195,9 @@ will usually want to load the base provider instead.
 In this example we are using the "default" library context. OpenSSL functions
 operate within the scope of a library context. If no library context is
 explicitly specified then the default library context is used. For further
-details about library contexts see the `OSSL_LIB_CTX(3)` man page.
+details about library contexts see the L<OSSL_LIB_CTX(3)> man page.
 
-Loading the FIPS module at the same time as other providers
------------------------------------------------------------
+=head2 Loading the FIPS module at the same time as other providers
 
 It is possible to have the FIPS provider and other providers (such as the
 default provider) all loaded at the same time into the same library context. You
@@ -310,8 +271,7 @@ are also in "default", so it is unnecessary in this case:
     [algorithm_sect]
     default_properties = fips=yes
 
-Programmatically loading the FIPS module (non-default library context)
-----------------------------------------------------------------------
+=head2 Programmatically loading the FIPS module (nondefault library context)
 
 In addition to using properties to separate usage of the FIPS module from other
 usages this can also be achieved using library contexts. In this example we
@@ -319,18 +279,18 @@ create two library contexts. In one we assume the existence of a config file
 called "openssl-fips.cnf" that automatically loads and configures the FIPS and
 base providers. The other library context will just use the default provider.
 
-    OSSL_LIB_CTX *fipslibctx, *nonfipslibctx;
+    OSSL_LIB_CTX *fips_libctx, *nonfips_libctx;
     OSSL_PROVIDER *defctxnull = NULL;
     EVP_MD *fipssha256 = NULL, *nonfipssha256 = NULL;
     int ret = 1;
 
     /*
-     * Create two non-default library contexts. One for fips usage and one for
+     * Create two nondefault library contexts. One for fips usage and one for
      * non-fips usage
      */
-    fipslibctx = OSSL_LIB_CTX_new();
-    nonfipslibctx = OSSL_LIB_CTX_new();
-    if (fipslibctx == NULL || nonfipslibctx == NULL)
+    fips_libctx = OSSL_LIB_CTX_new();
+    nonfips_libctx = OSSL_LIB_CTX_new();
+    if (fips_libctx == NULL || nonfips_libctx == NULL)
         goto err;
 
     /* Prevent anything from using the default library context */
@@ -341,25 +301,25 @@ base providers. The other library context will just use the default provider.
      * config file will automatically activate the FIPS and base providers so we
      * don't need to explicitly load them here.
      */
-    if (!OSSL_LIB_CTX_load_config(fipslibctx, "openssl-fips.cnf"))
+    if (!OSSL_LIB_CTX_load_config(fips_libctx, "openssl-fips.cnf"))
         goto err;
 
     /*
      * We don't need to do anything special to load the default provider into
-     * nonfipslibctx. This happens automatically if no other providers are
+     * nonfips_libctx. This happens automatically if no other providers are
      * loaded. Because we don't call OSSL_LIB_CTX_load_config() explicitly for
-     * nonfipslibctx it will just use the default config file.
+     * nonfips_libctx it will just use the default config file.
      */
 
     /* As an example get some digests */
 
     /* Get a FIPS validated digest */
-    fipssha256 = EVP_MD_fetch(fipslibctx, "SHA2-256", NULL);
+    fipssha256 = EVP_MD_fetch(fips_libctx, "SHA2-256", NULL);
     if (fipssha256 == NULL)
         goto err;
 
     /* Get a non-FIPS validated digest */
-    nonfipssha256 = EVP_MD_fetch(nonfipslibctx, "SHA2-256", NULL);
+    nonfipssha256 = EVP_MD_fetch(nonfips_libctx, "SHA2-256", NULL);
     if (nonfipssha256 == NULL)
         goto err;
 
@@ -371,8 +331,8 @@ base providers. The other library context will just use the default provider.
     err:
     EVP_MD_free(fipssha256);
     EVP_MD_free(nonfipssha256);
-    OSSL_LIB_CTX_free(fipslibctx);
-    OSSL_LIB_CTX_free(nonfipslibctx);
+    OSSL_LIB_CTX_free(fips_libctx);
+    OSSL_LIB_CTX_free(nonfips_libctx);
     OSSL_PROVIDER_unload(defctxnull);
 
     return ret;
@@ -391,8 +351,10 @@ explicitly loaded, the default provider will not automatically load. This means
 code using the default context by accident will fail because no algorithms will
 be available.
 
-Using Encoders and Decoders with the FIPS module
-------------------------------------------------
+See L<migration_guide(7)/Library Context> for additional information about the
+Library Context.
+
+=head2 Using Encoders and Decoders with the FIPS module
 
 Encoders and decoders are used to read and write keys or parameters from or to
 some external format (for example a PEM file). If your application generates
@@ -400,7 +362,7 @@ keys or parameters that then need to be written into PEM or DER format
 then it is likely that you will need to use an encoder to do this. Similarly
 you need a decoder to read previously saved keys and parameters. In most cases
 this will be invisible to you if you are using APIs that existed in
-OpenSSL 1.1.1 or earlier such as i2d_PrivateKey. However the appropriate
+OpenSSL 1.1.1 or earlier such as L<i2d_PrivateKey(3)>. However the appropriate
 encoder/decoder will need to be available in the library context associated with
 the key or parameter object. The built-in OpenSSL encoders and decoders are
 implemented in both the default and base providers and are not in the FIPS
@@ -410,17 +372,16 @@ therefore these encoders/decoders have the "fips=yes" property against them.
 You should ensure that either the default or base provider is loaded into the
 library context in this case.
 
-Using the FIPS module in SSL/TLS
---------------------------------
+=head2 Using the FIPS module in SSL/TLS
 
 Writing an application that uses libssl in conjunction with the FIPS module is
 much the same as writing a normal libssl application. If you are using global
 properties and the default library context to specify usage of FIPS validated
 algorithms then this will happen automatically for all cryptographic algorithms
-in libssl. If you are using a non-default library context to load the FIPS
+in libssl. If you are using a nondefault library context to load the FIPS
 provider then you can supply this to libssl using the function
-`SSL_CTX_new_ex()`. This works as a drop in replacement for the function
-`SSL_CTX_new()` except it provides you with the capability to specify the
+L<SSL_CTX_new_ex(3)>. This works as a drop in replacement for the function
+L<SSL_CTX_new(3)> except it provides you with the capability to specify the
 library context to be used. You can also use the same function to specify
 libssl specific properties to use.
 
@@ -428,12 +389,12 @@ In this first example we create two SSL_CTX objects using two different library
 contexts.
 
     /*
-     * We assume that a non-default library context with the FIPS provider
+     * We assume that a nondefault library context with the FIPS provider
      * loaded has been created called fips_libctx.
      /
     SSL_CTX *fips_ssl_ctx = SSL_CTX_new_ex(fips_libctx, NULL, TLS_method());
     /*
-     * We assume that a non-default library context with the default provider
+     * We assume that a nondefault library context with the default provider
      * loaded has been created called non_fips_libctx.
      */
     SSL_CTX *non_fips_ssl_ctx = SSL_CTX_new_ex(non_fips_libctx, NULL,
@@ -455,14 +416,28 @@ to specify FIPS usage:
     SSL_CTX *non_fips_ssl_ctx = SSL_CTX_new_ex(NULL, "provider!=fips",
                                                TLS_method());
 
-Confirming that an algorithm is being provided by the FIPS module
------------------------------------------------------------------
+=head2 Confirming that an algorithm is being provided by the FIPS module
 
 A chain of links needs to be followed to go from an algorithm instance to the
 provider that implements it. The process is similar for all algorithms. Here the
 example of a digest is used.
 
-To go from an `EVP_MD_CTX` to an `EVP_MD`, use the `EVP_MD_CTX_md()` call. To go
-from the `EVP_MD` to its `OSSL_PROVIDER`, use the `EVP_MD_provider()` call. To
-extract the name from the `OSSL_PROVIDER`, use the `OSSL_PROVIDER_name()` call.
-Finally, use `strcmp(3)` or `printf(3)` on the name.
+To go from an B<EVP_MD_CTX> to an B<EVP_MD>, use L<EVP_MD_CTX_md(3)> .
+To go from the B<EVP_MD> to its B<OSSL_PROVIDER>, use L<EVP_MD_provider(3)>.
+To extract the name from the B<OSSL_PROVIDER>, use L<OSSL_PROVIDER_name(3)>.
+
+=head1 SEE ALSO
+
+L<migration_guide(7)>,
+L<crypto(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
new file mode 100644
index 0000000000..58260860de
--- /dev/null
+++ b/doc/man7/migration_guide.pod
@@ -0,0 +1,1804 @@
+=pod
+
+=head1 NAME
+
+migration_guide - OpenSSL migration guide
+
+=head1 SYNOPSIS
+
+See the individual manual pages for details.
+
+=head1 DESCRIPTION
+
+This guide details the changes required to migrate to new versions of OpenSSL.
+Currently this covers OpenSSL 3.0. For earlier versions refer to
+L<https://github.com/openssl/openssl/blob/master/CHANGES.md>.
+For an overview of some of the key concepts introduced in OpenSSL 3.0 see
+L<crypto(7)>.
+
+=head1 OPENSSL 3_0
+
+=head2 Main Changes from OpenSSL 1.1.1
+
+=head3 Major Release
+
+OpenSSL 3.0 is a major release and consequently any application that currently
+uses an older version of OpenSSL will at the very least need to be recompiled in
+order to work with the new version. It is the intention that the large majority
+of applications will work unchanged with OpenSSL 3.0 if those applications
+previously worked with OpenSSL 1.1.1. However this is not guaranteed and some
+changes may be required in some cases. Changes may also be required if
+applications need to take advantage of some of the new features available in
+OpenSSL 3.0 such as the availability of the FIPS module.
+
+=head3 License Change
+
+In previous versions, OpenSSL was licensed under the L<dual OpenSSL and SSLeay
+licenses|https://www.openssl.org/source/license-openssl-ssleay.txt>
+(both licenses apply). From OpenSSL 3.0 this is replaced by the
+L<Apache License v2|https://www.openssl.org/source/apache-license-2.0.txt>.
+
+=head3 Providers and FIPS support
+
+One of the key changes from OpenSSL 1.1.1 is the introduction of the Provider
+concept. Providers collect together and make available algorithm implementations.
+With OpenSSL 3.0 it is possible to specify, either programmatically or via a
+config file, which providers you want to use for any given application.
+OpenSSL 3.0 comes with 5 different providers as standard. Over time third
+parties may distribute additional providers that can be plugged into OpenSSL.
+All algorithm implementations available via providers are accessed through the
+"high level" APIs (for example those functions prefixed with "EVP"). They cannot
+be accessed using the L</Low Level APIs>.
+One of the standard providers available is the FIPS provider. This makes
+available FIPS validated cryptographic algorithms.
+The FIPS provider is disabled by default and needs to be enabled explicitly
+at configuration time using the `enable-fips` option. If it is enabled,
+the FIPS provider gets built and installed in addition to the other standard
+providers. No separate installation procedure is necessary.
+There is however a dedicated `install_fips` make target, which serves the
+special purpose of installing only the FIPS provider into an existing
+OpenSSL installation.
+
+See also L</Legacy Algorithms> for information on the legacy provider.
+
+See also L</Completing the installation of the FIPS Module> and
+L</Using the FIPS Module in applications>.
+
+=head3 Low Level APIs
+
+OpenSSL has historically provided two sets of APIs for invoking cryptographic
+algorithms: the "high level" APIs (such as the "EVP" APIs) and the "low level"
+APIs. The high level APIs are typically designed to work across all algorithm
+types. The "low level" APIs are targeted at a specific algorithm implementation.
+For example, the EVP APIs provide the functions L<EVP_EncryptInit_ex(3)>,
+L<EVP_EncryptUpdate(3)> and L<EVP_EncryptFinal(3)> to perform symmetric
+encryption. Those functions can be used with the algorithms AES, CHACHA, 3DES etc.
+On the other hand, to do AES encryption using the low level APIs you would have
+to call AES specific functions such as L<AES_set_encrypt_key(3)>,
+L<AES_encrypt(3)>, and so on. The functions for 3DES are different.
+Use of the low level APIs has been informally discouraged by the OpenSSL
+development team for a long time. However in OpenSSL 3.0 this is made more
+formal. All such low level APIs have been deprecated. You may still use them in
+your applications, but you may start to see deprecation warnings during
+compilation (dependent on compiler support for this). Deprecated APIs may be
+removed from future versions of OpenSSL so you are strongly encouraged to update
+your code to use the high level APIs instead.
+
+This is described in more detail in L</Deprecation of Low Level Functions>
+
+=head3 Legacy Algorithms
+
+Some cryptographic algorithms such as B<MD2> and B<DES> that were available via
+the EVP APIs are now considered legacy and their use is strongly discouraged.
+These legacy EVP algorithms are still available in OpenSSL 3.0 but not by
+default. If you want to use them then you must load the legacy provider.
+This can be as simple as a config file change, or can be done programmatically.
+See L<OSSL_PROVIDER-legacy(7)> for a complete list of algorithms.
+Applications using the EVP APIs to access these algorithms should instead use
+more modern algorithms. If that is not possible then these applications
+should ensure that the legacy provider has been loaded. This can be achieved
+either programmatically or via configuration. See L<crypto(7)> man page for
+more information about providers.
+
+=head3 Engines and "METHOD" APIs
+
+The refactoring to support Providers conflicts internally with the APIs used to
+support engines, including the ENGINE API and any function that creates or
+modifies custom "METHODS" (for example L<EVP_MD_meth_new(3)>,
+L<EVP_CIPHER_meth_new(3)>, L<EVP_PKEY_meth_new(3)>, L<RSA_meth_new(3)>,
+L<EC_KEY_METHOD_new(3)>, etc.). These functions are being deprecated in
+OpenSSL 3.0, and users of these APIs should know that their use can likely
+bypass provider selection and configuration, with unintended consequences.
+This is particularly relevant for applications written to use the OpenSSL 3.0
+FIPS module, as detailed below. Authors and maintainers of external engines are
+strongly encouraged to refactor their code transforming engines into providers
+using the new Provider API and avoiding deprecated methods. 
+
+=head3 Versioning Scheme
+
+The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
+versioning scheme has this format:
+
+MAJOR.MINOR.PATCH
+
+For OpenSSL 1.1.1 and below, different patch levels were indicated by a letter
+at the end of the release version number. This will no longer be used and
+instead the patch level is indicated by the final number in the version. A
+change in the second (MINOR) number indicates that new features may have been
+added. OpenSSL versions with the same major number are API and ABI compatible.
+If the major number changes then API and ABI compatibility is not guaranteed. 
+
+=head3 Other major new features
+
+=head4 Certificate Management Protocol (CMP, RFC 4210)
+
+This also covers CRMF (RFC 4211) and HTTP transfer (RFC 6712)
+See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
+
+=head4 HTTP(S) client
+
+A proper HTTP(S) client that supports GET and POST, redirection, plain and
+ASN.1-encoded contents, proxies, and timeouts.
+
+=head4 Key Derivation Function API (EVP_KDF)
+
+This simplifies the process of adding new KDF and PRF implementations.
+
+Previously KDF algorithms had been shoe-horned into using the EVP_PKEY object
+which was not a logical mapping.
+Existing applications that use KDF algorithms using EVP_PKEY
+(scrypt, TLS1 PRF and HKDF) may be slower as they use an EVP_KDF bridge
+internally.
+All new applications should use the new L<EVP_KDF(3)> interface.
+See also L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> and
+L<OSSL_PROVIDER-FIPS(7)/Key Derivation Function (KDF)>.
+
+=head4 Message Authentication Code API (EVP_MAC)
+
+This simplifies the process of adding MAC implementations.
+
+This includes a generic EVP_PKEY to EVP_MAC bridge, to facilitate the continued
+use of MACs through raw private keys in functionality such as
+L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
+
+All new applications should use the new L<EVP_MAC(3)> interface.
+See also L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)>
+and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
+
+=head4 Support for Linux Kernel TLS
+
+In order to use KTLS, support for it must be compiled in using the 'enable-ktls'
+compile time option. It must also be enabled at run time using the
+B<SSL_OP_ENABLE_KTLS> option.
+
+=head4 New Algorithms
+
+=over 4
+
+=item KDF algorithms "SINGLE STEP" and "SSH"
+
+See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
+
+=item MAC Algorithms "GMAC" and "KMAC"
+
+See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
+
+=item KEM Algorithm "RSASVE"
+
+See L<EVP_KEM-RSA(7)>.
+
+=item Cipher Algorithm "AES-SIV"
+
+See L<EVP_EncryptInit(3)/SIV Mode>.
+
+=item AES Key Wrap inverse ciphers supported by EVP layer.
+
+The inverse ciphers use AES decryption for wrapping, and AES encryption for
+unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
+"AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
+"AES-256-WRAP-PAD-INV".
+
+=item AES CTS cipher added to EVP layer.
+
+The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
+CS1, CS2 and CS3 variants are supported.
+
+=back
+
+=head4 CMS and PKCS#7 updates
+
+=over 4
+
+=item Added CAdES-BES signature verification support.
+
+=item Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
+
+=item Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM
+
+This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
+Its purpose is to support encryption and decryption of a digital envelope that
+is both authenticated and encrypted using AES GCM mode.
+
+=item L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
+
+=back
+
+=head4 PKCS#12 API updates
+
+The default algorithms for pkcs12 creation with the PKCS12_create() function
+were changed to more modern PBKDF2 and AES based algorithms. The default
+MAC iteration count was changed to PKCS12_DEFAULT_ITER to make it equal
+with the password-based encryption iteration count. The default digest
+algorithm for the MAC computation was changed to SHA-256. The pkcs12
+application now supports -legacy option that restores the previous
+default algorithms to support interoperability with legacy systems.
+
+Added enhanced PKCS#12 APIs which accept a library context `OSSL_LIB_CTX`
+and (where relevant) a property query. Other APIs which handle PKCS#7 and
+PKCS#8 objects have also been enhanced where required. This includes:
+
+L<PKCS12_add_key_ex(3)>, L<PKCS12_add_safe_ex(3)>, L<PKCS12_add_safes_ex(3)>,
+L<PKCS12_create_ex(3)>, L<PKCS12_decrypt_skey_ex(3)>, L<PKCS12_init_ex(3)>,
+L<PKCS12_item_decrypt_d2i_ex(3)>, L<PKCS12_item_i2d_encrypt_ex(3)>,
+L<PKCS12_key_gen_asc_ex(3)>, L<PKCS12_key_gen_uni_ex(3)>, L<PKCS12_key_gen_utf8_ex(3)>,
+L<PKCS12_pack_p7encdata_ex(3)>, L<PKCS12_pbe_crypt_ex(3)>, L<PKCS12_PBE_keyivgen_ex(3)>,
+L<PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(3)>, L<PKCS5_pbe2_set_iv_ex(3)>,
+L<PKCS5_pbe_set0_algor_ex(3)>, L<PKCS5_pbe_set_ex(3)>, L<PKCS5_pbkdf2_set_ex(3)>,
+L<PKCS5_v2_PBE_keyivgen_ex(3)>, L<PKCS5_v2_scrypt_keyivgen_ex(3)>,
+L<PKCS8_decrypt_ex(3)>, L<PKCS8_encrypt_ex(3)>, L<PKCS8_set0_pbe_ex(3)>.
+
+As part of this change the EVP_PBE_xxx APIs can also accept a library
+context and property query and will call an extended version of the key/IV
+derivation function which supports these parameters. This includes
+L<EVP_PBE_CipherInit_ex(3)>, L<EVP_PBE_find_ex(3)> and L<EVP_PBE_scrypt_ex(3)>.
+
+=head4 Windows thread synchronization changes
+
+Windows thread synchronization uses read/write primitives (SRWLock) when
+supported by the OS, otherwise CriticalSection continues to be used.
+
+=head4 Trace API
+
+A new generic trace API has been added which provides support for enabling
+instrumentation through trace output. This feature is mainly intended as an aid
+for developers and is disabled by default. To utilize it, OpenSSL needs to be
+configured with the `enable-trace` option.
+
+If the tracing API is enabled, the application can activate trace output by
+registering BIOs as trace channels for a number of tracing and debugging
+categories. See L<OSSL_trace_enabled(3)>.
+
+=head4 Key validation updates
+
+L<EVP_PKEY_public_check(3)> and L<EVP_PKEY_param_check(3)> now work for
+more key types. This includes RSA, DSA, ED25519, X25519, ED448 and X448.
+Previously (in 1.1.1) they would return -2. For key types that do not have
+parameters then L<EVP_PKEY_param_check(3)> will always return 1.
+
+=head3 Other notable deprecations and changes
+
+=head4 The function code part of an OpenSSL error code is no longer relevant
+
+This code is now always set to zero. Related functions are deprecated.
+
+=head4 STACK and HASH macro's have been cleaned up
+
+The type-safe wrappers are declared everywhere and implemented once.
+See L<DEFINE_STACK_OF(3)> and L<DECLARE_LHASH_OF(3)>.
+
+=head4 The RAND_DRBG subsystem has been removed
+
+The new L<EVP_RAND(3)> is a partial replacement: the DRBG callback framework is
+absent. The RAND_DRBG API did not fit well into the new provider concept as
+implemented by EVP_RAND and EVP_RAND_CTX.
+
+=head4 Removed FIPS_mode() and FIPS_mode_set()
+
+These functions are legacy APIs that are not applicable to the new provider
+model. Applications should instead use
+L<EVP_default_properties_is_fips_enabled(3)> and
+L<EVP_default_properties_enable_fips(3)>.
+
+=head4 Key generation is slower
+
+The Miller-Rabin test now uses 64 rounds, which is used for all prime generation,
+including RSA key generation. This affects the time for larger keys sizes.
+
+The default key generation method for the regular 2-prime RSA keys was changed
+to the FIPS 186-4 B.3.6 method (Generation of Probable Primes with Conditions
+Based on Auxiliary Probable Primes). This method is slower than the original
+method.
+
+=head4 Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898
+
+This checks that the salt length is at least 128 bits, the derived key length is
+at least 112 bits, and that the iteration count is at least 1000.
+For backwards compatibility these checks are disabled by default in the
+default provider, but are enabled by default in the fips provider.
+
+To enable or disable the checks see B<OSSL_KDF_PARAM_PKCS5> in
+L<EVP_KDF-PBKDF2(7)>. The parameter can be set using L<EVP_KDF_derive(3)>.
+
+=head4 Enforce a minimum DH modulus size of 512 bits
+
+Smaller sizes now result in an error.
+
+=head4 SM2 key changes
+
+EC EVP_PKEYs with the SM2 curve have been reworked to automatically become
+EVP_PKEY_SM2 rather than EVP_PKEY_EC.
+
+Unlike in previous OpenSSL versions, this means that applications cannot
+call `EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)` to get SM2 computations.
+
+Parameter and key generation is also reworked to make it possible
+to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
+SM2 keys directly and must not create an EVP_PKEY_EC key first.
+
+Validation of SM2 keys has been separated from the validation of regular EC
+keys, allowing to improve the SM2 validation process to reject loaded private
+keys that are not conforming to the SM2 ISO standard.
+In particular, a private scalar `k` outside the range `1 <= k < n-1` is now
+correctly rejected.
+
+=head4 EVP_PKEY_set_alias_type() method has been removed
+
+This function made a B<EVP_PKEY> object mutable after it had been set up. In
+OpenSSL 3.0 it was decided that a provided key should not be able to change its
+type, so this function has been removed.
+
+=head4 Functions that return an internal key should be treated as read only
+
+Functions such as L<EVP_PKEY_get0_RSA(3)> behave slightly differently in
+OpenSSL 3.0. Previously they returned a pointer to the low-level key used
+internally by libcrypto. From OpenSSL 3.0 this key may now be held in a
+provider. Calling these functions will only return a handle on the internal key
+where the EVP_PKEY was constructed using this key in the first place, for
+example using a function or macro such as L<EVP_PKEY_assign_RSA(3)>,
+L<EVP_PKEY_set1_RSA(3)>, etc.
+Where the EVP_PKEY holds a provider managed key, then these functions now return
+a cached copy of the key. Changes to the internal provider key that take place
+after the first time the cached key is accessed will not be reflected back in
+the cached copy. Similarly any changes made to the cached copy by application
+code will not be reflected back in the internal provider key.
+
+For the above reasons the keys returned from these functions should typically be
+treated as read-only. To emphasise this the value returned from
+L<EVP_PKEY_get0_RSA(3)>, L<EVP_PKEY_get0_DSA(3)>, L<EVP_PKEY_get0_EC_KEY(3)> and
+L<EVP_PKEY_get0_DH(3)> have been made const. This may break some existing code.
+Applications broken by this change should be modified. The preferred solution is
+to refactor the code to avoid the use of these deprecated functions. Failing
+this the code should be modified to use a const pointer instead.
+The L<EVP_PKEY_get1_RSA(3)>, L<EVP_PKEY_get1_DSA(3)>, L<EVP_PKEY_get1_EC_KEY(3)>
+and L<EVP_PKEY_get1_DH(3)> functions continue to return a non-const pointer to
+enable them to be "freed". However they should also be treated as read-only.
+
+=head4 The public key check has moved from EVP_PKEY_derive() to EVP_PKEY_derive_set_peer()
+
+This may mean result in an error in L<EVP_PKEY_derive_set_peer(3)> rather than
+during L<EVP_PKEY_derive(3)>.
+To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0). 
+
+=head4 The print format has cosmetic changes for some functions
+
+The output from numerous "printing" functions such as L<X509_signature_print(3)>,
+L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
+amended such that there may be cosmetic differences between the output
+observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
+x509 and crl applications.
+
+=head4 Interactive mode from the `openssl` program has been removed
+
+From now on, running it without arguments is equivalent to `openssl help`.
+
+=head4 The error return values from some control calls (ctrl) have changed
+
+One significant change is that controls which used to return -2 for
+invalid inputs, now return -1 indicating a generic error condition instead.
+
+=head4 DH and DHX key types have different settable parameters
+
+Previously (in 1.1.1) these conflicting parameters were allowed, but will now
+result in errors. See L<EVP_PKEY-DH(7)> for further details. This affects the
+behaviour of L<openssl-genpkey(1)> for DH parameter generation.
+
+=head2 Installation and Compilation
+
+Please refer to the INSTALL.md file in the top of the distribution for
+instructions on how to build and install OpenSSL 3.0. Please also refer to the
+various platform specific NOTES files for your specific platform.
+
+=head2 Upgrading from OpenSSL 1.1.1
+
+Upgrading to OpenSSL 3.0 from OpenSSL 1.1.1 should be relatively straight
+forward in most cases. The most likely area where you will encounter problems
+is if you have used low level APIs in your code (as discussed above). In that
+case you are likely to start seeing deprecation warnings when compiling your
+application. If this happens you have 3 options:
+
+=over 4
+
+=item 1) Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL.
+
+=item 2) Suppress the warnings. Refer to your compiler documentation on how to do this.
+
+=item 3) Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead
+
+=back
+
+=head2 Upgrading from OpenSSL 1.0.2
+
+Upgrading to OpenSSL 3.0 from OpenSSL 1.0.2 is likely to be significantly more
+difficult. In addition to the issues discussed above in the section about
+L</Upgrading from OpenSSL 1.1.1>, the main things to be aware of are:
+
+=over 4
+
+=item 1) The build and installation procedure has changed significantly.
+
+Check the file INSTALL.md in the top of the installation for instructions on how
+to build and install OpenSSL for your platform. Also read the various NOTES
+files in the same directory, as applicable for your platform.
+
+=item 2) Many structures have been made opaque in OpenSSL 3.0.
+
+The structure definitions have been removed from the public header files and
+moved to internal header files. In practice this means that you can no longer
+stack allocate some structures. Instead they must be heap allocated through some
+function call (typically those function names have a `_new` suffix to them).
+Additionally you must use "setter" or "getter" functions to access the fields
+within those structures.
+
+For example code that previously looked like this:
+
+ EVP_MD_CTX md_ctx;
+
+ /* This line will now generate compiler errors */
+ EVP_MD_CTX_init(&md_ctx);
+
+ The code needs to be amended to look like this:
+ EVP_MD_CTX *md_ctx;
+
+ md_ctx = EVP_MD_CTX_new();
+ ...
+ ...
+ EVP_MD_CTX_free(md_ctx);
+
+=item 3) Support for TLSv1.3 has been added.
+
+This has a number of implications for SSL/TLS applications. See the 
+L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
+
+=back
+
+More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
+can be found on the
+L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>. 
+
+=head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
+
+The OpenSSL 2.0 FIPS Object Module was a separate download that had to be built
+separately and then integrated into your main OpenSSL 1.0.2 build.
+In OpenSSL 3.0 the FIPS support is fully integrated into the mainline version of
+OpenSSL and is no longer a separate download. For further information see
+L</Completing the installation of the FIPS Module>.
+
+The function calls 'FIPS_mode()' and 'FIPS_mode_set()' have been removed
+from OpenSSL 3.0. You should rewrite your application to not use them.
+See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
+
+=head2 Completing the installation of the FIPS Module
+
+The FIPS Module will be built and installed automatically if FIPS support has
+been configured. The current documentation can be found in the
+L<README-FIPS|https://github.com/openssl/openssl/blob/master/README-FIPS.md> file.
+
+=head2 Programming
+
+Applications written to work with OpenSSL 1.1.1 will mostly just work with
+OpenSSL 3.0. However changes will be required if you want to take advantage of
+some of the new features that OpenSSL 3.0 makes available. In order to do that
+you need to understand some new concepts introduced in OpenSSL 3.0.
+Read L<crypto(7)/Library contexts> for further information.
+
+=head3 Library Context
+
+A library context allows different components of a complex application to each
+use a different library context and have different providers loaded with
+different configuration settings.
+See L<crypto(7)/Library contexts> for further info.
+
+If the user creates an B<OSSL_LIB_CTX> via L<OSSL_LIB_CTX_new(3)> then many
+functions may need to be changed to pass additional parameters to handle the
+library context.
+
+=head4 Using a Library Context - Old functions that should be changed
+
+If a library context is needed then all EVP_* digest functions that return a
+B<const EVP_MD *> such as EVP_sha256() should be replaced with a call to
+L<EVP_MD_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
+
+If a library context is needed then all EVP_* cipher functions that return a
+B<const EVP_CIPHER *> such as EVP_aes_128_cbc() should be replaced vith a call to
+L<EVP_CIPHER_fetch(3)>. See L<crypto(7)/ALGORITHM FETCHING>.
+
+Some functions can be passed an object that has already been set up with a library
+context such as L<d2i_X509(3)>, L<d2i_X509_CRL(3)> and L<d2i_X509_REQ(3)>.
+If NULL is passed instead then the created object will be set up with the
+default library context. Use L<X509_new_ex(3)>, L<X509_CRL_new_ex(3)> and
+L<X509_REQ_new_ex(3)> if a library context is required.
+
+All functions listed below with a I<NAME> have a replacment function I<NAME_ex>
+that takes B<OSSL_LIB_CTX> as an additional argument. Functions that have other
+mappings are listed along with the respective name.
+
+=over 4
+
+=item L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
+
+=item L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
+
+=item L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
+L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>,
+L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)>
+
+=item L<CONF_modules_load_file(3)>
+
+=item L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
+
+=item L<CT_POLICY_EVAL_CTX_new(3)>
+
+=item L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
+
+=item L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
+
+Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)>
+
+=item L<EC_GROUP_new(3)>
+
+Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>.
+
+=item L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
+
+=item L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
+
+=item L<EVP_PKCS82PKEY(3)>
+
+=item L<EVP_PKEY_CTX_new_id(3)>
+
+Use L<EVP_PKEY_CTX_new_from_name(3)>
+
+=item L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
+and L<EVP_PKEY_new_raw_public_key(3)>
+
+=item L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
+
+=item L<NCONF_new(3)>
+
+=item L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
+
+=item L<OPENSSL_thread_stop(3)>
+
+=item L<OSSL_STORE_open(3)>
+
+=item L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
+L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)>
+
+=item L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
+and L<PEM_write_PUBKEY(3)>
+
+=item L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
+
+=item L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
+L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>,
+L<PKCS12_item_i2d_encrypt(3)>, L<PKCS12_key_gen_asc(3)>, L<PKCS12_key_gen_uni(3)>,
+L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>,
+L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)>
+
+=item L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
+L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)>
+
+=item L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
+
+=item L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
+
+=item L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
+
+=item L<SMIME_write_ASN1(3)>
+
+=item L<TS_RESP_CTX_new(3)>
+
+=item L<X509_CRL_new(3)>
+
+=item L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
+
+=item L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
+
+=item L<X509_NAME_hash(3)>
+
+=item L<X509_new(3)>
+
+=item L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
+
+=item L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
+L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)>
+
+=back
+
+=head4 New functions that use a Library context
+
+The following functions can be passed a library context if required.
+Passing NULL will use the default library context.
+
+=over 4
+
+=item L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
+
+=item L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
+
+=item L<EVP_default_properties_enable_fips(3)> and
+L<EVP_default_properties_is_fips_enabled(3)>
+
+=item L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
+
+=item L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
+
+=item L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
+
+=item L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
+
+=item L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
+
+=item L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
+
+=item L<EVP_PKEY_CTX_new_from_pkey(3)>
+
+=item L<EVP_PKEY_Q_keygen(3)>
+
+=item L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
+
+=item L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
+
+=item L<EVP_set_default_properties(3)>
+
+=item L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
+
+=item L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
+
+=item L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
+
+=item L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
+
+=item L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
+
+=item L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
+
+=item L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
+
+=item L<OSSL_ENCODER_CTX_add_extra(3)>
+
+=item L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
+
+=item L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
+
+=item L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
+L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>,
+L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)>
+
+=item L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
+
+=item L<OSSL_STORE_attach(3)>
+
+=item L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
+
+=item L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
+L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)>
+
+=back
+
+=head3 Providers
+
+Providers are described in detail here L<crypto(7)/Providers>.
+See also L<crypto(7)/OPENSSL PROVIDERS>.
+
+=head3 Fetching algorithms and property queries
+
+Implicit and Explicit Fetching is described in detail here
+L<crypto(7)/ALGORITHM FETCHING>.
+
+=head3 Deprecation of Low Level Functions
+
+A significant number of APIs have been deprecated in OpenSSL 3.0.
+This section describes some common categories of deprecations.
+See L</Deprecated function mappings> for the list of deprecated functions
+that refer to these categories.
+
+=head4 Providers are a replacement for engines and low-level method overrides
+
+Any accessor that uses an ENGINE is deprecated (such as EVP_PKEY_set1_engine()).
+Applications using engines should instead use providers.
+
+Before providers were added algorithms were overriden by changing the methods
+used by algorithms. All these methods such as RSA_new_method() and RSA_meth_new()
+are now deprecated and can be replaced by using providers instead.
+
+=head4 Deprecated i2d and d2i functions for low-level key types
+
+Any i2d and d2i functions such as d2i_DHparams() that take a low-level key type
+have been deprecated. Applications should instead use the L<OSSL_DECODER(3)> and
+L<OSSL_ENCODER(3)> APIs to read and write files.
+See L<d2i_RSAPrivateKey(3)/Migration> for further details.
+
+=head4 Deprecated low-level key object getters and setters
+
+Applications that set or get low-level key objects (such as EVP_PKEY_set1_DH()
+or EVP_PKEY_get0()) should instead use the OSSL_ENCODER
+(See L<OSSL_ENCODER_to_bio(3)>) or OSSL_DECODER (See L<OSSL_DECODER_from_bio(3)>)
+APIs, or alternatively use L<EVP_PKEY_fromdata(3)> or L<EVP_PKEY_todata(3)>.
+
+=head4 Deprecated low-level key parameter getters
+
+Functions that access low-level objects directly such as L<RSA_get0_n(3)> are now
+deprecated. Applications should use one of L<EVP_PKEY_get_bn_param(3)>,
+L<EVP_PKEY_get_int_param(3)>, l<EVP_PKEY_get_size_t_param(3)>,
+L<EVP_PKEY_get_utf8_string_param(3)>, L<EVP_PKEY_get_octet_string_param(3)> or 
+L<EVP_PKEY_get_params(3)> to access fields from an EVP_PKEY.
+Gettable parameters are listed in L<EVP_PKEY-RSA(7)/Common RSA parameters>,
+L<EVP_PKEY-DH(7)/DH parameters>, L<EVP_PKEY-DSA(7)/DSA parameters>,
+L<EVP_PKEY-FFC(7)/FFC parameters>, L<EVP_PKEY-EC(7)/Common EC parameters> and
+L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>.
+Applications may also use L<EVP_PKEY_todata(3)> to return all fields.
+
+=head4 Deprecated low-level key parameter setters
+
+Functions that access low-level objects directly such as L<RSA_set0_crt_params(3)>
+are now deprecated. Applications should use L<EVP_PKEY_fromdata(3)> to create
+new keys from user provided key data. Keys should be immutable once they are
+created, so if required the user may use L<EVP_PKEY_todata(3)>, L<OSSL_PARAM_merge(3)>,
+and L<EVP_PKEY_fromdata(3)> to create a modified key.
+See L<EVP_PKEY-DH(7)/Examples> for more information.
+See L</Deprecated low-level key generation functions> for information on
+generating a key using parameters.
+
+=head4 Deprecated low-level object creation
+
+Low-level objects were created using methods such as L<RSA_new(3)>,
+L<RSA_up_ref(3)> and L<RSA_free(3)>. Applications should instead use the
+high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
+L<EVP_PKEY_free(3)>.
+See also L<EVP_PKEY_CTX_new_from_name(3)> and L<EVP_PKEY_CTX_new_from_pkey(3)>.
+
+EVP_PKEY's may be created in a variety of ways:
+See also L</Deprecated low-level key generation functions>,
+L</Deprecated low-level key reading and writing functions> and
+L</Deprecated low-level key parameter setters>.
+
+=head4 Deprecated low-level encryption functions
+
+Low-level encryption functions such as L<AES_encrypt(3)> and L<AES_decrypt(3)>
+have been informally discouraged from use for a long time. Applications should
+instead use the high level EVP APIs L<EVP_EncryptInit_ex(3)>,
+L<EVP_EncryptUpdate(3)>, and L<EVP_EncryptFinal_ex(3)> or
+L<EVP_DecryptInit_ex(3)>, L<EVP_DecryptUpdate(3)> and L<EVP_DecryptFinal_ex(3)>.
+
+=head4 Deprecated low-level digest functions
+
+Use of low-level digest functions such as L<SHA1_Init(3)> have been
+informally discouraged from use for a long time.  Applications should instead
+use the the high level EVP APIs L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)>
+and L<EVP_DigestFinal_ex(3)>, or the quick one-shot L<EVP_Q_digest(3)>.
+
+Note that the functions L<SHA1(3)>, L<SHA224(3)>, L<SHA256(3)>, L<SHA384(3)>
+and L<SHA512(3)> have changed to macros that use L<EVP_Q_digest(3)>.
+
+=head4 Deprecated low-level signing functions
+
+Use of low-level signing functions such as L<DSA_sign(3)> have been
+informally discouraged for a long time. Instead applications should use
+L<EVP_DigestSign(3)> and L<EVP_DigestVerify(3)>.
+See also L<EVP_SIGNATURE-RSA(7)>, L<EVP_SIGNATURE-DSA(7)>,
+L<EVP_SIGNATURE-ECDSA(7)> and L<EVP_SIGNATURE-ED25519(7)>.
+
+=head4 Deprecated low-level MAC functions
+
+Low-level mac functions such as L<CMAC_Init(3)> are deprecated.
+Applications should instead use the new L<EVP_MAC(3)> interface, using
+L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
+L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)> or the single-shot MAC function
+L<EVP_Q_mac(3)>.
+See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
+L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
+L<EVP_MAC-Siphash(7)> for additional information.
+
+Note that the one-shot method HMAC() is still available for compatability purposes.
+
+=head4 Deprecated low-level validation functions
+
+Low-level validation functions such as L<DH_check(3)> have been informally
+discouraged from use for a long time. Applications should instead use the high-level
+EVP_PKEY APIs such as L<EVP_PKEY_check(3)>, L<EVP_PKEY_param_check(3)>,
+L<EVP_PKEY_param_check_quick(3)>, L<EVP_PKEY_public_check(3)>,
+L<EVP_PKEY_public_check_quick(3)>, L<EVP_PKEY_private_check(3)>,
+and L<EVP_PKEY_pairwise_check(3)>.
+
+=head4 Deprecated low-level key exchange functions
+
+Many low-level functions have been informally discouraged from use for a long
+time. Applications should instead use L<EVP_PKEY_derive(3)>.
+See L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYEXCH-ECDH(7)> and L<EVP_KEYEXCH-X25519(7)>.
+
+=head4 Deprecated low-level key generation functions
+
+Many low-level functions have been informally discouraged from use for a long
+time. Applications should instead use L<EVP_PKEY_keygen_init(3)> and
+L<EVP_PKEY_generate(3)> as described in L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>,
+L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-EC(7)> and L<EVP_PKEY-X25519(7)>.
+The 'quick' one-shot function L<EVP_PKEY_Q_keygen(3)> and macros for the most
+common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)> may also be used.
+
+=head4 Deprecated low-level key reading and writing functions
+
+Use of low-level objects (such as DSA) has been informally discouraged from use
+for a long time. Functions to read and write these low-level objects (such as
+PEM_read_DSA_PUBKEY()) should be replaced. Applications should instead use
+L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
+
+=head4 Deprecated low-level key printing functions
+
+Use of low-level objects (such as DSA) has been informally discouraged from use
+for a long time. Functions to print these low-level objects such as
+DSA_print() should be replaced with the equivalent EVP_PKEY functions.
+Application should use one of L<EVP_PKEY_print_public(3)>,
+L<EVP_PKEY_print_private(3)>, L<EVP_PKEY_print_params(3)>,
+L<EVP_PKEY_print_public_fp(3)>, L<EVP_PKEY_print_private_fp(3)> or
+L<EVP_PKEY_print_params_fp(3)>. Note that internally these use
+L<OSSL_ENCODER_to_bio(3)> and L<OSSL_DECODER_from_bio(3)>.
+
+=head3 Deprecated function mappings
+
+The following functions have been deprecated in 3.0.
+
+=over 4
+
+=item AES_bi_ige_encrypt and AES_ige_encrypt
+
+There is no replacement for the IGE functions. New code should not use these modes.
+These undocumented functions were never integrated into the EVP layer.
+They implemented the AES Infinite Garble Extension (IGE) mode and AES
+Bi-directional IGE mode. These modes were never formally standardised and
+usage of these functions is believed to be very small. In particular
+AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
+is ever used. The security implications are believed to be minimal, but
+this issue was never fixed for backwards compatibility reasons. 
+
+=item AES_encrypt, AES_decrypt, AES_set_encrypt_key, AES_set_decrypt_key,
+AES_cbc_encrypt, AES_cfb128_encrypt, AES_cfb1_encrypt, AES_cfb8_encrypt,
+AES_ecb_encrypt and AES_ofb128_encrypt
+
+=item AES_unwrap_key, AES_wrap_key
+
+See L</Deprecated low-level encryption functions>
+
+=item AES_options
+
+There is no replacement. It returned a string indicating if the AES code was unrolled.
+
+=item ASN1_digest, ASN1_sign and ASN1_verify
+
+There are no replacements. These old functions are not used, and could be
+disabled with the macro NO_ASN1_OLD since OpenSSL 0.9.7.
+
+=item ASN1_STRING_length_set
+
+Use L<ASN1_STRING_set(3)> or L<ASN1_STRING_set0(3)> instead.
+This was a potentially unsafe function that could change the bounds of a
+previously passed in pointer.
+
+=item BF_encrypt, BF_decrypt, BF_set_key, BF_cbc_encrypt, BF_cfb64_encrypt,
+BF_ecb_encrypt and BF_ofb64_encrypt
+
+See L</Deprecated low-level encryption functions>.
+The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item BF_options
+
+There is no replacement. This option returned a constant string.
+
+=item BN_is_prime_ex and BN_is_prime_fasttest_ex
+
+Use L<BN_check_prime(3)> which that avoids possible misuse and always uses at least
+64 rounds of the Miller-Rabin primality test.
+
+=item BN_pseudo_rand and BN_pseudo_rand_range
+
+Use L<BN_rand(3)> and L<BN_rand_range(3)>.
+
+=item BN_X931_derive_prime_ex, BN_X931_generate_prime_ex and BN_X931_generate_Xpq
+
+There are no replacements for these low-level functions. They were used internally
+by RSA_X931_derive_ex() and RSA_X931_generate_key_ex() which are also deprecated.
+Use L<EVP_PKEY_keygen(3)> instead.
+
+=item Camellia_encrypt, Camellia_decrypt, Camellia_set_key,
+Camellia_cbc_encrypt, Camellia_cfb128_encrypt, Camellia_cfb1_encrypt,
+Camellia_cfb8_encrypt, Camellia_ctr128_encrypt, Camellia_ecb_encrypt and
+Camellia_ofb128_encrypt.
+
+See L</Deprecated low-level encryption functions>.
+
+=item CAST_encrypt, CAST_decrypt, CAST_set_key, CAST_cbc_encrypt,
+CAST_cfb64_encrypt, CAST_ecb_encrypt and CAST_ofb64_encrypt
+
+See L</Deprecated low-level encryption functions>.
+The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_copy, CMAC_CTX_free and
+CMAC_CTX_get0_cipher_ctx
+
+See L</Deprecated low-level MAC functions>.
+
+=item CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
+
+See L</Deprecated low-level MAC functions>.
+
+=item CRYPTO_mem_ctrl, CRYPTO_mem_debug_free, CRYPTO_mem_debug_malloc,
+CRYPTO_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_realloc,
+CRYPTO_mem_leaks, CRYPTO_mem_leaks_cb, CRYPTO_mem_leaks_fp and
+CRYPTO_set_mem_debug
+
+Memory-leak checking has been deprecated in favor of more modern development
+tools, such as compiler memory and leak sanitizers or Valgrind.
+
+=item d2i_DHparams, d2i_DHxparams, d2i_DSAparams, d2i_DSAPrivateKey,
+d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio,
+d2i_DSA_PUBKEY_fp, d2i_DSAPublicKey,
+d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp,
+d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, o2i_ECPublicKey,
+d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp,
+d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_RSAPublicKey,
+d2i_RSAPublicKey_bio and d2i_RSAPublicKey_fp
+
+See L</Deprecated i2d and d2i functions for low-level key types>
+
+=item DES_crypt, DES_fcrypt, DES_encrypt1, DES_encrypt2, DES_encrypt3,
+DES_decrypt3, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt,
+DES_ede3_cfb_encrypt,DES_ede3_ofb64_encrypt,
+DES_ecb_encrypt, DES_ecb3_encrypt, DES_ofb64_encrypt, DES_ofb_encrypt,
+DES_cfb64_encrypt DES_cfb_encrypt, DES_cbc_encrypt, DES_ncbc_encrypt,
+DES_pcbc_encrypt, DES_xcbc_encrypt, DES_cbc_cksum, DES_quad_cksum, 
+DES_check_key_parity, DES_is_weak_key, DES_key_sched, DES_options,
+DES_random_key, DES_set_key, DES_set_key_checked, DES_set_key_unchecked,
+DES_set_odd_parity, DES_string_to_2keys, DES_string_to_key
+
+See L</Deprecated low-level encryption functions>.
+Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
+"DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item DH_bits, DH_security_bits and DH_size
+
+Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
+=item DH_check, DH_check_ex, DH_check_params, DH_check_params_ex,
+DH_check_pub_key and DH_check_pub_key_ex
+
+See L</Deprecated low-level validation functions>
+
+=item DH_clear_flags, DH_test_flags and DH_set_flags
+
+The DH_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
+The DH_FLAG_TYPE_DH and DH_FLAG_TYPE_DHX have been deprecated.
+Use EVP_PKEY_is_a() to determine the type of a key.
+There is no replacement for setting these flags.
+
+=item DH_compute_key and DH_compute_key_padded
+
+See L</Deprecated low-level key exchange functions>.
+
+=item DH_new, DH_new_by_nid, DH_free, DH_up_ref
+
+See L</Deprecated low-level object creation>
+
+=item DH_generate_key and DH_generate_parameters_ex
+
+See L</Deprecated low-level key generation functions>.
+
+=item DH_get0_pqg, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_key,
+DH_get0_priv_key, DH_get0_pub_key, DH_get_length and DH_get_nid
+
+See L</Deprecated low-level key parameter getters>
+
+=item DH_get_1024_160, DH_get_2048_224 and DH_get_2048_256
+
+Applications should instead set the B<OSSL_PKEY_PARAM_GROUP_NAME> as specified in
+L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
+"dh_2048_256" when generating a DH key.
+
+=item DH_KDF_X9_42
+
+Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead.
+
+=item DH_get_default_method, DH_get0_engine, DH_meth_*, DH_new_method, DH_OpenSSL,
+DH_get_ex_data, DH_set_default_method, DH_set_method and DH_set_ex_data
+
+See L</Providers are a replacement for engines and low-level method overrides>
+
+=item DHparams_print and DHparams_print_fp
+
+See L</Deprecated low-level key printing functions>
+
+=item DH_set0_key, DH_set0_pqg, DH_set_length
+
+See L</Deprecated low-level key parameter setters>
+
+=item DSA_bits, DSA_security_bits and DSA_size
+
+Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
+=item DHparams_dup, DSA_dup_DH
+
+There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
+and L<EVP_PKEY_dup(3)> instead.
+
+=item DSA_generate_key and DSA_generate_parameters_ex
+
+See L</Deprecated low-level key generation functions>.
+
+=item DSA_get0_engine, DSA_get_default_method, DSA_get_ex_data, DSA_get_method,
+DSA_meth_*, DSA_new_method, DSA_OpenSSL, DSA_set_default_method, DSA_set_ex_data
+and DSA_set_method
+
+See L</Providers are a replacement for engines and low-level method overrides>.
+
+=item DSA_get0_p,  DSA_get0_q, DSA_get0_g, DSA_get0_pqg, DSA_get0_key,
+DSA_get0_priv_key and DSA_get0_pub_key
+
+See L</Deprecated low-level key parameter getters>.
+
+=item DSA_new, DSA_free, DSA_up_ref
+
+See L</Deprecated low-level object creation>
+
+=item DSAparams_dup
+
+There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
+and L<EVP_PKEY_dup(3)> instead.
+
+=item DSAparams_print, DSAparams_print_fp, DSA_print and DSA_print_fp
+
+See L</Deprecated low-level key printing functions>
+
+=item DSA_set0_key, DSA_set0_pqg
+
+See L</Deprecated low-level key parameter setters>
+
+=item DSA_set_flags, DSA_clear_flags, DSA_test_flags
+
+The DSA_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
+
+=item DSA_sign, DSA_do_sign, DSA_sign_setup, DSA_verify and DSA_do_verify
+
+See L</Deprecated low-level signing functions>.
+
+=item ECDH_compute_key
+
+See L</Deprecated low-level key exchange functions>.
+
+=item ECDH_KDF_X9_62
+
+Applications may either set this using the helper function
+L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an B<OSSL_PARAM> using the
+"kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
+
+=item ECDSA_sign, ECDSA_sign_ex, ECDSA_sign_setup, ECDSA_do_sign, ECDSA_do_sign_ex,
+ECDSA_verify and ECDSA_do_verify
+
+See L</Deprecated low-level signing functions>.
+
+=item ECDSA_size
+
+Applications should use L<EVP_PKEY_size(3)>.
+
+=item EC_GF2m_simple_method, EC_GFp_mont_method, EC_GFp_nist_method,
+EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method and
+EC_GFp_simple_method
+
+There are no replacements for these functions. Applications should rely on the
+library automatically assigning a suitable method internally when an EC_GROUP
+is constructed.
+
+=item EC_GROUP_clear_free
+
+Use L<EC_GROUP_free(3)> instead.
+
+=item EC_GROUP_get_curve_GF2m, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m
+and EC_GROUP_set_curve_GFp
+
+Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>.
+
+=item EC_GROUP_have_precompute_mult, EC_GROUP_precompute_mult and EC_KEY_precompute_mult
+
+These functions are not widely used. Applications should instead switch to
+named curves which OpenSSL has hardcoded lookup tables for.
+
+=item EC_GROUP_new, EC_GROUP_method_of, EC_POINT_method_of
+
+EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
+internally without application intervention.
+Users of EC_GROUP_new() should switch to a different suitable constructor.
+
+=item EC_KEY_can_sign
+
+Applications should use L<EVP_PKEY_can_sign(3)> instead.
+
+=item EC_KEY_check_key
+
+See L</Deprecated low-level validation functions>
+
+=item EC_KEY_set_flags, EC_KEY_get_flags and EC_KEY_clear_flags
+
+See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
+parameters for B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>,
+B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>, B<OSSL_PKEY_PARAM_EC_ENCODING>,
+B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and 
+B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>.
+See also L<EVP_PKEY-EC(7)/EXAMPLES>
+
+=item EC_KEY_dup, EC_KEY_copy
+
+There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
+and L<EVP_PKEY_dup(3)> instead.
+
+=item EC_KEY_decoded_from_explicit_params
+
+There is no replacement.
+
+=item EC_KEY_generate_key
+
+See L</Deprecated low-level key generation functions>.
+
+=item EC_KEY_get0_group, EC_KEY_get0_private_key, EC_KEY_get0_public_key,
+EC_KEY_get_conv_form and EC_KEY_get_enc_flags
+
+See L</Deprecated low-level key parameter getters>.
+
+=item EC_KEY_get0_engine, EC_KEY_get_default_method, EC_KEY_get_method,
+EC_KEY_new_method, EC_KEY_get_ex_data, EC_KEY_OpenSSL, EC_KEY_set_ex_data,
+EC_KEY_set_default_method, EC_KEY_METHOD_*, EC_KEY_set_method
+
+See L</Providers are a replacement for engines and low-level method overrides>
+
+=item EC_METHOD_get_field_type
+
+Use L<EC_GROUP_get_field_type(3)> instead.
+See L</Providers are a replacement for engines and low-level method overrides>
+
+=item EC_KEY_key2buf, EC_KEY_oct2key, EC_KEY_oct2priv, EC_KEY_priv2buf and EC_KEY_priv2oct
+
+There are no replacements for these.
+
+=item EC_KEY_new, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_up_ref
+
+See L</Deprecated low-level object creation>
+
+=item EC_KEY_print, EC_KEY_print_fp
+
+See L</Deprecated low-level key printing functions>
+
+=item EC_KEY_set_asn1_flag, EC_KEY_set_conv_form, EC_KEY_set_enc_flags
+
+See L</Deprecated low-level key parameter setters>.
+
+=item EC_KEY_set_group, EC_KEY_set_private_key, EC_KEY_set_public_key, EC_KEY_set_public_key_affine_coordinates
+
+See L</Deprecated low-level key parameter setters>.
+
+=item ECParameters_print, ECParameters_print_fp, ECPKParameters_print and
+ECPKParameters_print_fp
+
+See L</Deprecated low-level key printing functions>
+
+=item EC_POINT_bn2point and EC_POINT_point2bn
+
+These functions were not particularly useful, since EC point serialization
+formats are not individual big-endian integers.
+
+=item EC_POINT_get_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GFp,
+EC_POINT_set_affine_coordinates_GF2m and EC_POINT_set_affine_coordinates_GFp
+
+Applications should use L<EC_POINT_get_affine_coordinates(3)> and
+L<EC_POINT_set_affine_coordinates(3)> instead.
+
+=item EC_POINT_get_Jprojective_coordinates_GFp and EC_POINT_set_Jprojective_coordinates_GFp
+
+These functions are not widely used. Applications should instead use the
+L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)>
+functions.
+
+=item EC_POINT_make_affine and EC_POINTs_make_affine
+
+There is no replacement. These functions were not widely used, and OpenSSL
+automatically performs this conversion when needed.
+
+=item EC_POINT_set_compressed_coordinates_GF2m and EC_POINT_set_compressed_coordinates_GFp
+
+Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead.
+
+=item EC_POINTs_mul
+
+This function is not widely used. Applications should instead use the
+L<EC_POINT_mul(3)> function.
+
+=item ENGINE_*
+
+All engine functions are deprecated. An engine should be rewritten as a provider.
+See L</Providers are a replacement for engines and low-level method overrides>.
+
+=item ERR_load_*, ERR_func_error_string, ERR_get_error_line,
+ERR_get_error_line_data and ERR_get_state
+
+OpenSSL now loads error strings automatically so these functions are not needed.
+
+=item ERR_peek_error_line_data and ERR_peek_last_error_line_data
+
+The new functions are L<ERR_peek_error_func(3)>, L<ERR_peek_last_error_func(3)>,
+L<ERR_peek_error_data(3)>, L<ERR_peek_last_error_data(3)>, L<ERR_get_error_all(3)>,
+L<ERR_peek_error_all(3)> and L<ERR_peek_last_error_all(3)>.
+Applications should use L<ERR_get_error_all(3)>, or pick information
+with ERR_peek functions and finish off with getting the error code by using
+L<ERR_get_error(3)>.
+
+=item EVP_CIPHER_CTX_iv, EVP_CIPHER_CTX_iv_noconst and EVP_CIPHER_CTX_original_iv
+
+Applications should instead use L<EVP_CIPHER_CTX_get_updated_iv(3)>,
+L<EVP_CIPHER_CTX_get_updated_iv(3)> and L<EVP_CIPHER_CTX_get_original_iv(3)>
+respectively.
+See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information.
+
+=item EVP_CIPHER_meth_*, EVP_MD_CTX_set_update_fn, EVP_MD_CTX_update_fn, and EVP_MD_meth_*
+
+See L</Providers are a replacement for engines and low-level method overrides>.
+
+=item EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
+EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
+EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN.
+
+These control operations are not invoked by the OpenSSL library anymore and
+are replaced by direct checks of the key operation against the key type
+when the operation is initialized.
+
+=item EVP_PKEY_CTX_get0_dh_kdf_ukm and EVP_PKEY_CTX_get0_ecdh_kdf_ukm
+
+See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
+L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
+These functions are obsolete and should not be required.
+
+=item EVP_PKEY_CTX_set_rsa_keygen_pubexp
+
+Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead.
+
+=item EVP_PKEY_cmp and EVP_PKEY_cmp_parameters()
+
+Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead.
+See L<EVP_PKEY_copy_parameters(3)> for further details.
+
+=item EVP_PKEY_encrypt_old, EVP_PKEY_decrypt_old, 
+
+Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
+L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
+
+=item EVP_PKEY_get0
+
+This function returns NULL if the key comes from a provider.
+
+=item EVP_PKEY_get0_DH, EVP_PKEY_get0_DSA, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get0_RSA,
+EVP_PKEY_get1_DH, EVP_PKEY_get1_DSA, EVP_PKEY_get1_EC_KEY and EVP_PKEY_get1_RSA,
+EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305 and EVP_PKEY_get0_siphash
+
+See L</Functions that return an internal key should be treated as read only>.
+
+=item EVP_PKEY_meth_*
+
+See L</Providers are a replacement for engines and low-level method overrides>.
+
+=item EVP_PKEY_new_CMAC_key
+
+See L</Deprecated low-level MAC functions>.
+
+=item EVP_PKEY_assign, EVP_PKEY_set1_DH, EVP_PKEY_set1_DSA, EVP_PKEY_set1_EC_KEY and EVP_PKEY_set1_RSA
+
+See L</Deprecated low-level key object getters and setters>
+
+=item EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint().
+
+These functions were previously used by libssl to set or get an encoded public
+key into/from an EVP_PKEY object. With OpenSSL 3.0 these are replaced by the more
+generic functions L<EVP_PKEY_set1_encoded_public_key(3)> and
+L<EVP_PKEY_get1_encoded_public_key(3)>.
+The old versions have been converted to deprecated macros that just call the
+new functions.
+
+=item EVP_PKEY_set1_engine and EVP_PKEY_get0_engine
+
+See L</Providers are a replacement for engines and low-level method overrides>.
+
+=item EVP_PKEY_set_alias_type
+
+This function has been removed. There is no replacement.
+See L</EVP_PKEY_set_alias_type() method has been removed>
+
+=item HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_size
+
+See L</Deprecated low-level MAC functions>.
+
+=item HMAC_CTX_new, HMAC_CTX_free, HMAC_CTX_copy, HMAC_CTX_reset,
+HMAC_CTX_set_flags and HMAC_CTX_get_md
+
+See L</Deprecated low-level MAC functions>.
+
+=item i2d_DHparams, i2d_DHxparams
+
+See L</Deprecated low-level key reading and writing functions>
+and L<d2i_RSAPrivateKey(3)/Migration> 
+
+=item i2d_DSAparams, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio,
+i2d_DSAPrivateKey_fp, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp and
+i2d_DSAPublicKey
+
+See L</Deprecated low-level key reading and writing functions>
+and L<d2i_RSAPrivateKey(3)/Migration> 
+
+=item i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio,
+i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp and
+i2o_ECPublicKey.
+
+See L</Deprecated low-level key reading and writing functions>
+and L<d2i_RSAPrivateKey(3)/Migration> 
+
+=item i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp.
+i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_RSAPublicKey
+i2d_RSAPublicKey_bio and i2d_RSAPublicKey_fp
+
+See L</Deprecated low-level key reading and writing functions>
+and L<d2i_RSAPrivateKey(3)/Migration> 
+
+=item IDEA_encrypt, IDEA_set_decrypt_key, IDEA_set_encrypt_key,
+IDEA_cbc_encrypt, IDEA_cfb64_encrypt, IDEA_ecb_encrypt and IDEA_ofb64_encrypt
+
+See L</Deprecated low-level encryption functions>.
+IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item IDEA_options
+
+There is no replacement. This function returned a constant string.
+
+=item MD2, MD2_Init, MD2_Update and MD2_Final
+
+See L</Deprecated low-level encryption functions>.
+MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item MD2_options
+
+There is no replacement. This function returned a constant string.
+
+=item MD4, MD4_Init, MD4_Update, MD4_Final and MD4_Transform
+
+See L</Deprecated low-level encryption functions>.
+MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item MDC2, MDC2_Init, MDC2_Update and MDC2_Final
+
+See L</Deprecated low-level encryption functions>.
+MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item MD5, MD5_Init, MD5_Update, MD5_Final and MD5_Transform
+
+See L</Deprecated low-level encryption functions>.
+
+=item NCONF_WIN32
+
+This undocumented function has no replacement.
+See L<config(5)/HISTORY> for more details.
+
+=item OCSP_parse_url()
+
+Use L<OSSL_HTTP_parse_url(3)> instead.
+
+=item OCSP_REQ_CTX type and OCSP_REQ_CTX_*() methods.
+
+These methods were used to collect all necessary data to form a HTTP request,
+and to perform the HTTP transfer with that request.  With OpenSSL 3.0, the
+type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
+with OSSL_HTTP_REQ_CTX_*(). See L<OSSL_HTTP_REQ_CTX(3)> for additional details.
+
+=item OPENSSL_fork_child, OPENSSL_fork_parent and OPENSSL_fork_prepare
+
+There is no replacement for these functions. These pthread fork support methods
+were unused by OpenSSL.
+
+=item OSSL_STORE_ctrl, OSSL_STORE_do_all_loaders, OSSL_STORE_LOADER_get0_engine,
+OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_new,
+OSSL_STORE_LOADER_set_attach, OSSL_STORE_LOADER_set_close,
+OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_eof
+OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_expect,
+OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load,
+OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_open_ex,
+OSSL_STORE_register_loader, OSSL_STORE_unregister_loader and OSSL_STORE_vctrl
+
+These functions helped applications and engines create loaders for
+schemes they supported.  These are all deprecated and discouraged in favour of
+provider implementations, see L<provider-storemgmt(7)>.
+
+=item PEM_read_DHparams, PEM_read_bio_DHparams,
+PEM_read_DSAparams, PEM_read_bio_DSAparams,
+PEM_read_DSAPrivateKey, PEM_read_DSA_PUBKEY,
+PEM_read_bio_DSAPrivateKey and PEM_read_bio_DSA_PUBKEY,
+PEM_read_ECPKParameters, PEM_read_ECPrivateKey, PEM_read_EC_PUBKEY,
+PEM_read_bio_ECPKParameters, PEM_read_bio_ECPrivateKey, PEM_read_bio_EC_PUBKEY,
+PEM_read_RSAPrivateKey, PEM_read_RSA_PUBKEY, PEM_read_RSAPublicKey,
+PEM_read_bio_RSAPrivateKey, PEM_read_bio_RSA_PUBKEY, PEM_read_bio_RSAPublicKey,
+PEM_write_bio_DHparams, PEM_write_bio_DHxparams, PEM_write_DHparams, PEM_write_DHxparams,
+PEM_write_DSAparams, PEM_write_DSAPrivateKey, PEM_write_DSA_PUBKEY,
+PEM_write_bio_DSAparams, PEM_write_bio_DSAPrivateKey, PEM_write_bio_DSA_PUBKEY,
+PEM_write_ECPKParameters, PEM_write_ECPrivateKey, PEM_write_EC_PUBKEY,
+PEM_write_bio_ECPKParameters, PEM_write_bio_ECPrivateKey, PEM_write_bio_EC_PUBKEY,
+PEM_write_RSAPrivateKey, PEM_write_RSA_PUBKEY, PEM_write_RSAPublicKey,
+PEM_write_bio_RSAPrivateKey, PEM_write_bio_RSA_PUBKEY and PEM_write_bio_RSAPublicKey.
+
+See L</Deprecated low-level key reading and writing functions>
+
+=item PKCS1_MGF1
+
+See L</Deprecated low-level encryption functions>.
+
+=item RAND_get_rand_method, RAND_set_rand_method, RAND_OpenSSL and RAND_set_rand_engine
+
+Applications should instead use L<RAND_set_DRBG_type(3)>,
+L<EVP_RAND(3)> and L<EVP_RAND(7)>.
+See L<RAND_set_rand_method(3)> for more details.
+
+=item RC2_encrypt, RC2_decrypt, RC2_set_key, RC2_cbc_encrypt, RC2_cfb64_encrypt,
+RC2_ecb_encrypt, RC2_ofb64_encrypt,
+RC4, RC4_set_key, RC4_options,
+RC5_32_encrypt, RC5_32_set_key, RC5_32_decrypt, RC5_32_cbc_encrypt,
+RC5_32_cfb64_encrypt, RC5_32_ecb_encrypt and RC5_32_ofb64_encrypt
+
+See L</Deprecated low-level encryption functions>.
+The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final and RIPEMD160_Transform
+
+See L</Deprecated low-level digest functions>.
+The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item RSA_bits, RSA_security_bits and RSA_size
+
+Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+
+=item RSA_check_key and RSA_check_key_ex
+
+See L</Deprecated low-level validation functions>
+
+=item RSA_clear_flags, RSA_flags, RSA_set_flags, RSA_test_flags,
+RSA_setup_blinding, RSA_blinding_off and RSA_blinding_on
+
+All of these RSA flags have been deprecated without replacement:
+
+RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC,
+RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and
+RSA_METHOD_FLAG_NO_CHECK.
+
+=item RSA_generate_key_ex, RSA_generate_multi_prime_key
+
+See L</Deprecated low-level key generation functions>.
+
+=item RSA_get0_engine
+
+See L</Providers are a replacement for engines and low-level method overrides>
+
+=item RSA_get0_crt_params, RSA_get0_d, RSA_get0_dmp1, RSA_get0_dmq1,
+RSA_get0_e, RSA_get0_factors, RSA_get0_iqmp, RSA_get0_key,
+RSA_get0_multi_prime_crt_params, RSA_get0_multi_prime_factors, RSA_get0_n,
+RSA_get0_p, RSA_get0_pss_params, RSA_get0_q and RSA_get_multi_prime_extra_count.
+
+See L</Deprecated low-level key parameter getters>
+
+=item RSA_new, RSA_free and RSA_up_ref
+
+See L</Deprecated low-level object creation>.
+
+=item RSA_get_default_method, RSA_get_ex_data and RSA_get_method
+
+See L</Providers are a replacement for engines and low-level method overrides>.
+
+=item RSA_get_version
+
+There is no replacement.
+
+=item RSA_meth_*, RSA_new_method, RSA_null_method and RSA_PKCS1_OpenSSL
+
+See L</Providers are a replacement for engines and low-level method overrides>.
+
+=item RSA_padding_add_* and RSA_padding_check_*
+
+See L</Deprecated low-level signing functions> and
+L</Deprecated low-level encryption functions>.
+
+=item RSA_print and RSA_print_fp
+
+See L</Deprecated low-level key printing functions>
+
+=item RSA_public_encrypt and RSA_private_decrypt
+
+See L</Deprecated low-level encryption functions>
+
+=item RSA_private_encrypt and RSA_public_decrypt
+
+This is equivalent to doing sign and verify operations (with a padding mode
+of none). See L</Deprecated low-level signing functions>.
+
+=item RSAPrivateKey_dup, RSAPublicKey_dup
+
+There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>.
+
+=item RSAPublicKey_it and RSAPrivateKey_it
+
+See L</Deprecated low-level key reading and writing functions>
+
+=item RSA_set0_crt_params, RSA_set0_factors, RSA_set0_key and RSA_set0_multi_prime_params
+
+See L</Deprecated low-level key parameter setters>.
+
+=item RSA_set_default_method, RSA_set_method, RSA_set_ex_data
+
+See L</Providers are a replacement for engines and low-level method overrides>
+
+=item RSA_sign, RSA_sign_ASN1_OCTET_STRING, RSA_verify, RSA_verify_ASN1_OCTET_STRING,
+RSA_verify_PKCS1_PSS and RSA_verify_PKCS1_PSS_mgf1
+
+See L</Deprecated low-level signing functions>.
+
+=item RSA_X931_derive_ex, RSA_X931_generate_key_ex and RSA_X931_hash_id.
+
+There are no replacements for these functions.
+X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
+See B<OSSL_SIGNATURE_PARAM_PAD_MODE>.
+
+=item SEED_encrypt, SEED_decrypt, SEED_set_key, SEED_cbc_encrypt,
+SEED_cfb128_encrypt, SEED_ecb_encrypt and SEED_ofb128_encrypt.
+
+See L</Deprecated low-level encryption functions>.
+The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
+SHA224_Init, SHA224_Update, SHA224_Final,
+SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform,
+SHA384_Init, SHA384_Update, SHA384_Final,
+SHA512_Init, SHA512_Update, SHA512_Final and SHA512_Transform
+
+See L</Deprecated low-level digest functions>.
+
+=item SRP_Calc_A, SRP_Calc_B, SRP_Calc_client_key, SRP_Calc_server_key,
+SRP_Calc_u, SRP_Calc_x, SRP_check_known_gN_param, SRP_create_verifier,
+SRP_create_verifier_BN, SRP_get_default_gN, SRP_user_pwd_free, SRP_user_pwd_new,
+SRP_user_pwd_set0_sv, SRP_user_pwd_set1_ids, SRP_user_pwd_set_gN,
+SRP_VBASE_add0_user, SRP_VBASE_free, SRP_VBASE_get1_by_user, SRP_VBASE_init,
+SRP_VBASE_new, SRP_Verify_A_mod_N, SRP_Verify_B_mod_N
+
+There are no replacements for the SRP functions.
+
+=item SSL_CTX_set_tmp_dh_callback, SSL_set_tmp_dh_callback,
+SSL_CTX_set_tmp_dh and SSL_set_tmp_dh.
+
+These are used to set the Diffie-Hellman (DH) parameters that are to be used by
+servers requiring ephemeral DH keys. Instead applications should consider using
+the built-in DH parameters that are available by calling L<SSL_CTX_set_dh_auto(3)>
+or L<SSL_set_dh_auto(3)>. If custom parameters are necessary then applications can
+use the alternative functions L<SSL_CTX_set0_tmp_dh_pkey(3)> and
+L<SSL_set0_tmp_dh_pkey(3)>. There is no direct replacement for the "callback"
+functions. The callback was originally useful in order to have different
+parameters for export and non-export ciphersuites. Export ciphersuites are no
+longer supported by OpenSSL. Use of the callback functions should be replaced
+by one of the other methods described above.
+
+=item SSL_CTX_set_tlsext_ticket_key_cb.
+
+Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead.
+
+=item WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final and WHIRLPOOL_BitUpdate
+
+See L</Deprecated low-level digest functions>.
+The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
+
+=item X509_certificate_type
+
+This was an undocumented function. Applications can use L<X509_get0_pubkey(3)>
+and L<X509_get0_signature(3)> instead.
+
+=item X509_http_nbio and X509_CRL_http_nbio
+
+Use L<X509_load_http(3)> and L<X509_CRL_load_http(3)> instead.
+
+=back
+
+=head2 Using the FIPS Module in applications
+
+See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
+
+=head2 OpenSSL command line application changes
+
+=head3 New applications
+
+L<'kdf'|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
+L<'mac'|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
+
+=head3 Added options
+
+'-provider_path' and '-provider' are available to all apps and can be used
+multiple times to load any providers, such as the 'legacy' provider or
+third party providers. If used then the 'default' provider would also need to be
+specified if required. The '-provider_path' must be specified before the
+'-provider' option. 
+
+The 'list' app has many new options. See L<openssl-list(1)> for more information.
+
+`-crl_lastupdate` and `-crl_nextupdate` used by 'ca' allows explicit setting of
+fields in the generated CRL.
+
+=head3 Removed options
+
+Interactive mode is not longer available.
+
+The `-crypt` option used by `passwd`.
+The '-c' option used by `x509`, `dhparam`, `dsaparam`, and `ecparam`.
+
+=head3 Other Changes
+
+The output of Command line applications may have minor changes.
+These are primarily changes in capitalisation and white space.  However, in some
+cases, there are additional differences.
+For example, the DH parameters output from `dhparam` now lists 'P', 'Q', 'G' and
+'pcounter' instead of 'prime', 'generator', 'subgroup order' and 'counter'
+respectively.
+
+The openssl commands that read keys, certificates, and CRLs now
+automatically detect the PEM or DER format of the input files so it is not
+necessary to explicitly specify the input format anymore. However if the
+input format option is used the specified format will be required.
+
+`speed` no longer uses low-level API calls.
+This implies some of the performance numbers might not be comparable with the
+previous releases due to higher overhead. This applies particularly to
+measuring performance on smaller data chunks.
+
+'dhparam', 'dsa', 'gendsa', 'dsaparam', 'genrsa' and 'rsa' have been
+modified to use PKEY APIs.
+'genrsa' and 'rsa' now write PKCS #8 keys by default.
+
+=head3 Default settings
+
+"SHA256" is now the default digest for TS query used by `ts`.
+
+=head3 Deprecated apps
+
+'rsautl' has been deprecated, use 'pkeyutl' instead.
+'dhparam', 'dsa', 'gendsa', 'dsaparam', 'genrsa', 'rsa', 'genrsa' and 'rsa' are
+now in maintenance mode and no new features will be added to them.
+
+=head2 TLS Changes
+
+=over 4
+
+=item TLS 1.3 FFDHE key exchange support added
+
+This uses DH safe prime named groups.
+
+=item Support for fully "pluggable" TLSv1.3 groups.
+
+This means that providers may supply their own group implementations (using
+either the "key exchange" or the "key encapsulation" methods) which will
+automatically be detected and used by libssl.
+
+=item SSL and SSL_CTX options are now 64 bit instead of 32 bit.
+
+The signatures of the functions to get and set options on SSL and
+SSL_CTX objects changed from "unsigned long" to "uint64_t" type.
+
+This may require source code changes.
+
+See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>,
+L<SSL_get_options(3)> and L<SSL_set_options(3)>.
+
+=item SSL_set1_host() and SSL_add1_host() Changes
+
+These functions now take IP literal addresses as well as actual hostnames.
+
+=item Added SSL option SSL_OP_CLEANSE_PLAINTEXT
+
+If the option is set, openssl cleanses (zeroizes) plaintext bytes from
+internal buffers after delivering them to the application. Note,
+the application is still responsible for cleansing other copies
+(e.g.: data received by L<SSL_read(3)>).
+
+=item Client-initiated renegotiation is disabled by default.
+
+To allow it, use the '-client_renegotiation' option,
+the B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION> flag, or the "ClientRenegotiation"
+config parameter as appropriate.
+
+=item Secure renegotiation is now required by default for TLS connections
+
+Support for RFC 5746 secure renegotiation is now required by default for
+SSL or TLS connections to succeed.  Applications that require the ability
+to connect to legacy peers will need to explicitly set
+SSL_OP_LEGACY_SERVER_CONNECT.  Accordingly, SSL_OP_LEGACY_SERVER_CONNECT
+is no longer set as part of SSL_OP_ALL.
+
+=item Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
+
+Typically if OpenSSL has no EC or DH algorithms then it cannot support
+connections with TLSv1.3. However OpenSSL now supports "pluggable" groups
+through providers. Therefore third party providers may supply group
+implementations even where there are no built-in ones. Attempting to create
+TLS connections in such a build without also disabling TLSv1.3 at run time or
+using third party provider groups may result in handshake failures. TLSv1.3
+can be disabled at compile time using the "no-tls1_3" Configure option.
+
+=item SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() changes.
+
+The methods now ignore unknown ciphers.
+
+=item Security callback change.
+
+The security callback, which can be customised by application code, supports
+the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+in the "other" parameter. In most places this is what is passed. All these
+places occur server side. However there was one client side call of this
+security operation and it passed a DH object instead. This is incorrect
+according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+of the other locations. Therefore this client side call has been changed to
+pass an EVP_PKEY instead.
+
+=item New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF
+
+The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option
+is set, an unexpected EOF is ignored, it pretends a close notify was received
+instead and so the returned error becomes SSL_ERROR_ZERO_RETURN.
+
+=item The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
+
+This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
+working at the default security level of 1 and instead requires security
+level 0. The security level can be changed either using the cipher string
+with `@SECLEVEL`, or calling L<SSL_CTX_set_security_level(3)>. This also means
+that where the signature algorithms extension is missing from a ClientHello
+then the handshake will fail in TLS 1.2 at security level 1. This is because,
+although this extension is optional, failing to provide one means that
+OpenSSL will fallback to a default set of signature algorithms. This default
+set requires the availability of SHA1.
+
+=item X509 certificates signed using SHA1 are no longer allowed at security level 1 and above.
+
+In TLS/SSL the default security level is 1. It can be set either using the cipher
+string with `@SECLEVEL`, or calling L<SSL_CTX_set_security_level(3)>. If the
+leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
+will fail if the security level is not lowered first.
+Outside TLS/SSL, the default security level is -1 (effectively 0). It can
+be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the `-auth_level`
+options of the commands.
+
+=back
+
+=head1 SEE ALSO
+
+L<fips_module(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

From matt at openssl.org  Thu May 20 07:51:55 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 07:51:55 +0000
Subject: [openssl]  master update
Message-ID: <1621497115.972786.24419.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e3884ec5c37334e585e9208ce69d7e5b3cad4624 (commit)
      from  b7140b0604bdfaa034452d97648a9c23a97568e4 (commit)


- Log -----------------------------------------------------------------
commit e3884ec5c37334e585e9208ce69d7e5b3cad4624
Author: Pauli <pauli at openssl.org>
Date:   Thu May 20 13:51:59 2021 +1000

    Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"
    
    This reverts commit da51566b256e0c0536d5b986e676863b0526bf5e.
    
    Fixes #15321
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15364)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/asm/bsaes-armv8.S | 2338 ------------------------------------------
 crypto/aes/build.info        |    5 +-
 2 files changed, 2 insertions(+), 2341 deletions(-)
 delete mode 100644 crypto/aes/asm/bsaes-armv8.S

diff --git a/crypto/aes/asm/bsaes-armv8.S b/crypto/aes/asm/bsaes-armv8.S
deleted file mode 100644
index 9bd02d0c8a..0000000000
--- a/crypto/aes/asm/bsaes-armv8.S
+++ /dev/null
@@ -1,2338 +0,0 @@
-// Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
-//
-// Licensed under the OpenSSL license (the "License").  You may not use
-// this file except in compliance with the License.  You can obtain a copy
-// in the file LICENSE in the source distribution or at
-// https://www.openssl.org/source/license.html
-//
-// ====================================================================
-// Written by Ben Avison <bavison at riscosopen.org> for the OpenSSL
-// project. Rights for redistribution and usage in source and binary
-// forms are granted according to the OpenSSL license.
-// ====================================================================
-//
-// This implementation is a translation of bsaes-armv7 for AArch64.
-// No attempt has been made to carry across the build switches for
-// kernel targets, since the Linux kernel crypto support has moved on
-// from when it was based on OpenSSL.
-
-// A lot of hand-scheduling has been performed. Consequently, this code
-// doesn't factor out neatly into macros in the same way that the
-// AArch32 version did, and there is little to be gained by wrapping it
-// up in Perl, and it is presented as pure assembly.
-
-
-#include "crypto/arm_arch.h"
-
-.text
-
-.type   _bsaes_decrypt8,%function
-.align  4
-// On entry:
-//   x9 -> key (previously expanded using _bsaes_key_convert)
-//   x10 = number of rounds
-//   v0-v7 input data
-// On exit:
-//   x9-x11 corrupted
-//   other general-purpose registers preserved
-//   v0-v7 output data
-//   v11-v15 preserved
-//   other SIMD registers corrupted
-_bsaes_decrypt8:
-        ldr     q8, [x9], #16
-        adr     x11, .LM0ISR
-        movi    v9.16b, #0x55
-        ldr     q10, [x11], #16
-        movi    v16.16b, #0x33
-        movi    v17.16b, #0x0f
-        sub     x10, x10, #1
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v1.16b, v1.16b, v8.16b
-        eor     v2.16b, v2.16b, v8.16b
-        eor     v4.16b, v4.16b, v8.16b
-        eor     v3.16b, v3.16b, v8.16b
-        eor     v5.16b, v5.16b, v8.16b
-        tbl     v0.16b, {v0.16b}, v10.16b
-        tbl     v1.16b, {v1.16b}, v10.16b
-        tbl     v2.16b, {v2.16b}, v10.16b
-        tbl     v4.16b, {v4.16b}, v10.16b
-        eor     v6.16b, v6.16b, v8.16b
-        eor     v7.16b, v7.16b, v8.16b
-        tbl     v3.16b, {v3.16b}, v10.16b
-        tbl     v5.16b, {v5.16b}, v10.16b
-        tbl     v6.16b, {v6.16b}, v10.16b
-        ushr    v8.2d, v0.2d, #1
-        tbl     v7.16b, {v7.16b}, v10.16b
-        ushr    v10.2d, v4.2d, #1
-        ushr    v18.2d, v2.2d, #1
-        eor     v8.16b, v8.16b, v1.16b
-        ushr    v19.2d, v6.2d, #1
-        eor     v10.16b, v10.16b, v5.16b
-        eor     v18.16b, v18.16b, v3.16b
-        and     v8.16b, v8.16b, v9.16b
-        eor     v19.16b, v19.16b, v7.16b
-        and     v10.16b, v10.16b, v9.16b
-        and     v18.16b, v18.16b, v9.16b
-        eor     v1.16b, v1.16b, v8.16b
-        shl     v8.2d, v8.2d, #1
-        and     v9.16b, v19.16b, v9.16b
-        eor     v5.16b, v5.16b, v10.16b
-        shl     v10.2d, v10.2d, #1
-        eor     v3.16b, v3.16b, v18.16b
-        shl     v18.2d, v18.2d, #1
-        eor     v0.16b, v0.16b, v8.16b
-        shl     v8.2d, v9.2d, #1
-        eor     v7.16b, v7.16b, v9.16b
-        eor     v4.16b, v4.16b, v10.16b
-        eor     v2.16b, v2.16b, v18.16b
-        ushr    v9.2d, v1.2d, #2
-        eor     v6.16b, v6.16b, v8.16b
-        ushr    v8.2d, v0.2d, #2
-        ushr    v10.2d, v5.2d, #2
-        ushr    v18.2d, v4.2d, #2
-        eor     v9.16b, v9.16b, v3.16b
-        eor     v8.16b, v8.16b, v2.16b
-        eor     v10.16b, v10.16b, v7.16b
-        eor     v18.16b, v18.16b, v6.16b
-        and     v9.16b, v9.16b, v16.16b
-        and     v8.16b, v8.16b, v16.16b
-        and     v10.16b, v10.16b, v16.16b
-        and     v16.16b, v18.16b, v16.16b
-        eor     v3.16b, v3.16b, v9.16b
-        shl     v9.2d, v9.2d, #2
-        eor     v2.16b, v2.16b, v8.16b
-        shl     v8.2d, v8.2d, #2
-        eor     v7.16b, v7.16b, v10.16b
-        shl     v10.2d, v10.2d, #2
-        eor     v6.16b, v6.16b, v16.16b
-        shl     v16.2d, v16.2d, #2
-        eor     v1.16b, v1.16b, v9.16b
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v5.16b, v5.16b, v10.16b
-        eor     v4.16b, v4.16b, v16.16b
-        ushr    v8.2d, v3.2d, #4
-        ushr    v9.2d, v2.2d, #4
-        ushr    v10.2d, v1.2d, #4
-        ushr    v16.2d, v0.2d, #4
-        eor     v8.16b, v8.16b, v7.16b
-        eor     v9.16b, v9.16b, v6.16b
-        eor     v10.16b, v10.16b, v5.16b
-        eor     v16.16b, v16.16b, v4.16b
-        and     v8.16b, v8.16b, v17.16b
-        and     v9.16b, v9.16b, v17.16b
-        and     v10.16b, v10.16b, v17.16b
-        and     v16.16b, v16.16b, v17.16b
-        eor     v7.16b, v7.16b, v8.16b
-        shl     v8.2d, v8.2d, #4
-        eor     v6.16b, v6.16b, v9.16b
-        shl     v9.2d, v9.2d, #4
-        eor     v5.16b, v5.16b, v10.16b
-        shl     v10.2d, v10.2d, #4
-        eor     v4.16b, v4.16b, v16.16b
-        shl     v16.2d, v16.2d, #4
-        eor     v3.16b, v3.16b, v8.16b
-        eor     v2.16b, v2.16b, v9.16b
-        eor     v1.16b, v1.16b, v10.16b
-        eor     v0.16b, v0.16b, v16.16b
-        b       .Ldec_sbox
-.align  4
-.Ldec_loop:
-        ld1     {v16.16b, v17.16b, v18.16b, v19.16b}, [x9], #64
-        ldp     q8, q9, [x9], #32
-        eor     v0.16b, v16.16b, v0.16b
-        ldr     q10, [x9], #16
-        eor     v1.16b, v17.16b, v1.16b
-        ldr     q16, [x9], #16
-        eor     v2.16b, v18.16b, v2.16b
-        eor     v3.16b, v19.16b, v3.16b
-        eor     v4.16b, v8.16b, v4.16b
-        eor     v5.16b, v9.16b, v5.16b
-        eor     v6.16b, v10.16b, v6.16b
-        eor     v7.16b, v16.16b, v7.16b
-        tbl     v0.16b, {v0.16b}, v28.16b
-        tbl     v1.16b, {v1.16b}, v28.16b
-        tbl     v2.16b, {v2.16b}, v28.16b
-        tbl     v3.16b, {v3.16b}, v28.16b
-        tbl     v4.16b, {v4.16b}, v28.16b
-        tbl     v5.16b, {v5.16b}, v28.16b
-        tbl     v6.16b, {v6.16b}, v28.16b
-        tbl     v7.16b, {v7.16b}, v28.16b
-.Ldec_sbox:
-        eor     v1.16b, v1.16b, v4.16b
-        eor     v3.16b, v3.16b, v4.16b
-        subs    x10, x10, #1
-        eor     v4.16b, v4.16b, v7.16b
-        eor     v2.16b, v2.16b, v7.16b
-        eor     v1.16b, v1.16b, v6.16b
-        eor     v6.16b, v6.16b, v4.16b
-        eor     v2.16b, v2.16b, v5.16b
-        eor     v0.16b, v0.16b, v1.16b
-        eor     v7.16b, v7.16b, v6.16b
-        eor     v8.16b, v6.16b, v2.16b
-        and     v9.16b, v4.16b, v6.16b
-        eor     v10.16b, v2.16b, v6.16b
-        eor     v3.16b, v3.16b, v0.16b
-        eor     v5.16b, v5.16b, v0.16b
-        eor     v16.16b, v7.16b, v4.16b
-        eor     v17.16b, v4.16b, v0.16b
-        and     v18.16b, v0.16b, v2.16b
-        eor     v19.16b, v7.16b, v4.16b
-        eor     v1.16b, v1.16b, v3.16b
-        eor     v20.16b, v3.16b, v0.16b
-        eor     v21.16b, v5.16b, v2.16b
-        eor     v22.16b, v3.16b, v7.16b
-        and     v8.16b, v17.16b, v8.16b
-        orr     v17.16b, v3.16b, v5.16b
-        eor     v23.16b, v1.16b, v6.16b
-        eor     v24.16b, v20.16b, v16.16b
-        eor     v25.16b, v1.16b, v5.16b
-        orr     v26.16b, v20.16b, v21.16b
-        and     v20.16b, v20.16b, v21.16b
-        and     v27.16b, v7.16b, v1.16b
-        eor     v21.16b, v21.16b, v23.16b
-        orr     v28.16b, v16.16b, v23.16b
-        orr     v29.16b, v22.16b, v25.16b
-        eor     v26.16b, v26.16b, v8.16b
-        and     v16.16b, v16.16b, v23.16b
-        and     v22.16b, v22.16b, v25.16b
-        and     v21.16b, v24.16b, v21.16b
-        eor     v8.16b, v28.16b, v8.16b
-        eor     v23.16b, v5.16b, v2.16b
-        eor     v24.16b, v1.16b, v6.16b
-        eor     v16.16b, v16.16b, v22.16b
-        eor     v22.16b, v3.16b, v0.16b
-        eor     v25.16b, v29.16b, v21.16b
-        eor     v21.16b, v26.16b, v21.16b
-        eor     v8.16b, v8.16b, v20.16b
-        eor     v26.16b, v23.16b, v24.16b
-        eor     v16.16b, v16.16b, v20.16b
-        eor     v28.16b, v22.16b, v19.16b
-        eor     v20.16b, v25.16b, v20.16b
-        eor     v9.16b, v21.16b, v9.16b
-        eor     v8.16b, v8.16b, v18.16b
-        eor     v18.16b, v5.16b, v1.16b
-        eor     v21.16b, v16.16b, v17.16b
-        eor     v16.16b, v16.16b, v17.16b
-        eor     v17.16b, v20.16b, v27.16b
-        eor     v20.16b, v3.16b, v7.16b
-        eor     v25.16b, v9.16b, v8.16b
-        eor     v27.16b, v0.16b, v4.16b
-        and     v29.16b, v9.16b, v17.16b
-        eor     v30.16b, v8.16b, v29.16b
-        eor     v31.16b, v21.16b, v29.16b
-        eor     v29.16b, v21.16b, v29.16b
-        bsl     v30.16b, v17.16b, v21.16b
-        bsl     v31.16b, v9.16b, v8.16b
-        bsl     v16.16b, v30.16b, v29.16b
-        bsl     v21.16b, v29.16b, v30.16b
-        eor     v8.16b, v31.16b, v30.16b
-        and     v1.16b, v1.16b, v31.16b
-        and     v9.16b, v16.16b, v31.16b
-        and     v6.16b, v6.16b, v30.16b
-        eor     v16.16b, v17.16b, v21.16b
-        and     v4.16b, v4.16b, v30.16b
-        eor     v17.16b, v8.16b, v30.16b
-        and     v21.16b, v24.16b, v8.16b
-        eor     v9.16b, v9.16b, v25.16b
-        and     v19.16b, v19.16b, v8.16b
-        eor     v24.16b, v30.16b, v16.16b
-        eor     v25.16b, v30.16b, v16.16b
-        and     v7.16b, v7.16b, v17.16b
-        and     v10.16b, v10.16b, v16.16b
-        eor     v29.16b, v9.16b, v16.16b
-        eor     v30.16b, v31.16b, v9.16b
-        and     v0.16b, v24.16b, v0.16b
-        and     v9.16b, v18.16b, v9.16b
-        and     v2.16b, v25.16b, v2.16b
-        eor     v10.16b, v10.16b, v6.16b
-        eor     v18.16b, v29.16b, v16.16b
-        and     v5.16b, v30.16b, v5.16b
-        eor     v24.16b, v8.16b, v29.16b
-        and     v25.16b, v26.16b, v29.16b
-        and     v26.16b, v28.16b, v29.16b
-        eor     v8.16b, v8.16b, v29.16b
-        eor     v17.16b, v17.16b, v18.16b
-        eor     v5.16b, v1.16b, v5.16b
-        and     v23.16b, v24.16b, v23.16b
-        eor     v21.16b, v21.16b, v25.16b
-        eor     v19.16b, v19.16b, v26.16b
-        eor     v0.16b, v4.16b, v0.16b
-        and     v3.16b, v17.16b, v3.16b
-        eor     v1.16b, v9.16b, v1.16b
-        eor     v9.16b, v25.16b, v23.16b
-        eor     v5.16b, v5.16b, v21.16b
-        eor     v2.16b, v6.16b, v2.16b
-        and     v6.16b, v8.16b, v22.16b
-        eor     v3.16b, v7.16b, v3.16b
-        and     v8.16b, v20.16b, v18.16b
-        eor     v10.16b, v10.16b, v9.16b
-        eor     v0.16b, v0.16b, v19.16b
-        eor     v9.16b, v1.16b, v9.16b
-        eor     v1.16b, v2.16b, v21.16b
-        eor     v3.16b, v3.16b, v19.16b
-        and     v16.16b, v27.16b, v16.16b
-        eor     v17.16b, v26.16b, v6.16b
-        eor     v6.16b, v8.16b, v7.16b
-        eor     v7.16b, v1.16b, v9.16b
-        eor     v1.16b, v5.16b, v3.16b
-        eor     v2.16b, v10.16b, v3.16b
-        eor     v4.16b, v16.16b, v4.16b
-        eor     v8.16b, v6.16b, v17.16b
-        eor     v5.16b, v9.16b, v3.16b
-        eor     v9.16b, v0.16b, v1.16b
-        eor     v6.16b, v7.16b, v1.16b
-        eor     v0.16b, v4.16b, v17.16b
-        eor     v4.16b, v8.16b, v7.16b
-        eor     v7.16b, v9.16b, v2.16b
-        eor     v8.16b, v3.16b, v0.16b
-        eor     v7.16b, v7.16b, v5.16b
-        eor     v3.16b, v4.16b, v7.16b
-        eor     v4.16b, v7.16b, v0.16b
-        eor     v7.16b, v8.16b, v3.16b
-        bcc     .Ldec_done
-        ext     v8.16b, v0.16b, v0.16b, #8
-        ext     v9.16b, v1.16b, v1.16b, #8
-        ldr     q28, [x11]                  // load from .LISR in common case (x10 > 0)
-        ext     v10.16b, v6.16b, v6.16b, #8
-        ext     v16.16b, v3.16b, v3.16b, #8
-        ext     v17.16b, v5.16b, v5.16b, #8
-        ext     v18.16b, v4.16b, v4.16b, #8
-        eor     v8.16b, v8.16b, v0.16b
-        eor     v9.16b, v9.16b, v1.16b
-        eor     v10.16b, v10.16b, v6.16b
-        eor     v16.16b, v16.16b, v3.16b
-        eor     v17.16b, v17.16b, v5.16b
-        ext     v19.16b, v2.16b, v2.16b, #8
-        ext     v20.16b, v7.16b, v7.16b, #8
-        eor     v18.16b, v18.16b, v4.16b
-        eor     v6.16b, v6.16b, v8.16b
-        eor     v8.16b, v2.16b, v10.16b
-        eor     v4.16b, v4.16b, v9.16b
-        eor     v2.16b, v19.16b, v2.16b
-        eor     v9.16b, v20.16b, v7.16b
-        eor     v0.16b, v0.16b, v16.16b
-        eor     v1.16b, v1.16b, v16.16b
-        eor     v6.16b, v6.16b, v17.16b
-        eor     v8.16b, v8.16b, v16.16b
-        eor     v7.16b, v7.16b, v18.16b
-        eor     v4.16b, v4.16b, v16.16b
-        eor     v2.16b, v3.16b, v2.16b
-        eor     v1.16b, v1.16b, v17.16b
-        eor     v3.16b, v5.16b, v9.16b
-        eor     v5.16b, v8.16b, v17.16b
-        eor     v7.16b, v7.16b, v17.16b
-        ext     v8.16b, v0.16b, v0.16b, #12
-        ext     v9.16b, v6.16b, v6.16b, #12
-        ext     v10.16b, v4.16b, v4.16b, #12
-        ext     v16.16b, v1.16b, v1.16b, #12
-        ext     v17.16b, v5.16b, v5.16b, #12
-        ext     v18.16b, v7.16b, v7.16b, #12
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v6.16b, v6.16b, v9.16b
-        eor     v4.16b, v4.16b, v10.16b
-        ext     v19.16b, v2.16b, v2.16b, #12
-        ext     v20.16b, v3.16b, v3.16b, #12
-        eor     v1.16b, v1.16b, v16.16b
-        eor     v5.16b, v5.16b, v17.16b
-        eor     v7.16b, v7.16b, v18.16b
-        eor     v2.16b, v2.16b, v19.16b
-        eor     v16.16b, v16.16b, v0.16b
-        eor     v3.16b, v3.16b, v20.16b
-        eor     v17.16b, v17.16b, v4.16b
-        eor     v10.16b, v10.16b, v6.16b
-        ext     v0.16b, v0.16b, v0.16b, #8
-        eor     v9.16b, v9.16b, v1.16b
-        ext     v1.16b, v1.16b, v1.16b, #8
-        eor     v8.16b, v8.16b, v3.16b
-        eor     v16.16b, v16.16b, v3.16b
-        eor     v18.16b, v18.16b, v5.16b
-        eor     v19.16b, v19.16b, v7.16b
-        ext     v21.16b, v5.16b, v5.16b, #8
-        ext     v5.16b, v7.16b, v7.16b, #8
-        eor     v7.16b, v20.16b, v2.16b
-        ext     v4.16b, v4.16b, v4.16b, #8
-        ext     v20.16b, v3.16b, v3.16b, #8
-        eor     v17.16b, v17.16b, v3.16b
-        ext     v2.16b, v2.16b, v2.16b, #8
-        eor     v3.16b, v10.16b, v3.16b
-        ext     v10.16b, v6.16b, v6.16b, #8
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v1.16b, v1.16b, v16.16b
-        eor     v5.16b, v5.16b, v18.16b
-        eor     v3.16b, v3.16b, v4.16b
-        eor     v7.16b, v20.16b, v7.16b
-        eor     v6.16b, v2.16b, v19.16b
-        eor     v4.16b, v21.16b, v17.16b
-        eor     v2.16b, v10.16b, v9.16b
-        bne     .Ldec_loop
-        ldr     q28, [x11, #16]!            // load from .LISRM0 on last round (x10 == 0)
-        b       .Ldec_loop
-.align  4
-.Ldec_done:
-        ushr    v8.2d, v0.2d, #1
-        movi    v9.16b, #0x55
-        ldr     q10, [x9]
-        ushr    v16.2d, v2.2d, #1
-        movi    v17.16b, #0x33
-        ushr    v18.2d, v6.2d, #1
-        movi    v19.16b, #0x0f
-        eor     v8.16b, v8.16b, v1.16b
-        ushr    v20.2d, v3.2d, #1
-        eor     v16.16b, v16.16b, v7.16b
-        eor     v18.16b, v18.16b, v4.16b
-        and     v8.16b, v8.16b, v9.16b
-        eor     v20.16b, v20.16b, v5.16b
-        and     v16.16b, v16.16b, v9.16b
-        and     v18.16b, v18.16b, v9.16b
-        shl     v21.2d, v8.2d, #1
-        eor     v1.16b, v1.16b, v8.16b
-        and     v8.16b, v20.16b, v9.16b
-        eor     v7.16b, v7.16b, v16.16b
-        shl     v9.2d, v16.2d, #1
-        eor     v4.16b, v4.16b, v18.16b
-        shl     v16.2d, v18.2d, #1
-        eor     v0.16b, v0.16b, v21.16b
-        shl     v18.2d, v8.2d, #1
-        eor     v5.16b, v5.16b, v8.16b
-        eor     v2.16b, v2.16b, v9.16b
-        eor     v6.16b, v6.16b, v16.16b
-        ushr    v8.2d, v1.2d, #2
-        eor     v3.16b, v3.16b, v18.16b
-        ushr    v9.2d, v0.2d, #2
-        ushr    v16.2d, v7.2d, #2
-        ushr    v18.2d, v2.2d, #2
-        eor     v8.16b, v8.16b, v4.16b
-        eor     v9.16b, v9.16b, v6.16b
-        eor     v16.16b, v16.16b, v5.16b
-        eor     v18.16b, v18.16b, v3.16b
-        and     v8.16b, v8.16b, v17.16b
-        and     v9.16b, v9.16b, v17.16b
-        and     v16.16b, v16.16b, v17.16b
-        and     v17.16b, v18.16b, v17.16b
-        eor     v4.16b, v4.16b, v8.16b
-        shl     v8.2d, v8.2d, #2
-        eor     v6.16b, v6.16b, v9.16b
-        shl     v9.2d, v9.2d, #2
-        eor     v5.16b, v5.16b, v16.16b
-        shl     v16.2d, v16.2d, #2
-        eor     v3.16b, v3.16b, v17.16b
-        shl     v17.2d, v17.2d, #2
-        eor     v1.16b, v1.16b, v8.16b
-        eor     v0.16b, v0.16b, v9.16b
-        eor     v7.16b, v7.16b, v16.16b
-        eor     v2.16b, v2.16b, v17.16b
-        ushr    v8.2d, v4.2d, #4
-        ushr    v9.2d, v6.2d, #4
-        ushr    v16.2d, v1.2d, #4
-        ushr    v17.2d, v0.2d, #4
-        eor     v8.16b, v8.16b, v5.16b
-        eor     v9.16b, v9.16b, v3.16b
-        eor     v16.16b, v16.16b, v7.16b
-        eor     v17.16b, v17.16b, v2.16b
-        and     v8.16b, v8.16b, v19.16b
-        and     v9.16b, v9.16b, v19.16b
-        and     v16.16b, v16.16b, v19.16b
-        and     v17.16b, v17.16b, v19.16b
-        eor     v5.16b, v5.16b, v8.16b
-        shl     v8.2d, v8.2d, #4
-        eor     v3.16b, v3.16b, v9.16b
-        shl     v9.2d, v9.2d, #4
-        eor     v7.16b, v7.16b, v16.16b
-        shl     v16.2d, v16.2d, #4
-        eor     v2.16b, v2.16b, v17.16b
-        shl     v17.2d, v17.2d, #4
-        eor     v4.16b, v4.16b, v8.16b
-        eor     v6.16b, v6.16b, v9.16b
-        eor     v7.16b, v7.16b, v10.16b
-        eor     v1.16b, v1.16b, v16.16b
-        eor     v2.16b, v2.16b, v10.16b
-        eor     v0.16b, v0.16b, v17.16b
-        eor     v4.16b, v4.16b, v10.16b
-        eor     v6.16b, v6.16b, v10.16b
-        eor     v3.16b, v3.16b, v10.16b
-        eor     v5.16b, v5.16b, v10.16b
-        eor     v1.16b, v1.16b, v10.16b
-        eor     v0.16b, v0.16b, v10.16b
-        ret
-.size   _bsaes_decrypt8,.-_bsaes_decrypt8
-
-.type   _bsaes_const,%object
-.align  6
-_bsaes_const:
-// InvShiftRows constants
-// Used in _bsaes_decrypt8, which assumes contiguity
-// .LM0ISR used with round 0 key
-// .LISR   used with middle round keys
-// .LISRM0 used with final round key
-.LM0ISR:
-.quad   0x0a0e0206070b0f03, 0x0004080c0d010509
-.LISR:
-.quad   0x0504070602010003, 0x0f0e0d0c080b0a09
-.LISRM0:
-.quad   0x01040b0e0205080f, 0x0306090c00070a0d
-
-// ShiftRows constants
-// Used in _bsaes_encrypt8, which assumes contiguity
-// .LM0SR used with round 0 key
-// .LSR   used with middle round keys
-// .LSRM0 used with final round key
-.LM0SR:
-.quad   0x0a0e02060f03070b, 0x0004080c05090d01
-.LSR:
-.quad   0x0504070600030201, 0x0f0e0d0c0a09080b
-.LSRM0:
-.quad   0x0304090e00050a0f, 0x01060b0c0207080d
-
-.LM0_bigendian:
-.quad   0x02060a0e03070b0f, 0x0004080c0105090d
-.LM0_littleendian:
-.quad   0x0105090d0004080c, 0x03070b0f02060a0e
-
-// Used in bsaes_ctr32_encrypt_blocks, prior to dropping into
-// _bsaes_encrypt8_alt, for round 0 key in place of .LM0SR
-.LREVM0SR:
-.quad   0x090d01050c000408, 0x03070b0f060a0e02
-
-.align  6
-.size   _bsaes_const,.-_bsaes_const
-
-.type   _bsaes_encrypt8,%function
-.align  4
-// On entry:
-//   x9 -> key (previously expanded using _bsaes_key_convert)
-//   x10 = number of rounds
-//   v0-v7 input data
-// On exit:
-//   x9-x11 corrupted
-//   other general-purpose registers preserved
-//   v0-v7 output data
-//   v11-v15 preserved
-//   other SIMD registers corrupted
-_bsaes_encrypt8:
-        ldr     q8, [x9], #16
-        adr     x11, .LM0SR
-        ldr     q9, [x11], #16
-_bsaes_encrypt8_alt:
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v1.16b, v1.16b, v8.16b
-        sub     x10, x10, #1
-        eor     v2.16b, v2.16b, v8.16b
-        eor     v4.16b, v4.16b, v8.16b
-        eor     v3.16b, v3.16b, v8.16b
-        eor     v5.16b, v5.16b, v8.16b
-        tbl     v0.16b, {v0.16b}, v9.16b
-        tbl     v1.16b, {v1.16b}, v9.16b
-        tbl     v2.16b, {v2.16b}, v9.16b
-        tbl     v4.16b, {v4.16b}, v9.16b
-        eor     v6.16b, v6.16b, v8.16b
-        eor     v7.16b, v7.16b, v8.16b
-        tbl     v3.16b, {v3.16b}, v9.16b
-        tbl     v5.16b, {v5.16b}, v9.16b
-        tbl     v6.16b, {v6.16b}, v9.16b
-        ushr    v8.2d, v0.2d, #1
-        movi    v10.16b, #0x55
-        tbl     v7.16b, {v7.16b}, v9.16b
-        ushr    v9.2d, v4.2d, #1
-        movi    v16.16b, #0x33
-        ushr    v17.2d, v2.2d, #1
-        eor     v8.16b, v8.16b, v1.16b
-        movi    v18.16b, #0x0f
-        ushr    v19.2d, v6.2d, #1
-        eor     v9.16b, v9.16b, v5.16b
-        eor     v17.16b, v17.16b, v3.16b
-        and     v8.16b, v8.16b, v10.16b
-        eor     v19.16b, v19.16b, v7.16b
-        and     v9.16b, v9.16b, v10.16b
-        and     v17.16b, v17.16b, v10.16b
-        eor     v1.16b, v1.16b, v8.16b
-        shl     v8.2d, v8.2d, #1
-        and     v10.16b, v19.16b, v10.16b
-        eor     v5.16b, v5.16b, v9.16b
-        shl     v9.2d, v9.2d, #1
-        eor     v3.16b, v3.16b, v17.16b
-        shl     v17.2d, v17.2d, #1
-        eor     v0.16b, v0.16b, v8.16b
-        shl     v8.2d, v10.2d, #1
-        eor     v7.16b, v7.16b, v10.16b
-        eor     v4.16b, v4.16b, v9.16b
-        eor     v2.16b, v2.16b, v17.16b
-        ushr    v9.2d, v1.2d, #2
-        eor     v6.16b, v6.16b, v8.16b
-        ushr    v8.2d, v0.2d, #2
-        ushr    v10.2d, v5.2d, #2
-        ushr    v17.2d, v4.2d, #2
-        eor     v9.16b, v9.16b, v3.16b
-        eor     v8.16b, v8.16b, v2.16b
-        eor     v10.16b, v10.16b, v7.16b
-        eor     v17.16b, v17.16b, v6.16b
-        and     v9.16b, v9.16b, v16.16b
-        and     v8.16b, v8.16b, v16.16b
-        and     v10.16b, v10.16b, v16.16b
-        and     v16.16b, v17.16b, v16.16b
-        eor     v3.16b, v3.16b, v9.16b
-        shl     v9.2d, v9.2d, #2
-        eor     v2.16b, v2.16b, v8.16b
-        shl     v8.2d, v8.2d, #2
-        eor     v7.16b, v7.16b, v10.16b
-        shl     v10.2d, v10.2d, #2
-        eor     v6.16b, v6.16b, v16.16b
-        shl     v16.2d, v16.2d, #2
-        eor     v1.16b, v1.16b, v9.16b
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v5.16b, v5.16b, v10.16b
-        eor     v4.16b, v4.16b, v16.16b
-        ushr    v8.2d, v3.2d, #4
-        ushr    v9.2d, v2.2d, #4
-        ushr    v10.2d, v1.2d, #4
-        ushr    v16.2d, v0.2d, #4
-        eor     v8.16b, v8.16b, v7.16b
-        eor     v9.16b, v9.16b, v6.16b
-        eor     v10.16b, v10.16b, v5.16b
-        eor     v16.16b, v16.16b, v4.16b
-        and     v8.16b, v8.16b, v18.16b
-        and     v9.16b, v9.16b, v18.16b
-        and     v10.16b, v10.16b, v18.16b
-        and     v16.16b, v16.16b, v18.16b
-        eor     v7.16b, v7.16b, v8.16b
-        shl     v8.2d, v8.2d, #4
-        eor     v6.16b, v6.16b, v9.16b
-        shl     v9.2d, v9.2d, #4
-        eor     v5.16b, v5.16b, v10.16b
-        shl     v10.2d, v10.2d, #4
-        eor     v4.16b, v4.16b, v16.16b
-        shl     v16.2d, v16.2d, #4
-        eor     v3.16b, v3.16b, v8.16b
-        eor     v2.16b, v2.16b, v9.16b
-        eor     v1.16b, v1.16b, v10.16b
-        eor     v0.16b, v0.16b, v16.16b
-        b       .Lenc_sbox
-.align  4
-.Lenc_loop:
-        ld1     {v16.16b, v17.16b, v18.16b, v19.16b}, [x9], #64
-        ldp     q8, q9, [x9], #32
-        eor     v0.16b, v16.16b, v0.16b
-        ldr     q10, [x9], #16
-        eor     v1.16b, v17.16b, v1.16b
-        ldr     q16, [x9], #16
-        eor     v2.16b, v18.16b, v2.16b
-        eor     v3.16b, v19.16b, v3.16b
-        eor     v4.16b, v8.16b, v4.16b
-        eor     v5.16b, v9.16b, v5.16b
-        eor     v6.16b, v10.16b, v6.16b
-        eor     v7.16b, v16.16b, v7.16b
-        tbl     v0.16b, {v0.16b}, v28.16b
-        tbl     v1.16b, {v1.16b}, v28.16b
-        tbl     v2.16b, {v2.16b}, v28.16b
-        tbl     v3.16b, {v3.16b}, v28.16b
-        tbl     v4.16b, {v4.16b}, v28.16b
-        tbl     v5.16b, {v5.16b}, v28.16b
-        tbl     v6.16b, {v6.16b}, v28.16b
-        tbl     v7.16b, {v7.16b}, v28.16b
-.Lenc_sbox:
-        eor     v5.16b, v5.16b, v6.16b
-        eor     v3.16b, v3.16b, v0.16b
-        subs    x10, x10, #1
-        eor     v2.16b, v2.16b, v1.16b
-        eor     v5.16b, v5.16b, v0.16b
-        eor     v8.16b, v3.16b, v7.16b
-        eor     v6.16b, v6.16b, v2.16b
-        eor     v7.16b, v7.16b, v5.16b
-        eor     v8.16b, v8.16b, v4.16b
-        eor     v3.16b, v6.16b, v3.16b
-        eor     v4.16b, v4.16b, v5.16b
-        eor     v6.16b, v1.16b, v5.16b
-        eor     v2.16b, v2.16b, v7.16b
-        eor     v1.16b, v8.16b, v1.16b
-        eor     v8.16b, v7.16b, v4.16b
-        eor     v9.16b, v3.16b, v0.16b
-        eor     v10.16b, v7.16b, v6.16b
-        eor     v16.16b, v5.16b, v3.16b
-        eor     v17.16b, v6.16b, v2.16b
-        eor     v18.16b, v5.16b, v1.16b
-        eor     v19.16b, v2.16b, v4.16b
-        eor     v20.16b, v1.16b, v0.16b
-        orr     v21.16b, v8.16b, v9.16b
-        orr     v22.16b, v10.16b, v16.16b
-        eor     v23.16b, v8.16b, v17.16b
-        eor     v24.16b, v9.16b, v18.16b
-        and     v19.16b, v19.16b, v20.16b
-        orr     v20.16b, v17.16b, v18.16b
-        and     v8.16b, v8.16b, v9.16b
-        and     v9.16b, v17.16b, v18.16b
-        and     v17.16b, v23.16b, v24.16b
-        and     v10.16b, v10.16b, v16.16b
-        eor     v16.16b, v21.16b, v19.16b
-        eor     v18.16b, v20.16b, v19.16b
-        and     v19.16b, v2.16b, v1.16b
-        and     v20.16b, v6.16b, v5.16b
-        eor     v21.16b, v22.16b, v17.16b
-        eor     v9.16b, v9.16b, v10.16b
-        eor     v10.16b, v16.16b, v17.16b
-        eor     v16.16b, v18.16b, v8.16b
-        and     v17.16b, v4.16b, v0.16b
-        orr     v18.16b, v7.16b, v3.16b
-        eor     v21.16b, v21.16b, v8.16b
-        eor     v8.16b, v9.16b, v8.16b
-        eor     v9.16b, v10.16b, v19.16b
-        eor     v10.16b, v3.16b, v0.16b
-        eor     v16.16b, v16.16b, v17.16b
-        eor     v17.16b, v5.16b, v1.16b
-        eor     v19.16b, v21.16b, v20.16b
-        eor     v20.16b, v8.16b, v18.16b
-        eor     v8.16b, v8.16b, v18.16b
-        eor     v18.16b, v7.16b, v4.16b
-        eor     v21.16b, v9.16b, v16.16b
-        eor     v22.16b, v6.16b, v2.16b
-        and     v23.16b, v9.16b, v19.16b
-        eor     v24.16b, v10.16b, v17.16b
-        eor     v25.16b, v0.16b, v1.16b
-        eor     v26.16b, v7.16b, v6.16b
-        eor     v27.16b, v18.16b, v22.16b
-        eor     v28.16b, v3.16b, v5.16b
-        eor     v29.16b, v16.16b, v23.16b
-        eor     v30.16b, v20.16b, v23.16b
-        eor     v23.16b, v20.16b, v23.16b
-        eor     v31.16b, v4.16b, v2.16b
-        bsl     v29.16b, v19.16b, v20.16b
-        bsl     v30.16b, v9.16b, v16.16b
-        bsl     v8.16b, v29.16b, v23.16b
-        bsl     v20.16b, v23.16b, v29.16b
-        eor     v9.16b, v30.16b, v29.16b
-        and     v5.16b, v5.16b, v30.16b
-        and     v8.16b, v8.16b, v30.16b
-        and     v1.16b, v1.16b, v29.16b
-        eor     v16.16b, v19.16b, v20.16b
-        and     v2.16b, v2.16b, v29.16b
-        eor     v19.16b, v9.16b, v29.16b
-        and     v17.16b, v17.16b, v9.16b
-        eor     v8.16b, v8.16b, v21.16b
-        and     v20.16b, v22.16b, v9.16b
-        eor     v21.16b, v29.16b, v16.16b
-        eor     v22.16b, v29.16b, v16.16b
-        and     v23.16b, v25.16b, v16.16b
-        and     v6.16b, v6.16b, v19.16b
-        eor     v25.16b, v8.16b, v16.16b
-        eor     v29.16b, v30.16b, v8.16b
-        and     v4.16b, v21.16b, v4.16b
-        and     v8.16b, v28.16b, v8.16b
-        and     v0.16b, v22.16b, v0.16b
-        eor     v21.16b, v23.16b, v1.16b
-        eor     v22.16b, v9.16b, v25.16b
-        eor     v9.16b, v9.16b, v25.16b
-        eor     v23.16b, v25.16b, v16.16b
-        and     v3.16b, v29.16b, v3.16b
-        and     v24.16b, v24.16b, v25.16b
-        and     v25.16b, v27.16b, v25.16b
-        and     v10.16b, v22.16b, v10.16b
-        and     v9.16b, v9.16b, v18.16b
-        eor     v18.16b, v19.16b, v23.16b
-        and     v19.16b, v26.16b, v23.16b
-        eor     v3.16b, v5.16b, v3.16b
-        eor     v17.16b, v17.16b, v24.16b
-        eor     v10.16b, v24.16b, v10.16b
-        and     v16.16b, v31.16b, v16.16b
-        eor     v20.16b, v20.16b, v25.16b
-        eor     v9.16b, v25.16b, v9.16b
-        eor     v4.16b, v2.16b, v4.16b
-        and     v7.16b, v18.16b, v7.16b
-        eor     v18.16b, v19.16b, v6.16b
-        eor     v5.16b, v8.16b, v5.16b
-        eor     v0.16b, v1.16b, v0.16b
-        eor     v1.16b, v21.16b, v10.16b
-        eor     v8.16b, v3.16b, v17.16b
-        eor     v2.16b, v16.16b, v2.16b
-        eor     v3.16b, v6.16b, v7.16b
-        eor     v6.16b, v18.16b, v9.16b
-        eor     v4.16b, v4.16b, v20.16b
-        eor     v10.16b, v5.16b, v10.16b
-        eor     v0.16b, v0.16b, v17.16b
-        eor     v9.16b, v2.16b, v9.16b
-        eor     v3.16b, v3.16b, v20.16b
-        eor     v7.16b, v6.16b, v1.16b
-        eor     v5.16b, v8.16b, v4.16b
-        eor     v6.16b, v10.16b, v1.16b
-        eor     v2.16b, v4.16b, v0.16b
-        eor     v4.16b, v3.16b, v10.16b
-        eor     v9.16b, v9.16b, v7.16b
-        eor     v3.16b, v0.16b, v5.16b
-        eor     v0.16b, v1.16b, v4.16b
-        eor     v1.16b, v4.16b, v8.16b
-        eor     v4.16b, v9.16b, v5.16b
-        eor     v6.16b, v6.16b, v3.16b
-        bcc     .Lenc_done
-        ext     v8.16b, v0.16b, v0.16b, #12
-        ext     v9.16b, v4.16b, v4.16b, #12
-        ldr     q28, [x11]
-        ext     v10.16b, v6.16b, v6.16b, #12
-        ext     v16.16b, v1.16b, v1.16b, #12
-        ext     v17.16b, v3.16b, v3.16b, #12
-        ext     v18.16b, v7.16b, v7.16b, #12
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v4.16b, v4.16b, v9.16b
-        eor     v6.16b, v6.16b, v10.16b
-        ext     v19.16b, v2.16b, v2.16b, #12
-        ext     v20.16b, v5.16b, v5.16b, #12
-        eor     v1.16b, v1.16b, v16.16b
-        eor     v3.16b, v3.16b, v17.16b
-        eor     v7.16b, v7.16b, v18.16b
-        eor     v2.16b, v2.16b, v19.16b
-        eor     v16.16b, v16.16b, v0.16b
-        eor     v5.16b, v5.16b, v20.16b
-        eor     v17.16b, v17.16b, v6.16b
-        eor     v10.16b, v10.16b, v4.16b
-        ext     v0.16b, v0.16b, v0.16b, #8
-        eor     v9.16b, v9.16b, v1.16b
-        ext     v1.16b, v1.16b, v1.16b, #8
-        eor     v8.16b, v8.16b, v5.16b
-        eor     v16.16b, v16.16b, v5.16b
-        eor     v18.16b, v18.16b, v3.16b
-        eor     v19.16b, v19.16b, v7.16b
-        ext     v3.16b, v3.16b, v3.16b, #8
-        ext     v7.16b, v7.16b, v7.16b, #8
-        eor     v20.16b, v20.16b, v2.16b
-        ext     v6.16b, v6.16b, v6.16b, #8
-        ext     v21.16b, v5.16b, v5.16b, #8
-        eor     v17.16b, v17.16b, v5.16b
-        ext     v2.16b, v2.16b, v2.16b, #8
-        eor     v10.16b, v10.16b, v5.16b
-        ext     v22.16b, v4.16b, v4.16b, #8
-        eor     v0.16b, v0.16b, v8.16b
-        eor     v1.16b, v1.16b, v16.16b
-        eor     v5.16b, v7.16b, v18.16b
-        eor     v4.16b, v3.16b, v17.16b
-        eor     v3.16b, v6.16b, v10.16b
-        eor     v7.16b, v21.16b, v20.16b
-        eor     v6.16b, v2.16b, v19.16b
-        eor     v2.16b, v22.16b, v9.16b
-        bne     .Lenc_loop
-        ldr     q28, [x11, #16]!            // load from .LSRM0 on last round (x10 == 0)
-        b       .Lenc_loop
-.align  4
-.Lenc_done:
-        ushr    v8.2d, v0.2d, #1
-        movi    v9.16b, #0x55
-        ldr     q10, [x9]
-        ushr    v16.2d, v3.2d, #1
-        movi    v17.16b, #0x33
-        ushr    v18.2d, v4.2d, #1
-        movi    v19.16b, #0x0f
-        eor     v8.16b, v8.16b, v1.16b
-        ushr    v20.2d, v2.2d, #1
-        eor     v16.16b, v16.16b, v7.16b
-        eor     v18.16b, v18.16b, v6.16b
-        and     v8.16b, v8.16b, v9.16b
-        eor     v20.16b, v20.16b, v5.16b
-        and     v16.16b, v16.16b, v9.16b
-        and     v18.16b, v18.16b, v9.16b
-        shl     v21.2d, v8.2d, #1
-        eor     v1.16b, v1.16b, v8.16b
-        and     v8.16b, v20.16b, v9.16b
-        eor     v7.16b, v7.16b, v16.16b
-        shl     v9.2d, v16.2d, #1
-        eor     v6.16b, v6.16b, v18.16b
-        shl     v16.2d, v18.2d, #1
-        eor     v0.16b, v0.16b, v21.16b
-        shl     v18.2d, v8.2d, #1
-        eor     v5.16b, v5.16b, v8.16b
-        eor     v3.16b, v3.16b, v9.16b
-        eor     v4.16b, v4.16b, v16.16b
-        ushr    v8.2d, v1.2d, #2
-        eor     v2.16b, v2.16b, v18.16b
-        ushr    v9.2d, v0.2d, #2
-        ushr    v16.2d, v7.2d, #2
-        ushr    v18.2d, v3.2d, #2
-        eor     v8.16b, v8.16b, v6.16b
-        eor     v9.16b, v9.16b, v4.16b
-        eor     v16.16b, v16.16b, v5.16b
-        eor     v18.16b, v18.16b, v2.16b
-        and     v8.16b, v8.16b, v17.16b
-        and     v9.16b, v9.16b, v17.16b
-        and     v16.16b, v16.16b, v17.16b
-        and     v17.16b, v18.16b, v17.16b
-        eor     v6.16b, v6.16b, v8.16b
-        shl     v8.2d, v8.2d, #2
-        eor     v4.16b, v4.16b, v9.16b
-        shl     v9.2d, v9.2d, #2
-        eor     v5.16b, v5.16b, v16.16b
-        shl     v16.2d, v16.2d, #2
-        eor     v2.16b, v2.16b, v17.16b
-        shl     v17.2d, v17.2d, #2
-        eor     v1.16b, v1.16b, v8.16b
-        eor     v0.16b, v0.16b, v9.16b
-        eor     v7.16b, v7.16b, v16.16b
-        eor     v3.16b, v3.16b, v17.16b
-        ushr    v8.2d, v6.2d, #4
-        ushr    v9.2d, v4.2d, #4
-        ushr    v16.2d, v1.2d, #4
-        ushr    v17.2d, v0.2d, #4
-        eor     v8.16b, v8.16b, v5.16b
-        eor     v9.16b, v9.16b, v2.16b
-        eor     v16.16b, v16.16b, v7.16b
-        eor     v17.16b, v17.16b, v3.16b
-        and     v8.16b, v8.16b, v19.16b
-        and     v9.16b, v9.16b, v19.16b
-        and     v16.16b, v16.16b, v19.16b
-        and     v17.16b, v17.16b, v19.16b
-        eor     v5.16b, v5.16b, v8.16b
-        shl     v8.2d, v8.2d, #4
-        eor     v2.16b, v2.16b, v9.16b
-        shl     v9.2d, v9.2d, #4
-        eor     v7.16b, v7.16b, v16.16b
-        shl     v16.2d, v16.2d, #4
-        eor     v3.16b, v3.16b, v17.16b
-        shl     v17.2d, v17.2d, #4
-        eor     v6.16b, v6.16b, v8.16b
-        eor     v4.16b, v4.16b, v9.16b
-        eor     v7.16b, v7.16b, v10.16b
-        eor     v1.16b, v1.16b, v16.16b
-        eor     v3.16b, v3.16b, v10.16b
-        eor     v0.16b, v0.16b, v17.16b
-        eor     v6.16b, v6.16b, v10.16b
-        eor     v4.16b, v4.16b, v10.16b
-        eor     v2.16b, v2.16b, v10.16b
-        eor     v5.16b, v5.16b, v10.16b
-        eor     v1.16b, v1.16b, v10.16b
-        eor     v0.16b, v0.16b, v10.16b
-        ret
-.size   _bsaes_encrypt8,.-_bsaes_encrypt8
-
-.type   _bsaes_key_convert,%function
-.align  4
-// On entry:
-//   x9 -> input key (big-endian)
-//   x10 = number of rounds
-//   x17 -> output key (native endianness)
-// On exit:
-//   x9, x10 corrupted
-//   x11 -> .LM0_bigendian
-//   x17 -> last quadword of output key
-//   other general-purpose registers preserved
-//   v2-v6 preserved
-//   v7.16b[] = 0x63
-//   v8-v14 preserved
-//   v15 = last round key (converted to native endianness)
-//   other SIMD registers corrupted
-_bsaes_key_convert:
-#ifdef __ARMEL__
-        adr     x11, .LM0_littleendian
-#else
-        adr     x11, .LM0_bigendian
-#endif
-        ldr     q0, [x9], #16               // load round 0 key
-        ldr     q1, [x11]                   // .LM0
-        ldr     q15, [x9], #16              // load round 1 key
-
-        movi    v7.16b, #0x63               // compose .L63
-        movi    v16.16b, #0x01              // bit masks
-        movi    v17.16b, #0x02
-        movi    v18.16b, #0x04
-        movi    v19.16b, #0x08
-        movi    v20.16b, #0x10
-        movi    v21.16b, #0x20
-        movi    v22.16b, #0x40
-        movi    v23.16b, #0x80
-
-#ifdef __ARMEL__
-        rev32   v0.16b, v0.16b
-#endif
-        sub     x10, x10, #1
-        str     q0, [x17], #16              // save round 0 key
-
-.align  4
-.Lkey_loop:
-        tbl     v0.16b, {v15.16b}, v1.16b
-        ldr     q15, [x9], #16              // load next round key
-
-        eor     v0.16b, v0.16b, v7.16b
-        cmtst   v24.16b, v0.16b, v16.16b
-        cmtst   v25.16b, v0.16b, v17.16b
-        cmtst   v26.16b, v0.16b, v18.16b
-        cmtst   v27.16b, v0.16b, v19.16b
-        cmtst   v28.16b, v0.16b, v20.16b
-        cmtst   v29.16b, v0.16b, v21.16b
-        cmtst   v30.16b, v0.16b, v22.16b
-        cmtst   v31.16b, v0.16b, v23.16b
-        sub     x10, x10, #1
-        st1     {v24.16b-v27.16b}, [x17], #64 // write bit-sliced round key
-        st1     {v28.16b-v31.16b}, [x17], #64
-        cbnz    x10, .Lkey_loop
-
-        // don't save last round key
-#ifdef __ARMEL__
-        rev32   v15.16b, v15.16b
-        adr     x11, .LM0_bigendian
-#endif
-        ret
-.size   _bsaes_key_convert,.-_bsaes_key_convert
-
-.globl  bsaes_cbc_encrypt
-.type   bsaes_cbc_encrypt,%function
-.align  4
-// On entry:
-//   x0 -> input ciphertext
-//   x1 -> output plaintext
-//   x2 = size of ciphertext and plaintext in bytes (assumed a multiple of 16)
-//   x3 -> key
-//   x4 -> 128-bit initialisation vector (or preceding 128-bit block of ciphertext if continuing after an earlier call)
-//   w5 must be == 0
-// On exit:
-//   Output plaintext filled in
-//   Initialisation vector overwritten with last quadword of ciphertext
-//   No output registers, usual AAPCS64 register preservation
-bsaes_cbc_encrypt:
-        cmp     x2, #128
-        blo     AES_cbc_encrypt
-
-        // it is up to the caller to make sure we are called with enc == 0
-
-        stp     fp, lr, [sp, #-48]!
-        stp     d8, d9, [sp, #16]
-        stp     d10, d15, [sp, #32]
-        lsr     x2, x2, #4                  // len in 16 byte blocks
-
-        ldr     w15, [x3, #240]             // get # of rounds
-        mov     x14, sp
-
-        // allocate the key schedule on the stack
-        add     x17, sp, #96
-        sub     x17, x17, x15, lsl #7       // 128 bytes per inner round key, less 96 bytes
-
-        // populate the key schedule
-        mov     x9, x3                      // pass key
-        mov     x10, x15                    // pass # of rounds
-        mov     sp, x17                     // sp is sp
-        bl      _bsaes_key_convert
-        ldr     q6,  [sp]
-        str     q15, [x17]                  // save last round key
-        eor     v6.16b, v6.16b, v7.16b      // fix up round 0 key (by XORing with 0x63)
-        str     q6, [sp]
-
-        ldr     q15, [x4]                   // load IV
-        b       .Lcbc_dec_loop
-
-.align  4
-.Lcbc_dec_loop:
-        subs    x2, x2, #0x8
-        bmi     .Lcbc_dec_loop_finish
-
-        ldr     q0, [x0], #16               // load input
-        mov     x9, sp                      // pass the key
-        ldr     q1, [x0], #16
-        mov     x10, x15
-        ldr     q2, [x0], #16
-        ldr     q3, [x0], #16
-        ldr     q4, [x0], #16
-        ldr     q5, [x0], #16
-        ldr     q6, [x0], #16
-        ldr     q7, [x0], #-7*16
-
-        bl      _bsaes_decrypt8
-
-        ldr     q16, [x0], #16              // reload input
-        eor     v0.16b, v0.16b, v15.16b     // ^= IV
-        eor     v1.16b, v1.16b, v16.16b
-        str     q0, [x1], #16               // write output
-        ldr     q0, [x0], #16
-        str     q1, [x1], #16
-        ldr     q1, [x0], #16
-        eor     v1.16b, v4.16b, v1.16b
-        ldr     q4, [x0], #16
-        eor     v2.16b, v2.16b, v4.16b
-        eor     v0.16b, v6.16b, v0.16b
-        ldr     q4, [x0], #16
-        str     q0, [x1], #16
-        str     q1, [x1], #16
-        eor     v0.16b, v7.16b, v4.16b
-        ldr     q1, [x0], #16
-        str     q2, [x1], #16
-        ldr     q2, [x0], #16
-        ldr     q15, [x0], #16
-        str     q0, [x1], #16
-        eor     v0.16b, v5.16b, v2.16b
-        eor     v1.16b, v3.16b, v1.16b
-        str     q1, [x1], #16
-        str     q0, [x1], #16
-
-        b       .Lcbc_dec_loop
-
-.Lcbc_dec_loop_finish:
-        adds    x2, x2, #8
-        beq     .Lcbc_dec_done
-
-        ldr     q0, [x0], #16               // load input
-        cmp     x2, #2
-        blo     .Lcbc_dec_one
-        ldr     q1, [x0], #16
-        mov     x9, sp                      // pass the key
-        mov     x10, x15
-        beq     .Lcbc_dec_two
-        ldr     q2, [x0], #16
-        cmp     x2, #4
-        blo     .Lcbc_dec_three
-        ldr     q3, [x0], #16
-        beq     .Lcbc_dec_four
-        ldr     q4, [x0], #16
-        cmp     x2, #6
-        blo     .Lcbc_dec_five
-        ldr     q5, [x0], #16
-        beq     .Lcbc_dec_six
-        ldr     q6, [x0], #-6*16
-
-        bl      _bsaes_decrypt8
-
-        ldr     q5, [x0], #16               // reload input
-        eor     v0.16b, v0.16b, v15.16b     // ^= IV
-        ldr     q8, [x0], #16
-        ldr     q9, [x0], #16
-        ldr     q10, [x0], #16
-        str     q0, [x1], #16               // write output
-        ldr     q0, [x0], #16
-        eor     v1.16b, v1.16b, v5.16b
-        ldr     q5, [x0], #16
-        eor     v6.16b, v6.16b, v8.16b
-        ldr     q15, [x0]
-        eor     v4.16b, v4.16b, v9.16b
-        eor     v2.16b, v2.16b, v10.16b
-        str     q1, [x1], #16
-        eor     v0.16b, v7.16b, v0.16b
-        str     q6, [x1], #16
-        eor     v1.16b, v3.16b, v5.16b
-        str     q4, [x1], #16
-        str     q2, [x1], #16
-        str     q0, [x1], #16
-        str     q1, [x1]
-        b       .Lcbc_dec_done
-.align  4
-.Lcbc_dec_six:
-        sub     x0, x0, #0x60
-        bl      _bsaes_decrypt8
-        ldr     q3, [x0], #16               // reload input
-        eor     v0.16b, v0.16b, v15.16b     // ^= IV
-        ldr     q5, [x0], #16
-        ldr     q8, [x0], #16
-        ldr     q9, [x0], #16
-        str     q0, [x1], #16               // write output
-        ldr     q0, [x0], #16
-        eor     v1.16b, v1.16b, v3.16b
-        ldr     q15, [x0]
-        eor     v3.16b, v6.16b, v5.16b
-        eor     v4.16b, v4.16b, v8.16b
-        eor     v2.16b, v2.16b, v9.16b
-        str     q1, [x1], #16
-        eor     v0.16b, v7.16b, v0.16b
-        str     q3, [x1], #16
-        str     q4, [x1], #16
-        str     q2, [x1], #16
-        str     q0, [x1]
-        b       .Lcbc_dec_done
-.align  4
-.Lcbc_dec_five:
-        sub     x0, x0, #0x50
-        bl      _bsaes_decrypt8
-        ldr     q3, [x0], #16               // reload input
-        eor     v0.16b, v0.16b, v15.16b     // ^= IV
-        ldr     q5, [x0], #16
-        ldr     q7, [x0], #16
-        ldr     q8, [x0], #16
-        str     q0, [x1], #16               // write output
-        ldr     q15, [x0]
-        eor     v0.16b, v1.16b, v3.16b
-        eor     v1.16b, v6.16b, v5.16b
-        eor     v3.16b, v4.16b, v7.16b
-        str     q0, [x1], #16
-        eor     v0.16b, v2.16b, v8.16b
-        str     q1, [x1], #16
-        str     q3, [x1], #16
-        str     q0, [x1]
-        b       .Lcbc_dec_done
-.align  4
-.Lcbc_dec_four:
-        sub     x0, x0, #0x40
-        bl      _bsaes_decrypt8
-        ldr     q2, [x0], #16               // reload input
-        eor     v0.16b, v0.16b, v15.16b     // ^= IV
-        ldr     q3, [x0], #16
-        ldr     q5, [x0], #16
-        str     q0, [x1], #16               // write output
-        ldr     q15, [x0]
-        eor     v0.16b, v1.16b, v2.16b
-        eor     v1.16b, v6.16b, v3.16b
-        eor     v2.16b, v4.16b, v5.16b
-        str     q0, [x1], #16
-        str     q1, [x1], #16
-        str     q2, [x1]
-        b       .Lcbc_dec_done
-.align  4
-.Lcbc_dec_three:
-        sub     x0, x0, #0x30
-        bl      _bsaes_decrypt8
-        ldr     q2, [x0], #16               // reload input
-        eor     v0.16b, v0.16b, v15.16b     // ^= IV
-        ldr     q3, [x0], #16
-        ldr     q15, [x0]
-        str     q0, [x1], #16               // write output
-        eor     v0.16b, v1.16b, v2.16b
-        eor     v1.16b, v6.16b, v3.16b
-        str     q0, [x1], #16
-        str     q1, [x1]
-        b       .Lcbc_dec_done
-.align  4
-.Lcbc_dec_two:
-        sub     x0, x0, #0x20
-        bl      _bsaes_decrypt8
-        ldr     q2, [x0], #16               // reload input
-        eor     v0.16b, v0.16b, v15.16b     // ^= IV
-        ldr     q15, [x0]
-        str     q0, [x1], #16               // write output
-        eor     v0.16b, v1.16b, v2.16b
-        str     q0, [x1]
-        b       .Lcbc_dec_done
-.align  4
-.Lcbc_dec_one:
-        sub     x0, x0, #0x10
-        stp     x1, x4, [sp, #-32]!
-        str     x14, [sp, #16]
-        mov     v8.16b, v15.16b
-        mov     v15.16b, v0.16b
-        mov     x2, x3
-        bl      AES_decrypt
-        ldr     x14, [sp, #16]
-        ldp     x1, x4, [sp], #32
-        ldr     q0, [x1]                    // load result
-        eor     v0.16b, v0.16b, v8.16b      // ^= IV
-        str     q0, [x1]                    // write output
-
-.align  4
-.Lcbc_dec_done:
-        movi    v0.16b, #0
-        movi    v1.16b, #0
-.Lcbc_dec_bzero:// wipe key schedule [if any]
-        stp     q0, q1, [sp], #32
-        cmp     sp, x14
-        bne     .Lcbc_dec_bzero
-        str     q15, [x4]                   // return IV
-        ldp     d8, d9, [sp, #16]
-        ldp     d10, d15, [sp, #32]
-        ldp     fp, lr, [sp], #48
-        ret
-.size   bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
-
-.globl  bsaes_ctr32_encrypt_blocks
-.type   bsaes_ctr32_encrypt_blocks,%function
-.align  4
-// On entry:
-//   x0 -> input text (whole 16-byte blocks)
-//   x1 -> output text (whole 16-byte blocks)
-//   x2 = number of 16-byte blocks to encrypt/decrypt (> 0)
-//   x3 -> key
-//   x4 -> initial value of 128-bit counter (stored big-endian) which increments, modulo 2^32, for each block
-// On exit:
-//   Output text filled in
-//   No output registers, usual AAPCS64 register preservation
-bsaes_ctr32_encrypt_blocks:
-
-        cmp     x2, #8                      // use plain AES for
-        blo     .Lctr_enc_short             // small sizes
-
-        stp     fp, lr, [sp, #-80]!
-        stp     d8, d9, [sp, #16]
-        stp     d10, d11, [sp, #32]
-        stp     d12, d13, [sp, #48]
-        stp     d14, d15, [sp, #64]
-
-        ldr     w15, [x3, #240]             // get # of rounds
-        mov     x14, sp
-
-        // allocate the key schedule on the stack
-        add     x17, sp, #96
-        sub     x17, x17, x15, lsl #7       // 128 bytes per inner round key, less 96 bytes
-
-        // populate the key schedule
-        mov     x9, x3                      // pass key
-        mov     x10, x15                    // pass # of rounds
-        mov     sp, x17                     // sp is sp
-        bl      _bsaes_key_convert
-        eor     v7.16b, v7.16b, v15.16b     // fix up last round key
-        str     q7, [x17]                   // save last round key
-
-        ldr     q0, [x4]                    // load counter
-        add     x13, x11, #.LREVM0SR-.LM0_bigendian
-        ldr     q4, [sp]                    // load round0 key
-
-        movi    v8.4s, #1                   // compose 1<<96
-        movi    v9.16b, #0
-        rev32   v15.16b, v0.16b
-        rev32   v0.16b, v0.16b
-        ext     v11.16b, v9.16b, v8.16b, #4
-        rev32   v4.16b, v4.16b
-        add     v12.4s, v11.4s, v11.4s      // compose 2<<96
-        str     q4, [sp]                    // save adjusted round0 key
-        add     v13.4s, v11.4s, v12.4s      // compose 3<<96
-        add     v14.4s, v12.4s, v12.4s      // compose 4<<96
-        b       .Lctr_enc_loop
-
-.align  4
-.Lctr_enc_loop:
-        // Intermix prologue from _bsaes_encrypt8 to use the opportunity
-        // to flip byte order in 32-bit counter
-
-        add     v1.4s, v15.4s, v11.4s       // +1
-        add     x9, sp, #0x10               // pass next round key
-        add     v2.4s, v15.4s, v12.4s       // +2
-        ldr     q9, [x13]                   // .LREVM0SR
-        ldr     q8, [sp]                    // load round0 key
-        add     v3.4s, v15.4s, v13.4s       // +3
-        mov     x10, x15                    // pass rounds
-        sub     x11, x13, #.LREVM0SR-.LSR   // pass constants
-        add     v6.4s, v2.4s, v14.4s
-        add     v4.4s, v15.4s, v14.4s       // +4
-        add     v7.4s, v3.4s, v14.4s
-        add     v15.4s, v4.4s, v14.4s       // next counter
-        add     v5.4s, v1.4s, v14.4s
-
-        bl      _bsaes_encrypt8_alt
-
-        subs    x2, x2, #8
-        blo     .Lctr_enc_loop_done
-
-        ldr     q16, [x0], #16
-        ldr     q17, [x0], #16
-        eor     v1.16b, v1.16b, v17.16b
-        ldr     q17, [x0], #16
-        eor     v0.16b, v0.16b, v16.16b
-        eor     v4.16b, v4.16b, v17.16b
-        str     q0, [x1], #16
-        ldr     q16, [x0], #16
-        str     q1, [x1], #16
-        mov     v0.16b, v15.16b
-        str     q4, [x1], #16
-        ldr     q1, [x0], #16
-        eor     v4.16b, v6.16b, v16.16b
-        eor     v1.16b, v3.16b, v1.16b
-        ldr     q3, [x0], #16
-        eor     v3.16b, v7.16b, v3.16b
-        ldr     q6, [x0], #16
-        eor     v2.16b, v2.16b, v6.16b
-        ldr     q6, [x0], #16
-        eor     v5.16b, v5.16b, v6.16b
-        str     q4, [x1], #16
-        str     q1, [x1], #16
-        str     q3, [x1], #16
-        str     q2, [x1], #16
-        str     q5, [x1], #16
-
-        bne     .Lctr_enc_loop
-        b       .Lctr_enc_done
-
-.align  4
-.Lctr_enc_loop_done:
-        add     x2, x2, #8
-        ldr     q16, [x0], #16              // load input
-        eor     v0.16b, v0.16b, v16.16b
-        str     q0, [x1], #16               // write output
-        cmp     x2, #2
-        blo     .Lctr_enc_done
-        ldr     q17, [x0], #16
-        eor     v1.16b, v1.16b, v17.16b
-        str     q1, [x1], #16
-        beq     .Lctr_enc_done
-        ldr     q18, [x0], #16
-        eor     v4.16b, v4.16b, v18.16b
-        str     q4, [x1], #16
-        cmp     x2, #4
-        blo     .Lctr_enc_done
-        ldr     q19, [x0], #16
-        eor     v6.16b, v6.16b, v19.16b
-        str     q6, [x1], #16
-        beq     .Lctr_enc_done
-        ldr     q20, [x0], #16
-        eor     v3.16b, v3.16b, v20.16b
-        str     q3, [x1], #16
-        cmp     x2, #6
-        blo     .Lctr_enc_done
-        ldr     q21, [x0], #16
-        eor     v7.16b, v7.16b, v21.16b
-        str     q7, [x1], #16
-        beq     .Lctr_enc_done
-        ldr     q22, [x0]
-        eor     v2.16b, v2.16b, v22.16b
-        str     q2, [x1], #16
-
-.Lctr_enc_done:
-        movi    v0.16b, #0
-        movi    v1.16b, #0
-.Lctr_enc_bzero: // wipe key schedule [if any]
-        stp     q0, q1, [sp], #32
-        cmp     sp, x14
-        bne     .Lctr_enc_bzero
-
-        ldp     d8, d9, [sp, #16]
-        ldp     d10, d11, [sp, #32]
-        ldp     d12, d13, [sp, #48]
-        ldp     d14, d15, [sp, #64]
-        ldp     fp, lr, [sp], #80
-        ret
-
-.Lctr_enc_short:
-        stp     fp, lr, [sp, #-96]!
-        stp     x19, x20, [sp, #16]
-        stp     x21, x22, [sp, #32]
-        str     x23, [sp, #48]
-
-        mov     x19, x0                     // copy arguments
-        mov     x20, x1
-        mov     x21, x2
-        mov     x22, x3
-        ldr     w23, [x4, #12]              // load counter .LSW
-        ldr     q1, [x4]                    // load whole counter value
-#ifdef __ARMEL__
-        rev     w23, w23
-#endif
-        str     q1, [sp, #80]               // copy counter value
-
-.Lctr_enc_short_loop:
-        add     x0, sp, #80                 // input counter value
-        add     x1, sp, #64                 // output on the stack
-        mov     x2, x22                     // key
-
-        bl      AES_encrypt
-
-        ldr     q0, [x19], #16              // load input
-        ldr     q1, [sp, #64]               // load encrypted counter
-        add     x23, x23, #1
-#ifdef __ARMEL__
-        rev     w0, w23
-        str     w0, [sp, #80+12]            // next counter value
-#else
-        str     w23, [sp, #80+12]           // next counter value
-#endif
-        eor     v0.16b, v0.16b, v1.16b
-        str     q0, [x20], #16              // store output
-        subs    x21, x21, #1
-        bne     .Lctr_enc_short_loop
-
-        movi    v0.16b, #0
-        movi    v1.16b, #0
-        stp     q0, q1, [sp, #64]
-
-        ldr     x23, [sp, #48]
-        ldp     x21, x22, [sp, #32]
-        ldp     x19, x20, [sp, #16]
-        ldp     fp, lr, [sp], #96
-        ret
-.size   bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
-
-.globl  bsaes_xts_encrypt
-.type   bsaes_xts_encrypt,%function
-.align  4
-// On entry:
-//   x0 -> input plaintext
-//   x1 -> output ciphertext
-//   x2 -> length of text in bytes (must be at least 16)
-//   x3 -> key1 (used to encrypt the XORed plaintext blocks)
-//   x4 -> key2 (used to encrypt the initial vector to yield the initial tweak)
-//   x5 -> 16-byte initial vector (typically, sector number)
-// On exit:
-//   Output ciphertext filled in
-//   No output registers, usual AAPCS64 register preservation
-bsaes_xts_encrypt:
-        // Stack layout:
-        // sp ->
-        //        nrounds*128-96 bytes: key schedule
-        // x19 ->
-        //        16 bytes: frame record
-        //        4*16 bytes: tweak storage across _bsaes_encrypt8
-        //        6*8 bytes: storage for 5 callee-saved general-purpose registers
-        //        8*8 bytes: storage for 8 callee-saved SIMD registers
-        stp     fp, lr, [sp, #-192]!
-        stp     x19, x20, [sp, #80]
-        stp     x21, x22, [sp, #96]
-        str     x23, [sp, #112]
-        stp     d8, d9, [sp, #128]
-        stp     d10, d11, [sp, #144]
-        stp     d12, d13, [sp, #160]
-        stp     d14, d15, [sp, #176]
-
-        mov     x19, sp
-        mov     x20, x0
-        mov     x21, x1
-        mov     x22, x2
-        mov     x23, x3
-
-        // generate initial tweak
-        sub     sp, sp, #16
-        mov     x0, x5                      // iv[]
-        mov     x1, sp
-        mov     x2, x4                      // key2
-        bl      AES_encrypt
-        ldr     q11, [sp], #16
-
-        ldr     w1, [x23, #240]             // get # of rounds
-        // allocate the key schedule on the stack
-        add     x17, sp, #96
-        sub     x17, x17, x1, lsl #7        // 128 bytes per inner round key, less 96 bytes
-
-        // populate the key schedule
-        mov     x9, x23                     // pass key
-        mov     x10, x1                     // pass # of rounds
-        mov     sp, x17
-        bl      _bsaes_key_convert
-        eor     v15.16b, v15.16b, v7.16b    // fix up last round key
-        str     q15, [x17]                  // save last round key
-
-        subs    x22, x22, #0x80
-        blo     .Lxts_enc_short
-        b       .Lxts_enc_loop
-
-.align  4
-.Lxts_enc_loop:
-        ldr     q8, .Lxts_magic
-        mov     x10, x1                     // pass rounds
-        add     x2, x19, #16
-        ldr     q0, [x20], #16
-        sshr    v1.2d, v11.2d, #63
-        mov     x9, sp                      // pass key schedule
-        ldr     q6, .Lxts_magic+16
-        add     v2.2d, v11.2d, v11.2d
-        cmtst   v3.2d, v11.2d, v6.2d
-        and     v1.16b, v1.16b, v8.16b
-        ext     v1.16b, v1.16b, v1.16b, #8
-        and     v3.16b, v3.16b, v8.16b
-        ldr     q4, [x20], #16
-        eor     v12.16b, v2.16b, v1.16b
-        eor     v1.16b, v4.16b, v12.16b
-        eor     v0.16b, v0.16b, v11.16b
-        cmtst   v2.2d, v12.2d, v6.2d
-        add     v4.2d, v12.2d, v12.2d
-        add     x0, x19, #16
-        ext     v3.16b, v3.16b, v3.16b, #8
-        and     v2.16b, v2.16b, v8.16b
-        eor     v13.16b, v4.16b, v3.16b
-        ldr     q3, [x20], #16
-        ext     v4.16b, v2.16b, v2.16b, #8
-        eor     v2.16b, v3.16b, v13.16b
-        ldr     q3, [x20], #16
-        add     v5.2d, v13.2d, v13.2d
-        cmtst   v7.2d, v13.2d, v6.2d
-        and     v7.16b, v7.16b, v8.16b
-        ldr     q9, [x20], #16
-        ext     v7.16b, v7.16b, v7.16b, #8
-        ldr     q10, [x20], #16
-        eor     v14.16b, v5.16b, v4.16b
-        ldr     q16, [x20], #16
-        add     v4.2d, v14.2d, v14.2d
-        eor     v3.16b, v3.16b, v14.16b
-        eor     v15.16b, v4.16b, v7.16b
-        add     v5.2d, v15.2d, v15.2d
-        ldr     q7, [x20], #16
-        cmtst   v4.2d, v14.2d, v6.2d
-        and     v17.16b, v4.16b, v8.16b
-        cmtst   v18.2d, v15.2d, v6.2d
-        eor     v4.16b, v9.16b, v15.16b
-        ext     v9.16b, v17.16b, v17.16b, #8
-        eor     v9.16b, v5.16b, v9.16b
-        add     v17.2d, v9.2d, v9.2d
-        and     v18.16b, v18.16b, v8.16b
-        eor     v5.16b, v10.16b, v9.16b
-        str     q9, [x2], #16
-        ext     v10.16b, v18.16b, v18.16b, #8
-        cmtst   v9.2d, v9.2d, v6.2d
-        and     v9.16b, v9.16b, v8.16b
-        eor     v10.16b, v17.16b, v10.16b
-        cmtst   v17.2d, v10.2d, v6.2d
-        eor     v6.16b, v16.16b, v10.16b
-        str     q10, [x2], #16
-        ext     v9.16b, v9.16b, v9.16b, #8
-        add     v10.2d, v10.2d, v10.2d
-        eor     v9.16b, v10.16b, v9.16b
-        str     q9, [x2], #16
-        eor     v7.16b, v7.16b, v9.16b
-        add     v9.2d, v9.2d, v9.2d
-        and     v8.16b, v17.16b, v8.16b
-        ext     v8.16b, v8.16b, v8.16b, #8
-        eor     v8.16b, v9.16b, v8.16b
-        str     q8, [x2]                    // next round tweak
-
-        bl      _bsaes_encrypt8
-
-        ldr     q8, [x0], #16
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        ldr     q9, [x0], #16
-        eor     v4.16b, v4.16b, v13.16b
-        eor     v6.16b, v6.16b, v14.16b
-        ldr     q10, [x0], #16
-        eor     v3.16b, v3.16b, v15.16b
-        subs    x22, x22, #0x80
-        str     q0, [x21], #16
-        ldr     q11, [x0]                   // next round tweak
-        str     q1, [x21], #16
-        eor     v0.16b, v7.16b, v8.16b
-        eor     v1.16b, v2.16b, v9.16b
-        str     q4, [x21], #16
-        eor     v2.16b, v5.16b, v10.16b
-        str     q6, [x21], #16
-        str     q3, [x21], #16
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        str     q2, [x21], #16
-        bpl     .Lxts_enc_loop
-
-.Lxts_enc_short:
-        adds    x22, x22, #0x70
-        bmi     .Lxts_enc_done
-
-        ldr     q8, .Lxts_magic
-        sshr    v1.2d, v11.2d, #63
-        add     v2.2d, v11.2d, v11.2d
-        ldr     q9, .Lxts_magic+16
-        subs    x22, x22, #0x10
-        ldr     q0, [x20], #16
-        and     v1.16b, v1.16b, v8.16b
-        cmtst   v3.2d, v11.2d, v9.2d
-        ext     v1.16b, v1.16b, v1.16b, #8
-        and     v3.16b, v3.16b, v8.16b
-        eor     v12.16b, v2.16b, v1.16b
-        ext     v1.16b, v3.16b, v3.16b, #8
-        add     v2.2d, v12.2d, v12.2d
-        cmtst   v3.2d, v12.2d, v9.2d
-        eor     v13.16b, v2.16b, v1.16b
-        and     v22.16b, v3.16b, v8.16b
-        bmi     .Lxts_enc_1
-
-        ext     v2.16b, v22.16b, v22.16b, #8
-        add     v3.2d, v13.2d, v13.2d
-        ldr     q1, [x20], #16
-        cmtst   v4.2d, v13.2d, v9.2d
-        subs    x22, x22, #0x10
-        eor     v14.16b, v3.16b, v2.16b
-        and     v23.16b, v4.16b, v8.16b
-        bmi     .Lxts_enc_2
-
-        ext     v3.16b, v23.16b, v23.16b, #8
-        add     v4.2d, v14.2d, v14.2d
-        ldr     q2, [x20], #16
-        cmtst   v5.2d, v14.2d, v9.2d
-        eor     v0.16b, v0.16b, v11.16b
-        subs    x22, x22, #0x10
-        eor     v15.16b, v4.16b, v3.16b
-        and     v24.16b, v5.16b, v8.16b
-        bmi     .Lxts_enc_3
-
-        ext     v4.16b, v24.16b, v24.16b, #8
-        add     v5.2d, v15.2d, v15.2d
-        ldr     q3, [x20], #16
-        cmtst   v6.2d, v15.2d, v9.2d
-        eor     v1.16b, v1.16b, v12.16b
-        subs    x22, x22, #0x10
-        eor     v16.16b, v5.16b, v4.16b
-        and     v25.16b, v6.16b, v8.16b
-        bmi     .Lxts_enc_4
-
-        ext     v5.16b, v25.16b, v25.16b, #8
-        add     v6.2d, v16.2d, v16.2d
-        add     x0, x19, #16
-        cmtst   v7.2d, v16.2d, v9.2d
-        ldr     q4, [x20], #16
-        eor     v2.16b, v2.16b, v13.16b
-        str     q16, [x0], #16
-        subs    x22, x22, #0x10
-        eor     v17.16b, v6.16b, v5.16b
-        and     v26.16b, v7.16b, v8.16b
-        bmi     .Lxts_enc_5
-
-        ext     v7.16b, v26.16b, v26.16b, #8
-        add     v18.2d, v17.2d, v17.2d
-        ldr     q5, [x20], #16
-        eor     v3.16b, v3.16b, v14.16b
-        str     q17, [x0], #16
-        subs    x22, x22, #0x10
-        eor     v18.16b, v18.16b, v7.16b
-        bmi     .Lxts_enc_6
-
-        ldr     q6, [x20], #16
-        eor     v4.16b, v4.16b, v15.16b
-        eor     v5.16b, v5.16b, v16.16b
-        str     q18, [x0]                   // next round tweak
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1
-        add     x0, x19, #16
-        sub     x22, x22, #0x10
-        eor     v6.16b, v6.16b, v17.16b
-
-        bl      _bsaes_encrypt8
-
-        ldr     q16, [x0], #16
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        ldr     q17, [x0], #16
-        eor     v4.16b, v4.16b, v13.16b
-        eor     v6.16b, v6.16b, v14.16b
-        eor     v3.16b, v3.16b, v15.16b
-        ldr     q11, [x0]                   // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        eor     v0.16b, v7.16b, v16.16b
-        eor     v1.16b, v2.16b, v17.16b
-        str     q4, [x21], #16
-        str     q6, [x21], #16
-        str     q3, [x21], #16
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        b       .Lxts_enc_done
-
-.align  4
-.Lxts_enc_6:
-        eor     v4.16b, v4.16b, v15.16b
-        eor     v5.16b, v5.16b, v16.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_encrypt8
-
-        ldr     q16, [x0], #16
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v4.16b, v4.16b, v13.16b
-        eor     v6.16b, v6.16b, v14.16b
-        ldr     q11, [x0]                   // next round tweak
-        eor     v3.16b, v3.16b, v15.16b
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        eor     v0.16b, v7.16b, v16.16b
-        str     q4, [x21], #16
-        str     q6, [x21], #16
-        str     q3, [x21], #16
-        str     q0, [x21], #16
-        b       .Lxts_enc_done
-
-.align  4
-.Lxts_enc_5:
-        eor     v3.16b, v3.16b, v14.16b
-        eor     v4.16b, v4.16b, v15.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_encrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        ldr     q11, [x0]                   // next round tweak
-        eor     v4.16b, v4.16b, v13.16b
-        eor     v6.16b, v6.16b, v14.16b
-        eor     v3.16b, v3.16b, v15.16b
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        str     q4, [x21], #16
-        str     q6, [x21], #16
-        str     q3, [x21], #16
-        b       .Lxts_enc_done
-
-.align  4
-.Lxts_enc_4:
-        eor     v2.16b, v2.16b, v13.16b
-        eor     v3.16b, v3.16b, v14.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_encrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v4.16b, v4.16b, v13.16b
-        eor     v6.16b, v6.16b, v14.16b
-        mov     v11.16b, v15.16b            // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        str     q4, [x21], #16
-        str     q6, [x21], #16
-        b       .Lxts_enc_done
-
-.align  4
-.Lxts_enc_3:
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v2.16b, v2.16b, v13.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_encrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v4.16b, v4.16b, v13.16b
-        mov     v11.16b, v14.16b            // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        str     q4, [x21], #16
-        b       .Lxts_enc_done
-
-.align  4
-.Lxts_enc_2:
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_encrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        mov     v11.16b, v13.16b            // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        b       .Lxts_enc_done
-
-.align  4
-.Lxts_enc_1:
-        eor     v0.16b, v0.16b, v11.16b
-        sub     x0, sp, #16
-        sub     x1, sp, #16
-        mov     x2, x23
-        mov     v13.d[0], v11.d[1]          // just in case AES_encrypt corrupts top half of callee-saved SIMD registers
-        mov     v14.d[0], v12.d[1]
-        str     q0, [sp, #-16]!
-
-        bl      AES_encrypt
-
-        ldr     q0, [sp], #16
-        trn1    v13.2d, v11.2d, v13.2d
-        trn1    v11.2d, v12.2d, v14.2d      // next round tweak
-        eor     v0.16b, v0.16b, v13.16b
-        str     q0, [x21], #16
-
-.Lxts_enc_done:
-        adds    x22, x22, #0x10
-        beq     .Lxts_enc_ret
-
-        sub     x6, x21, #0x10
-        // Penultimate plaintext block produces final ciphertext part-block
-        // plus remaining part of final plaintext block. Move ciphertext part
-        // to final position and re-use penultimate ciphertext block buffer to
-        // construct final plaintext block
-.Lxts_enc_steal:
-        ldrb    w0, [x20], #1
-        ldrb    w1, [x21, #-0x10]
-        strb    w0, [x21, #-0x10]
-        strb    w1, [x21], #1
-
-        subs    x22, x22, #1
-        bhi     .Lxts_enc_steal
-
-        // Finally encrypt the penultimate ciphertext block using the
-        // last tweak
-        ldr     q0, [x6]
-        eor     v0.16b, v0.16b, v11.16b
-        str     q0, [sp, #-16]!
-        mov     x0, sp
-        mov     x1, sp
-        mov     x2, x23
-        mov     x21, x6
-        mov     v13.d[0], v11.d[1]          // just in case AES_encrypt corrupts top half of callee-saved SIMD registers
-
-        bl      AES_encrypt
-
-        trn1    v11.2d, v11.2d, v13.2d
-        ldr     q0, [sp], #16
-        eor     v0.16b, v0.16b, v11.16b
-        str     q0, [x21]
-
-.Lxts_enc_ret:
-
-        movi    v0.16b, #0
-        movi    v1.16b, #0
-.Lxts_enc_bzero: // wipe key schedule
-        stp     q0, q1, [sp], #32
-        cmp     sp, x19
-        bne     .Lxts_enc_bzero
-
-        ldp     x19, x20, [sp, #80]
-        ldp     x21, x22, [sp, #96]
-        ldr     x23, [sp, #112]
-        ldp     d8, d9, [sp, #128]
-        ldp     d10, d11, [sp, #144]
-        ldp     d12, d13, [sp, #160]
-        ldp     d14, d15, [sp, #176]
-        ldp     fp, lr, [sp], #192
-        ret
-.size   bsaes_xts_encrypt,.-bsaes_xts_encrypt
-
-// The assembler doesn't seem capable of de-duplicating these when expressed
-// using `ldr qd,=` syntax, so assign a symbolic address
-.align  5
-.Lxts_magic:
-.quad   1, 0x87, 0x4000000000000000, 0x4000000000000000
-
-.globl  bsaes_xts_decrypt
-.type   bsaes_xts_decrypt,%function
-.align  4
-// On entry:
-//   x0 -> input ciphertext
-//   x1 -> output plaintext
-//   x2 -> length of text in bytes (must be at least 16)
-//   x3 -> key1 (used to decrypt the XORed ciphertext blocks)
-//   x4 -> key2 (used to encrypt the initial vector to yield the initial tweak)
-//   x5 -> 16-byte initial vector (typically, sector number)
-// On exit:
-//   Output plaintext filled in
-//   No output registers, usual AAPCS64 register preservation
-bsaes_xts_decrypt:
-        // Stack layout:
-        // sp ->
-        //        nrounds*128-96 bytes: key schedule
-        // x19 ->
-        //        16 bytes: frame record
-        //        4*16 bytes: tweak storage across _bsaes_decrypt8
-        //        6*8 bytes: storage for 5 callee-saved general-purpose registers
-        //        8*8 bytes: storage for 8 callee-saved SIMD registers
-        stp     fp, lr, [sp, #-192]!
-        stp     x19, x20, [sp, #80]
-        stp     x21, x22, [sp, #96]
-        str     x23, [sp, #112]
-        stp     d8, d9, [sp, #128]
-        stp     d10, d11, [sp, #144]
-        stp     d12, d13, [sp, #160]
-        stp     d14, d15, [sp, #176]
-
-        mov     x19, sp
-        mov     x20, x0
-        mov     x21, x1
-        mov     x22, x2
-        mov     x23, x3
-
-        // generate initial tweak
-        sub     sp, sp, #16
-        mov     x0, x5                      // iv[]
-        mov     x1, sp
-        mov     x2, x4                      // key2
-        bl      AES_encrypt
-        ldr     q11, [sp], #16
-
-        ldr     w1, [x23, #240]             // get # of rounds
-        // allocate the key schedule on the stack
-        add     x17, sp, #96
-        sub     x17, x17, x1, lsl #7        // 128 bytes per inner round key, less 96 bytes
-
-        // populate the key schedule
-        mov     x9, x23                     // pass key
-        mov     x10, x1                     // pass # of rounds
-        mov     sp, x17
-        bl      _bsaes_key_convert
-        ldr     q6,  [sp]
-        str     q15, [x17]                  // save last round key
-        eor     v6.16b, v6.16b, v7.16b      // fix up round 0 key (by XORing with 0x63)
-        str     q6, [sp]
-
-        sub     x30, x22, #0x10
-        tst     x22, #0xf                   // if not multiple of 16
-        csel    x22, x30, x22, ne           // subtract another 16 bytes
-        subs    x22, x22, #0x80
-
-        blo     .Lxts_dec_short
-        b       .Lxts_dec_loop
-
-.align  4
-.Lxts_dec_loop:
-        ldr     q8, .Lxts_magic
-        mov     x10, x1                     // pass rounds
-        add     x2, x19, #16
-        ldr     q0, [x20], #16
-        sshr    v1.2d, v11.2d, #63
-        mov     x9, sp                      // pass key schedule
-        ldr     q6, .Lxts_magic+16
-        add     v2.2d, v11.2d, v11.2d
-        cmtst   v3.2d, v11.2d, v6.2d
-        and     v1.16b, v1.16b, v8.16b
-        ext     v1.16b, v1.16b, v1.16b, #8
-        and     v3.16b, v3.16b, v8.16b
-        ldr     q4, [x20], #16
-        eor     v12.16b, v2.16b, v1.16b
-        eor     v1.16b, v4.16b, v12.16b
-        eor     v0.16b, v0.16b, v11.16b
-        cmtst   v2.2d, v12.2d, v6.2d
-        add     v4.2d, v12.2d, v12.2d
-        add     x0, x19, #16
-        ext     v3.16b, v3.16b, v3.16b, #8
-        and     v2.16b, v2.16b, v8.16b
-        eor     v13.16b, v4.16b, v3.16b
-        ldr     q3, [x20], #16
-        ext     v4.16b, v2.16b, v2.16b, #8
-        eor     v2.16b, v3.16b, v13.16b
-        ldr     q3, [x20], #16
-        add     v5.2d, v13.2d, v13.2d
-        cmtst   v7.2d, v13.2d, v6.2d
-        and     v7.16b, v7.16b, v8.16b
-        ldr     q9, [x20], #16
-        ext     v7.16b, v7.16b, v7.16b, #8
-        ldr     q10, [x20], #16
-        eor     v14.16b, v5.16b, v4.16b
-        ldr     q16, [x20], #16
-        add     v4.2d, v14.2d, v14.2d
-        eor     v3.16b, v3.16b, v14.16b
-        eor     v15.16b, v4.16b, v7.16b
-        add     v5.2d, v15.2d, v15.2d
-        ldr     q7, [x20], #16
-        cmtst   v4.2d, v14.2d, v6.2d
-        and     v17.16b, v4.16b, v8.16b
-        cmtst   v18.2d, v15.2d, v6.2d
-        eor     v4.16b, v9.16b, v15.16b
-        ext     v9.16b, v17.16b, v17.16b, #8
-        eor     v9.16b, v5.16b, v9.16b
-        add     v17.2d, v9.2d, v9.2d
-        and     v18.16b, v18.16b, v8.16b
-        eor     v5.16b, v10.16b, v9.16b
-        str     q9, [x2], #16
-        ext     v10.16b, v18.16b, v18.16b, #8
-        cmtst   v9.2d, v9.2d, v6.2d
-        and     v9.16b, v9.16b, v8.16b
-        eor     v10.16b, v17.16b, v10.16b
-        cmtst   v17.2d, v10.2d, v6.2d
-        eor     v6.16b, v16.16b, v10.16b
-        str     q10, [x2], #16
-        ext     v9.16b, v9.16b, v9.16b, #8
-        add     v10.2d, v10.2d, v10.2d
-        eor     v9.16b, v10.16b, v9.16b
-        str     q9, [x2], #16
-        eor     v7.16b, v7.16b, v9.16b
-        add     v9.2d, v9.2d, v9.2d
-        and     v8.16b, v17.16b, v8.16b
-        ext     v8.16b, v8.16b, v8.16b, #8
-        eor     v8.16b, v9.16b, v8.16b
-        str     q8, [x2]                    // next round tweak
-
-        bl      _bsaes_decrypt8
-
-        eor     v6.16b, v6.16b, v13.16b
-        eor     v0.16b, v0.16b, v11.16b
-        ldr     q8, [x0], #16
-        eor     v7.16b, v7.16b, v8.16b
-        str     q0, [x21], #16
-        eor     v0.16b, v1.16b, v12.16b
-        ldr     q1, [x0], #16
-        eor     v1.16b, v3.16b, v1.16b
-        subs    x22, x22, #0x80
-        eor     v2.16b, v2.16b, v15.16b
-        eor     v3.16b, v4.16b, v14.16b
-        ldr     q4, [x0], #16
-        str     q0, [x21], #16
-        ldr     q11, [x0]                   // next round tweak
-        eor     v0.16b, v5.16b, v4.16b
-        str     q6, [x21], #16
-        str     q3, [x21], #16
-        str     q2, [x21], #16
-        str     q7, [x21], #16
-        str     q1, [x21], #16
-        str     q0, [x21], #16
-        bpl     .Lxts_dec_loop
-
-.Lxts_dec_short:
-        adds    x22, x22, #0x70
-        bmi     .Lxts_dec_done
-
-        ldr     q8, .Lxts_magic
-        sshr    v1.2d, v11.2d, #63
-        add     v2.2d, v11.2d, v11.2d
-        ldr     q9, .Lxts_magic+16
-        subs    x22, x22, #0x10
-        ldr     q0, [x20], #16
-        and     v1.16b, v1.16b, v8.16b
-        cmtst   v3.2d, v11.2d, v9.2d
-        ext     v1.16b, v1.16b, v1.16b, #8
-        and     v3.16b, v3.16b, v8.16b
-        eor     v12.16b, v2.16b, v1.16b
-        ext     v1.16b, v3.16b, v3.16b, #8
-        add     v2.2d, v12.2d, v12.2d
-        cmtst   v3.2d, v12.2d, v9.2d
-        eor     v13.16b, v2.16b, v1.16b
-        and     v22.16b, v3.16b, v8.16b
-        bmi     .Lxts_dec_1
-
-        ext     v2.16b, v22.16b, v22.16b, #8
-        add     v3.2d, v13.2d, v13.2d
-        ldr     q1, [x20], #16
-        cmtst   v4.2d, v13.2d, v9.2d
-        subs    x22, x22, #0x10
-        eor     v14.16b, v3.16b, v2.16b
-        and     v23.16b, v4.16b, v8.16b
-        bmi     .Lxts_dec_2
-
-        ext     v3.16b, v23.16b, v23.16b, #8
-        add     v4.2d, v14.2d, v14.2d
-        ldr     q2, [x20], #16
-        cmtst   v5.2d, v14.2d, v9.2d
-        eor     v0.16b, v0.16b, v11.16b
-        subs    x22, x22, #0x10
-        eor     v15.16b, v4.16b, v3.16b
-        and     v24.16b, v5.16b, v8.16b
-        bmi     .Lxts_dec_3
-
-        ext     v4.16b, v24.16b, v24.16b, #8
-        add     v5.2d, v15.2d, v15.2d
-        ldr     q3, [x20], #16
-        cmtst   v6.2d, v15.2d, v9.2d
-        eor     v1.16b, v1.16b, v12.16b
-        subs    x22, x22, #0x10
-        eor     v16.16b, v5.16b, v4.16b
-        and     v25.16b, v6.16b, v8.16b
-        bmi     .Lxts_dec_4
-
-        ext     v5.16b, v25.16b, v25.16b, #8
-        add     v6.2d, v16.2d, v16.2d
-        add     x0, x19, #16
-        cmtst   v7.2d, v16.2d, v9.2d
-        ldr     q4, [x20], #16
-        eor     v2.16b, v2.16b, v13.16b
-        str     q16, [x0], #16
-        subs    x22, x22, #0x10
-        eor     v17.16b, v6.16b, v5.16b
-        and     v26.16b, v7.16b, v8.16b
-        bmi     .Lxts_dec_5
-
-        ext     v7.16b, v26.16b, v26.16b, #8
-        add     v18.2d, v17.2d, v17.2d
-        ldr     q5, [x20], #16
-        eor     v3.16b, v3.16b, v14.16b
-        str     q17, [x0], #16
-        subs    x22, x22, #0x10
-        eor     v18.16b, v18.16b, v7.16b
-        bmi     .Lxts_dec_6
-
-        ldr     q6, [x20], #16
-        eor     v4.16b, v4.16b, v15.16b
-        eor     v5.16b, v5.16b, v16.16b
-        str     q18, [x0]                   // next round tweak
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1
-        add     x0, x19, #16
-        sub     x22, x22, #0x10
-        eor     v6.16b, v6.16b, v17.16b
-
-        bl      _bsaes_decrypt8
-
-        ldr     q16, [x0], #16
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        ldr     q17, [x0], #16
-        eor     v6.16b, v6.16b, v13.16b
-        eor     v4.16b, v4.16b, v14.16b
-        eor     v2.16b, v2.16b, v15.16b
-        ldr     q11, [x0]                   // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        eor     v0.16b, v7.16b, v16.16b
-        eor     v1.16b, v3.16b, v17.16b
-        str     q6, [x21], #16
-        str     q4, [x21], #16
-        str     q2, [x21], #16
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        b       .Lxts_dec_done
-
-.align  4
-.Lxts_dec_6:
-        eor     v4.16b, v4.16b, v15.16b
-        eor     v5.16b, v5.16b, v16.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_decrypt8
-
-        ldr     q16, [x0], #16
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v6.16b, v6.16b, v13.16b
-        eor     v4.16b, v4.16b, v14.16b
-        ldr     q11, [x0]                   // next round tweak
-        eor     v2.16b, v2.16b, v15.16b
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        eor     v0.16b, v7.16b, v16.16b
-        str     q6, [x21], #16
-        str     q4, [x21], #16
-        str     q2, [x21], #16
-        str     q0, [x21], #16
-        b       .Lxts_dec_done
-
-.align  4
-.Lxts_dec_5:
-        eor     v3.16b, v3.16b, v14.16b
-        eor     v4.16b, v4.16b, v15.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_decrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        ldr     q11, [x0]                   // next round tweak
-        eor     v6.16b, v6.16b, v13.16b
-        eor     v4.16b, v4.16b, v14.16b
-        eor     v2.16b, v2.16b, v15.16b
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        str     q6, [x21], #16
-        str     q4, [x21], #16
-        str     q2, [x21], #16
-        b       .Lxts_dec_done
-
-.align  4
-.Lxts_dec_4:
-        eor     v2.16b, v2.16b, v13.16b
-        eor     v3.16b, v3.16b, v14.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_decrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v6.16b, v6.16b, v13.16b
-        eor     v4.16b, v4.16b, v14.16b
-        mov     v11.16b, v15.16b            // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        str     q6, [x21], #16
-        str     q4, [x21], #16
-        b       .Lxts_dec_done
-
-.align  4
-.Lxts_dec_3:
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v2.16b, v2.16b, v13.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_decrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        eor     v6.16b, v6.16b, v13.16b
-        mov     v11.16b, v14.16b            // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        str     q6, [x21], #16
-        b       .Lxts_dec_done
-
-.align  4
-.Lxts_dec_2:
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        mov     x9, sp                      // pass key schedule
-        mov     x10, x1                     // pass rounds
-        add     x0, x19, #16
-
-        bl      _bsaes_decrypt8
-
-        eor     v0.16b, v0.16b, v11.16b
-        eor     v1.16b, v1.16b, v12.16b
-        mov     v11.16b, v13.16b            // next round tweak
-        str     q0, [x21], #16
-        str     q1, [x21], #16
-        b       .Lxts_dec_done
-
-.align  4
-.Lxts_dec_1:
-        eor     v0.16b, v0.16b, v11.16b
-        sub     x0, sp, #16
-        sub     x1, sp, #16
-        mov     x2, x23
-        mov     v13.d[0], v11.d[1]          // just in case AES_decrypt corrupts top half of callee-saved SIMD registers
-        mov     v14.d[0], v12.d[1]
-        str     q0, [sp, #-16]!
-
-        bl      AES_decrypt
-
-        ldr     q0, [sp], #16
-        trn1    v13.2d, v11.2d, v13.2d
-        trn1    v11.2d, v12.2d, v14.2d      // next round tweak
-        eor     v0.16b, v0.16b, v13.16b
-        str     q0, [x21], #16
-
-.Lxts_dec_done:
-        adds    x22, x22, #0x10
-        beq     .Lxts_dec_ret
-
-        // calculate one round of extra tweak for the stolen ciphertext
-        ldr     q8, .Lxts_magic
-        sshr    v6.2d, v11.2d, #63
-        and     v6.16b, v6.16b, v8.16b
-        add     v12.2d, v11.2d, v11.2d
-        ext     v6.16b, v6.16b, v6.16b, #8
-        eor     v12.16b, v12.16b, v6.16b
-
-        // perform the final decryption with the last tweak value
-        ldr     q0, [x20], #16
-        eor     v0.16b, v0.16b, v12.16b
-        str     q0, [sp, #-16]!
-        mov     x0, sp
-        mov     x1, sp
-        mov     x2, x23
-        mov     v13.d[0], v11.d[1]          // just in case AES_decrypt corrupts top half of callee-saved SIMD registers
-        mov     v14.d[0], v12.d[1]
-
-        bl      AES_decrypt
-
-        trn1    v12.2d, v12.2d, v14.2d
-        trn1    v11.2d, v11.2d, v13.2d
-        ldr     q0, [sp], #16
-        eor     v0.16b, v0.16b, v12.16b
-        str     q0, [x21]
-
-        mov     x6, x21
-        // Penultimate ciphertext block produces final plaintext part-block
-        // plus remaining part of final ciphertext block. Move plaintext part
-        // to final position and re-use penultimate plaintext block buffer to
-        // construct final ciphertext block
-.Lxts_dec_steal:
-        ldrb    w1, [x21]
-        ldrb    w0, [x20], #1
-        strb    w1, [x21, #0x10]
-        strb    w0, [x21], #1
-
-        subs    x22, x22, #1
-        bhi     .Lxts_dec_steal
-
-        // Finally decrypt the penultimate plaintext block using the
-        // penultimate tweak
-        ldr     q0, [x6]
-        eor     v0.16b, v0.16b, v11.16b
-        str     q0, [sp, #-16]!
-        mov     x0, sp
-        mov     x1, sp
-        mov     x2, x23
-        mov     x21, x6
-
-        bl      AES_decrypt
-
-        trn1    v11.2d, v11.2d, v13.2d
-        ldr     q0, [sp], #16
-        eor     v0.16b, v0.16b, v11.16b
-        str     q0, [x21]
-
-.Lxts_dec_ret:
-
-        movi    v0.16b, #0
-        movi    v1.16b, #0
-.Lxts_dec_bzero: // wipe key schedule
-        stp     q0, q1, [sp], #32
-        cmp     sp, x19
-        bne     .Lxts_dec_bzero
-
-        ldp     x19, x20, [sp, #80]
-        ldp     x21, x22, [sp, #96]
-        ldr     x23, [sp, #112]
-        ldp     d8, d9, [sp, #128]
-        ldp     d10, d11, [sp, #144]
-        ldp     d12, d13, [sp, #160]
-        ldp     d14, d15, [sp, #176]
-        ldp     fp, lr, [sp], #192
-        ret
-.size   bsaes_xts_decrypt,.-bsaes_xts_decrypt
diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index edf6c8106e..0b9f499ee6 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -30,8 +30,8 @@ IF[{- !$disabled{asm} -}]
 
   $AESASM_armv4=aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S
   $AESDEF_armv4=AES_ASM BSAES_ASM
-  $AESASM_aarch64=aes_core.c aes_cbc.c aesv8-armx.S bsaes-armv8.S vpaes-armv8.S
-  $AESDEF_aarch64=BSAES_ASM VPAES_ASM
+  $AESASM_aarch64=aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S
+  $AESDEF_aarch64=VPAES_ASM
 
   $AESASM_parisc11=aes_core.c aes_cbc.c aes-parisc.s
   $AESDEF_parisc11=AES_ASM
@@ -80,7 +80,6 @@ IF[{- !$disabled{module} && !$disabled{shared} -}]
 ENDIF
 
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
-GENERATE[bsaes-armv8.S]=asm/bsaes-armv8.S
 
 GENERATE[aes-586.s]=asm/aes-586.pl
 DEPEND[aes-586.s]=../perlasm/x86asm.pl

From matt at openssl.org  Thu May 20 07:55:45 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 07:55:45 +0000
Subject: [openssl]  master update
Message-ID: <1621497345.838859.25974.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0050db7bb37814879012226dd24aa433b3600019 (commit)
      from  e3884ec5c37334e585e9208ce69d7e5b3cad4624 (commit)


- Log -----------------------------------------------------------------
commit 0050db7bb37814879012226dd24aa433b3600019
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Mon May 17 18:21:19 2021 +1000

    Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.
    
    This confirms that another merge has addressed this issue.
    
    Fixes #14996
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15303)

-----------------------------------------------------------------------

Summary of changes:
 test/evp_extra_test2.c | 43 +++++++++++++++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 10 deletions(-)

diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index cad1934c5b..3ad28d867a 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -223,6 +223,13 @@ static const unsigned char kExampleECKey2DER[] = {
     0xE0, 0xC7, 0xB2, 0xF8, 0x20, 0x40, 0xC2, 0x27, 0xC8, 0xBE, 0x02, 0x7E,
     0x96, 0x69, 0xE0, 0x04, 0xCB, 0x89, 0x0B, 0x42
 };
+
+static const unsigned char kExampleECXKey2DER[] = {
+    0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
+    0x04, 0x22, 0x04, 0x20, 0xc8, 0xa9, 0xd5, 0xa9, 0x10, 0x91, 0xad, 0x85,
+    0x1c, 0x66, 0x8b, 0x07, 0x36, 0xc1, 0xc9, 0xa0, 0x29, 0x36, 0xc0, 0xd3,
+    0xad, 0x62, 0x67, 0x08, 0x58, 0x08, 0x80, 0x47, 0xba, 0x05, 0x74, 0x75
+};
 #endif
 
 typedef struct APK_DATA_st {
@@ -235,6 +242,7 @@ static APK_DATA keydata[] = {
     {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
     {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
 #ifndef OPENSSL_NO_EC
+    {kExampleECXKey2DER, sizeof(kExampleECXKey2DER), EVP_PKEY_X25519},
     {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC},
     {kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC},
 #endif
@@ -268,6 +276,15 @@ static int test_d2i_AutoPrivateKey_ex(int i)
         if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D,
                                              &priv_bn)))
             goto done;
+    } else if (ak->evptype == EVP_PKEY_X25519) {
+        unsigned char buffer[32];
+        size_t len;
+
+        if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey,
+                                                       OSSL_PKEY_PARAM_PRIV_KEY,
+                                                       buffer, sizeof(buffer),
+                                                       &len)))
+            goto done;
     } else {
         if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
                                              &priv_bn)))
@@ -361,16 +378,18 @@ static int test_alternative_default(void)
     return ok;
 }
 
-static int test_d2i_PrivateKey_ex(void) {
-    int ok;
-    OSSL_PROVIDER *provider;
-    BIO *key_bio;
-    EVP_PKEY* pkey;
-    ok = 0;
-
-    provider = OSSL_PROVIDER_load(NULL, "default");
-    key_bio = BIO_new_mem_buf((&keydata[0])->kder, (&keydata)[0]->size);
+static int test_d2i_PrivateKey_ex(int testid)
+{
+    int ok = 0;
+    OSSL_PROVIDER *provider = NULL;
+    BIO *key_bio = NULL;
+    EVP_PKEY *pkey = NULL;
+    int id = (testid == 0) ? 0 : 2;
 
+    if (!TEST_ptr(provider = OSSL_PROVIDER_load(NULL, "default")))
+        goto err;
+    if (!TEST_ptr(key_bio = BIO_new_mem_buf(keydata[id].kder, keydata[id].size)))
+        goto err;
     if (!TEST_ptr_null(pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL)))
         goto err;
 
@@ -748,7 +767,11 @@ int setup_tests(void)
 
     ADD_TEST(test_alternative_default);
     ADD_ALL_TESTS(test_d2i_AutoPrivateKey_ex, OSSL_NELEM(keydata));
-    ADD_TEST(test_d2i_PrivateKey_ex);
+#ifndef OPENSSL_NO_EC
+    ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 2);
+#else
+    ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 1);
+#endif
 #ifndef OPENSSL_NO_DSA
     ADD_TEST(test_dsa_todata);
 #endif

From matt at openssl.org  Thu May 20 08:00:53 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 08:00:53 +0000
Subject: [openssl]  master update
Message-ID: <1621497653.144125.27754.nullmailer@dev.openssl.org>

The branch master has been updated
       via  87e4e9c473dd3305cb98b37c672edff8ddb436de (commit)
      from  0050db7bb37814879012226dd24aa433b3600019 (commit)


- Log -----------------------------------------------------------------
commit 87e4e9c473dd3305cb98b37c672edff8ddb436de
Author: Pauli <pauli at openssl.org>
Date:   Tue May 18 20:27:35 2021 +1000

    todo: remove TODO(3.0) from the sources.
    
    Almost all were notes about wanting to deprecate CTRLs/utility functions.
    
    Fixes #15325
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15328)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/dh_ctrl.c   | 6 ------
 crypto/evp/dsa_ctrl.c  | 1 -
 crypto/evp/ec_ctrl.c   | 3 ---
 crypto/evp/evp_lib.c   | 1 -
 crypto/evp/pmeth_lib.c | 5 -----
 crypto/pem/pem_local.h | 5 -----
 crypto/rsa/rsa_lib.c   | 8 --------
 7 files changed, 29 deletions(-)

diff --git a/crypto/evp/dh_ctrl.c b/crypto/evp/dh_ctrl.c
index 57cd88b41b..fee7757d9a 100644
--- a/crypto/evp/dh_ctrl.c
+++ b/crypto/evp/dh_ctrl.c
@@ -148,8 +148,6 @@ int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name or an
- * ASN1_OBJECT (which can be converted to text internally)?
  */
 int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
 {
@@ -178,7 +176,6 @@ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name?
  */
 int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
 {
@@ -189,7 +186,6 @@ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of getting a name?
  */
 int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx)
 {
@@ -220,7 +216,6 @@ int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name?
  */
 int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
@@ -231,7 +226,6 @@ int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of getting a name?
  */
 int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
 {
diff --git a/crypto/evp/dsa_ctrl.c b/crypto/evp/dsa_ctrl.c
index e0cc2b8852..531a21fa8d 100644
--- a/crypto/evp/dsa_ctrl.c
+++ b/crypto/evp/dsa_ctrl.c
@@ -124,7 +124,6 @@ int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
 }
 
 #if !defined(FIPS_MODULE)
-/* TODO(3.0): deprecate as this is needed only for legacy? */
 int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
     return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
diff --git a/crypto/evp/ec_ctrl.c b/crypto/evp/ec_ctrl.c
index b8b5434ee6..404358ab97 100644
--- a/crypto/evp/ec_ctrl.c
+++ b/crypto/evp/ec_ctrl.c
@@ -127,7 +127,6 @@ int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name?
  */
 int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
@@ -138,7 +137,6 @@ int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of getting a name?
  */
 int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
 {
@@ -281,7 +279,6 @@ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of setting a name or an
  * ASN1_OBJECT (which would be converted to text internally)?
  */
 int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index e2ac6af895..7d40113790 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -1005,7 +1005,6 @@ EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
 }
 
 #if !defined(FIPS_MODULE)
-/* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */
 void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
 {
     /*
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 7d7bed965d..506e90fed8 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -878,7 +878,6 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
     return EVP_PKEY_CTX_get_params(ctx, params);
 }
 
-/* TODO(3.0): Deprecate in favour of get_signature_md_name */
 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
 {
     OSSL_PARAM sig_md_params[2], *p = sig_md_params;
@@ -913,10 +912,6 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
     return 1;
 }
 
-/*
- * TODO(3.0): Deprecate functions calling this in favour of
- * functions setting md name.
- */
 static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
                                int fallback, const char *param, int op,
                                int ctrl)
diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h
index 509519eb7c..628a66912d 100644
--- a/crypto/pem/pem_local.h
+++ b/crypto/pem/pem_local.h
@@ -7,11 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/*
- * TODO(v3.0): the IMPLEMENT macros in include/openssl/pem.h should be
- * moved here.
- */
-
 #include <openssl/core_dispatch.h>
 #include <openssl/pem.h>
 #include <openssl/encoder.h>
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index b9b5d395bb..c70b622bae 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -927,7 +927,6 @@ static int int_get_rsa_md_name(EVP_PKEY_CTX *ctx,
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated?
  */
 int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode)
 {
@@ -938,7 +937,6 @@ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated?
  */
 int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode)
 {
@@ -949,7 +947,6 @@ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name?
  */
 int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
@@ -969,7 +966,6 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name?
  */
 int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
@@ -997,7 +993,6 @@ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of getting a name?
  */
 int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
 {
@@ -1008,7 +1003,6 @@ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name?
  */
 int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
@@ -1036,7 +1030,6 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of passing a name?
  */
 int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
@@ -1055,7 +1048,6 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx,
 /*
  * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  * simply because that's easier.
- * TODO(3.0) Should this be deprecated in favor of getting a name?
  */
 int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
 {

From matt at openssl.org  Thu May 20 08:49:52 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 08:49:52 +0000
Subject: [openssl]  master update
Message-ID: <1621500592.814213.4660.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b195677073aa85cc72bd4b3289e7ecf47ae0e066 (commit)
       via  b1c053acdaaee5e653949932f9999370edfc64db (commit)
       via  366bf9aedbbf719097a891dbf675f46dab8c9276 (commit)
       via  18cb5c31e16ace483e09a3d72d47d675feb898b2 (commit)
       via  447588b69aa6ba46e61302570df9d2d2a57960ed (commit)
       via  ad8570a8b6b4ec27e92013653d4d36b0c1b36991 (commit)
       via  e2ed740ec4dcfd32723d849a146bfc126b95d16c (commit)
      from  87e4e9c473dd3305cb98b37c672edff8ddb436de (commit)


- Log -----------------------------------------------------------------
commit b195677073aa85cc72bd4b3289e7ecf47ae0e066
Author: Matt Caswell <matt at openssl.org>
Date:   Wed May 12 09:44:20 2021 +0100

    Update documentation for global properties mirroring
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15242)

commit b1c053acdaaee5e653949932f9999370edfc64db
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 11 16:50:27 2021 +0100

    Ensure mirroring of properties works for subsequent updates
    
    If the global properties are updated after a provider with a child libctx
    has already started we need to make sure those updates are mirrored in
    that child.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15242)

commit 366bf9aedbbf719097a891dbf675f46dab8c9276
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 11 16:49:45 2021 +0100

    Documentation updates for mirroring of global properties
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15242)

commit 18cb5c31e16ace483e09a3d72d47d675feb898b2
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 11 11:44:43 2021 +0100

    Test that properties are mirrored as we expect
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15242)

commit 447588b69aa6ba46e61302570df9d2d2a57960ed
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 7 17:59:47 2021 +0100

    Add a callback for providers to know about global properties changes
    
    Where a child libctx is in use it needs to know what the current global
    properties are.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15242)

commit ad8570a8b6b4ec27e92013653d4d36b0c1b36991
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 7 17:13:05 2021 +0100

    Add a test for converting a property list to a string
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15242)

commit e2ed740ec4dcfd32723d849a146bfc126b95d16c
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 7 16:42:53 2021 +0100

    Implement the ability to convert a PROPERTY_LIST to a string
    
    We have the ability to parse a string into a PROPERTY_LIST already. Now
    we have the ability to go the other way.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15242)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_cnf.c                               |   2 +-
 crypto/evp/evp_fetch.c                             |  77 ++++++++++--
 crypto/property/property.c                         |  48 ++++++--
 crypto/property/property_local.h                   |   2 +
 crypto/property/property_parse.c                   | 130 +++++++++++++++++++++
 crypto/property/property_string.c                  |  44 +++++++
 crypto/provider_child.c                            |  10 ++
 crypto/provider_core.c                             |  40 ++++++-
 .../man3/ossl_global_properties_no_mirrored.pod    |  56 +++++++++
 doc/internal/man3/ossl_provider_new.pod            |  11 +-
 doc/man3/OSSL_LIB_CTX.pod                          |   6 +
 doc/man7/provider-base.pod                         |   9 +-
 include/crypto/evp.h                               |   3 +-
 include/internal/property.h                        |   7 ++
 include/internal/provider.h                        |   1 +
 include/openssl/core_dispatch.h                    |   1 +
 include/openssl/lhash.h.in                         |   7 ++
 test/p_test.c                                      |  28 +++++
 test/property_test.c                               |  56 +++++++++
 test/provider_internal_test.c                      |  14 ++-
 test/provider_test.c                               |  39 ++++++-
 21 files changed, 563 insertions(+), 28 deletions(-)
 create mode 100644 doc/internal/man3/ossl_global_properties_no_mirrored.pod

diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 145f52fe1d..c13652ca0f 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -51,7 +51,7 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
                 return 0;
             }
         } else if (strcmp(oval->name, "default_properties") == 0) {
-            if (!evp_set_default_properties_int(cnf->libctx, oval->value, 0)) {
+            if (!evp_set_default_properties_int(cnf->libctx, oval->value, 0, 0)) {
                 ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
                 return 0;
             }
diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c
index 6c701bf1e2..e71d827d4b 100644
--- a/crypto/evp/evp_fetch.c
+++ b/crypto/evp/evp_fetch.c
@@ -384,24 +384,55 @@ int evp_method_store_flush(OSSL_LIB_CTX *libctx)
 
 static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx,
                                              OSSL_PROPERTY_LIST *def_prop,
-                                             int loadconfig)
+                                             int loadconfig,
+                                             int mirrored)
 {
     OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
     OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig);
 
-    if (plp != NULL) {
+    if (plp != NULL && store != NULL) {
+#ifndef FIPS_MODULE
+        char *propstr = NULL;
+        size_t strsz;
+
+        if (mirrored) {
+            if (ossl_global_properties_no_mirrored(libctx))
+                return 0;
+        } else {
+            /*
+             * These properties have been explicitly set on this libctx, so
+             * don't allow any mirroring from a parent libctx.
+             */
+            ossl_global_properties_stop_mirroring(libctx);
+        }
+
+        strsz = ossl_property_list_to_string(libctx, def_prop, NULL, 0);
+        if (strsz > 0)
+            propstr = OPENSSL_malloc(strsz);
+        if (propstr == NULL) {
+            ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if (ossl_property_list_to_string(libctx, def_prop, propstr,
+                                         strsz) == 0) {
+            OPENSSL_free(propstr);
+            ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        ossl_provider_default_props_update(libctx, propstr);
+        OPENSSL_free(propstr);
+#endif
         ossl_property_free(*plp);
         *plp = def_prop;
         if (store != NULL)
             return ossl_method_store_flush_cache(store, 0);
-        return 1;
     }
     ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
     return 0;
 }
 
 int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
-                                   int loadconfig)
+                                   int loadconfig, int mirrored)
 {
     OSSL_PROPERTY_LIST *pl = NULL;
 
@@ -409,12 +440,16 @@ int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
         ERR_raise(ERR_LIB_EVP, EVP_R_DEFAULT_QUERY_PARSE_ERROR);
         return 0;
     }
-    return evp_set_parsed_default_properties(libctx, pl, loadconfig);
+    if (!evp_set_parsed_default_properties(libctx, pl, loadconfig, mirrored)) {
+        ossl_property_free(pl);
+        return 0;
+    }
+    return 1;
 }
 
 int EVP_set_default_properties(OSSL_LIB_CTX *libctx, const char *propq)
 {
-    return evp_set_default_properties_int(libctx, propq, 1);
+    return evp_set_default_properties_int(libctx, propq, 1, 0);
 }
 
 static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq)
@@ -436,7 +471,11 @@ static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq)
         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    return evp_set_parsed_default_properties(libctx, pl2, 0);
+    if (!evp_set_parsed_default_properties(libctx, pl2, 0, 0)) {
+        ossl_property_free(pl2);
+        return 0;
+    }
+    return 1;
 }
 
 static int evp_default_property_is_enabled(OSSL_LIB_CTX *libctx,
@@ -459,6 +498,30 @@ int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable)
     return evp_default_properties_merge(libctx, query);
 }
 
+char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig)
+{
+    OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig);
+    char *propstr = NULL;
+    size_t sz;
+
+    sz = ossl_property_list_to_string(libctx, *plp, NULL, 0);
+    if (sz == 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+        return NULL;
+    }
+
+    propstr = OPENSSL_malloc(sz);
+    if (propstr == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (ossl_property_list_to_string(libctx, *plp, propstr, sz) == 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+        OPENSSL_free(propstr);
+        return NULL;
+    }
+    return propstr;
+}
 
 struct do_all_data_st {
     void (*user_fn)(void *method, void *arg);
diff --git a/crypto/property/property.c b/crypto/property/property.c
index da6bc84e27..a769a7307e 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -74,25 +74,31 @@ typedef struct {
 
 DEFINE_SPARSE_ARRAY_OF(ALGORITHM);
 
+typedef struct ossl_global_properties_st {
+    OSSL_PROPERTY_LIST *list;
+#ifndef FIPS_MODULE
+    unsigned int no_mirrored : 1;
+#endif
+} OSSL_GLOBAL_PROPERTIES;
+
 static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid);
 
 /* Global properties are stored per library context */
-static void ossl_ctx_global_properties_free(void *vstore)
+static void ossl_ctx_global_properties_free(void *vglobp)
 {
-    OSSL_PROPERTY_LIST **plp = vstore;
+    OSSL_GLOBAL_PROPERTIES *globp = vglobp;
 
-    if (plp != NULL) {
-        ossl_property_free(*plp);
-        OPENSSL_free(plp);
+    if (globp != NULL) {
+        ossl_property_free(globp->list);
+        OPENSSL_free(globp);
     }
 }
 
 static void *ossl_ctx_global_properties_new(OSSL_LIB_CTX *ctx)
 {
-    return OPENSSL_zalloc(sizeof(OSSL_PROPERTY_LIST **));
+    return OPENSSL_zalloc(sizeof(OSSL_GLOBAL_PROPERTIES));
 }
 
-
 static const OSSL_LIB_CTX_METHOD ossl_ctx_global_properties_method = {
     OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
     ossl_ctx_global_properties_new,
@@ -102,13 +108,37 @@ static const OSSL_LIB_CTX_METHOD ossl_ctx_global_properties_method = {
 OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx,
                                                 int loadconfig)
 {
+    OSSL_GLOBAL_PROPERTIES *globp;
+
 #ifndef FIPS_MODULE
     if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
         return NULL;
 #endif
-    return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES,
-                                 &ossl_ctx_global_properties_method);
+    globp = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES,
+                                  &ossl_ctx_global_properties_method);
+
+    return &globp->list;
+}
+
+#ifndef FIPS_MODULE
+int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx)
+{
+    OSSL_GLOBAL_PROPERTIES *globp
+        = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES,
+                                &ossl_ctx_global_properties_method);
+
+    return globp->no_mirrored ? 1 : 0;
+}
+
+void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx)
+{
+    OSSL_GLOBAL_PROPERTIES *globp
+        = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES,
+                                &ossl_ctx_global_properties_method);
+
+    globp->no_mirrored = 1;
 }
+#endif
 
 static int ossl_method_up_ref(METHOD *method)
 {
diff --git a/crypto/property/property_local.h b/crypto/property/property_local.h
index c744a5d3c3..8cc3a51270 100644
--- a/crypto/property/property_local.h
+++ b/crypto/property/property_local.h
@@ -16,8 +16,10 @@ typedef int OSSL_PROPERTY_IDX;
 /* Property string functions */
 OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s,
                                      int create);
+const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx);
 OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s,
                                       int create);
+const char *ossl_property_value_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx);
 
 /* Property list functions */
 void ossl_property_free(OSSL_PROPERTY_LIST *p);
diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c
index dfae76518f..aab8cbe8a4 100644
--- a/crypto/property/property_parse.c
+++ b/crypto/property/property_parse.c
@@ -616,3 +616,133 @@ int ossl_property_parse_init(OSSL_LIB_CTX *ctx)
 err:
     return 0;
 }
+
+static void put_char(char ch, char **buf, size_t *remain, size_t *needed)
+{
+    if (*remain == 0) {
+        ++*needed;
+        return;
+    }
+    if(*remain == 1)
+        **buf = '\0';
+    else
+        **buf = ch;
+    ++*buf;
+    ++*needed;
+    --*remain;
+}
+
+static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
+{
+    size_t olen, len;
+
+    len = olen = strlen(str);
+    *needed += len;
+
+    if (*remain == 0)
+        return;
+
+    if(*remain < len + 1)
+        len = *remain - 1;
+
+    if(len > 0) {
+        strncpy(*buf, str, len);
+        *buf += len;
+        *remain -= len;
+    }
+
+    if(len < olen && *remain == 1) {
+        **buf = '\0';
+        ++*buf;
+        --*remain;
+    }
+}
+
+static void put_num(int val, char **buf, size_t *remain, size_t *needed)
+{
+    int tmpval = val;
+    size_t len = 1;
+
+    for (; tmpval > 9; len++, tmpval /= 10);
+
+    *needed += len;
+
+    if (*remain == 0)
+        return;
+
+    BIO_snprintf(*buf, *remain, "%d", val);
+    if (*remain < len) {
+        *buf += *remain;
+        *remain = 0;
+    } else {
+        *buf += len;
+        *remain -= len;
+    }
+}
+
+size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx,
+                                    const OSSL_PROPERTY_LIST *list, char *buf,
+                                    size_t bufsize)
+{
+    int i;
+    const PROPERTY_DEFINITION *prop = NULL;
+    size_t needed = 0;
+    const char *val;
+
+    if (list == NULL) {
+        if (bufsize > 0)
+            *buf = '\0';
+        return 1;
+    }
+    if (list->n != 0)
+        prop = &list->properties[list->n - 1];
+    for (i = 0; i < list->n; i++, prop--) {
+        /* Skip invalid names */
+        if (prop->name_idx == 0)
+            continue;
+
+        if (needed > 0)
+            put_char(',', &buf, &bufsize, &needed);
+
+        if (prop->optional)
+            put_char('?', &buf, &bufsize, &needed);
+        else if (prop->oper == PROPERTY_OVERRIDE)
+            put_char('-', &buf, &bufsize, &needed);
+
+        val = ossl_property_name_str(ctx, prop->name_idx);
+        if (val == NULL)
+            return 0;
+        put_str(val, &buf, &bufsize, &needed);
+
+        switch (prop->oper) {
+            case PROPERTY_OPER_NE:
+                put_char('!', &buf, &bufsize, &needed);
+                /* fall through */
+            case PROPERTY_OPER_EQ:
+                put_char('=', &buf, &bufsize, &needed);
+                /* put value */
+                switch (prop->type) {
+                case PROPERTY_TYPE_STRING:
+                    val = ossl_property_value_str(ctx, prop->v.str_val);
+                    if (val == NULL)
+                        return 0;
+                    put_str(val, &buf, &bufsize, &needed);
+                    break;
+
+                case PROPERTY_TYPE_NUMBER:
+                    put_num(prop->v.int_val, &buf, &bufsize, &needed);
+                    break;
+
+                default:
+                    return 0;
+                }
+                break;
+            default:
+                /* do nothing */
+                break;
+        }
+    }
+
+    put_char('\0', &buf, &bufsize, &needed);
+    return needed;
+}
diff --git a/crypto/property/property_string.c b/crypto/property/property_string.c
index 9eb55cb461..06f58496db 100644
--- a/crypto/property/property_string.c
+++ b/crypto/property/property_string.c
@@ -162,6 +162,45 @@ OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s,
                                 s);
 }
 
+struct find_str_st {
+    const char *str;
+    OSSL_PROPERTY_IDX idx;
+};
+
+static void find_str_fn(PROPERTY_STRING *prop, void *vfindstr)
+{
+    struct find_str_st *findstr = vfindstr;
+
+    if (prop->idx == findstr->idx)
+        findstr->str = prop->s;
+}
+
+static const char *ossl_property_str(int name, OSSL_LIB_CTX *ctx,
+                                     OSSL_PROPERTY_IDX idx)
+{
+    struct find_str_st findstr;
+    PROPERTY_STRING_DATA *propdata
+        = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX,
+                                &property_string_data_method);
+
+    if (propdata == NULL)
+        return NULL;
+
+    findstr.str = NULL;
+    findstr.idx = idx;
+
+    lh_PROPERTY_STRING_doall_arg(name ? propdata->prop_names
+                                      : propdata->prop_values,
+                                 find_str_fn, &findstr);
+
+    return findstr.str;
+}
+
+const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx)
+{
+    return ossl_property_str(1, ctx, idx);
+}
+
 OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s,
                                       int create)
 {
@@ -175,3 +214,8 @@ OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s,
                                 create ? &propdata->prop_value_idx : NULL,
                                 s);
 }
+
+const char *ossl_property_value_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx)
+{
+    return ossl_property_str(0, ctx, idx);
+}
diff --git a/crypto/provider_child.c b/crypto/provider_child.c
index 14d0054624..7ab161b795 100644
--- a/crypto/provider_child.c
+++ b/crypto/provider_child.c
@@ -12,8 +12,10 @@
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 #include <openssl/provider.h>
+#include <openssl/evp.h>
 #include "internal/provider.h"
 #include "internal/cryptlib.h"
+#include "crypto/evp.h"
 
 DEFINE_STACK_OF(OSSL_PROVIDER)
 
@@ -198,6 +200,13 @@ static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
     return 1;
 }
 
+static int provider_global_props_cb(const char *props, void *cbdata)
+{
+    OSSL_LIB_CTX *ctx = cbdata;
+
+    return evp_set_default_properties_int(ctx, props, 0, 1);
+}
+
 int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
                                 const OSSL_CORE_HANDLE *handle,
                                 const OSSL_DISPATCH *in)
@@ -265,6 +274,7 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
     if (!gbl->c_provider_register_child_cb(gbl->handle,
                                            provider_create_child_cb,
                                            provider_remove_child_cb,
+                                           provider_global_props_cb,
                                            ctx))
         return 0;
 
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 9d5248de0d..512a16ee66 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -46,7 +46,8 @@ DEFINE_STACK_OF(INFOPAIR)
 typedef struct {
     OSSL_PROVIDER *prov;
     int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata);
-    void (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata);
+    int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata);
+    int (*global_props_cb)(const char *props, void *cbdata);
     void *cbdata;
 } OSSL_PROVIDER_CHILD_CB;
 DEFINE_STACK_OF(OSSL_PROVIDER_CHILD_CB)
@@ -1363,13 +1364,40 @@ int ossl_provider_convert_to_child(OSSL_PROVIDER *prov,
     return 1;
 }
 
+int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, const char *props)
+{
+#ifndef FIPS_MODULE
+    struct provider_store_st *store = NULL;
+    int i, max;
+    OSSL_PROVIDER_CHILD_CB *child_cb;
+
+    if ((store = get_provider_store(libctx)) == NULL)
+        return 0;
+
+    if (!CRYPTO_THREAD_read_lock(store->lock))
+        return 0;
+
+    max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
+    for (i = 0; i < max; i++) {
+        child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
+        child_cb->global_props_cb(props, child_cb->cbdata);
+    }
+
+    CRYPTO_THREAD_unlock(store->lock);
+#endif
+    return 1;
+}
+
 static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle,
                                            int (*create_cb)(
                                                const OSSL_CORE_HANDLE *provider,
                                                void *cbdata),
-                                           void (*remove_cb)(
+                                           int (*remove_cb)(
                                                const OSSL_CORE_HANDLE *provider,
                                                void *cbdata),
+                                           int (*global_props_cb)(
+                                               const char *props,
+                                               void *cbdata),
                                            void *cbdata)
 {
     /*
@@ -1382,6 +1410,7 @@ static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle,
     struct provider_store_st *store = NULL;
     int ret = 0, i, max;
     OSSL_PROVIDER_CHILD_CB *child_cb;
+    char *propsstr = NULL;
 
     if ((store = get_provider_store(libctx)) == NULL)
         return 0;
@@ -1392,12 +1421,19 @@ static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle,
     child_cb->prov = thisprov;
     child_cb->create_cb = create_cb;
     child_cb->remove_cb = remove_cb;
+    child_cb->global_props_cb = global_props_cb;
     child_cb->cbdata = cbdata;
 
     if (!CRYPTO_THREAD_write_lock(store->lock)) {
         OPENSSL_free(child_cb);
         return 0;
     }
+    propsstr = evp_get_global_properties_str(libctx, 0);
+
+    if (propsstr != NULL) {
+        global_props_cb(propsstr, cbdata);
+        OPENSSL_free(propsstr);
+    }
     max = sk_OSSL_PROVIDER_num(store->providers);
     for (i = 0; i < max; i++) {
         prov = sk_OSSL_PROVIDER_value(store->providers, i);
diff --git a/doc/internal/man3/ossl_global_properties_no_mirrored.pod b/doc/internal/man3/ossl_global_properties_no_mirrored.pod
new file mode 100644
index 0000000000..6c39ccbc0f
--- /dev/null
+++ b/doc/internal/man3/ossl_global_properties_no_mirrored.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+ossl_property_list_to_string, ossl_global_properties_no_mirrored
+- internal property routines
+
+=head1 SYNOPSIS
+
+ #include "internal/property.h"
+
+ size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx,
+                                     const OSSL_PROPERTY_LIST *list, char *buf,
+                                     size_t bufsize);
+
+ int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx);
+ void ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx);
+
+
+=head1 DESCRIPTION
+
+ossl_property_list_to_string() takes a given OSSL_PROPERTY_LIST in I<list> and
+converts it to a string. If I<buf> is non NULL then the string will be stored
+in I<buf>. The size of the buffer is provided in I<bufsize>. If I<bufsize> is
+too short then the string will be truncated. If I<buf> is NULL then the length
+of the string is still calculated and returned. If the property list has no
+properties in it then the empty string will be stored in I<buf>.
+
+ossl_global_properties_no_mirrored() checks whether mirroring of global
+properties from a parent library context is allowed for the current library
+context.
+
+ossl_global_properties_no_mirrored() prevents future mirroring of global
+properties from a parent library context for the current library context.
+
+=head1 RETURN VALUES
+
+ossl_property_list_to_string() returns the length of the string, or 0 on error.
+
+ossl_global_properties_no_mirrored() returns 1 if mirroring of global properties
+is not allowed, or 0 otherwise.
+
+=head1 HISTORY
+
+The functions described here were all added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod
index 7ab60eb3a5..ed2d6993b3 100644
--- a/doc/internal/man3/ossl_provider_new.pod
+++ b/doc/internal/man3/ossl_provider_new.pod
@@ -7,7 +7,7 @@ ossl_provider_free,
 ossl_provider_set_fallback, ossl_provider_set_module_path,
 ossl_provider_add_parameter, ossl_provider_set_child, ossl_provider_get_parent,
 ossl_provider_up_ref_parent, ossl_provider_free_parent,
-ossl_provider_get0_dispatch,
+ossl_provider_default_props_update, ossl_provider_get0_dispatch,
 ossl_provider_init_as_child,
 ossl_provider_activate, ossl_provider_deactivate, ossl_provider_available,
 ossl_provider_ctx,
@@ -46,6 +46,8 @@ ossl_provider_get_capabilities
  const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov);
  int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate);
  int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate);
+ int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx,
+                                        const char *props);
 
  /*
   * Activate the Provider
@@ -193,6 +195,10 @@ ossl_provider_free_parent() decreases the reference count on the parent
 provider. If I<deactivate> is nonzero then the parent provider is also
 deactivated.
 
+ossl_provider_default_props_update() is responsible for informing any child
+providers of an update to the default properties. The new properties are
+supplied in the I<props> string.
+
 ossl_provider_activate() "activates" the provider for the given
 provider object I<prov> by incrementing its activation count, flagging
 it as activated, and initializing it if it isn't already initialized.
@@ -339,7 +345,8 @@ called for any activated providers.
 
 ossl_provider_set_module_path(), ossl_provider_set_fallback(),
 ossl_provider_activate(), ossl_provider_activate_leave_fallbacks() and
-ossl_provider_deactivate() return 1 on success, or 0 on error.
+ossl_provider_deactivate(), ossl_provider_default_props_update() return 1 on
+success, or 0 on error.
 
 ossl_provider_available() return 1 if the provider is available,
 otherwise 0.
diff --git a/doc/man3/OSSL_LIB_CTX.pod b/doc/man3/OSSL_LIB_CTX.pod
index 57037e2ba6..d51816ead7 100644
--- a/doc/man3/OSSL_LIB_CTX.pod
+++ b/doc/man3/OSSL_LIB_CTX.pod
@@ -69,6 +69,12 @@ reference count. L<OSSL_PROVIDER_unload(3)> must not be called for a provider in
 the child library context that did not have an earlier L<OSSL_PROVIDER_load(3)>
 call for that provider in that child library context.
 
+In addition to providers, a child library context will also mirror the default
+properties (set via L<EVP_set_default_properties(3)>) from the parent library
+context. If L<EVP_set_default_properties(3)> is called directly on a child
+library context then the new properties will override anything from the parent
+library context and mirroring of the properties will stop.
+
 OSSL_LIB_CTX_new_child() must only be called from within the scope of a
 provider's B<OSSL_provider_init> function (see L<provider-base(7)>). Calling it
 outside of that function may succeed but may not correctly mirror all providers
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 19cd4e445b..10ad301fb4 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -89,6 +89,7 @@ provider-base
                                       void *cbdata),
                      int (*remove_cb)(const OSSL_CORE_HANDLE *provider,
                                       void *cbdata),
+                     int (*global_props_cb)(const char *props, void *cbdata),
                      void *cbdata);
  void provider_deregister_child_cb(const OSSL_CORE_HANDLE *handle);
  const char *provider_name(const OSSL_CORE_HANDLE *prov);
@@ -289,12 +290,16 @@ I<create_cb> is a callback that will be called when a new provider is loaded
 into the application's library context. It is also called for any providers that
 are already loaded at the point that this callback is registered. The callback
 is passed the handle being used for the new provider being loadded and this
-provider's data in I<cbdata>. It should return 1 on success  or 0 on failure.
+provider's data in I<cbdata>. It should return 1 on success or 0 on failure.
 
 I<remove_cb> is a callback that will be called when a new provider is unloaded
 from the application's library context. It is passed the handle being used for
 the provider being unloaded and this provider's data in I<cbdata>. It should
-return 1 on success  or 0 on failure.
+return 1 on success or 0 on failure.
+
+I<global_props_cb> is a callback that will be called when the global properties
+from the parent library context are changed. It should return 1 on success
+or 0 on failure.
 
 provider_deregister_child_cb() unregisters callbacks previously registered via
 provider_register_child_cb(). If provider_register_child_cb() has been called
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 96a109e38b..92a9f0fc29 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -886,7 +886,8 @@ int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx);
 
 int evp_method_store_flush(OSSL_LIB_CTX *libctx);
 int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
-                                   int loadconfig);
+                                   int loadconfig, int mirrored);
+char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig);
 
 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force);
 
diff --git a/include/internal/property.h b/include/internal/property.h
index 58ceddbb76..856cd740ad 100644
--- a/include/internal/property.h
+++ b/include/internal/property.h
@@ -64,4 +64,11 @@ __owur int ossl_method_store_flush_cache(OSSL_METHOD_STORE *store, int all);
 OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a,
                                         const OSSL_PROPERTY_LIST *b);
 
+size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx,
+                                    const OSSL_PROPERTY_LIST *list, char *buf,
+                                    size_t bufsize);
+
+int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx);
+void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx);
+
 #endif
diff --git a/include/internal/provider.h b/include/internal/provider.h
index 020cbc8a9e..df20c76f90 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -50,6 +50,7 @@ int ossl_provider_convert_to_child(OSSL_PROVIDER *prov,
 const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov);
 int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate);
 int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate);
+int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, const char *props);
 
 /* Disable fallback loading */
 int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx);
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index 5c453eaac0..458cbb1c9e 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -196,6 +196,7 @@ OSSL_CORE_MAKE_FUNC(int, provider_register_child_cb,
                     (const OSSL_CORE_HANDLE *handle,
                      int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata),
                      int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata),
+                     int (*global_props_cb)(const char *props, void *cbdata),
                      void *cbdata))
 OSSL_CORE_MAKE_FUNC(void, provider_deregister_child_cb,
                     (const OSSL_CORE_HANDLE *handle))
diff --git a/include/openssl/lhash.h.in b/include/openssl/lhash.h.in
index 571dce43ea..04f6c45736 100644
--- a/include/openssl/lhash.h.in
+++ b/include/openssl/lhash.h.in
@@ -226,6 +226,13 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
     { \
         OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
     } \
+    static ossl_unused ossl_inline void lh_##type##_doall_arg(LHASH_OF(type) *lh, \
+                                                              void (*doallarg)(type *, void *), \
+                                                              void *arg) \
+    { \
+        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \
+                             (OPENSSL_LH_DOALL_FUNCARG)doallarg, arg); \
+    } \
     LHASH_OF(type)
 
 #define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \
diff --git a/test/p_test.c b/test/p_test.c
index 22bf8648fe..80f0784dd9 100644
--- a/test/p_test.c
+++ b/test/p_test.c
@@ -183,6 +183,22 @@ static int p_get_params(void *provctx, OSSL_PARAM params[])
             } else {
                 ok = 0;
             }
+        } else if (strcmp(p->key, "stop-property-mirror") == 0) {
+            /*
+             * Setting the default properties explicitly should stop mirroring
+             * of properties from the parent libctx.
+             */
+            unsigned int stopsuccess = 0;
+
+#ifdef PROVIDER_INIT_FUNCTION_NAME
+            stopsuccess = EVP_set_default_properties(ctx->libctx, NULL);
+#endif
+            if (p->data_size >= sizeof(stopsuccess)) {
+                *(unsigned int *)p->data = stopsuccess;
+                p->return_size = sizeof(stopsuccess);
+            } else {
+                ok = 0;
+            }
         }
     }
     return ok;
@@ -266,6 +282,18 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         p_teardown(ctx);
         return 0;
     }
+    /*
+     * The default provider is loaded - but the default properties should not
+     * allow its use.
+     */
+    {
+        EVP_MD *sha256 = EVP_MD_fetch(ctx->libctx, "SHA2-256", NULL);
+        if (sha256 != NULL) {
+            EVP_MD_free(sha256);
+            p_teardown(ctx);
+            return 0;
+        }
+    }
 #endif
 
     /*
diff --git a/test/property_test.c b/test/property_test.c
index 3682474bd2..94540bc776 100644
--- a/test/property_test.c
+++ b/test/property_test.c
@@ -435,6 +435,61 @@ err:
     return ret;
 }
 
+static int test_property_list_to_string(void)
+{
+    OSSL_PROPERTY_LIST *pl = NULL;
+    int ret = 0;
+    struct props_list_str {
+        const char *in;
+        const char *out;
+    } props[] = {
+        { "fips=yes", "fips=yes" },
+        { "fips!=yes", "fips!=yes" },
+        { "fips = yes", "fips=yes" },
+        { "fips", "fips=yes" },
+        { "fips=no", "fips=no" },
+        { "-fips", "-fips" },
+        { "?fips=yes", "?fips=yes" },
+        { "fips=yes,provider=fips", "fips=yes,provider=fips" },
+        { "fips = yes , provider = fips", "fips=yes,provider=fips" },
+        { "fips=yes,provider!=fips", "fips=yes,provider!=fips" },
+        { "fips=yes,?provider=fips", "fips=yes,?provider=fips" },
+        { "fips=yes,-provider", "fips=yes,-provider" },
+          /* foo is an unknown internal name */
+        { "foo=yes,fips=yes", "fips=yes"},
+        { "", "" },
+        { NULL, "" }
+    };
+    size_t i, bufsize;
+    char *buf = NULL;
+
+    for (i = 0; i < OSSL_NELEM(props); i++) {
+        if (props[i].in != NULL
+                && !TEST_ptr(pl = ossl_parse_query(NULL, props[i].in, 1)))
+            goto err;
+        bufsize = ossl_property_list_to_string(NULL, pl, NULL, 0);
+        if (!TEST_size_t_gt(bufsize, 0))
+            goto err;
+        buf = OPENSSL_malloc(bufsize);
+        if (!TEST_ptr(buf)
+                || !TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf,
+                                                                bufsize),
+                                   bufsize)
+                || !TEST_str_eq(props[i].out, buf)
+                || !TEST_size_t_eq(bufsize, strlen(props[i].out) + 1))
+            goto err;
+        OPENSSL_free(buf);
+        buf = NULL;
+        ossl_property_free(pl);
+        pl = NULL;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(buf);
+    ossl_property_free(pl);
+    return ret;
+}
 
 int setup_tests(void)
 {
@@ -448,5 +503,6 @@ int setup_tests(void)
     ADD_TEST(test_property);
     ADD_TEST(test_query_cache_stochastic);
     ADD_TEST(test_fips_mode);
+    ADD_TEST(test_property_list_to_string);
     return 1;
 }
diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c
index 2341dd3dac..6c295451c1 100644
--- a/test/provider_internal_test.c
+++ b/test/provider_internal_test.c
@@ -53,11 +53,23 @@ static int test_builtin_provider(void)
 {
     const char *name = "p_test_builtin";
     OSSL_PROVIDER *prov = NULL;
+    int ret;
 
-    return
+    /*
+     * We set properties that we know the providers we are using don't have.
+     * This should mean that the p_test provider will fail any fetches - which
+     * is something we test inside the provider.
+     */
+    EVP_set_default_properties(NULL, "fips=yes");
+
+    ret =
         TEST_ptr(prov =
                  ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME, 0))
         && test_provider(prov, expected_greeting1(name));
+
+    EVP_set_default_properties(NULL, "");
+
+    return ret;
 }
 
 #ifndef NO_PROVIDER_MODULE
diff --git a/test/provider_test.c b/test/provider_test.c
index 4d8dbaee6f..807b8fcf22 100644
--- a/test/provider_test.c
+++ b/test/provider_test.c
@@ -26,6 +26,13 @@ static OSSL_PARAM digest_check[] = {
     { NULL, 0, NULL, 0, 0 }
 };
 
+static unsigned int stopsuccess = 0;
+static OSSL_PARAM stop_property_mirror[] = {
+    { "stop-property-mirror", OSSL_PARAM_UNSIGNED_INTEGER, &stopsuccess,
+      sizeof(stopsuccess) },
+    { NULL, 0, NULL, 0, 0 }
+};
+
 static int test_provider(OSSL_LIB_CTX **libctx, const char *name,
                          OSSL_PROVIDER *legacy)
 {
@@ -41,18 +48,44 @@ static int test_provider(OSSL_LIB_CTX **libctx, const char *name,
                  "Hello OpenSSL %.20s, greetings from %s!",
                  OPENSSL_VERSION_STR, name);
 
+
     /*
-        * Check that it is possible to have a built-in provider mirrored in
-        * a child lib ctx.
-        */
+     * We set properties that we know the providers we are using don't have.
+     * This should mean that the p_test provider will fail any fetches - which
+     * is something we test inside the provider.
+     */
+    EVP_set_default_properties(*libctx, "fips=yes");
+    /*
+     * Check that it is possible to have a built-in provider mirrored in
+     * a child lib ctx.
+     */
     if (!TEST_ptr(base = OSSL_PROVIDER_load(*libctx, "base")))
         goto err;
     if (!TEST_ptr(prov = OSSL_PROVIDER_load(*libctx, name)))
         goto err;
+
+    /*
+     * Once the provider is loaded we clear the default properties and fetches
+     * should start working again.
+     */
+    EVP_set_default_properties(*libctx, "");
     if (dolegacycheck) {
         if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
                 || !TEST_true(digestsuccess))
             goto err;
+
+        /*
+         * Check that a provider can prevent property mirroring if it sets its
+         * own properties explicitly
+         */
+        if (!TEST_true(OSSL_PROVIDER_get_params(prov, stop_property_mirror))
+                || !TEST_true(stopsuccess))
+            goto err;
+        EVP_set_default_properties(*libctx, "fips=yes");
+        if (!TEST_true(OSSL_PROVIDER_get_params(prov, digest_check))
+                || !TEST_true(digestsuccess))
+            goto err;
+        EVP_set_default_properties(*libctx, "");
     }
     if (!TEST_true(OSSL_PROVIDER_get_params(prov, greeting_request))
             || !TEST_ptr(greeting = greeting_request[0].data)

From matt at openssl.org  Thu May 20 08:56:27 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 08:56:27 +0000
Subject: [openssl]  master update
Message-ID: <1621500987.871038.29178.nullmailer@dev.openssl.org>

The branch master has been updated
       via  4edb29b77e0298e2e524a403214ce3455db6a69b (commit)
      from  b195677073aa85cc72bd4b3289e7ecf47ae0e066 (commit)


- Log -----------------------------------------------------------------
commit 4edb29b77e0298e2e524a403214ce3455db6a69b
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed May 19 06:07:30 2021 +0200

    Complete 'no-sock' guards in apps/ocsp.c
    
    Modern compilers complain about variable being set but otherwise not used.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15339)

-----------------------------------------------------------------------

Summary of changes:
 apps/ocsp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 9b26af8655..c7cee0faf0 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -87,7 +87,9 @@ static int index_changed(CA_DB *);
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT,
+#ifndef OPENSSL_NO_SOCK
     OPT_PROXY, OPT_NO_PROXY,
+#endif
     OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE,
     OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS,
     OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN,
@@ -160,12 +162,14 @@ const OPTIONS ocsp_options[] = {
     {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
     {"port", OPT_PORT, 'p', "Port to run responder on"},
     {"path", OPT_PATH, 's', "Path to use in OCSP request"},
+#ifndef OPENSSL_NO_SOCK
     {"proxy", OPT_PROXY, 's',
      "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"},
     {"no_proxy", OPT_NO_PROXY, 's',
      "List of addresses of servers not to use HTTP(S) proxy for"},
     {OPT_MORE_STR, 0, 0,
      "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
+#endif
     {"out", OPT_OUTFILE, '>', "Output filename"},
     {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
     {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
@@ -232,8 +236,10 @@ int ocsp_main(int argc, char **argv)
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
     char *header, *value, *respdigname = NULL;
     char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
+#ifndef OPENSSL_NO_SOCK
     char *opt_proxy = NULL;
     char *opt_no_proxy = NULL;
+#endif
     char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
     char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
     char *rsignfile = NULL, *rkeyfile = NULL;
@@ -299,12 +305,14 @@ int ocsp_main(int argc, char **argv)
         case OPT_PATH:
             path = opt_arg();
             break;
+#ifndef OPENSSL_NO_SOCK
         case OPT_PROXY:
             opt_proxy = opt_arg();
             break;
         case OPT_NO_PROXY:
             opt_no_proxy = opt_arg();
             break;
+#endif
         case OPT_IGNORE_ERR:
             ignore_err = 1;
             break;

From matt at openssl.org  Thu May 20 09:01:04 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 09:01:04 +0000
Subject: [openssl]  master update
Message-ID: <1621501264.281470.30855.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e0113b79f2f6fd9dcdfb6bbd1bc77cb41a44b5de (commit)
      from  4edb29b77e0298e2e524a403214ce3455db6a69b (commit)


- Log -----------------------------------------------------------------
commit e0113b79f2f6fd9dcdfb6bbd1bc77cb41a44b5de
Author: Pauli <pauli at openssl.org>
Date:   Tue May 18 18:45:31 2021 +1000

    app: add a -store_loaders option to list.
    
    Fixes #15307
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15323)

-----------------------------------------------------------------------

Summary of changes:
 apps/list.c                  | 65 +++++++++++++++++++++++++++++++++++++++++++-
 doc/man1/openssl-list.pod.in |  5 ++++
 2 files changed, 69 insertions(+), 1 deletion(-)

diff --git a/apps/list.c b/apps/list.c
index b0a1b6a0c5..6ffc36b9e2 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -18,6 +18,7 @@
 #include <openssl/kdf.h>
 #include <openssl/encoder.h>
 #include <openssl/decoder.h>
+#include <openssl/store.h>
 #include <openssl/core_names.h>
 #include <openssl/rand.h>
 #include "apps.h"
@@ -1186,6 +1187,60 @@ static void list_pkey_meth(void)
     list_kems();
 }
 
+DEFINE_STACK_OF(OSSL_STORE_LOADER)
+static int store_cmp(const OSSL_STORE_LOADER * const *a,
+                     const OSSL_STORE_LOADER * const *b)
+{
+    int ret = OSSL_STORE_LOADER_number(*a) - OSSL_STORE_LOADER_number(*b);
+
+    if (ret == 0)
+        ret = strcmp(OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(*a)),
+                     OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(*b)));
+
+    return ret;
+}
+
+static void collect_store_loaders(OSSL_STORE_LOADER *store, void *stack)
+{
+    STACK_OF(OSSL_STORE_LOADER) *store_stack = stack;
+
+    if (sk_OSSL_STORE_LOADER_push(store_stack, store) > 0)
+        OSSL_STORE_LOADER_up_ref(store);
+}
+
+static void list_store_loaders(void)
+{
+    STACK_OF(OSSL_STORE_LOADER) *stores = sk_OSSL_STORE_LOADER_new(store_cmp);
+    int i;
+
+    if (stores == NULL) {
+        BIO_printf(bio_err, "ERROR: Memory allocation\n");
+        return;
+    }
+    BIO_printf(bio_out, "Provided STORE LOADERs:\n");
+    OSSL_STORE_LOADER_do_all_provided(NULL, collect_store_loaders, stores);
+    sk_OSSL_STORE_LOADER_sort(stores);
+    for (i = 0; i < sk_OSSL_STORE_LOADER_num(stores); i++) {
+        const OSSL_STORE_LOADER *m = sk_OSSL_STORE_LOADER_value(stores, i);
+        STACK_OF(OPENSSL_CSTRING) *names = NULL;
+
+        if (select_name != NULL && !OSSL_STORE_LOADER_is_a(m, select_name))
+            continue;
+
+        names = sk_OPENSSL_CSTRING_new(name_cmp);
+        if (names != NULL && OSSL_STORE_LOADER_names_do_all(m, collect_names,
+                                                            names)) {
+            BIO_printf(bio_out, "  ");
+            print_names(bio_out, names);
+
+            BIO_printf(bio_out, " @ %s\n",
+                       OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(m)));
+        }
+        sk_OPENSSL_CSTRING_free(names);
+    }
+    sk_OSSL_STORE_LOADER_pop_free(stores, OSSL_STORE_LOADER_free);
+}
+
 DEFINE_STACK_OF(OSSL_PROVIDER)
 static int provider_cmp(const OSSL_PROVIDER * const *a,
                         const OSSL_PROVIDER * const *b)
@@ -1423,7 +1478,7 @@ typedef enum HELPLIST_CHOICE {
     OPT_KDF_ALGORITHMS, OPT_RANDOM_INSTANCES, OPT_RANDOM_GENERATORS,
     OPT_ENCODERS, OPT_DECODERS, OPT_KEYMANAGERS, OPT_KEYEXCHANGE_ALGORITHMS,
     OPT_KEM_ALGORITHMS, OPT_SIGNATURE_ALGORITHMS, OPT_ASYM_CIPHER_ALGORITHMS,
-    OPT_PROVIDER_INFO,
+    OPT_STORE_LOADERS, OPT_PROVIDER_INFO,
     OPT_OBJECTS, OPT_SELECT_NAME,
 #ifndef OPENSSL_NO_DEPRECATED_3_0
     OPT_ENGINES, 
@@ -1477,6 +1532,8 @@ const OPTIONS list_options[] = {
      "List of public key algorithms"},
     {"public-key-methods", OPT_PK_METHOD, '-',
      "List of public key methods"},
+    {"store-loaders", OPT_STORE_LOADERS, '-',
+     "List of store loaders"},
     {"providers", OPT_PROVIDER_INFO, '-',
      "List of provider information"},
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -1517,6 +1574,7 @@ int list_main(int argc, char **argv)
         unsigned int asym_cipher_algorithms:1;
         unsigned int pk_algorithms:1;
         unsigned int pk_method:1;
+        unsigned int store_loaders:1;
         unsigned int provider_info:1;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
         unsigned int engines:1;
@@ -1596,6 +1654,9 @@ opthelp:
         case OPT_PK_METHOD:
             todo.pk_method = 1;
             break;
+        case OPT_STORE_LOADERS:
+            todo.store_loaders = 1;
+            break;
         case OPT_PROVIDER_INFO:
             todo.provider_info = 1;
             break;
@@ -1667,6 +1728,8 @@ opthelp:
         list_pkey();
     if (todo.pk_method)
         list_pkey_meth();
+    if (todo.store_loaders)
+        list_store_loaders();
     if (todo.provider_info)
         list_provider_info();
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 7ece8c3031..03ffb32806 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -35,6 +35,7 @@ B<openssl list>
 [B<-asymcipher-algorithms>]
 [B<-public-key-algorithms>]
 [B<-public-key-methods>]
+[B<-store-loaders>]
 [B<-providers>]
 {- output_off() if $disabled{"deprecated-3.0"}; ""
 -}[B<-engines>]
@@ -162,6 +163,10 @@ Display a list of signature algorithms.
 
 Display a list of asymmetric cipher algorithms.
 
+=item B<-store-loaders>
+
+Display a list of store loaders.
+
 =item B<-providers>
 
 Display a list of all loaded providers with their names, version and status.

From matt at openssl.org  Thu May 20 09:29:01 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 09:29:01 +0000
Subject: [openssl]  master update
Message-ID: <1621502941.011195.27292.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9e7a6411708702dd4ad4657636ab346382234437 (commit)
      from  e0113b79f2f6fd9dcdfb6bbd1bc77cb41a44b5de (commit)


- Log -----------------------------------------------------------------
commit 9e7a6411708702dd4ad4657636ab346382234437
Author: Matt Caswell <matt at openssl.org>
Date:   Mon May 17 17:40:56 2021 +0100

    Create symlinks when installing man pages
    
    In 1.1.1 when installing the man pages we created symlinks to the base
    page for all functions described on the page. We need to continue doing
    this.
    
    Fixes #14846
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15312)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl | 10 +++++++-
 util/write-man-symlinks           | 48 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100755 util/write-man-symlinks

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 92e181befb..59e404b5c7 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -940,6 +940,7 @@ install_man_docs: build_man_docs
 		$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
 		cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
 		chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \
 	done
 	@set -e; for x in dummy $(MANDOCS3); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
@@ -947,6 +948,7 @@ install_man_docs: build_man_docs
 		$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
 		cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
 		chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \
 	done
 	@set -e; for x in dummy $(MANDOCS5); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
@@ -954,6 +956,7 @@ install_man_docs: build_man_docs
 		$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
 		cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
 		chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \
 	done
 	@set -e; for x in dummy $(MANDOCS7); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
@@ -961,33 +964,38 @@ install_man_docs: build_man_docs
 		$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
 		cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
 		chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \
 	done
 
-uninstall_man_docs:
+uninstall_man_docs: build_man_docs
 	@$(ECHO) "*** Uninstalling manpages"
 	@set -e; for x in dummy $(MANDOCS1); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
 		fn=`basename $$x`; \
 		$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
 		$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \
 	done
 	@set -e; for x in dummy $(MANDOCS3); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
 		fn=`basename $$x`; \
 		$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
 		$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \
 	done
 	@set -e; for x in dummy $(MANDOCS5); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
 		fn=`basename $$x`; \
 		$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
 		$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \
 	done
 	@set -e; for x in dummy $(MANDOCS7); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
 		fn=`basename $$x`; \
 		$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
 		$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
+		$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \
 	done
 
 install_html_docs: build_html_docs
diff --git a/util/write-man-symlinks b/util/write-man-symlinks
new file mode 100755
index 0000000000..97b72a3840
--- /dev/null
+++ b/util/write-man-symlinks
@@ -0,0 +1,48 @@
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+require 5.10.0;
+use warnings;
+use strict;
+
+use FindBin;
+use lib "$FindBin::Bin/perl";
+
+use OpenSSL::Util::Pod;
+
+if ($#ARGV + 1 != 5 || $ARGV[0] !~ /^(un)?install$/) {
+    print "Usage: write-man-symlinks [install|uninstall] src-dir build-dir man-page-name target-dir\n";
+    exit;
+}
+
+my $action = $ARGV[0];
+my $srcdir = $ARGV[1];
+my $builddir = $ARGV[2];
+my $manname = $ARGV[3];
+my $targetdir = $ARGV[4];
+
+$manname =~ m|(.+)\.(.+)|;
+my $mainf = $1;
+my $section = $2;
+die "Bad src file" if !defined $mainf;
+my $podfile = "$srcdir/$mainf.pod";
+#Some pod files are generated and are in the build dir
+unless (-e $podfile) {
+    $podfile = "$builddir/$mainf.pod";
+}
+my %podinfo = extract_pod_info($podfile);
+
+for my $name (@{$podinfo{names}}) {
+    next if $name eq $mainf;
+    if ($action eq "install") {
+        symlink "$targetdir/$manname", "$targetdir/$name.$section";
+    } else {
+        unlink "$targetdir/$name.$section";
+    }
+}

From matt at openssl.org  Thu May 20 10:58:54 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 10:58:54 +0000
Subject: [openssl]  master update
Message-ID: <1621508334.318752.8543.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d5e08231dbef819b1d5381f851e72410df140f94 (commit)
      from  9e7a6411708702dd4ad4657636ab346382234437 (commit)


- Log -----------------------------------------------------------------
commit d5e08231dbef819b1d5381f851e72410df140f94
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 10:47:47 2021 +0100

    Refer to the migration guide rather than the wiki in our announcements
    
    We now have a migration guide which should be the definitive source of
    information for upgrading from a previous version of OpenSSL.
    
    Fixes #15186
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15373)

-----------------------------------------------------------------------

Summary of changes:
 dev/release-aux/openssl-announce-pre-release.tmpl | 6 +++---
 dev/release-aux/openssl-announce-release.tmpl     | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/dev/release-aux/openssl-announce-pre-release.tmpl b/dev/release-aux/openssl-announce-pre-release.tmpl
index 6557d25e0d..470a42bdd3 100644
--- a/dev/release-aux/openssl-announce-pre-release.tmpl
+++ b/dev/release-aux/openssl-announce-pre-release.tmpl
@@ -12,10 +12,10 @@
    Note: This OpenSSL pre-release has been provided for testing ONLY.
    It should NOT be used for security critical purposes.
 
-   Specific notes on upgrading to OpenSSL $series from previous versions, as well
-   as known issues are available on the OpenSSL Wiki, here:
+   Specific notes on upgrading to OpenSSL $series from previous versions are
+   available in the OpenSSL Migration Guide, here:
 
-        https://wiki.openssl.org/index.php/OpenSSL_$series
+        https://www.openssl.org/docs/manmaster/man7/migration_guide.html
 
    The $label release is available for download via HTTPS and FTP from the
    following master locations (you can find the various FTP mirrors under
diff --git a/dev/release-aux/openssl-announce-release.tmpl b/dev/release-aux/openssl-announce-release.tmpl
index 5e08f2e5c9..fcd8087bf3 100644
--- a/dev/release-aux/openssl-announce-release.tmpl
+++ b/dev/release-aux/openssl-announce-release.tmpl
@@ -11,10 +11,10 @@
 
         https://www.openssl.org/news/openssl-$series-notes.html
 
-   Specific notes on upgrading to OpenSSL $series from previous versions, as well
-   as known issues are available on the OpenSSL Wiki, here:
+   Specific notes on upgrading to OpenSSL $series from previous versions are
+   available in the OpenSSL Migration Guide, here:
 
-        https://wiki.openssl.org/index.php/OpenSSL_$series
+        https://www.openssl.org/docs/man$series/man7/migration_guide.html
 
    OpenSSL $release is available for download via HTTPS and FTP from the
    following master locations (you can find the various FTP mirrors under

From matt at openssl.org  Thu May 20 12:08:59 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 12:08:59 +0000
Subject: [openssl]  master update
Message-ID: <1621512539.995308.22984.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f33c04b8de06aa3df22f776e3c26ad0277ed815f (commit)
       via  bed7437b00734ee463de3c6fd6851458fa8c6cb0 (commit)
       via  0e5a4da4a86c6435c70d587d740c3096686a8500 (commit)
      from  d5e08231dbef819b1d5381f851e72410df140f94 (commit)


- Log -----------------------------------------------------------------
commit f33c04b8de06aa3df22f776e3c26ad0277ed815f
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat May 15 07:45:31 2021 +0200

    EVP: Modify EVP_PKEY_export() to handle legacy EVP_PKEYs
    
    We use a fake EVP_KEYMGMT import function with the newly modified
    EVP_PKEY_ASN1_METHOD export_to function to pass the exported
    OSSL_PARAM array directly to the EVP_PKEY_export() callback instead of
    exporting to an actual provided key and then getting the OSSL_PARAM
    array from there, just to throw away that key again.
    
    Fixes #15290
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15293)

commit bed7437b00734ee463de3c6fd6851458fa8c6cb0
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat May 15 07:43:06 2021 +0200

    Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer
    
    We previously took an EVP_KEYMGMT pointer, but now found it necessary
    to use a different import function in some cases.  Since that's the
    only thing we use from EVP_KEYMGMT, we might as well pass the import
    function directly, allowing for some flexibility in how export_to is
    used.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15293)

commit 0e5a4da4a86c6435c70d587d740c3096686a8500
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat May 15 08:14:49 2021 +0200

    test/evp_extra_test2.c: Try EVP_PKEY_export() with a legacy RSA key
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15293)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dh/dh_ameth.c   |  6 +++---
 crypto/dsa/dsa_ameth.c |  6 +++---
 crypto/ec/ec_ameth.c   |  6 +++---
 crypto/ec/ecx_meth.c   |  6 +++---
 crypto/evp/p_lib.c     |  3 ++-
 crypto/evp/pmeth_gn.c  | 35 +++++++++++++++++++++++++++++++++++
 crypto/rsa/rsa_ameth.c | 17 +++++++++--------
 include/crypto/asn1.h  |  5 +++--
 test/evp_extra_test2.c | 40 +++++++++++++++++++++++++++++++++-------
 9 files changed, 94 insertions(+), 30 deletions(-)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index d96b54285b..3d23321b59 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -440,8 +440,8 @@ static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey)
 }
 
 static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                             EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
-                             const char *propq)
+                             OSSL_FUNC_keymgmt_import_fn *importer,
+                             OSSL_LIB_CTX *libctx, const char *propq)
 {
     DH *dh = from->pkey.dh;
     OSSL_PARAM_BLD *tmpl;
@@ -495,7 +495,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
         goto err;
 
     /* We export, the provider imports */
-    rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
+    rv = importer(to_keydata, selection, params);
 
     OSSL_PARAM_free(params);
 err:
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 2e1ad081dc..ea9f839955 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -424,8 +424,8 @@ static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
 }
 
 static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                              EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
-                              const char *propq)
+                              OSSL_FUNC_keymgmt_import_fn *importer,
+                              OSSL_LIB_CTX *libctx, const char *propq)
 {
     DSA *dsa = from->pkey.dsa;
     OSSL_PARAM_BLD *tmpl;
@@ -472,7 +472,7 @@ static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
         goto err;
 
     /* We export, the provider imports */
-    rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
+    rv = importer(to_keydata, selection, params);
 
     OSSL_PARAM_free(params);
  err:
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index e49252449d..32fe692d8a 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -478,8 +478,8 @@ size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey)
 
 static
 int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                      EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
-                      const char *propq)
+                      OSSL_FUNC_keymgmt_import_fn *importer,
+                      OSSL_LIB_CTX *libctx, const char *propq)
 {
     const EC_KEY *eckey = NULL;
     const EC_GROUP *ecg = NULL;
@@ -607,7 +607,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     params = OSSL_PARAM_BLD_to_param(tmpl);
 
     /* We export, the provider imports */
-    rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
+    rv = importer(to_keydata, selection, params);
 
  err:
     OSSL_PARAM_BLD_free(tmpl);
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 61f062a2f8..c47bd9f9dd 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -346,8 +346,8 @@ static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey)
 }
 
 static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                              EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
-                              const char *propq)
+                              OSSL_FUNC_keymgmt_import_fn *importer,
+                              OSSL_LIB_CTX *libctx, const char *propq)
 {
     const ECX_KEY *key = from->pkey.ecx;
     OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
@@ -375,7 +375,7 @@ static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     params = OSSL_PARAM_BLD_to_param(tmpl);
 
     /* We export, the provider imports */
-    rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
+    rv = importer(to_keydata, selection, params);
 
  err:
     OSSL_PARAM_BLD_free(tmpl);
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 00a310d4e4..9b31c58288 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1878,7 +1878,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
         if ((keydata = evp_keymgmt_newdata(tmp_keymgmt)) == NULL)
             goto end;
 
-        if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt, libctx, propquery)) {
+        if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt->import,
+                                  libctx, propquery)) {
             evp_keymgmt_freedata(tmp_keymgmt, keydata);
             keydata = NULL;
             goto end;
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 94499b1d45..9af18d90fc 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -413,8 +413,43 @@ int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params)
     return EVP_PKEY_export(pkey, selection, ossl_pkey_todata_cb, params);
 }
 
+#ifndef FIPS_MODULE
+struct fake_import_data_st {
+    OSSL_CALLBACK *export_cb;
+    void *export_cbarg;
+};
+
+static OSSL_FUNC_keymgmt_import_fn pkey_fake_import;
+static int pkey_fake_import(void *fake_keydata, int ignored_selection,
+                            const OSSL_PARAM params[])
+{
+    struct fake_import_data_st *data = fake_keydata;
+
+    return data->export_cb(params, data->export_cbarg);
+}
+#endif
+
 int EVP_PKEY_export(const EVP_PKEY *pkey, int selection,
                     OSSL_CALLBACK *export_cb, void *export_cbarg)
 {
+    if (pkey == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+#ifndef FIPS_MODULE
+    if (evp_pkey_is_legacy(pkey)) {
+        struct fake_import_data_st data;
+
+        data.export_cb = export_cb;
+        data.export_cbarg = export_cbarg;
+
+        /*
+         * We don't need to care about libctx or propq here, as we're only
+         * interested in the resulting OSSL_PARAM array.
+         */
+        return pkey->ameth->export_to(pkey, &data, pkey_fake_import,
+                                      NULL, NULL);
+    }
+#endif
     return evp_keymgmt_util_export(pkey, selection, export_cb, export_cbarg);
 }
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 2f9d60a7b3..f2283d81bd 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -725,7 +725,8 @@ static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
  * checks in this method since the caller tests EVP_KEYMGMT_is_a() first.
  */
 static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
-                             void *to_keydata, EVP_KEYMGMT *to_keymgmt,
+                             void *to_keydata,
+                             OSSL_FUNC_keymgmt_import_fn *importer,
                              OSSL_LIB_CTX *libctx, const char *propq)
 {
     RSA *rsa = from->pkey.rsa;
@@ -778,7 +779,7 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
         goto err;
 
     /* We export, the provider imports */
-    rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
+    rv = importer(to_keydata, selection, params);
 
  err:
     OSSL_PARAM_free(params);
@@ -859,19 +860,19 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
 }
 
 static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                              EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
-                              const char *propq)
+                              OSSL_FUNC_keymgmt_import_fn *importer,
+                              OSSL_LIB_CTX *libctx, const char *propq)
 {
     return rsa_int_export_to(from, RSA_FLAG_TYPE_RSA, to_keydata,
-                             to_keymgmt, libctx, propq);
+                             importer, libctx, propq);
 }
 
 static int rsa_pss_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                                  EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
-                                  const char *propq)
+                                  OSSL_FUNC_keymgmt_import_fn *importer,
+                                  OSSL_LIB_CTX *libctx, const char *propq)
 {
     return rsa_int_export_to(from, RSA_FLAG_TYPE_RSASSAPSS, to_keydata,
-                             to_keymgmt, libctx, propq);
+                             importer, libctx, propq);
 }
 
 static int rsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 17d5f637ef..5a187e41a7 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -12,6 +12,7 @@
 # pragma once
 
 # include <openssl/asn1.h>
+# include <openssl/core_dispatch.h> /* OSSL_FUNC_keymgmt_import() */
 
 /* Internal ASN1 structures and functions: not for application use */
 
@@ -80,8 +81,8 @@ struct evp_pkey_asn1_method_st {
     /* Exports and imports to / from providers */
     size_t (*dirty_cnt) (const EVP_PKEY *pk);
     int (*export_to) (const EVP_PKEY *pk, void *to_keydata,
-                      EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
-                      const char *propq);
+                      OSSL_FUNC_keymgmt_import_fn *importer,
+                      OSSL_LIB_CTX *libctx, const char *propq);
     OSSL_CALLBACK *import_from;
     int (*copy) (EVP_PKEY *to, EVP_PKEY *from);
 
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 3ad28d867a..3f7edac278 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -7,6 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* We need to use some deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 /*
  * Really these tests should be in evp_extra_test - but that doesn't
  * yet support testing with a non-default libctx. Once it does we should move
@@ -17,6 +20,9 @@
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/provider.h>
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# include <openssl/rsa.h>
+#endif
 #include <openssl/core_names.h>
 #include "testutil.h"
 #include "internal/nelem.h"
@@ -744,16 +750,36 @@ static int test_pkey_export_null(void)
 static int test_pkey_export(void)
 {
     EVP_PKEY *pkey = NULL;
-    int ret = 0;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    RSA *rsa = NULL;
+#endif
+    int ret = 1;
     const unsigned char *pdata = keydata[0].kder;
+    int pdata_len = keydata[0].size;
 
-    ret = TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, keydata[0].size,
-                                                mainctx, NULL))
-          && TEST_int_eq(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR,
-                                         test_pkey_export_cb, pkey), 1)
-          && TEST_int_eq(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR,
-                                         test_pkey_export_cb, NULL), 0);
+    if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &pdata, pdata_len,
+                                               mainctx, NULL))
+        || !TEST_true(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR,
+                                       test_pkey_export_cb, pkey))
+        || !TEST_false(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR,
+                                       test_pkey_export_cb, NULL)))
+        ret = 0;
     EVP_PKEY_free(pkey);
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    /* Now, try with a legacy key */
+    pdata = keydata[0].kder;
+    pdata_len = keydata[0].size;
+    if (!TEST_ptr(rsa = d2i_RSAPrivateKey(NULL, &pdata, pdata_len))
+        || !TEST_ptr(pkey = EVP_PKEY_new())
+        || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa))
+        || !TEST_true(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR,
+                                      test_pkey_export_cb, pkey))
+        || !TEST_false(EVP_PKEY_export(pkey, EVP_PKEY_KEYPAIR,
+                                       test_pkey_export_cb, NULL)))
+        ret = 0;
+    EVP_PKEY_free(pkey);
+#endif
     return ret;
 }
 

From matt at openssl.org  Thu May 20 13:25:20 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 13:25:20 +0000
Subject: [openssl]  master update
Message-ID: <1621517120.336057.11716.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0789c7d834c1c387d10e015279762d7e7b2b3cc0 (commit)
      from  f33c04b8de06aa3df22f776e3c26ad0277ed815f (commit)


- Log -----------------------------------------------------------------
commit 0789c7d834c1c387d10e015279762d7e7b2b3cc0
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 14:22:33 2021 +0100

    Update copyright year
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15381)

-----------------------------------------------------------------------

Summary of changes:
 apps/include/http_server.h                   | 2 +-
 apps/lib/http_server.c                       | 2 +-
 apps/lib/s_socket.c                          | 2 +-
 crypto/arm_arch.h                            | 2 +-
 crypto/asn1/a_i2d_fp.c                       | 2 +-
 crypto/asn1/asn1_gen.c                       | 2 +-
 crypto/asn1/asn_mime.c                       | 2 +-
 crypto/bio/b_sock.c                          | 2 +-
 crypto/bn/asm/armv8-mont.pl                  | 2 +-
 crypto/cmp/cmp_http.c                        | 2 +-
 crypto/evp/p_seal.c                          | 2 +-
 crypto/ffc/ffc_backend.c                     | 2 +-
 crypto/hmac/hmac.c                           | 2 +-
 crypto/property/property_string.c            | 2 +-
 crypto/self_test_core.c                      | 2 +-
 crypto/sha/sha1_one.c                        | 2 +-
 crypto/sha/sha256.c                          | 2 +-
 crypto/sha/sha512.c                          | 2 +-
 crypto/x509/by_file.c                        | 2 +-
 doc/internal/man3/OPENSSL_SA.pod             | 2 +-
 doc/internal/man3/ossl_lib_ctx_get_data.pod  | 2 +-
 doc/man1/openssl-gendsa.pod.in               | 2 +-
 doc/man1/openssl-genrsa.pod.in               | 2 +-
 doc/man1/openssl-kdf.pod.in                  | 2 +-
 doc/man1/openssl-list.pod.in                 | 2 +-
 doc/man1/openssl-mac.pod.in                  | 2 +-
 doc/man1/openssl-passwd.pod.in               | 2 +-
 doc/man1/openssl-pkcs7.pod.in                | 2 +-
 doc/man1/openssl-pkcs8.pod.in                | 2 +-
 doc/man1/openssl-pkeyparam.pod.in            | 2 +-
 doc/man1/openssl-rand.pod.in                 | 2 +-
 doc/man1/openssl-s_time.pod.in               | 2 +-
 doc/man1/openssl-speed.pod.in                | 2 +-
 doc/man3/BIO_read.pod                        | 2 +-
 doc/man3/EVP_PKEY_CTX_set_params.pod         | 2 +-
 doc/man3/EVP_PKEY_get_default_digest_nid.pod | 2 +-
 doc/man3/EVP_PKEY_keygen.pod                 | 2 +-
 doc/man3/EVP_des_cbc.pod                     | 2 +-
 doc/man3/EVP_desx_cbc.pod                    | 2 +-
 doc/man3/HMAC.pod                            | 2 +-
 doc/man3/RSA_generate_key.pod                | 2 +-
 doc/man3/RSA_new.pod                         | 2 +-
 doc/man3/SHA256_Init.pod                     | 2 +-
 doc/man3/SMIME_read_ASN1.pod                 | 2 +-
 doc/man3/SMIME_read_CMS.pod                  | 2 +-
 doc/man3/SSL_CTX_sessions.pod                | 2 +-
 doc/man3/SSL_CTX_set1_curves.pod             | 2 +-
 doc/man3/SSL_CTX_set_num_tickets.pod         | 2 +-
 doc/man3/SSL_load_client_CA_file.pod         | 2 +-
 doc/man3/X509_LOOKUP.pod                     | 2 +-
 doc/man3/X509_STORE_add_cert.pod             | 2 +-
 doc/man3/X509_STORE_set_verify_cb_func.pod   | 2 +-
 doc/man7/EVP_PKEY-RSA.pod                    | 2 +-
 doc/man7/EVP_PKEY-X25519.pod                 | 2 +-
 doc/man7/provider-object.pod                 | 2 +-
 engines/e_capi.c                             | 2 +-
 include/openssl/asn1.h.in                    | 2 +-
 include/openssl/lhash.h.in                   | 2 +-
 include/openssl/sha.h                        | 2 +-
 providers/implementations/rands/crngt.c      | 2 +-
 ssl/s3_cbc.c                                 | 2 +-
 ssl/s3_msg.c                                 | 2 +-
 ssl/ssl_asn1.c                               | 2 +-
 test/hmactest.c                              | 2 +-
 test/recipes/04-test_provider.t              | 2 +-
 test/recipes/20-test_kdf.t                   | 2 +-
 test/recipes/70-test_sslmessages.t           | 2 +-
 util/perl/OpenSSL/Template.pm                | 4 ++--
 util/perl/OpenSSL/Util.pm                    | 2 +-
 util/perl/OpenSSL/fallback.pm                | 2 +-
 70 files changed, 71 insertions(+), 71 deletions(-)

diff --git a/apps/include/http_server.h b/apps/include/http_server.h
index ed3f597fbd..8c339660a6 100644
--- a/apps/include/http_server.h
+++ b/apps/include/http_server.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index b39f218507..46065d2dd0 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index e41429df89..f543551bf1 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
index 9de35afcfd..d157f37d8e 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
index 482ee627b1..4cc4773666 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 8c3a2bd970..ecff2be02e 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 68e0c5affd..8d7094d035 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index ca45886739..5804465dfe 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index 0867ccabee..54d2e8245f 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c
index 600955efce..8da7a10fee 100644
--- a/crypto/cmp/cmp_http.c
+++ b/crypto/cmp/cmp_http.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 76d3278b8c..6a07737e59 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index 27ce15715a..b227186934 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index f800cb8f89..86cdb7bde5 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/property/property_string.c b/crypto/property/property_string.c
index 06f58496db..c9fde70a76 100644
--- a/crypto/property/property_string.c
+++ b/crypto/property/property_string.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/crypto/self_test_core.c b/crypto/self_test_core.c
index 341af7b194..dad4be208a 100644
--- a/crypto/self_test_core.c
+++ b/crypto/self_test_core.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index b98f078739..a21a1aded3 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 7b3855f301..5845c38937 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index a0d7f88ba9..ff035c469f 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index c6fd3db50a..37d73ca84c 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/internal/man3/OPENSSL_SA.pod b/doc/internal/man3/OPENSSL_SA.pod
index c7e62461e5..8124003d77 100644
--- a/doc/internal/man3/OPENSSL_SA.pod
+++ b/doc/internal/man3/OPENSSL_SA.pod
@@ -120,7 +120,7 @@ This functionality was added to OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.  Copyright
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.  Copyright
 (c) 2019, Oracle and/or its affiliates.  All rights reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use this
diff --git a/doc/internal/man3/ossl_lib_ctx_get_data.pod b/doc/internal/man3/ossl_lib_ctx_get_data.pod
index 6b80aa011e..2050a2506b 100644
--- a/doc/internal/man3/ossl_lib_ctx_get_data.pod
+++ b/doc/internal/man3/ossl_lib_ctx_get_data.pod
@@ -144,7 +144,7 @@ L<OSSL_LIB_CTX(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in
index bce1561c7f..3dc2e3a6bd 100644
--- a/doc/man1/openssl-gendsa.pod.in
+++ b/doc/man1/openssl-gendsa.pod.in
@@ -95,7 +95,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in
index 7cdd44ca0d..6296409615 100644
--- a/doc/man1/openssl-genrsa.pod.in
+++ b/doc/man1/openssl-genrsa.pod.in
@@ -124,7 +124,7 @@ This command was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in
index bc0fa82a88..2880d1ff9d 100644
--- a/doc/man1/openssl-kdf.pod.in
+++ b/doc/man1/openssl-kdf.pod.in
@@ -195,7 +195,7 @@ Added in OpenSSL 3.0
 
 =head1 COPYRIGHT
 
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 03ffb32806..d68454ce71 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -237,7 +237,7 @@ were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in
index b158ff3b8d..b368b79bc7 100644
--- a/doc/man1/openssl-mac.pod.in
+++ b/doc/man1/openssl-mac.pod.in
@@ -166,7 +166,7 @@ L<EVP_MAC-Poly1305(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-passwd.pod.in b/doc/man1/openssl-passwd.pod.in
index aede5a060a..ed68bab495 100644
--- a/doc/man1/openssl-passwd.pod.in
+++ b/doc/man1/openssl-passwd.pod.in
@@ -114,7 +114,7 @@ The B<-crypt> option was removed in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in
index 4cbb958a9d..efd772d1d4 100644
--- a/doc/man1/openssl-pkcs7.pod.in
+++ b/doc/man1/openssl-pkcs7.pod.in
@@ -100,7 +100,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-pkcs8.pod.in b/doc/man1/openssl-pkcs8.pod.in
index a504ea8f18..100c5afd6f 100644
--- a/doc/man1/openssl-pkcs8.pod.in
+++ b/doc/man1/openssl-pkcs8.pod.in
@@ -274,7 +274,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-pkeyparam.pod.in b/doc/man1/openssl-pkeyparam.pod.in
index b700a91e33..5053316c68 100644
--- a/doc/man1/openssl-pkeyparam.pod.in
+++ b/doc/man1/openssl-pkeyparam.pod.in
@@ -88,7 +88,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-rand.pod.in b/doc/man1/openssl-rand.pod.in
index 53d7f4b67d..af2c24ae4b 100644
--- a/doc/man1/openssl-rand.pod.in
+++ b/doc/man1/openssl-rand.pod.in
@@ -68,7 +68,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in
index b874f390ac..2b82cf1e98 100644
--- a/doc/man1/openssl-s_time.pod.in
+++ b/doc/man1/openssl-s_time.pod.in
@@ -188,7 +188,7 @@ L<ossl_store-file(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index fc1a388a19..0dbb19da4c 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -126,7 +126,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod
index 3b89b25a34..6a02a86b6c 100644
--- a/doc/man3/BIO_read.pod
+++ b/doc/man3/BIO_read.pod
@@ -108,7 +108,7 @@ BIO_get_line() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_PKEY_CTX_set_params.pod b/doc/man3/EVP_PKEY_CTX_set_params.pod
index feafe97204..b8855c2670 100644
--- a/doc/man3/EVP_PKEY_CTX_set_params.pod
+++ b/doc/man3/EVP_PKEY_CTX_set_params.pod
@@ -85,7 +85,7 @@ All functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/doc/man3/EVP_PKEY_get_default_digest_nid.pod
index d680ffef1a..ddabac8ff8 100644
--- a/doc/man3/EVP_PKEY_get_default_digest_nid.pod
+++ b/doc/man3/EVP_PKEY_get_default_digest_nid.pod
@@ -57,7 +57,7 @@ This function was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod
index 08d2b1db0f..f21314504e 100644
--- a/doc/man3/EVP_PKEY_keygen.pod
+++ b/doc/man3/EVP_PKEY_keygen.pod
@@ -226,7 +226,7 @@ EVP_PKEY_Q_keygen() and EVP_PKEY_generate() were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_des_cbc.pod b/doc/man3/EVP_des_cbc.pod
index bcae9d7a4e..fe9d5e6a0e 100644
--- a/doc/man3/EVP_des_cbc.pod
+++ b/doc/man3/EVP_des_cbc.pod
@@ -99,7 +99,7 @@ L<EVP_CIPHER_meth_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_desx_cbc.pod b/doc/man3/EVP_desx_cbc.pod
index 2a41e08898..01987bf28c 100644
--- a/doc/man3/EVP_desx_cbc.pod
+++ b/doc/man3/EVP_desx_cbc.pod
@@ -43,7 +43,7 @@ L<EVP_CIPHER_meth_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod
index 5057360253..3c543092e0 100644
--- a/doc/man3/HMAC.pod
+++ b/doc/man3/HMAC.pod
@@ -160,7 +160,7 @@ OpenSSL before version 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod
index 7e96360ab8..54ba4df9cb 100644
--- a/doc/man3/RSA_generate_key.pod
+++ b/doc/man3/RSA_generate_key.pod
@@ -113,7 +113,7 @@ For replacement see L<EVP_PKEY-RSA(7)>.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/RSA_new.pod b/doc/man3/RSA_new.pod
index 1396a66335..ebbb2e76c0 100644
--- a/doc/man3/RSA_new.pod
+++ b/doc/man3/RSA_new.pod
@@ -44,7 +44,7 @@ For replacement see EVP_PKEY-RSA(7).
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod
index ee96cd2381..924f44fd10 100644
--- a/doc/man3/SHA256_Init.pod
+++ b/doc/man3/SHA256_Init.pod
@@ -105,7 +105,7 @@ All of these functions except SHA*() were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SMIME_read_ASN1.pod b/doc/man3/SMIME_read_ASN1.pod
index cb4a2ac9f9..56d1e67dcd 100644
--- a/doc/man3/SMIME_read_ASN1.pod
+++ b/doc/man3/SMIME_read_ASN1.pod
@@ -72,7 +72,7 @@ The function SMIME_read_ASN1_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SMIME_read_CMS.pod b/doc/man3/SMIME_read_CMS.pod
index 9f0c855263..733d26078a 100644
--- a/doc/man3/SMIME_read_CMS.pod
+++ b/doc/man3/SMIME_read_CMS.pod
@@ -82,7 +82,7 @@ The function SMIME_read_CMS_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SSL_CTX_sessions.pod b/doc/man3/SSL_CTX_sessions.pod
index 0347b700f4..d0bc7104a3 100644
--- a/doc/man3/SSL_CTX_sessions.pod
+++ b/doc/man3/SSL_CTX_sessions.pod
@@ -37,7 +37,7 @@ L<SSL_CTX_set_session_cache_mode(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
index 65892e46a5..cbd8f71346 100644
--- a/doc/man3/SSL_CTX_set1_curves.pod
+++ b/doc/man3/SSL_CTX_set1_curves.pod
@@ -131,7 +131,7 @@ was added in OpenSSL 3.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod
index 7ab62d3ad3..c06583304f 100644
--- a/doc/man3/SSL_CTX_set_num_tickets.pod
+++ b/doc/man3/SSL_CTX_set_num_tickets.pod
@@ -86,7 +86,7 @@ SSL_CTX_get_num_tickets() were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod
index a02cc016ad..988c7e8934 100644
--- a/doc/man3/SSL_load_client_CA_file.pod
+++ b/doc/man3/SSL_load_client_CA_file.pod
@@ -96,7 +96,7 @@ were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/X509_LOOKUP.pod b/doc/man3/X509_LOOKUP.pod
index 615c2070b9..4d2fe38f25 100644
--- a/doc/man3/X509_LOOKUP.pod
+++ b/doc/man3/X509_LOOKUP.pod
@@ -228,7 +228,7 @@ added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod
index 07e8654acb..b1034a3c09 100644
--- a/doc/man3/X509_STORE_add_cert.pod
+++ b/doc/man3/X509_STORE_add_cert.pod
@@ -158,7 +158,7 @@ X509_STORE_load_locations_ex() were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod
index 5e59cbe5cc..b73341a0f7 100644
--- a/doc/man3/X509_STORE_set_verify_cb_func.pod
+++ b/doc/man3/X509_STORE_set_verify_cb_func.pod
@@ -275,7 +275,7 @@ were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod
index ec1e5777d7..784d5a39b8 100644
--- a/doc/man7/EVP_PKEY-RSA.pod
+++ b/doc/man7/EVP_PKEY-RSA.pod
@@ -241,7 +241,7 @@ L<EVP_RSA_gen(3)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod
index 509f065c56..fc7b4233d6 100644
--- a/doc/man7/EVP_PKEY-X25519.pod
+++ b/doc/man7/EVP_PKEY-X25519.pod
@@ -98,7 +98,7 @@ L<EVP_SIGNATURE-ED25519(7)>, L<EVP_SIGNATURE-ED448(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/provider-object.pod b/doc/man7/provider-object.pod
index 0032477e0f..1088e03551 100644
--- a/doc/man7/provider-object.pod
+++ b/doc/man7/provider-object.pod
@@ -184,7 +184,7 @@ introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 2ea3cd2059..6f223a6922 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in
index 36abcff28c..e2b2b25cf3 100644
--- a/include/openssl/asn1.h.in
+++ b/include/openssl/asn1.h.in
@@ -1,7 +1,7 @@
 /*
  * {- join("\n * ", @autowarntext) -}
  *
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/lhash.h.in b/include/openssl/lhash.h.in
index 04f6c45736..febefa3c4a 100644
--- a/include/openssl/lhash.h.in
+++ b/include/openssl/lhash.h.in
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 0dca61c71d..eac4b79302 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c
index 87902c995c..4095994bda 100644
--- a/providers/implementations/rands/crngt.c
+++ b/providers/implementations/rands/crngt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 2b4b16cb58..f5db247e92 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
index 4b0906820e..c0f0dbc17d 100644
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index b27a58df7c..c4479c2dd6 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/test/hmactest.c b/test/hmactest.c
index 918ae0b005..7cb7fb635c 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/04-test_provider.t b/test/recipes/04-test_provider.t
index 44274f8f07..312def7757 100644
--- a/test/recipes/04-test_provider.t
+++ b/test/recipes/04-test_provider.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t
index 47b0632888..44b066497c 100755
--- a/test/recipes/20-test_kdf.t
+++ b/test/recipes/20-test_kdf.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index befc4c7e9e..abb0f5aff9 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/util/perl/OpenSSL/Template.pm b/util/perl/OpenSSL/Template.pm
index bed13d20f9..926a6ea5e0 100644
--- a/util/perl/OpenSSL/Template.pm
+++ b/util/perl/OpenSSL/Template.pm
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -140,7 +140,7 @@ Richard Levitte E<lt>levitte at openssl.orgE<gt>
 
 =head1 COPYRIGHT
 
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/util/perl/OpenSSL/Util.pm b/util/perl/OpenSSL/Util.pm
index 8b3743aa2a..f8fcb2a351 100644
--- a/util/perl/OpenSSL/Util.pm
+++ b/util/perl/OpenSSL/Util.pm
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
diff --git a/util/perl/OpenSSL/fallback.pm b/util/perl/OpenSSL/fallback.pm
index 041fb30ba3..d4b5785cfc 100644
--- a/util/perl/OpenSSL/fallback.pm
+++ b/util/perl/OpenSSL/fallback.pm
@@ -1,4 +1,4 @@
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy

From matt at openssl.org  Thu May 20 13:43:15 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 13:43:15 +0000
Subject: [openssl]  master update
Message-ID: <1621518195.044210.8071.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c6bf8bb8595311de424cd1b8ca0c2c7f725721c0 (commit)
       via  036f8e71e39a9005cf55cd1f832dd7aafc06ae84 (commit)
       via  a6b76eba6b1635941722834ba9d9aaf6fa5dc702 (commit)
      from  0789c7d834c1c387d10e015279762d7e7b2b3cc0 (commit)


- Log -----------------------------------------------------------------
commit c6bf8bb8595311de424cd1b8ca0c2c7f725721c0
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 14:30:39 2021 +0100

    Prepare for 3.0 beta 1
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 036f8e71e39a9005cf55cd1f832dd7aafc06ae84
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 14:30:20 2021 +0100

    Prepare for release of 3.0 alpha 17
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit a6b76eba6b1635941722834ba9d9aaf6fa5dc702
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 14:30:19 2021 +0100

    make update
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 VERSION.dat                      |  2 +-
 providers/fips-sources.checksums | 28 ++++++++++++++--------------
 providers/fips.checksum          |  2 +-
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/VERSION.dat b/VERSION.dat
index b4b1faa05f..89f1d08316 100644
--- a/VERSION.dat
+++ b/VERSION.dat
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
 PATCH=0
-PRE_RELEASE_TAG=alpha17-dev
+PRE_RELEASE_TAG=beta1-dev
 BUILD_METADATA=
 RELEASE_DATE=""
 SHLIB_VERSION=3
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 872759e0c7..a2cf99cae0 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -98,7 +98,7 @@ ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05  crypto/bn/rsaz
 c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
 35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c  crypto/cmac/cmac.c
 b352903e60908dc7287051983e2068508715b4d9f3f46575540295010908bfa0  crypto/context.c
-0a27ead487bd4775cece449dab53ca5aa9d1997012c85b1dcd2178d3b851dd94  crypto/core_algorithm.c
+85b6c1885be1e04403aa3af1fe3bb2608a7c91f4f4fdd510750f335c850d1cd5  crypto/core_algorithm.c
 2185a7d136ee77725fc1b8a6b401bebceeeddc067eea0482e0ab2916ce550e78  crypto/core_fetch.c
 9e0912561955172067e70ebb1913c4d9de35de612789e91f7f61180ca03b4ad8  crypto/core_namemap.c
 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3  crypto/cpuid.c
@@ -140,7 +140,7 @@ eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51  crypto/ec/curv
 a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f  crypto/ec/curve448/eddsa.c
 d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curve448/f_generic.c
 7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93  crypto/ec/curve448/scalar.c
-04f8d52acc6332bdf879bf1684e8c59d2f4d8ca303d16c74d87aab3dd4a94932  crypto/ec/ec2_oct.c
+ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d  crypto/ec/ec2_oct.c
 7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
 4ec7fe2efa0e55316ac4bb8507c7a37360339070c406c2623c38c5a541ac65d6  crypto/ec/ec_backend.c
@@ -160,7 +160,7 @@ f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35  crypto/ec/ecds
 c07f9f7cfb27ce2735cad06f16d3e5f270b79ac31a0f9b6e44945f2c040f6258  crypto/ec/ecp_mont.c
 f679269eec6f67ab7f859eca39cad7cc5ff2ba70e2f884eed9eadc9057c01272  crypto/ec/ecp_nist.c
 03f7a0e38ce53a90b388b5c3e6d33629ed650b9ad6f5f722e8993e045ef31e27  crypto/ec/ecp_nistz256.c
-3f272e4a973b429d679f85c961dcf03f02d4ef62004d98849321d2fa6d7efaad  crypto/ec/ecp_oct.c
+51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a  crypto/ec/ecp_oct.c
 fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_smpl.c
 4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d  crypto/ec/ecx_backend.c
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
@@ -169,7 +169,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 3c8e633beeb9b79cac2f068de248b7f1ad55910d2e2ff10b2b3694daae552436  crypto/evp/digest.c
 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b  crypto/evp/ec_support.c
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
-4518be2a70f28492668fe1ad6464593ff0db227ab75536bc5dc5a9c0da135800  crypto/evp/evp_fetch.c
+7c654083c116f3e47d6fc7902bc0332643c4662cf2222d66ea66c90ca313de2f  crypto/evp/evp_fetch.c
 1a168c88f1ee61d0f0c94ea72e220f913526a09fc09b8ba1706eb126e948699c  crypto/evp/evp_lib.c
 af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
@@ -179,14 +179,14 @@ c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp
 9627b89aa6a27fa96116964cbbe377ae283c46445887e4e8c2a5183aeb102789  crypto/evp/kem.c
 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670  crypto/evp/keymgmt_lib.c
 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535  crypto/evp/keymgmt_meth.c
-9fd78bfd59378fc4a9f56ce474310d8d2851aa42862c694ee0e47b175e836c51  crypto/evp/m_sigver.c
+44d3d560bcd7cd26b442290353723efee587926f4f6af7e23ff8e8f095f92139  crypto/evp/m_sigver.c
 ec959b00487bfc51f4cf33c21a60fd8a73087a622504f459ba4cfe48bb0a738c  crypto/evp/mac_lib.c
 5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
-f5a18107256e00e2eed6a9b54eaf44ef1b99c0f29134e9f363a09daa2d35f1b5  crypto/evp/p_lib.c
+abfcd63f0e715519ac9aa40407c391cecdb68ea4c72d44e8dc042249752336f7  crypto/evp/p_lib.c
 b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pmeth_check.c
-ff8a5ff024c228fe714e4cf758260cf9e9c992a9311acb5f96b0f2ed6af1a814  crypto/evp/pmeth_gn.c
+3c2ef0c56a0eefacc28aa7014cafcdf4a7f62704455fcda96d64b24f8c75057b  crypto/evp/pmeth_gn.c
 b360a72944bcb8f8ae8bd28d9b8a4a6aa4f39d1402295f84af243d14c3f1898c  crypto/evp/pmeth_lib.c
-52d8ea3b8b3ef52b58306b0fbd4557d682ba69a5384672ba7e1682c9a853f417  crypto/evp/signature.c
+bd7fe70cfe85095ba6b1baf463112d6a6163a6fcb232bab27e4fbae4b1d1679b  crypto/evp/signature.c
 b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac  crypto/ex_data.c
 00ca3b72cd56308aabb2826b6a400c675526afa7efca052d39c74b2ac6d137d8  crypto/ffc/ffc_backend.c
 ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc_dh.c
@@ -195,7 +195,7 @@ ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc
 67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346  crypto/ffc/ffc_params.c
 4c614d354252e2cfdfa2fcb7d2abba0456fcdee3e5ffdcf4d7cec1d6c8c9d1d8  crypto/ffc/ffc_params_generate.c
 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
-c193773792bec29c791e84d150ffe5ef25f53cb02e23f0e12e9000234b4322e5  crypto/hmac/hmac.c
+31b822540566ab2a51b50dae884f4b3d5ef1403c7c50fce4e1cc76b2885726a5  crypto/hmac/hmac.c
 271083f71a1ce24988a0932f73c0221260591823afd495bf2ae8d11e8469b659  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
@@ -229,10 +229,10 @@ c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb  crypto/param_b
 d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_from_text.c
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3  crypto/property/defn_cache.c
-85b314961fa249dcaa2847294d1903447a3f5f73c0dd5ab10f7cd9641c925219  crypto/property/property.c
-a46f67bd5b1f6a6567a71aa42753708f1180d1c85007d1038fa11bb207781d1a  crypto/property/property_parse.c
-e703fec7e28de11c89e131503eb75095472e8c03563105ca8767c34db22a105c  crypto/property/property_string.c
-c9d4d0adb3313c5c90c7db9bce9af59d02efc5fe8181c18a778625b1cc296d6f  crypto/provider_core.c
+e7ee9ae467238875a413c44552af3937942b4e61a8aa3af6bee81a456d9daad1  crypto/property/property.c
+e65f06611db56dff6159a394958cba6ade6ebe98578c9912338bdd27b6f079ac  crypto/property/property_parse.c
+9d5fad386cfb0b6ace3005c7def05edff3017436a4e7dc367a16c53acbbf0ff6  crypto/property/property_string.c
+e09600d89d160b02bcc3ccdc2943ce08848266ab533341de81d72be5b0fc3689  crypto/provider_core.c
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
 14341361b4308fe1528b11a9f88edff037b10b51e9e7aa29b70b43a4e3be3d59  crypto/rand/rand_lib.c
 f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde  crypto/rand/rand_meth.c
@@ -371,7 +371,7 @@ eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/impl
 7d621555c4bd9dcdb324031c28f70d8d382ff0e5369ce1ade30180e8f525b2e8  providers/implementations/kem/rsa_kem.c
 6b60edb1ff512cb20d5727aa765efaaba54a151b9cefb819092da347e0d3d3f6  providers/implementations/keymgmt/dh_kmgmt.c
 6224f55f19d7f2794326357799cd61182a0b3ca6a9b29ced720ecb463d7469b3  providers/implementations/keymgmt/dsa_kmgmt.c
-a5b4ddffa137a52f6a0a0c0c28c618d9bff00af2ec49e51885fc7af116e04869  providers/implementations/keymgmt/ec_kmgmt.c
+20d650c547a138d86593bd56bcc91aa59bd89e869cef2fc91f40c6184f2f690b  providers/implementations/keymgmt/ec_kmgmt.c
 1a6b7e37229e81eae3981ab2e0b7669eb24aaa6487738c4b44a970da212560b6  providers/implementations/keymgmt/ecx_kmgmt.c
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 21b259d6a9eb5e319106012179e04963fb9659ed85af37f5c9c8752ec2385dae  providers/implementations/keymgmt/mac_legacy_kmgmt.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 3054d8e19f..9b3a615682 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-b3dca5cc989c42b9e46c0e0b1738ff17b51ce825f0b87ae13b8f609a0840978f  providers/fips-sources.checksums
+04f48687924f20e0ea20b0e6283dbbe7ddd18d6836382f3d8ae3709fe3aac0ad  providers/fips-sources.checksums

From matt at openssl.org  Thu May 20 13:43:25 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 13:43:25 +0000
Subject: [openssl]  openssl-3.0.0-alpha17 create
Message-ID: <1621518205.638513.9025.nullmailer@dev.openssl.org>

The annotated tag openssl-3.0.0-alpha17 has been created
        at  183c3af650bd7a05c810a951a44bd7718480d7d5 (tag)
   tagging  036f8e71e39a9005cf55cd1f832dd7aafc06ae84 (commit)
  replaces  openssl-3.0.0-alpha16
 tagged by  Matt Caswell
        on  Thu May 20 14:30:22 2021 +0100

- Log -----------------------------------------------------------------
OpenSSL 3.0.0-alpha17 release tag
-----BEGIN PGP SIGNATURE-----

iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmCmZG4RHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHX2ggArkmoJjB6aq1JqshHZc/hWqp8RxvGWhHC
w4f6222cauex5l2tIX6kc5PGwhOtodGiEYkBYoZhfOvBfJU77LtCjA4qrJwmygDF
NPk886MQ3TpWc5XAkYuskvYIg/8VDIu/EV9c+80ol1aBFxnZCFt4CsnAJBjsRNL6
Qsg0kCROCdTotNVFAJFEJzlzViP8MIirdovzJJghjImUPBBI+iwRLtQuliZ9QfxZ
A7C7SZiQF3CabkV7k7SFdvQTvQzgy+VYCzZbFX02QTR7383n9fvCT8OtlNS19a1U
GWtd0xGc7c6kvFDEjoBkhcgRBwmGWRiviDWz16KafnIq6AbwX+Z+EQ==
=2SlW
-----END PGP SIGNATURE-----

Ben Avison (1):
      ARM assembly pack: translate bit-sliced AES implementation to AArch64

Benjamin Kaduk (14):
      tasn_dec: use do/while around statement macros
      Improve RFC 8446 PSK key exchange mode compliance
      make update
      Don't send key_share for PSK-only key exchange
      Update expected results for tls13kexmodes tests
      apps: improve hygeine for SET_EXPECT macro
      Promote SSL_get_negotiated_group() for non-TLSv1.3
      Regenerate testsid.pem
      Extend SSL_get_negotiated_group() tests for TLS 1.2
      move group lists out of test_key_exchange() in preparation for reuse
      Add extensive test coverage for SSL_get_negotiated_group()
      Let SSL_new_session_ticket() enter init immediately
      Test new SSL_new_session_ticket() functionality
      Update SSL_new_session_ticket() manual for triggered send

Daniel Bevenius (3):
      Clarify two comments (typos) in fipsprov.c
      Clarify where dispatch functions/ids are defined
      Mark pop/clear error stack in der2key_decode_p8

David CARLIER (1):
      armcap: fix Mac M1 SHA512 support.

David Carlier (1):
      BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true

Dmitry Belyavskiy (4):
      Avoid sending alerts after shutdown
      Tests for creating req from PKCS8 keys with extra attrs
      Enumerating the legacy provider's cipher algorithms
      clarification about the DES status

Dr. David von Oheimb (50):
      DOC: Fix all wrong occurrences of '<propq>' to 'I<propq>'
      Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
      Crypto: Add deprecation compatibility declarations for SHA* message digest functions
      ssl.h.in: Fix deprecation exclusion for SRP-related declarations
      80-test_cmp_http.t: Improve fuzzing exclusion pattern
      Add convenience functions and macros for asymmetric key generation
      Constify EVP_PKEY_CTX_set_params(), EVP_PKEY_CTX_{set,get}table_params(), etc.
      80-test_cmp_http.t: Improve fuzzing exclusion pattern - fixup!
      Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()
      HTTP client: Minimal changes that include the improved API
      EVP_PKEY-X25519.pod: Correct EVP_PKEY_Q_keygen function name in example
      Makefile: Simplify use of run_tests
      Makefile: Make sure providers/fipsmodule.cnf is re-built also for run_tests
      http_client.c: Fix inconsistency w.r.t. type of max_resp_len
      HTTP client: Rename 'maxline' parameter to 'buf_size' for clarity
      OSSL_CMP_SRV_process_request(): Log any error queue entries on response
      cmp_server.c: Improve transaction management and logging
      HTTP test server: Improve connection management and logging
      CMP test server: Extend error reporting on cert rejected for revocation
      OSSL_HTTP_REQ_CTX_add1_headers(): Fix use with host == NULL (relative URLs)
      HTTP: Implement persistent connections (keep-alive)
      OSSL_HTTP_get(): Do not close connection if redirect to same server
      OSSL_HTTP_transfer(): Fix error reporting in case rctx->server is NULL
      HTTP client API: Generalize to arbitrary request and response contents
      HTTP client: Allow streaming of request data (for POST method)
      HTTP client: Allow streaming of response data (with possibly indefinite length)
      http_client.c: Rename internal fields and functions for consistency
      Add OSSL_ prefix to HTTP_DEFAULT_MAX_{LINE_LENGTH,RESP_LEN}
      apps/ocsp: Add -proxy and -no_proxy options
      apps/s_server: Add -proxy and -no_proxy options
      find-doc-nits: Make -c option (cmd-nits) independent of app build and execution
      openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong
      ci.yml: Add cmd-nits to the doc-nits CI run
      DOC: Fix nits found by improved find-doc-nits -c
      Move ossl_sleep() to e_os.h and use it in apps
      bio_lib: Add BIO_get_line, correct doc of BIO_gets
      Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input
      apps/cms.c: Make -sign and -verify handle binary input
      apps/cms.c: Simplify make_receipt_request() and load_content_info(()
      CMS_get0_SignerInfos(): Prevent spurious error on cms_get0_signed() failure
      unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
      find-doc-nits -c: Fix handling in case expected helpstr is not found
      apps/list: Remove obsolete -missing-help option
      80-test_cms.t: Disable new tests for binary input in Windows
      X509 build_chain(): Restrict scope of 'self_signed' variable
      X509 build_chain(): Rename variable 'depth' to 'max_depth'
      X509 build_chain(): Make the variable 'curr' local to the loop body
      X509 build_chain(): Fix two potential memory leaks on issuer variable
      X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure
      danetest.c: Improve code formatting

EasySec (2):
      use LHASH_OF(TYPE) macro to make the example consistent with the declaration in ssl.h
      find-doc-nits fix courtesy Rich Salz

Jake Cooke (1):
      Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw

Job Snijders (1):
      Add OID for RPKI id-ct-signedChecklist

Jon Spillett (2):
      Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers
      Fixes #14662. Return all EC parameters even for named curves

Juergen Christ (1):
      Fix provider library build wrt. AES

Martin Schwenke (1):
      bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication

Matt Caswell (33):
      Prepare for 3.0 alpha 17
      Only load the config file into the default libctx if necessary
      Add the ability for ex_data to have a priority
      Add the concept of a child OSSL_LIB_CTX
      Modify the legacy provider to use OSSL_LIB_CTX_new_child()
      Add a test for OSSL_LIB_CTX_new_child()
      Register callbacks with core for child provider creation/deletion
      Add a test to check that child provider callbacks are working
      Add support for child provider to up_ref/free their parent
      Don't convert pre-existing providers into children
      Add additional testing of child libctx/providers
      Update documentation following addition of OSSL_LIB_CTX_new_child()
      Exclude child provider code from the FIPS module
      Update FIPS checksums
      property: add test case for setting default user properties before fetching
      Fix a memleak on an error path in the pkcs12 test helpers
      Init the child providers immediately on creation of the child libctx
      Load the default provider into the p_test provider later
      Add a CHANGES entry for fully pluggable groups
      Fix a use-after-free in the child provider code
      Better error messages if there are no encoders/decoders/store loaders
      Implement the ability to convert a PROPERTY_LIST to a string
      Add a test for converting a property list to a string
      Add a callback for providers to know about global properties changes
      Test that properties are mirrored as we expect
      Documentation updates for mirroring of global properties
      Ensure mirroring of properties works for subsequent updates
      Update documentation for global properties mirroring
      Create symlinks when installing man pages
      Refer to the migration guide rather than the wiki in our announcements
      Update copyright year
      make update
      Prepare for release of 3.0 alpha 17

Michael Richardson (1):
      reduce surprise in choice of CASE/String/STRING by allowing all inputs to be in any case

Nicola Tuveri (1):
      FIPS checksums update

Pauli (44):
      changes: add note about application output formatting differences.
      provider: flush the store cache when providers are loaded/unloaded.
      test: add a provider load/unload cache flush test.
      doc: document the new ossl_provider_clear_all_operation_bits() function
      provider: use a read lock when looking for a provider
      FIPS checksum update
      apps: add mac, cipher and digest arguments to the kdf applet.
      apps: remove initial newline from mac output
      apps/mac: avoid need for two ^D when using stdin from a terminal
      apps/mac: Add digest and cipher command line options
      checksum fix
      Reduce the runtime/output from the gmdiff test
      coverity: fix 1484539 resource leak
      coverity: fix 1484540 resource leak
      coverity: fix 1484542 dereference after null check
      evp: fix return code check.
      Checksum update
      coveralls: fix comment to indicate daily not weekly
      Run-checker converted to GitHub Actions
      property: create property names more eagerly.
      Checksum update
      doc: document the encoder and decoder name functions
      encoder: add a _name() function for encoders and decoders
      apps: change list command to only list fetchable algorithms.
      apps: make list -help not continue with listing
      test: fix thread test config file problem
      e_loader_attic: fix a use after free issue
      x509: fix a dangling pointer
      doc: remove references to undepreciated commands being deprecated.
      mac: improve MAC documentation (Poly 1305 key reuse, nomenclature)
      doc: document all functions in provider-base(7)
      ci: remove the checksum CI script
      test: conditionally exclude unused code for no-tls1.2 build
      apps: clean up the http server code
      provider: fix coverity 1484884: uninitialised lock use
      evp: fix coverity 1484885 negative integer to size_t conversion
      keymgmt: fix coverity 1484886 unchecked return value
      hmac: fix coverity 1484888 negative integer to size_t conversion
      seal: make EVP_SealInit() library context aware
      apps: use else if when checking for headers in the http server code
      fips: remove unnecessary commas to get CI working
      Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"
      todo: remove TODO(3.0) from the sources.
      app: add a -store_loaders option to list.

Petr Gotthard (2):
      Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
      Fix pointer passed to provider_unquery_operation

Rich Salz (8):
      Fix cut/paste (?) error.
      Add --banner config option
      Convert SSL_{CTX}_[gs]et_options to 64
      Slightly reformat ssl.h.in
      Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
      Add -quiet flag to genpkey
      Remove '=for openssl ifdef'
      Remove "openssl ifdef" handling

Richard Levitte (29):
      Rename files in providers/implementations/signatures
      Drop libimplementations.a
      make update
      ASN1: Fix i2d_provided() return value
      APPS: Make the cmp Mock server output the accept address and port
      Adapt 80-test_cmp_http.t and its data for random accept ports
      Move some OpenSSL perl utility functions to OpenSSL::Util
      Rework how a build file (Makefile, ...) is produced
      Turn off VMS C's info about unsupported pragmas
      Configurations/descrip.mms.tmpl: Diverse updates
      Fix OpenSSL::fallback for VMS
      Fix The VMS variant of platform->staticname()
      Fix configdata.pm.in's "use lib" for VMS
      Thrown away all special descrip.mms variables
      Configurations/descrip.mms.tmpl: Change strategy for include directories
      Configurations/descrip.mms.tmpl: Add another inclusion hack
      VMS need to build DSO with name shortening, because of provider code
      Tweak apps/build.info for VMS
      Fix include/openssl/e_os2.h for VMS
      Fix include/internal/sockets.h for VMS
      Fix crypto/bio/b_sock.c for VMS
      Make sure to include "internal/numbers.h" to get SIZE_MAX
      Make sure to include "crypto/ctype.h" to get ossl_isdigit()
      build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts
      Make apps/progs.pl not look at apps/progs.c
      Complete 'no-sock' guards in apps/ocsp.c
      test/evp_extra_test2.c: Try EVP_PKEY_export() with a legacy RSA key
      Modify EVP_PKEY_ASN1_METHOD's export_to function to take an importer
      EVP: Modify EVP_PKEY_export() to handle legacy EVP_PKEYs

Scott McPeak (1):
      BIO_printf.pod: Clarify that output is always null terminated.

Shane Lontis (8):
      Remove unused code from the fips module
      Fix i2d_PKCS8PrivateKey_nid_bio() regression.
      Export/import flags for FFC params changed to seperate fields.
      Fix compiler error when using config option 'enable-acvp-tests'
      Fix OSSL_DECODER_new_for_pkey() selection parameter documentation
      Add doc for ERR_clear_last_mark().
      Add migration guide for 3.0
      Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.

Theo Buehler (2):
      Avoid division by zero in hybrid point encoding
      Test oct2point for hybrid point encoding of (0, y)

Tomas Mraz (25):
      evp_extra_test: Avoid potential double free of params
      Unify parameter types in documentation
      Updated gost-engine to latest commit from master branch
      Allow arbitrary digests with ECDSA and DSA
      A few cleanups of the provider build.infos
      Compute the FIPS checksums in $(BLDDIR) and remove it from update target
      Add diff-fips-checksums target to compare BLDDIR and SRCDIR checksums
      Add checksums github CI action
      fipsprov: Missing teardown on fips_get_params_from_core() error
      Set the severity: fips change label if fips checksum changed
      Remove the severity: fips change label if fips checksum unchanged
      Allow diff-fips-checksums in in-tree build
      Remove the .new suffix inside the fips.checksum.new
      The FIPS Checksums job must be run on pull_request_target
      Ensure the pristine checksums are not recomputed
      update-fips-checksums: Make the dependency on source list work
      Drop ASN1_PKEY_CTRL_SUPPORTS_MD_NID
      Replace EVP_PKEY_supports_digest_nid
      Implement pem_read_key directly through OSSL_DECODER
      Fallback to legacy pem decoding if OSSL_DECODER fails
      Replace some of the ERR_clear_error() calls with mark calls
      Add make update-fips-checksums to release.sh script
      Separate FIPS checksum and labelling into different workflows
      Avoid failing label removal if label is not there
      speed: Document the deficiencies of the command

Xiaofei Bai (3):
      Fix missing $CPUIDDEF in libdefault.a
      Add $AESDEF in libdefault.a to fix aes regression
      crypto/arm_arch.h: add a variable declaration

bonniegong (1):
      check i2d_ASN1_TYPE return value

fangming.fang (1):
      Optimize RSA on armv8

-----------------------------------------------------------------------

From matt at openssl.org  Thu May 20 13:45:04 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 13:45:04 +0000
Subject: [web]  master update
Message-ID: <1621518304.146702.12019.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e39973455eaed0265573f24ce0eb6e5544757169 (commit)
      from  fd0743669f8f47f638b9ad5822d893fb94a1a89d (commit)


- Log -----------------------------------------------------------------
commit e39973455eaed0265573f24ce0eb6e5544757169
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 14:37:15 2021 +0100

    Update newsflash alpha17 for new release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Mark J. Cox <mark at awe.com>
    (Merged from https://github.com/openssl/web/pull/239)

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 44e8272..6c1f2dc 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 
+20-May-2021: Alpha 17 of OpenSSL 3.0 is now available: please download and test it
 06-May-2021: Alpha 16 of OpenSSL 3.0 is now available: please download and test it
 22-Apr-2021: Alpha 15 of OpenSSL 3.0 is now available: please download and test it
 08-Apr-2021: Alpha 14 of OpenSSL 3.0 is now available: please download and test it

From dev at ddvo.net  Thu May 20 14:23:45 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Thu, 20 May 2021 14:23:45 +0000
Subject: [openssl]  master update
Message-ID: <1621520625.649249.4188.nullmailer@dev.openssl.org>

The branch master has been updated
       via  ee56cec7332ca2c77ee425c544304ce25475db1c (commit)
       via  a37dbb466ce085bd054bf13604dceac6eb35b593 (commit)
      from  c6bf8bb8595311de424cd1b8ca0c2c7f725721c0 (commit)


- Log -----------------------------------------------------------------
commit ee56cec7332ca2c77ee425c544304ce25475db1c
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 19 10:01:25 2021 +0200

    CMP test server: move apps/{,lib/}cmp_mock_srv.c and apps/{,include/}cmp_mock_srv.h
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15343)

commit a37dbb466ce085bd054bf13604dceac6eb35b593
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 19 09:54:11 2021 +0200

    apps/cmp.c: Move CMP server code portion to separate function
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15343)

-----------------------------------------------------------------------

Summary of changes:
 apps/build.info                   |   2 +-
 apps/cmp.c                        | 150 ++++++++++++++++++++------------------
 apps/{ => include}/cmp_mock_srv.h |   0
 apps/{ => lib}/cmp_mock_srv.c     |   0
 test/build.info                   |   2 +-
 test/cmp_client_test.c            |   2 +-
 util/find-doc-nits                |   2 +-
 7 files changed, 83 insertions(+), 75 deletions(-)
 rename apps/{ => include}/cmp_mock_srv.h (100%)
 rename apps/{ => lib}/cmp_mock_srv.c (100%)

diff --git a/apps/build.info b/apps/build.info
index 308f4d94f8..020d129f8c 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -52,7 +52,7 @@ IF[{- !$disabled{'cms'} -}]
   $OPENSSLSRC=$OPENSSLSRC cms.c
 ENDIF
 IF[{- !$disabled{'cmp'} -}]
-  $OPENSSLSRC=$OPENSSLSRC cmp.c cmp_mock_srv.c
+  $OPENSSLSRC=$OPENSSLSRC cmp.c lib/cmp_mock_srv.c
 ENDIF
 
 IF[{- !$disabled{apps} -}]
diff --git a/apps/cmp.c b/apps/cmp.c
index f289943a55..5912090701 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2552,6 +2552,84 @@ static int get_opts(int argc, char **argv)
     return 1;
 }
 
+#ifndef OPENSSL_NO_SOCK
+static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
+    BIO *acbio;
+    BIO *cbio = NULL;
+    int keep_alive = 0;
+    int msgs = 0;
+    int retry = 1;
+    int ret = 1;
+
+    if ((acbio = http_server_init_bio(prog, opt_port)) == NULL)
+        return 0;
+    while (opt_max_msgs <= 0 || msgs < opt_max_msgs) {
+        char *path = NULL;
+        OSSL_CMP_MSG *req = NULL;
+        OSSL_CMP_MSG *resp = NULL;
+
+        ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
+                                       (ASN1_VALUE **)&req, &path,
+                                       &cbio, acbio, &keep_alive,
+                                       prog, opt_port, 0, 0);
+        if (ret == 0) { /* no request yet */
+            if (retry) {
+                ossl_sleep(1000);
+                retry = 0;
+                continue;
+            }
+            ret = 0;
+            goto next;
+        }
+        if (ret++ == -1) /* fatal error */
+            break;
+
+        ret = 0;
+        msgs++;
+        if (req != NULL) {
+            if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) {
+                (void)http_server_send_status(cbio, 404, "Not Found");
+                CMP_err1("expecting empty path or 'pkix/' but got '%s'",
+                         path);
+                OPENSSL_free(path);
+                OSSL_CMP_MSG_free(req);
+                goto next;
+            }
+            OPENSSL_free(path);
+            resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req);
+            OSSL_CMP_MSG_free(req);
+            if (resp == NULL) {
+                (void)http_server_send_status(cbio,
+                                              500, "Internal Server Error");
+                break; /* treated as fatal error */
+            }
+            ret = http_server_send_asn1_resp(cbio, keep_alive,
+                                             "application/pkixcmp",
+                                             ASN1_ITEM_rptr(OSSL_CMP_MSG),
+                                             (const ASN1_VALUE *)resp);
+            OSSL_CMP_MSG_free(resp);
+            if (!ret)
+                break; /* treated as fatal error */
+        }
+    next:
+        if (!ret) { /* on transmission error, cancel CMP transaction */
+            (void)OSSL_CMP_CTX_set1_transactionID(srv_cmp_ctx, NULL);
+            (void)OSSL_CMP_CTX_set1_senderNonce(srv_cmp_ctx, NULL);
+        }
+        if (!ret || !keep_alive
+            || OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1
+             /* transaction closed by OSSL_CMP_CTX_server_perform() */) {
+            BIO_free_all(cbio);
+            cbio = NULL;
+        }
+    }
+
+    BIO_free_all(cbio);
+    BIO_free_all(acbio);
+    return ret;
+}
+#endif
+
 int cmp_main(int argc, char **argv)
 {
     char *configfile = NULL;
@@ -2682,80 +2760,10 @@ int cmp_main(int argc, char **argv)
 
 
     if (opt_port != NULL) { /* act as very basic CMP HTTP server */
-        /* TODO for readability, convert this block to separate function */
 #ifdef OPENSSL_NO_SOCK
         BIO_printf(bio_err, "Cannot act as server - sockets not supported\n");
 #else
-        BIO *acbio;
-        BIO *cbio = NULL;
-        int keep_alive = 0;
-        int msgs = 0;
-        int retry = 1;
-
-        if ((acbio = http_server_init_bio(prog, opt_port)) == NULL)
-            goto err;
-        while (opt_max_msgs <= 0 || msgs < opt_max_msgs) {
-            char *path = NULL;
-            OSSL_CMP_MSG *req = NULL;
-            OSSL_CMP_MSG *resp = NULL;
-
-            ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
-                                           (ASN1_VALUE **)&req, &path,
-                                           &cbio, acbio, &keep_alive,
-                                           prog, opt_port, 0, 0);
-            if (ret == 0) { /* no request yet */
-                if (retry) {
-                    ossl_sleep(1000);
-                    retry = 0;
-                    continue;
-                }
-                ret = 0;
-                goto next;
-            }
-            if (ret++ == -1) /* fatal error */
-                break;
-
-            ret = 0;
-            msgs++;
-            if (req != NULL) {
-                if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) {
-                    (void)http_server_send_status(cbio, 404, "Not Found");
-                    CMP_err1("expecting empty path or 'pkix/' but got '%s'",
-                             path);
-                    OPENSSL_free(path);
-                    OSSL_CMP_MSG_free(req);
-                    goto next;
-                }
-                OPENSSL_free(path);
-                resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req);
-                OSSL_CMP_MSG_free(req);
-                if (resp == NULL) {
-                    (void)http_server_send_status(cbio,
-                                                  500, "Internal Server Error");
-                    break; /* treated as fatal error */
-                }
-                ret = http_server_send_asn1_resp(cbio, keep_alive,
-                                                 "application/pkixcmp",
-                                                 ASN1_ITEM_rptr(OSSL_CMP_MSG),
-                                                 (const ASN1_VALUE *)resp);
-                OSSL_CMP_MSG_free(resp);
-                if (!ret)
-                    break; /* treated as fatal error */
-            }
-        next:
-            if (!ret) { /* on transmission error, cancel CMP transaction */
-                (void)OSSL_CMP_CTX_set1_transactionID(srv_cmp_ctx, NULL);
-                (void)OSSL_CMP_CTX_set1_senderNonce(srv_cmp_ctx, NULL);
-            }
-            if (!ret || !keep_alive
-                || OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1
-                 /* transaction closed by OSSL_CMP_CTX_server_perform() */) {
-                BIO_free_all(cbio);
-                cbio = NULL;
-            }
-        }
-        BIO_free_all(cbio);
-        BIO_free_all(acbio);
+        ret = cmp_server(srv_cmp_ctx);
 #endif
         goto err;
     }
diff --git a/apps/cmp_mock_srv.h b/apps/include/cmp_mock_srv.h
similarity index 100%
rename from apps/cmp_mock_srv.h
rename to apps/include/cmp_mock_srv.h
diff --git a/apps/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
similarity index 100%
rename from apps/cmp_mock_srv.c
rename to apps/lib/cmp_mock_srv.c
diff --git a/test/build.info b/test/build.info
index 842a7bbe35..58d75be5d4 100644
--- a/test/build.info
+++ b/test/build.info
@@ -529,7 +529,7 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[cmp_server_test]=.. ../include ../apps/include
   DEPEND[cmp_server_test]=../libcrypto.a libtestutil.a
 
-  SOURCE[cmp_client_test]=cmp_client_test.c helpers/cmp_testlib.c ../apps/cmp_mock_srv.c
+  SOURCE[cmp_client_test]=cmp_client_test.c helpers/cmp_testlib.c ../apps/lib/cmp_mock_srv.c
   INCLUDE[cmp_client_test]=.. ../include ../apps/include
   DEPEND[cmp_client_test]=../libcrypto.a libtestutil.a
 
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 35a7c30f92..3d9b37b3a2 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -11,7 +11,7 @@
 
 #include "helpers/cmp_testlib.h"
 
-#include "apps/cmp_mock_srv.h"
+#include "cmp_mock_srv.h"
 
 #ifndef NDEBUG /* tests need mock server, which is available only if !NDEBUG */
 
diff --git a/util/find-doc-nits b/util/find-doc-nits
index fd465f6d0b..815880ad01 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -1128,7 +1128,7 @@ if ( $opt_c ) {
     # See if each has a manpage.
     foreach my $cmd ( @commands ) {
         $cmd =~ s/\.c$//;
-        next if $cmd eq 'progs' || $cmd eq 'cmp_mock_srv' || $cmd eq 'vms_decc_init';
+        next if $cmd eq 'progs' || $cmd eq 'vms_decc_init';
         my @doc = ( grep { basename($_) eq "openssl-$cmd.pod"
                            # For "tsget" and "CA.pl" pod pages
                            || basename($_) eq "$cmd.pod" }

From dev at ddvo.net  Thu May 20 14:25:36 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Thu, 20 May 2021 14:25:36 +0000
Subject: [openssl]  master update
Message-ID: <1621520736.675460.5711.nullmailer@dev.openssl.org>

The branch master has been updated
       via  14d3bb06c9c11b3e13c64611913757c27bc057f2 (commit)
       via  359efeac3f9b99c5f734b90db8a4c5bfadb7323a (commit)
       via  9c1582807b535e5b8499897c6e74fec48440c4fe (commit)
       via  414823d2de6f370cf2102f3418780a428803a70f (commit)
       via  5be56c490e4f34b4f592a692109563ea991ac6c7 (commit)
      from  ee56cec7332ca2c77ee425c544304ce25475db1c (commit)


- Log -----------------------------------------------------------------
commit 14d3bb06c9c11b3e13c64611913757c27bc057f2
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 19 09:38:20 2021 +0200

    util/find-doc-nits: Improve helpstr pattern matching
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15299)

commit 359efeac3f9b99c5f734b90db8a4c5bfadb7323a
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 17 11:04:40 2021 +0200

    DOC: Fix nits found by new check on SYNOPSIS and OPTIONS consistency
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15299)

commit 9c1582807b535e5b8499897c6e74fec48440c4fe
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun May 16 15:38:19 2021 +0200

    find-doc-nits: Check that man1 SYNOPSIS and OPTIONS contain same options
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15299)

commit 414823d2de6f370cf2102f3418780a428803a70f
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun May 16 12:48:50 2021 +0200

    find-doc-nits: Add -m option allowing to select on which of man1,man3,man5,man7 to focus on
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15299)

commit 5be56c490e4f34b4f592a692109563ea991ac6c7
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun May 16 12:12:32 2021 +0200

    find-doc-nits: Minor improvements of help and diagnostic output
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15299)

-----------------------------------------------------------------------

Summary of changes:
 apps/CA.pl.in                    |  6 +--
 apps/s_server.c                  | 12 +++---
 apps/srp.c                       |  4 +-
 doc/man1/CA.pl.pod               |  8 ++--
 doc/man1/openssl-ec.pod.in       |  4 ++
 doc/man1/openssl-enc.pod.in      |  4 ++
 doc/man1/openssl-ocsp.pod.in     |  7 +++-
 doc/man1/openssl-pkcs8.pod.in    |  4 ++
 doc/man1/openssl-s_server.pod.in | 81 ++++++++++++++++++++++++++++++++++++++--
 doc/man1/openssl-speed.pod.in    |  8 ++++
 doc/man1/openssl-srp.pod.in      | 26 ++++++++++++-
 doc/man1/openssl-ts.pod.in       | 14 ++++++-
 doc/perlvars.pm                  | 13 ++++---
 util/find-doc-nits               | 41 ++++++++++++++------
 14 files changed, 193 insertions(+), 39 deletions(-)

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index c0afb96716..6d1de16516 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -122,9 +122,9 @@ if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
     print STDERR <<EOF;
 Usage:
     CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd parameter]
-    CA.pl -pkcs12 [-extra-pkcs12 parameter] [certname]
-    CA.pl -verify [-extra-verify parameter] certfile ...
-    CA.pl -revoke [-extra-ca parameter] certfile [reason]
+    CA.pl -pkcs12 [certname]
+    CA.pl -verify certfile ...
+    CA.pl -revoke certfile [reason]
 EOF
     exit 0;
 }
diff --git a/apps/s_server.c b/apps/s_server.c
index 292ffbe762..0ff436be1e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -718,7 +718,7 @@ const OPTIONS s_server_options[] = {
     OPT_SECTION("General"),
     {"help", OPT_HELP, '-', "Display this summary"},
     {"ssl_config", OPT_SSL_CONFIG, 's',
-     "Configure SSL_CTX using the configuration 'val'"},
+     "Configure SSL_CTX using the given configuration value"},
 #ifndef OPENSSL_NO_SSL_TRACE
     {"trace", OPT_TRACE, '-', "trace protocol messages"},
 #endif
@@ -786,7 +786,7 @@ const OPTIONS s_server_options[] = {
     {"servername", OPT_SERVERNAME, 's',
      "Servername for HostName TLS extension"},
     {"servername_fatal", OPT_SERVERNAME_FATAL, '-',
-     "mismatch send fatal alert (default warning alert)"},
+     "On servername mismatch send fatal alert (default warning alert)"},
     {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
     {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
     {"quiet", OPT_QUIET, '-', "No server output"},
@@ -823,13 +823,13 @@ const OPTIONS s_server_options[] = {
      "use URI as certificate store to verify CA certificate"},
     {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"},
     {"ext_cache", OPT_EXT_CACHE, '-',
-     "Disable internal cache, setup and use external cache"},
+     "Disable internal cache, set up and use external cache"},
     {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
      "Close connection on verification error"},
     {"verify_quiet", OPT_VERIFY_QUIET, '-',
      "No verify output except verify errors"},
-    {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"},
-    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"},
+    {"ign_eof", OPT_IGN_EOF, '-', "Ignore input EOF (default when -quiet)"},
+    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input EOF"},
 
 #ifndef OPENSSL_NO_OCSP
     OPT_SECTION("OCSP"),
@@ -872,7 +872,7 @@ const OPTIONS s_server_options[] = {
     OPT_SECTION("Network"),
     {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
     {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
-    {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+    {"mtu", OPT_MTU, 'p', "Set link-layer MTU"},
     {"read_buf", OPT_READ_BUF, 'p',
      "Default read buffer size to be used for connections"},
     {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
diff --git a/apps/srp.c b/apps/srp.c
index aad08fb229..48b99da2af 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -209,8 +209,8 @@ const OPTIONS srp_options[] = {
 #endif
 
     OPT_SECTION("Action"),
-    {"add", OPT_ADD, '-', "Add a user and srp verifier"},
-    {"modify", OPT_MODIFY, '-', "Modify the srp verifier of an existing user"},
+    {"add", OPT_ADD, '-', "Add a user and SRP verifier"},
+    {"modify", OPT_MODIFY, '-', "Modify the SRP verifier of an existing user"},
     {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
     {"list", OPT_LIST, '-', "List users"},
 
diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod
index aa2e0058cc..6af02cf59a 100644
--- a/doc/man1/CA.pl.pod
+++ b/doc/man1/CA.pl.pod
@@ -23,11 +23,11 @@ B<-crl> |
 B<-newca>
 [B<-extra-I<cmd>> I<parameter>]
 
-B<CA.pl> B<-pkcs12> [B<-extra-pkcs12> I<parameter>] [I<certname>]
+B<CA.pl> B<-pkcs12> [I<certname>]
 
-B<CA.pl> B<-verify> [B<-extra-verify> I<parameter>] I<certfile> ...
+B<CA.pl> B<-verify> I<certfile> ...
 
-B<CA.pl> B<-revoke> [B<-extra-ca> I<parameter>] I<certfile> [I<reason>]
+B<CA.pl> B<-revoke> I<certfile> [I<reason>]
 
 =head1 DESCRIPTION
 
@@ -57,7 +57,7 @@ the correct path of the configuration file.
 
 =over 4
 
-=item B<?>, B<-h>, B<-help>
+=item B<-?>, B<-h>, B<-help>
 
 Prints a usage message.
 
diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in
index e38e405934..8696701257 100644
--- a/doc/man1/openssl-ec.pod.in
+++ b/doc/man1/openssl-ec.pod.in
@@ -100,6 +100,10 @@ Prints out the public, private key components and parameters.
 
 This option prevents output of the encoded version of the key.
 
+=item B<-param_out>
+
+Print the elliptic curve parameters.
+
 =item B<-pubin>
 
 By default, a private key is read from the input file. With this option a
diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in
index 5c94f49173..f424358ab3 100644
--- a/doc/man1/openssl-enc.pod.in
+++ b/doc/man1/openssl-enc.pod.in
@@ -54,6 +54,10 @@ either by itself or in addition to the encryption or decryption.
 
 =over 4
 
+=item B<-I<cipher>>
+
+The cipher to use.
+
 =item B<-help>
 
 Print out a usage message.
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index 0aa06834a9..0116feeaae 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -14,6 +14,7 @@ B<openssl> B<ocsp>
 [B<-out> I<file>]
 [B<-issuer> I<file>]
 [B<-cert> I<file>]
+[B<-no_certs>]
 [B<-serial> I<n>]
 [B<-signer> I<file>]
 [B<-signkey> I<file>]
@@ -23,7 +24,6 @@ B<openssl> B<ocsp>
 [B<-req_text>]
 [B<-resp_text>]
 [B<-text>]
-[B<-no_certs>]
 [B<-reqout> I<file>]
 [B<-respout> I<file>]
 [B<-reqin> I<file>]
@@ -112,6 +112,10 @@ Add the certificate I<filename> to the request. The issuer certificate
 is taken from the previous B<-issuer> option, or an error occurs if no
 issuer certificate is specified.
 
+=item B<-no_certs>
+
+Don't include any certificates in signed request.
+
 =item B<-serial> I<num>
 
 Same as the B<-cert> option except the certificate with serial number
@@ -389,7 +393,6 @@ each child is willing to wait for the client's OCSP response.
 This option is available on POSIX systems (that support the fork() and other
 required unix system-calls).
 
-
 =item B<-nmin> I<minutes>, B<-ndays> I<days>
 
 Number of minutes or days when fresh revocation information is available:
diff --git a/doc/man1/openssl-pkcs8.pod.in b/doc/man1/openssl-pkcs8.pod.in
index 100c5afd6f..2af61203e9 100644
--- a/doc/man1/openssl-pkcs8.pod.in
+++ b/doc/man1/openssl-pkcs8.pod.in
@@ -101,6 +101,10 @@ When creating new PKCS#8 containers, use a given number of iterations on
 the password in deriving the encryption key for the PKCS#8 output.
 High values increase the time required to brute-force a PKCS#8 container.
 
+=item B<-noiter>
+
+When creating new PKCS#8 containers, use 1 as iteration count.
+
 =item B<-nocrypt>
 
 PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index c7ce886b6f..27522fc04b 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -77,13 +77,13 @@ B<openssl> B<s_server>
 [B<-no_proxy> I<addresses>]
 [B<-status_url> I<val>]
 [B<-status_file> I<infile>]
+[B<-ssl_config> I<val>]
 [B<-trace>]
 [B<-security_debug>]
 [B<-security_debug_verbose>]
 [B<-brief>]
 [B<-rev>]
 [B<-async>]
-[B<-ssl_config> I<val>]
 [B<-max_send_frag> I<+int>]
 [B<-split_send_frag> I<+int>]
 [B<-max_pipelines> I<+int>]
@@ -123,9 +123,9 @@ B<openssl> B<s_server>
 [B<-listen>]
 [B<-sctp>]
 [B<-sctp_label_bug>]
+[B<-use_srtp> I<val>]
 [B<-no_dhe>]
 [B<-nextprotoneg> I<val>]
-[B<-use_srtp> I<val>]
 [B<-alpn> I<val>]
 [B<-sendfile>]
 [B<-keylogfile> I<outfile>]
@@ -303,6 +303,14 @@ This option translated a line feed from the terminal into CR+LF.
 
 Print extensive debugging information including a hex dump of all traffic.
 
+=item B<-security_debug>
+
+Print output from SSL/TLS security framework.
+
+=item B<-security_debug_verbose>
+
+Print more output from SSL/TLS security framework
+
 =item B<-msg>
 
 Show all protocol messages with hex dump.
@@ -377,6 +385,10 @@ DH).
 
 Inhibit printing of session and certificate information.
 
+=item B<-no_resume_ephemeral>
+
+Disable caching and tickets if ephemeral (EC)DH is used.
+
 =item B<-tlsextdebug>
 
 Print a hex dump of any TLS extensions received from the server.
@@ -426,6 +438,14 @@ option is enabled the peer does not need to send the close_notify alert and a
 closed connection will be treated as if the close_notify alert was received.
 For more information on shutting down a connection, see L<SSL_shutdown(3)>.
 
+=item B<-servername>
+
+Servername for HostName TLS extension.
+
+=item B<-servername_fatal>
+
+On servername mismatch send fatal alert (default: warning alert).
+
 =item B<-id_prefix> I<val>
 
 Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
@@ -433,12 +453,40 @@ for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
 servers, when each of which might be generating a unique range of session
 IDs (e.g. with a certain prefix).
 
+=item B<-keymatexport>
+
+Export keying material using label.
+
+=item B<-keymatexportlen>
+
+Export the given number of bytes of keying material; default 20.
+
+=item B<-no_cache>
+
+Disable session cache.
+
+=item B<-ext_cache>.
+
+Disable internal cache, set up and use external cache.
+
 =item B<-verify_return_error>
 
 Verification errors normally just print a message but allow the
 connection to continue, for debugging purposes.
 If this option is used, then verification errors close the connection.
 
+=item B<-verify_quiet>
+
+No verify output except verify errors.
+
+=item B<-ign_eof>
+
+Ignore input EOF (default: when B<-quiet>).
+
+=item B<-no_ign_eof>
+
+Do not ignore input EOF.
+
 =item B<-status>
 
 Enables certificate status request support (aka OCSP stapling).
@@ -482,6 +530,10 @@ Any given query component is handled as part of the path component.
 Overrides any OCSP responder URLs from the certificate and always provides the
 OCSP Response stored in the file. The file must be in DER format.
 
+=item B<-ssl_config> I<val>
+
+Configure SSL_CTX using the given configuration value.
+
 =item B<-trace>
 
 Show verbose trace output of protocol messages. OpenSSL needs to be compiled
@@ -622,6 +674,14 @@ will be used.
 
 Turns on non blocking I/O.
 
+=item B<-timeout>
+
+Enable timeouts.
+
+=item B<-mtu>
+
+Set link-layer MTU.
+
 =item B<-psk_identity> I<val>
 
 Expect the client to send PSK identity I<val> when using a PSK
@@ -644,6 +704,16 @@ This option must be provided in order to use a PSK cipher.
 Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK.
 Note that this will only work if TLSv1.3 is negotiated.
 
+=item B<-srpvfile>
+
+The verifier file for SRP.
+This option is deprecated.
+
+=item B<-srpuserseed>
+
+A seed string for a default user salt.
+This option is deprecated.
+
 =item B<-listen>
 
 This option can only be used in conjunction with one of the DTLS options above.
@@ -669,6 +739,10 @@ older broken implementations but breaks interoperability with correct
 implementations. Must be used in conjunction with B<-sctp>. This option is only
 available where OpenSSL has support for SCTP enabled.
 
+=item B<-use_srtp>
+
+Offer SRTP key management with a colon-separated profile list.
+
 =item B<-no_dhe>
 
 If this option is set then no DH parameters will be loaded effectively
@@ -849,7 +923,8 @@ The -no_alt_chains option was added in OpenSSL 1.1.0.
 The
 -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
 
-The B<-engine> option was deprecated in OpenSSL 3.0.
+The B<-srpvfile>, B<-srpuserseed>, and B<-engine>
+option were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index 0dbb19da4c..bfe992797a 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -81,6 +81,14 @@ C<openssl speed -cmac aes128>.
 
 Time the decryption instead of encryption. Affects only the EVP testing.
 
+=item B<-mb>
+
+Enable multi-block mode on EVP-named cipher.
+
+=item B<-aead>
+
+Benchmark EVP-named AEAD cipher in TLS-like sequence.
+
 =item B<-primes> I<num>
 
 Generate a I<num>-prime RSA key and use it to run the benchmarks. This option
diff --git a/doc/man1/openssl-srp.pod.in b/doc/man1/openssl-srp.pod.in
index c15d866704..26f7ebcef9 100644
--- a/doc/man1/openssl-srp.pod.in
+++ b/doc/man1/openssl-srp.pod.in
@@ -15,7 +15,6 @@ B<openssl srp>
 [B<-delete>]
 [B<-list>]
 [B<-name> I<section>]
-[B<-config> I<file>]
 [B<-srpvfile> I<file>]
 [B<-gn> I<identifier>]
 [B<-userinfo> I<text>]
@@ -23,6 +22,7 @@ B<openssl srp>
 [B<-passout> I<arg>]
 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_provider_synopsis -}
+{- $OpenSSL::safe::opt_config_synopsis -}
 [I<user> ...]
 
 =head1 DESCRIPTION
@@ -49,6 +49,26 @@ Display an option summary.
 
 Generate verbose output while processing.
 
+=item B<-add>
+
+Add a user and SRP verifier.
+
+=item B<-modify>
+
+Modify the SRP verifier of an existing user.
+
+=item B<-delete>
+
+Delete user from verifier file.
+
+=item B<-list>
+
+List users.
+
+=item B<-name>
+
+The particular SRP definition to use.
+
 =item B<-srpvfile> I<file>
 
 If the config file is not specified,
@@ -72,8 +92,12 @@ see L<openssl-passphrase-options(1)>.
 
 {- $OpenSSL::safe::opt_engine_item -}
 
+{- $OpenSSL::safe::opt_r_item -}
+
 {- $OpenSSL::safe::opt_provider_item -}
 
+{- $OpenSSL::safe::opt_config_item -}
+
 {- $OpenSSL::safe::opt_r_synopsis -}
 
 =back
diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in
index cf7d5f0260..6f71820202 100644
--- a/doc/man1/openssl-ts.pod.in
+++ b/doc/man1/openssl-ts.pod.in
@@ -106,11 +106,23 @@ requests either by ftp or e-mail.
 
 Print out a usage message.
 
+=item B<-query>
+
+Generate a TS query. For details see L</Timestamp Request generation>.
+
+=item B<-reply>
+
+Generate a TS reply. For details see L</Timestamp Response generation>.
+
+=item B<-verify>
+
+Verify a TS response. For details see L</Timestamp Response verification>.
+
 =back
 
 =head2 Timestamp Request generation
 
-The B<-query> switch can be used for creating and printing a timestamp
+The B<-query> command can be used for creating and printing a timestamp
 request with the following options:
 
 =over 4
diff --git a/doc/perlvars.pm b/doc/perlvars.pm
index ab52a086ee..71f3888d58 100644
--- a/doc/perlvars.pm
+++ b/doc/perlvars.pm
@@ -58,14 +58,14 @@ $OpenSSL::safe::opt_v_item = ""
 
 # Extended validation options.
 $OpenSSL::safe::opt_x_synopsis = ""
-. "[B<-xkey>] I<infile>\n"
+. "[B<-xkey> I<infile>]\n"
 . "[B<-xcert> I<file>]\n"
-. "[B<-xchain>] I<file>\n"
-. "[B<-xchain_build>] I<file>\n"
+. "[B<-xchain> I<file>]\n"
+. "[B<-xchain_build> I<file>]\n"
 . "[B<-xcertform> B<DER>|B<PEM>]>\n"
 . "[B<-xkeyform> B<DER>|B<PEM>]>";
 $OpenSSL::safe::opt_x_item = ""
-. "=item B<xkey> I<infile>, B<-xcert> I<file>, B<-xchain> I<file>,\n"
+. "=item B<-xkey> I<infile>, B<-xcert> I<file>, B<-xchain> I<file>,\n"
 . "B<-xchain_build> I<file>, B<-xcertform> B<DER>|B<PEM>,\n"
 . "B<-xkeyform> B<DER>|B<PEM>\n"
 . "\n"
@@ -203,8 +203,9 @@ $OpenSSL::safe::opt_s_synopsis = ""
 . "[B<-no_middlebox>]";
 $OpenSSL::safe::opt_s_item = ""
 . "=item B<-bugs>, B<-comp>, B<-no_comp>, B<-no_ticket>, B<-serverpref>,\n"
-. "B<-client_renegotiation>, B<_immediate_renegotiation>\n"
-. "B<-legacy_renegotiation>, B<-no_renegotiation>, B<-no_resumption_on_reneg>,\n"
+. "B<-client_renegotiation>, B<_immediate_renegotiation>,\n"
+. "B<-legacy_renegotiation>, B<-no_renegotiation>,\n"
+. "B<-immediate_renegotiation>, B<-no_resumption_on_reneg>,\n"
 . "B<-legacy_server_connect>, B<-no_legacy_server_connect>,\n"
 . "B<-allow_no_dhe_kex>, B<-prioritize_chacha>, B<-strict>, B<-sigalgs>\n"
 . "I<algs>, B<-client_sigalgs> I<algs>, B<-groups> I<groups>, B<-curves>\n"
diff --git a/util/find-doc-nits b/util/find-doc-nits
index 815880ad01..c62307a9ce 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -35,6 +35,7 @@ our($opt_s);
 our($opt_o);
 our($opt_h);
 our($opt_l);
+our($opt_m);
 our($opt_n);
 our($opt_p);
 our($opt_u);
@@ -45,11 +46,12 @@ our($opt_c);
 sub help {
     print <<EOF;
 Find small errors (nits) in documentation.  Options:
-    -c List undocumented commands and options
+    -c List undocumented commands, undocumented options and unimplemented options.
     -d Detailed list of undocumented (implies -u)
     -e Detailed list of new undocumented (implies -v)
     -h Print this help message
     -l Print bogus links
+    -m Name(s) of manuals to focus on. Default: man1,man3,man5,man7
     -n Print nits in POD pages
     -o Causes -e/-v to count symbols added since 1.1.1 as new (implies -v)
     -u Count undocumented functions
@@ -58,7 +60,7 @@ EOF
     exit;
 }
 
-getopts('cdehlnouv');
+getopts('cdehlm:nouv');
 
 help() if $opt_h;
 $opt_u = 1 if $opt_d;
@@ -78,7 +80,11 @@ my $temp = '/tmp/docnits.txt';
 my $OUT;
 my $status = 0;
 
-my @sections = ( 'man1', 'man3', 'man5', 'man7' );
+$opt_m = "man1,man3,man5,man7" unless $opt_m;
+die "Argument of -m option may contain only man1, man3, man5, and/or man7"
+    unless $opt_m =~ /^(man[1357][, ]?)*$/;
+my @sections = ( split /[, ]/, $opt_m );
+
 my %mandatory_sections = (
     '*' => [ 'NAME', 'DESCRIPTION', 'COPYRIGHT' ],
     1   => [ 'SYNOPSIS', 'OPTIONS' ],
@@ -148,7 +154,7 @@ my %collected_results = ();
 #                       - exclusive selectors, only applicable together with
 #                         any of the manual selectors.  If any of these are
 #                         present, only the manuals from the given sections
-#                         will be include.  If none of these are present,
+#                         will be included.  If none of these are present,
 #                         the manuals from all sections will be returned.
 #
 # All returned manual files come from configdata.pm.
@@ -543,8 +549,10 @@ sub option_check {
         err($id, "Malformed option [1] in SYNOPSIS: $&");
     }
 
+    my @synopsis;
     while ( $synopsis =~ /$markup_re/msg ) {
         my $found = $&;
+        push @synopsis, $found if $found =~ /^B<-/;
         print STDERR "$id:DEBUG[option_check] SYNOPSIS: found $found\n"
             if $debug;
         my $option_uw = normalise_option($id, $filename, $found);
@@ -554,6 +562,7 @@ sub option_check {
 
     # In OPTIONS, we look for =item paragraphs.
     # (?=^\s*$) detects an empty line.
+    my @options;
     while ( $options =~ /=item\s+(.*?)(?=^\s*$)/msg ) {
         my $item = $&;
 
@@ -567,8 +576,19 @@ sub option_check {
             my $option_uw = normalise_option($id, $filename, $found);
             err($id, "Malformed option in OPTIONS: $found")
                 if defined $option_uw && $option_uw eq '';
+            if ($found =~ /^B<-/) {
+                push @options, $found;
+                err($id, "OPTIONS entry $found missing from SYNOPSIS")
+                    unless (grep /^\Q$found\E$/, @synopsis)
+                         || $id =~ /(openssl|-options)\.pod:1:$/;
+            }
         }
     }
+    foreach (@synopsis) {
+        my $option = $_;
+        err($id, "SYNOPSIS entry $option missing from OPTIONS")
+            unless (grep /^\Q$option\E$/, @options);
+    }
 }
 
 # Normal symbol form
@@ -712,7 +732,7 @@ sub check {
                   files(TAGS => [ 'manual', 'man1' ]) );
         # TODO: Filter out "foreign manual" links.
         next if $target =~ /ps|apropos|sha1sum|procmail|perl/;
-        err($id, "Bad command link L<$target(1)>");
+        err($id, "Bad command link L<$target(1)>") if grep /man1/, @sections;
     }
     # Check for proper in-man-3 API links.
     while ( $contents =~ /L<([^>]*)\(3\)(?:\/.*)?>/g ) {
@@ -1049,11 +1069,11 @@ sub checkflags {
                 err("$cmd does not implement help for -$expect_helpstr") unless m/^\s*"/;
                 $expect_helpstr = "";
             }
-            if (m/\{\s*"([^"]+)"\s*,\s*OPT_[A-Z0-9_]+\s*,\s*('[-\/:<>cEfFlMnNpsuU]'|0)\s*,(.*)$/
-                       && !($cmd eq "s_client" && $1 eq "wdebug")) {
+            if (m/\{\s*"([^"]+)"\s*,\s*OPT_[A-Z0-9_]+\s*,\s*('[-\/:<>cEfFlMnNpsuU]'|0)(.*)$/
+                    && !($cmd eq "s_client" && $1 eq "wdebug")) {
                 push @cmdopts, $1;
                 $expect_helpstr = $1;
-                $expect_helpstr = "" if $3 =~ m/^\s*"/;
+                $expect_helpstr = "" if $3 =~ m/^\s*,\s*"/;
             } elsif (m/[\s,](OPT_[A-Z]+_OPTIONS?)\s*(,|$)/) {
                 push @cmdopts, @{ $genopts{$1} };
             }
@@ -1085,8 +1105,7 @@ sub checkflags {
     # See what's in the command not the manpage.
     my @undocced = sort grep { !defined $docopts{$_} } @cmdopts;
     foreach ( @undocced ) {
-        next if $cmd eq "openssl" && $_ eq "help";
-        err("$doc: undocumented option -$_");
+        err("$doc: undocumented $cmd option -$_");
     }
 
     # See what's in the command not the manpage.
@@ -1181,7 +1200,7 @@ if ( $opt_l ) {
 
 if ( $opt_n ) {
     # If not given args, check that all man1 commands are named properly.
-    if ( scalar @ARGV == 0 ) {
+    if ( scalar @ARGV == 0 && grep /man1/, @sections ) {
         foreach ( files(TAGS => [ 'public_manual', 'man1' ]) ) {
             next if /openssl\.pod/
                 || /CA\.pl/ || /tsget\.pod/; # these commands are special cases

From levitte at openssl.org  Thu May 20 14:27:39 2021
From: levitte at openssl.org (Richard Levitte)
Date: Thu, 20 May 2021 14:27:39 +0000
Subject: [openssl]  master update
Message-ID: <1621520859.475446.9755.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f14bead2c4898e484b6c01808c07edf3b61f01e9 (commit)
      from  14d3bb06c9c11b3e13c64611913757c27bc057f2 (commit)


- Log -----------------------------------------------------------------
commit f14bead2c4898e484b6c01808c07edf3b61f01e9
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed May 19 09:43:13 2021 +0200

    VMS: Copy __DECC_INCLUDE_{PROLOGUE,EPILOGUE}.H to more places
    
    Every inclusion directory related to a library we build need these two
    files.  That signals to any other module using anything from these
    libraries what to expect in terms of case sensitivity as well as how
    long symbol names are dealt with.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15341)

-----------------------------------------------------------------------

Summary of changes:
 {include/openssl => apps/include}/__DECC_INCLUDE_EPILOGUE.H               | 0
 {include/openssl => apps/include}/__DECC_INCLUDE_PROLOGUE.H               | 0
 .../openssl => providers/common/include/prov}/__DECC_INCLUDE_EPILOGUE.H   | 0
 .../openssl => providers/common/include/prov}/__DECC_INCLUDE_PROLOGUE.H   | 0
 .../implementations/include/prov}/__DECC_INCLUDE_EPILOGUE.H               | 0
 .../implementations/include/prov}/__DECC_INCLUDE_PROLOGUE.H               | 0
 6 files changed, 0 insertions(+), 0 deletions(-)
 copy {include/openssl => apps/include}/__DECC_INCLUDE_EPILOGUE.H (100%)
 copy {include/openssl => apps/include}/__DECC_INCLUDE_PROLOGUE.H (100%)
 copy {include/openssl => providers/common/include/prov}/__DECC_INCLUDE_EPILOGUE.H (100%)
 copy {include/openssl => providers/common/include/prov}/__DECC_INCLUDE_PROLOGUE.H (100%)
 copy {include/openssl => providers/implementations/include/prov}/__DECC_INCLUDE_EPILOGUE.H (100%)
 copy {include/openssl => providers/implementations/include/prov}/__DECC_INCLUDE_PROLOGUE.H (100%)

diff --git a/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/apps/include/__DECC_INCLUDE_EPILOGUE.H
similarity index 100%
copy from include/openssl/__DECC_INCLUDE_EPILOGUE.H
copy to apps/include/__DECC_INCLUDE_EPILOGUE.H
diff --git a/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/apps/include/__DECC_INCLUDE_PROLOGUE.H
similarity index 100%
copy from include/openssl/__DECC_INCLUDE_PROLOGUE.H
copy to apps/include/__DECC_INCLUDE_PROLOGUE.H
diff --git a/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/providers/common/include/prov/__DECC_INCLUDE_EPILOGUE.H
similarity index 100%
copy from include/openssl/__DECC_INCLUDE_EPILOGUE.H
copy to providers/common/include/prov/__DECC_INCLUDE_EPILOGUE.H
diff --git a/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/providers/common/include/prov/__DECC_INCLUDE_PROLOGUE.H
similarity index 100%
copy from include/openssl/__DECC_INCLUDE_PROLOGUE.H
copy to providers/common/include/prov/__DECC_INCLUDE_PROLOGUE.H
diff --git a/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/providers/implementations/include/prov/__DECC_INCLUDE_EPILOGUE.H
similarity index 100%
copy from include/openssl/__DECC_INCLUDE_EPILOGUE.H
copy to providers/implementations/include/prov/__DECC_INCLUDE_EPILOGUE.H
diff --git a/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/providers/implementations/include/prov/__DECC_INCLUDE_PROLOGUE.H
similarity index 100%
copy from include/openssl/__DECC_INCLUDE_PROLOGUE.H
copy to providers/implementations/include/prov/__DECC_INCLUDE_PROLOGUE.H

From dev at ddvo.net  Thu May 20 14:30:26 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Thu, 20 May 2021 14:30:26 +0000
Subject: [openssl]  master update
Message-ID: <1621521026.112333.32526.nullmailer@dev.openssl.org>

The branch master has been updated
       via  41d331b6f02267dbaa24cf35b9810994199431f4 (commit)
       via  7d3349276a5ff72535747a7f881be51076343165 (commit)
       via  eb9b532089e4b8a1d233fc2486db94f9596d5c98 (commit)
       via  f35a9b6a2d53190b65360b68540bc688fff1c704 (commit)
       via  d3fc80abfc71dbe6e74bdf2af09df328380096a8 (commit)
       via  9ad9002dd5f705d528ae20acb0e1b53767cde3dd (commit)
       via  435e659a03d12e98bb0502634d22002685b71ec9 (commit)
       via  ff3810332483f79b55f90db0ca9f93145d8f06b5 (commit)
      from  f14bead2c4898e484b6c01808c07edf3b61f01e9 (commit)


- Log -----------------------------------------------------------------
commit 41d331b6f02267dbaa24cf35b9810994199431f4
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Apr 30 07:30:33 2021 +0200

    check-format.pl: Rename '*-cmt' options '*-comment'
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

commit 7d3349276a5ff72535747a7f881be51076343165
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Apr 29 22:09:55 2021 +0200

    check-format.pl: Rename 'one-letter' to 'single-letter', do not report 'l'
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

commit eb9b532089e4b8a1d233fc2486db94f9596d5c98
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Apr 29 22:02:41 2021 +0200

    check-format.pl: Allow extra space before end-of-line comments unless -e|--eol-cmt given
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

commit f35a9b6a2d53190b65360b68540bc688fff1c704
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Apr 29 19:43:16 2021 +0200

    check-format.pl: Replace 'SPC' and 'spc' by 'space' in reports and option names
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

commit d3fc80abfc71dbe6e74bdf2af09df328380096a8
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Apr 29 09:41:30 2021 +0200

    check-format.pl: Fix false positive on struct/union/enum in func return type
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

commit 9ad9002dd5f705d528ae20acb0e1b53767cde3dd
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Apr 29 08:05:10 2021 +0200

    check-format.pl: Fix false positive "no SPC before binary '*'" for '!*'
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

commit 435e659a03d12e98bb0502634d22002685b71ec9
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Apr 29 07:57:36 2021 +0200

    check-format.pl: Report needless intermediate multiple SPC only on -e or --extra-spc
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

commit ff3810332483f79b55f90db0ca9f93145d8f06b5
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Apr 28 21:45:07 2021 +0200

    check-format.pl: Add check for constant left of comparison operator
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15077)

-----------------------------------------------------------------------

Summary of changes:
 util/check-format-test-negatives.c |  17 ++--
 util/check-format-test-positives.c |  15 +--
 util/check-format.pl               | 181 ++++++++++++++++++++-----------------
 3 files changed, 118 insertions(+), 95 deletions(-)

diff --git a/util/check-format-test-negatives.c b/util/check-format-test-negatives.c
index c9f77ecf6c..8149ff2b58 100644
--- a/util/check-format-test-negatives.c
+++ b/util/check-format-test-negatives.c
@@ -15,13 +15,13 @@
  */
 
 /*-
- * allow double space  in format-tagged multi-line comment
+ * allow extra SPC in format-tagged multi-line comment
  */
 int f(void) /*
              * trailing multi-line comment
              */
 {
-    if (ctx == NULL) { /* non-leading intra-line comment */
+    if (ctx == NULL) {    /* non-leading end-of-line comment */
         if (/* comment after '(' */ pem_name != NULL /* comment before ')' */)
             /* entire-line comment indent usually like for the following line */
             return NULL; /* hanging indent also for this line after comment */
@@ -150,6 +150,10 @@ int f(void) /*
         hanging_stmt;
 }
 
+/* should not trigger: constant on LHS of comparison or assignment operator */
+X509 *x509 = NULL;
+int y = a + 1 < b;
+
 const OPTIONS passwd_options[] = {
     {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@@ -269,11 +273,12 @@ static varref cmp_vars[] = { /* comment.  comment?  comment!  */
         /* comment */ \
     }
 
-/* 'struct' in function header */
-static int f(struct pem_pass_data *pass_data)
+union un var; /* struct/union/enum in variable type */
+struct provider_store_st *f() /* struct/union/enum in function return type */
+{
+}
+static void f(struct pem_pass_data *data) /* struct/union/enum in arg list */
 {
-    if (pass_data == NULL)
-        return 0;
 }
 
 static void *fun(void)
diff --git a/util/check-format-test-positives.c b/util/check-format-test-positives.c
index 5174a2b530..6281c5cbce 100644
--- a/util/check-format-test-positives.c
+++ b/util/check-format-test-positives.c
@@ -48,11 +48,11 @@
 */ /*@ unexpected comment ending delimiter outside comment */
 /*@ comment line is 4 columns tooooooooooooooooo wide, reported unless sloppy-len */
 /*@ comment line is 5 columns toooooooooooooooooooooooooooooooooooooooooooooo wide */
-#define X   1       /*@0 double space false negative due to coincidence */
+#define X   1       /*@0 extra space false negative due to coincidence */
  #define Y  2       /*@ indent of preprocessor directive off by 1 (must be 0) */
-typedef struct  {   /*@0 double space in code, reported unless sloppy-spc */
-    enum {          /*@1 double space  in comment, reported unless sloppy-spc */
-           w = 0 /*@2 hanging expr indent off by 1, or 3 for lines after '{' */
+typedef struct  {   /*@0 extra space in code, reported unless sloppy-spc */
+    enum {          /*@1 extra space  in comment, reported unless sloppy-spc */
+           w = 0 /*@ hanging expr indent off by 1, or 3 for lines after '{' */
              && 1,  /*@ hanging expr indent off by 3, or -1 for leading '&&' */
          x = 1,     /*@ hanging expr indent off by -1 */
           y,z       /*@ no space after ',', reported unless sloppy-spc */
@@ -72,10 +72,11 @@ void main(int n) {  /*@ opening brace at end of function definition header */
 #endif              /*@ unexpected #endif */
 int f (int a,       /*@ space after fn before '(', reported unless sloppy-spc */
       int b,        /*@ hanging expr indent off by -1 */
-       long l)      /*@ one-letter name 'l' */
+       long I)      /*@ single-letter name 'I' */
 { int               /*@ code after '{' opening a block */
     xx = 1) +       /*@ unexpected closing parenthesis */
-        2] -        /*@ unexpected closing bracket */
+        0L <        /*@ constant on LHS of comparison operator */
+        a] -        /*@ unexpected closing bracket */
         3: *        /*@ unexpected ':' (without preceding '?') within expr */
         4};         /*@ unexpected closing brace within expression */
     char y[] = {    /*@0 unclosed brace within initializer/enum expression */
@@ -91,7 +92,7 @@ int f (int a,       /*@ space after fn before '(', reported unless sloppy-spc */
            b,       /*@ expr indent as on line above, accepted if sloppy-hang */
     b, /*@ expr indent off -8 but @ extra indent accepted if sloppy-hang */
    "again aligned" /*@ expr indent off by -9 (left of stmt indent, */ "right",
-            123 == /*@ .. so reported also with sloppy-hang; this line is too long */ 456
+            abc == /*@ .. so reported also with sloppy-hang; this line is too long */ 456
 # define MAC(A) (A) /*@ nesting indent of preprocessor directive off by 1 */
              ? 1    /*@ hanging expr indent off by 1 */
               : 2); /*@ hanging expr indent off by 2, or 1 for leading ':' */
diff --git a/util/check-format.pl b/util/check-format.pl
index 2a9adc6fb8..72cf53d189 100755
--- a/util/check-format.pl
+++ b/util/check-format.pl
@@ -13,8 +13,9 @@
 #
 # usage:
 #   check-format.pl [-l|--sloppy-len] [-l|--sloppy-bodylen]
-#                   [-s|--sloppy-spc] [-c|--sloppy-cmt] [-m|--sloppy-macro]
-#                   [-h|--sloppy-hang] [-1|--1-stmt]
+#                   [-s|--sloppy-space] [-c|--sloppy-comment]
+#                   [-m|--sloppy-macro] [-h|--sloppy-hang]
+#                   [-e|--eol-comment] [-1|--1-stmt]
 #                   <files>
 #
 # run self-tests:
@@ -27,23 +28,24 @@
 # Still it should be useful for detecting most typical glitches.
 #
 # options:
-#  -l | --sloppy-len   increase accepted max line length from 80 to 84
+#  -l | --sloppy-len     increase accepted max line length from 80 to 84
 #  -l | --sloppy-bodylen do not report function body length > 200
-#  -s | --sloppy-spc   do not report whitespace nits
-#  -c | --sloppy-cmt   do not report indentation of comments
-#                      Otherwise for each multi-line comment the indentation of
-#                      its lines is checked for consistency. For each comment
-#                      that does not begin to the right of normal code its
-#                      indentation must be as for normal code, while in case it
-#                      also has no normal code to its right it is considered to
-#                      refer to the following line and may be indented equally.
-#  -m | --sloppy-macro allow missing extra indentation of macro bodies
-#  -h | --sloppy-hang  when checking hanging indentation, do not report
-#                      * same indentation as on line before
-#                      * same indentation as non-hanging indent level
-#                      * indentation moved left (not beyond non-hanging indent)
-#                        just to fit contents within the line length limit
-#  -1 | --1-stmt       do more aggressive checks for { 1 stmt } - see below
+#  -s | --sloppy-space   do not report whitespace nits
+#  -c | --sloppy-comment do not report indentation of comments
+#                        Otherwise for each multi-line comment the indentation of
+#                        its lines is checked for consistency. For each comment
+#                        that does not begin to the right of normal code its
+#                        indentation must be as for normal code, while in case it
+#                        also has no normal code to its right it is considered to
+#                        refer to the following line and may be indented equally.
+#  -m | --sloppy-macro   allow missing extra indentation of macro bodies
+#  -h | --sloppy-hang    when checking hanging indentation, do not report
+#                        * same indentation as on line before
+#                        * same indentation as non-hanging indent level
+#                        * indentation moved left (not beyond non-hanging indent)
+#                          just to fit contents within the line length limit
+#  -e | --eol-comment    report needless intermediate multiple consecutive spaces also before end-of-line comments
+#  -1 | --1-stmt         do more aggressive checks for { 1 stmt } - see below
 #
 # There are non-trivial false positives and negatives such as the following.
 #
@@ -64,12 +66,13 @@
 #   Yet with the --1-stmt option false positives are preferred over negatives.
 #   False negatives occur if the braces are more than two non-empty lines apart.
 #
-# * Use of multiple consecutive spaces is regarded a coding style nit except
-#   when done in order to align certain columns over multiple lines, e.g.:
+# * The presence of multiple consecutive spaces is regarded a coding style nit
+#   except when this is before end-of-line comments (unless the --eol-comment is given) and
+#   except when done in order to align certain columns over multiple lines, e.g.:
 #   # define AB  1
 #   # define CDE 22
 #   # define F   3333
-#   This pattern is recognized - and consequently double space not reported -
+#   This pattern is recognized - and consequently extra space not reported -
 #   for a given line if in the nonempty line before or after (if existing)
 #   for each occurrence of "  \S" (where \S means non-space) in the given line
 #   there is " \S" in the other line in the respective column position.
@@ -102,6 +105,7 @@ my $sloppy_SPC = 0;
 my $sloppy_hang = 0;
 my $sloppy_cmt = 0;
 my $sloppy_macro = 0;
+my $eol_cmt = 0;
 my $extended_1_stmt = 0;
 
 while ($ARGV[0] =~ m/^-(\w|-[\w\-]+)$/) {
@@ -110,14 +114,16 @@ while ($ARGV[0] =~ m/^-(\w|-[\w\-]+)$/) {
         $max_length += INDENT_LEVEL;
     } elsif ($arg =~ m/^(b|-sloppy-bodylen)$/) {
         $sloppy_bodylen = 1;
-    } elsif ($arg =~ m/^(s|-sloppy-spc)$/) {
-        $sloppy_SPC = 1;
-    } elsif ($arg =~ m/^(c|-sloppy-cmt)$/) {
+    } elsif ($arg =~ m/^(s|-sloppy-space)$/) {
+        $sloppy_SPC= 1;
+    } elsif ($arg =~ m/^(c|-sloppy-comment)$/) {
         $sloppy_cmt = 1;
     } elsif ($arg =~ m/^(m|-sloppy-macro)$/) {
         $sloppy_macro = 1;
     } elsif ($arg =~ m/^(h|-sloppy-hang)$/) {
         $sloppy_hang = 1;
+    } elsif ($arg =~ m/^(e|-eol-comment)$/) {
+        $eol_cmt = 1;
     } elsif ($arg =~ m/^(1|-1-stmt)$/) {
         $extended_1_stmt = 1;
     } else {
@@ -130,10 +136,11 @@ my $self_test;             # whether the current input file is regarded to conta
 my $line;                  # current line number
 my $line_before;           # number of previous not essentially empty line (containing at most whitespace and '\')
 my $line_before2;          # number of not essentially empty line before previous not essentially empty line
-my $contents;              # contents of current line
-my $contents_before;       # contents of $line_before, if $line_before > 0
+my $contents;              # contents of current line (without blinding)
+#  $_                      # current line, where comments etc. get blinded
+my $contents_before;       # contents of $line_before (without blinding), if $line_before > 0
 my $contents_before_;      # contents of $line_before after blinding comments etc., if $line_before > 0
-my $contents_before2;      # contents of $line_before2, if $line_before2 > 0
+my $contents_before2;      # contents of $line_before2  (without blinding), if $line_before2 > 0
 my $contents_before_2;     # contents of $line_before2 after blinding comments etc., if $line_before2 > 0
 my $in_multiline_string;   # line starts within multi-line string literal
 my $count;                 # -1 or number of leading whitespace characters (except newline) in current line,
@@ -214,7 +221,7 @@ sub report_flexibly {
     my $line = shift;
     my $msg = shift;
     my $contents = shift;
-    my $report_SPC = $msg =~ /SPC/;
+    my $report_SPC = $msg =~ /space/;
     return if $report_SPC && $sloppy_SPC;
 
     print "$ARGV:$line:$msg:$contents" unless $self_test;
@@ -239,9 +246,9 @@ sub parens_balance { # count balance of opening parentheses - closing parenthese
 
 sub blind_nonspace { # blind non-space text of comment as @, preserving length and spaces
     # the @ character is used because it cannot occur in normal program code so there is no confusion
-    # comment text is not blinded to whitespace in order to be able to check double SPC also in comments
+    # comment text is not blinded to whitespace in order to be able to check extra SPC also in comments
     my $comment_text = shift;
-    $comment_text =~ s/([\.\?\!])\s\s/$1. /g; # in double SPC checks allow one extra space after period '.', '?', or '!' in comments
+    $comment_text =~ s/([\.\?\!])\s\s/$1. /g; # in extra SPC checks allow one extra SPC after period '.', '?', or '!' in comments
     return $comment_text =~ tr/ /@/cr;
 }
 
@@ -507,7 +514,7 @@ while (<>) { # loop over all lines of all input files
     if ($in_comment > 0) { # this still includes the last line of multi-line commment
         my ($head, $any_symbol, $cmt_text) = m/^(\s*)(.?)(.*)$/;
         if ($any_symbol eq "*") {
-            report("no SPC after leading '*' in multi-line comment") if $cmt_text =~ m|^[^/\s$self_test_exception]|;
+            report("no space after leading '*' in multi-line comment") if $cmt_text =~ m|^[^/\s$self_test_exception]|;
         } else {
             report("no leading '*' in multi-line comment");
         }
@@ -516,8 +523,8 @@ while (<>) { # loop over all lines of all input files
 
     # detect end of comment, must be within multi-line comment, check if it is preceded by non-whitespace text
     if ((my ($head, $tail) = m|^(.*?)\*/(.*)$|) && $1 ne '/') { # ending comment: '*/'
-        report("neither SPC nor '*' before '*/'") if $head =~ m/[^*\s]$/;
-        report("no SPC after '*/'") if $tail =~ m/^[^\s,;)}\]]/; # no space or ,;)}] after '*/'
+        report("neither space nor '*' before '*/'") if $head =~ m/[^*\s]$/;
+        report("no space after '*/'") if $tail =~ m/^[^\s,;)}\]]/; # no space or ,;)}] after '*/'
         if (!($head =~ m|/\*|)) { # not begin of comment '/*', which is is handled below
             if ($in_comment == 0) {
                 report("unexpected '*/' outside comment");
@@ -540,9 +547,9 @@ while (<>) { # loop over all lines of all input files
     # detect begin of comment, check if it is followed by non-space text
   MATCH_COMMENT:
     if (my ($head, $opt_minus, $tail) = m|^(.*?)/\*(-?)(.*)$|) { # begin of comment: '/*'
-        report("no SPC before '/*'")
+        report("no space before '/*'")
             if $head =~ m/[^\s(\*]$/; # not space, '(', or or '*' (needed to allow '*/') before comment delimiter
-        report("neither SPC nor '*' after '/*' or '/*-'") if $tail =~ m/^[^\s*$self_test_exception]/;
+        report("neither space nor '*' after '/*' or '/*-'") if $tail =~ m/^[^\s*$self_test_exception]/;
         my $cmt_text = $opt_minus.$tail; # preliminary
         if ($in_comment > 0) {
             report("unexpected '/*' inside multi-line comment");
@@ -604,17 +611,17 @@ while (<>) { # loop over all lines of all input files
 
     my $in_multiline_comment = ($in_comment > 1 || $in_comment < 0); # $in_multiline_comment refers to line before
     if (!$sloppy_SPC && !($in_multiline_comment && $formatted_comment)) {
-        sub dbl_SPC {
+        sub extra_SPC {
             my $intra_line = shift;
-            return "double SPC".($intra_line =~ m/@\s\s/ ?
-                                 $in_comment != 0 ? " in multi-line comment"
-                                                  : " in intra-line comment" : "");
+            return "extra space".($intra_line =~ m/@\s\s/ ?
+                                  $in_comment != 0 ? " in multi-line comment"
+                                                   : " in intra-line comment" : "");
         }
-        sub split_line_head {
+        sub split_line_head { # split line contents into header containing leading spaces and the first non-space char, and the rest of the line
             my $comment_symbol =
                 $in_comment != 0 ? "@" : ""; # '@' will match the blinded leading '*' in multi-line comment
                                              # $in_comment may pertain to the following line due to delayed check
-            # do not check for double SPC in leading spaces including any '#' (or '*' within multi-line comment)
+            # do not check for extra SPC in leading spaces including any '#' (or '*' within multi-line comment)
             shift =~ m/^(\s*([#$comment_symbol]\s*)?)(.*?)\s*$/;
             return ($1, $3);
         }
@@ -622,26 +629,29 @@ while (<>) { # loop over all lines of all input files
         my ($head1, $intra_line1) = split_line_head($contents_before_ ) if $line_before > 0;
         my ($head2, $intra_line2) = split_line_head($contents_before_2) if $line_before2 > 0;
         if ($line_before > 0) { # check with one line delay, such that at least $contents_before is available
-            sub column_alignments_only {
-                my $head = shift;
-                my $intra = shift;
-                my $contents = shift;
-                # check if all double SPC in $intra is used only for multi-line column alignment with $contents
+            sub column_alignments_only { # return 1 if the given line has multiple consecutive spaces only at columns that match the reference line
+                # all parameter strings are assumed to contain contents after blinding comments etc.
+                my $head = shift;     # leading spaces and the first non-space char
+                my $intra = shift;    # the rest of the line contents
+                my $contents = shift; # reference line
+                # check if all extra SPC in $intra is used only for multi-line column alignment with $contents
                 my $offset = length($head);
                 for (my $col = 0; $col < length($intra) - 2; $col++) {
-                   return 0 if substr($intra   , $col, 3) =~ m/\s\s\S/ # double space (after leading space)
-                          && !(substr($contents, $col + $offset + 1, 2) =~ m/\s\S/)
+                    my $substr = substr($intra, $col);
+                    next unless $substr =~ m/^\s\s\S/; # extra SPC (but not in leading spaces of the line)
+                    next if !$eol_cmt && $substr =~ m/^[@\s]+$/; # end-of-line comment
+                    return 0 unless substr($contents, $col + $offset + 1, 2) =~ m/\s\S/; # reference line contents do not match
                 }
                 return 1;
             }
-            report_flexibly($line_before, dbl_SPC($intra_line1), $contents_before) if $intra_line1 =~ m/\s\s\S/ &&
+            report_flexibly($line_before, extra_SPC($intra_line1), $contents_before) if $intra_line1 =~ m/\s\s\S/ &&
                !(    column_alignments_only($head1, $intra_line1, $_                )    # compare with $line
                  || ($line_before2 > 0 &&
                      column_alignments_only($head1, $intra_line1, $contents_before_2))); # compare w/ $line_before2
-            report(dbl_SPC($intra_line)) if $intra_line  =~ m/\s\s\S/ && eof
+            report(extra_SPC($intra_line)) if $intra_line  =~ m/\s\s\S/ && eof
                 && ! column_alignments_only($head , $intra_line , $contents_before_ )  ; # compare w/ $line_before
         } elsif (eof) { # special case: just one line exists
-            report(dbl_SPC($intra_line)) if $intra_line  =~ m/\s\s\S/;
+            report(extra_SPC($intra_line)) if $intra_line  =~ m/\s\s\S/;
         }
         # ignore paths in #include
         $intra_line =~ s/^(include\s*)(".*?"|<.*?>)/$1/e if $head =~ m/#/;
@@ -656,47 +666,47 @@ while (<>) { # loop over all lines of all input files
         # remove blinded comments etc. directly before ,;)}]
         while ($intra_line =~ s/\s?@+([,;\)\}\]])/$1/e) {} # /g does not work here
         # treat remaining blinded comments and string literal contents as (single) space during matching below
-        $intra_line =~ s/@+/ /g;                     # note that double SPC has already been handled above
+        $intra_line =~ s/@+/ /g;                     # note that extra SPC has already been handled above
         $intra_line =~ s/\s+$//;                     # strip any (resulting) space at EOL
         $intra_line =~ s/(for\s*\([^;]*);;(\))/"$1$2"/eg; # strip trailing ';;' in for (;;)
         $intra_line =~ s/(for\s*\([^;]+;[^;]+);(\))/"$1$2"/eg; # strip trailing ';' in for (;;)
         $intra_line =~ s/(=\s*)\{ /"$1@ "/eg;        # do not report {SPC in initializers such as ' = { 0, };'
         $intra_line =~ s/, \};/, @;/g;               # do not report SPC} in initializers such as ' = { 0, };'
-        report("SPC before '$1'") if $intra_line =~ m/[\w)\]]\s+(\+\+|--)/;  # postfix ++/-- with preceding space
-        report("SPC after '$1'")  if $intra_line =~ m/(\+\+|--)\s+[a-zA-Z_(]/; # prefix ++/-- with following space
+        report("space before '$1'") if $intra_line =~ m/[\w)\]]\s+(\+\+|--)/;  # postfix ++/-- with preceding space
+        report("space after '$1'")  if $intra_line =~ m/(\+\+|--)\s+[a-zA-Z_(]/; # prefix ++/-- with following space
         $intra_line =~ s/\.\.\./@/g;                 # blind '...'
-        report("SPC before '$1'") if $intra_line =~ m/\s(\.|->)/;            # '.' or '->' with preceding space
-        report("SPC after '$1'")  if $intra_line =~ m/(\.|->)\s/;            # '.' or '->' with following space
+        report("space before '$1'") if $intra_line =~ m/\s(\.|->)/;            # '.' or '->' with preceding space
+        report("space after '$1'")  if $intra_line =~ m/(\.|->)\s/;            # '.' or '->' with following space
         $intra_line =~ s/\-\>|\+\+|\-\-/@/g;         # blind '->,', '++', and '--'
-        report("SPC before '$2'")     if $intra_line =~ m/[^:]\s+(;)/;       # space before ';' but not after ':'
-        report("SPC before '$1'")     if $intra_line =~ m/\s([,)\]])/;       # space before ,)]
-        report("SPC after '$1'")      if $intra_line =~ m/([(\[~!])\s/;      # space after ([~!
-        report("SPC after '$1'")      if $intra_line =~ m/(defined)\s/;      # space after 'defined'
-        report("no SPC before '=' or '<op>='") if $intra_line =~ m/\S(=)/;   # '=' etc. without preceding space
-        report("no SPC before '$1'")  if $intra_line =~ m/\S([|\/%<>^\?])/;  # |/%<>^? without preceding space
+        report("space before '$2'")     if $intra_line =~ m/[^:]\s+(;)/;       # space before ';' but not after ':'
+        report("space before '$1'")     if $intra_line =~ m/\s([,)\]])/;       # space before ,)]
+        report("space after '$1'")      if $intra_line =~ m/([(\[~!])\s/;      # space after ([~!
+        report("space after '$1'")      if $intra_line =~ m/(defined)\s/;      # space after 'defined'
+        report("no space before '=' or '<op>='") if $intra_line =~ m/\S(=)/;   # '=' etc. without preceding space
+        report("no space before '$1'")  if $intra_line =~ m/\S([|\/%<>^\?])/;  # |/%<>^? without preceding space
         # TODO ternary ':' without preceding SPC, while allowing no SPC before ':' after 'case'
-        report("no SPC before binary '$1'")  if $intra_line =~ m/[^\s{()\[]([+\-])/;# +/- without preceding space or {()[
+        report("no space before binary '$1'")  if $intra_line =~ m/[^\s{()\[]([+\-])/;# +/- without preceding space or {()[
                                                                              # or ')' (which is used f type casts)
-        report("no SPC before binary '$1'")  if $intra_line =~ m/[^\s{()\[*]([*])/; # '*' without preceding space or {()[*
-        report("no SPC before binary '$1'")  if $intra_line =~ m/[^\s{()\[]([&])/;  # '&' without preceding space or {()[
-        report("no SPC after ternary '$1'") if $intra_line =~ m/(:)[^\s\d]/; # ':' without following space or digit
-        report("no SPC after '$1'")   if $intra_line =~ m/([,;=|\/%<>^\?])\S/; # ,;=|/%<>^? without following space
-        report("no SPC after binary '$1'") if $intra_line=~m/[^{(\[]([*])[^\sa-zA-Z_(),*]/;# '*' w/o space or \w(),* after
+        report("no space before binary '$1'")  if $intra_line =~ m/[^\s{()\[*!]([*])/; # '*' without preceding space or {()[*!
+        report("no space before binary '$1'")  if $intra_line =~ m/[^\s{()\[]([&])/;  # '&' without preceding space or {()[
+        report("no space after ternary '$1'") if $intra_line =~ m/(:)[^\s\d]/; # ':' without following space or digit
+        report("no space after '$1'")   if $intra_line =~ m/([,;=|\/%<>^\?])\S/; # ,;=|/%<>^? without following space
+        report("no space after binary '$1'") if $intra_line=~m/[^{(\[]([*])[^\sa-zA-Z_(),*]/;# '*' w/o space or \w(),* after
         # TODO unary '*' must not be followed by SPC
-        report("no SPC after binary '$1'") if $intra_line=~m/([&])[^\sa-zA-Z_(]/;  # '&' w/o following space or \w(
+        report("no space after binary '$1'") if $intra_line=~m/([&])[^\sa-zA-Z_(]/;  # '&' w/o following space or \w(
         # TODO unary '&' must not be followed by SPC
-        report("no SPC after binary '$1'") if $intra_line=~m/[^{(\[]([+\-])[^\s\d(]/;  # +/- w/o following space or \d(
+        report("no space after binary '$1'") if $intra_line=~m/[^{(\[]([+\-])[^\s\d(]/;  # +/- w/o following space or \d(
         # TODO unary '+' and '-' must not be followed by SPC
-        report("no SPC after '$2'")   if $intra_line =~ m/(^|\W)(if|while|for|switch|case)[^\w\s]/; # kw w/o SPC
-        report("no SPC after '$2'")   if $intra_line =~ m/(^|\W)(return)[^\w\s;]/;  # return w/o SPC or ';'
-        report("SPC after function/macro name")
+        report("no space after '$2'")   if $intra_line =~ m/(^|\W)(if|while|for|switch|case)[^\w\s]/; # kw w/o SPC
+        report("no space after '$2'")   if $intra_line =~ m/(^|\W)(return)[^\w\s;]/;  # return w/o SPC or ';'
+        report("space after function/macro name")
                                       if $intra_line =~ m/(\w+)\s+\(/        # fn/macro name with space before '('
        && !($1 =~ m/^(if|while|for|switch|return|typedef|void|char|unsigned|int|long|float|double)$/) # not keyword
                                     && !(m/^\s*#\s*define\s/); # we skip macro definitions here because macros
                                     # without parameters but with body beginning with '(', e.g., '#define X (1)',
                                     # would lead to false positives - TODO also check for macros with parameters
-        report("no SPC before '{'")   if $intra_line =~ m/[^\s{(\[]\{/;      # '{' without preceding space or {([
-        report("no SPC after '}'")    if $intra_line =~ m/\}[^\s,;\])}]/;    # '}' without following space or ,;])}
+        report("no space before '{'")   if $intra_line =~ m/[^\s{(\[]\{/;      # '{' without preceding space or {([
+        report("no space after '}'")    if $intra_line =~ m/\}[^\s,;\])}]/;    # '}' without following space or ,;])}
     }
 
     # preprocessor directives @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@ -846,7 +856,12 @@ while (<>) { # loop over all lines of all input files
         }
     }
 
-    report("one-letter name '$2'") if (m/(^|.*\W)([lIO])(\W.*|$)/); # single-letter name 'l', 'I', or 'O'
+    report("single-letter name '$2'") if (m/(^|.*\W)([IO])(\W.*|$)/); # single-letter name 'I' or 'O' # maybe re-add 'l'?
+    # constant on LHS of comparison or assignment, e.g., NULL != x or 'a' < c, but not a + 1 == b
+    report("constant on LHS of '$2'")
+        if (m/(['"]|([\+\-\*\/\/%\&\|\^<>]\s*)?\W[0-9]+L?|NULL)\s*([\!<>=]=|[<=>][^<>])/ && $2 eq "");
+
+    # TODO report #if 0 and #if 1
 
     # TODO report empty line within local variable definitions
 
@@ -918,10 +933,12 @@ while (<>) { # loop over all lines of all input files
     }
 
     # set $in_typedecl and potentially $hanging_offset for type declaration
-    if (!$in_expr && @nested_indents == 0 && # not in expression
-        m/(^|^.*\W)(typedef|struct|union|enum)(\W.*|$)$/ &&
-        parens_balance($1) == 0) { # not in newly started expression
-        # not needed: $keyword_opening_brace = $2 if $3 =~ m/\{/;
+    if (!$in_expr && @nested_indents == 0 # not in expression
+        && m/(^|^.*\W)(typedef|struct|union|enum)(\W.*|$)$/
+        && parens_balance($1) == 0 # not in newly started expression or function arg list
+        && ($2 eq "typedef" || !($3 =~ m/\s*\w++\s*(.)/ && $1 ne "{")) # 'struct'/'union'/'enum' <name> not followed by '{'
+        # not needed: && $keyword_opening_brace = $2 if $3 =~ m/\{/;
+        ) {
         $in_typedecl++;
         $hanging_offset += INDENT_LEVEL if m/\*.*\(/; # '*' followed by '(' - seems consistent with Emacs C mode
     }
@@ -1079,8 +1096,8 @@ while (<>) { # loop over all lines of all input files
         $hanging_offset = 0; # compensate for this in case macro ends, e.g., as 'while (0)'
     }
 
-    if (m/^\s*$/) { # essentially empty line: just whitespace (and maybe a '\')
-            report("empty line at beginnig of file") if $line == 1 && !$sloppy_SPC;
+    if (m/^\s*$/) { # at begin of file essentially empty line: just whitespace (and maybe a '\')
+            report("leading ".($1 eq "" ? "empty" :"whitespace")." line") if $line == 1 && !$sloppy_SPC;
     } else {
         if ($line_before > 0) {
             my $linediff = $line - $line_before - 1;

From dev at ddvo.net  Thu May 20 14:32:00 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Thu, 20 May 2021 14:32:00 +0000
Subject: [openssl]  master update
Message-ID: <1621521120.771037.1582.nullmailer@dev.openssl.org>

The branch master has been updated
       via  340cf8759f904859e609cecf4315b7cb50cde561 (commit)
       via  56c4f6fe724e4aa54498188873d84e5694b02984 (commit)
       via  601fe8e0d78d4344445cbfa83dbe9bc4ad1287f1 (commit)
      from  41d331b6f02267dbaa24cf35b9810994199431f4 (commit)


- Log -----------------------------------------------------------------
commit 340cf8759f904859e609cecf4315b7cb50cde561
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Apr 3 19:42:39 2021 +0200

    apps/cms: Clean up order of options in help output and documentation
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15126)

commit 56c4f6fe724e4aa54498188873d84e5694b02984
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Apr 12 19:00:00 2021 +0200

    APPS: Allow duplicate entries in options list, marking them OPT_DUP
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15126)

commit 601fe8e0d78d4344445cbfa83dbe9bc4ad1287f1
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Apr 3 16:03:21 2021 +0200

    APPS: Allow non-option parameters appear anywhere in list, marking them OPT_PARAM
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15126)

-----------------------------------------------------------------------

Summary of changes:
 apps/cms.c                  | 299 +++++++++++----------
 apps/include/opt.h          |   3 +
 apps/lib/opt.c              |  20 +-
 doc/man1/openssl-cms.pod.in | 639 ++++++++++++++++++++++++++------------------
 4 files changed, 547 insertions(+), 414 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index d2225d51af..25ef1effd4 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -30,25 +30,25 @@ static CMS_ReceiptRequest
 static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
                               STACK_OF(OPENSSL_STRING) *param);
 
-#define SMIME_OP        0x10
-#define SMIME_IP        0x20
-#define SMIME_SIGNERS   0x40
+#define SMIME_OP                0x100
+#define SMIME_IP                0x200
+#define SMIME_SIGNERS           0x400
 #define SMIME_ENCRYPT           (1 | SMIME_OP)
 #define SMIME_DECRYPT           (2 | SMIME_IP)
 #define SMIME_SIGN              (3 | SMIME_OP | SMIME_SIGNERS)
 #define SMIME_VERIFY            (4 | SMIME_IP)
-#define SMIME_CMSOUT            (5 | SMIME_IP | SMIME_OP)
-#define SMIME_RESIGN            (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_DATAOUT           (7 | SMIME_IP)
-#define SMIME_DATA_CREATE       (8 | SMIME_OP)
+#define SMIME_RESIGN            (5 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_SIGN_RECEIPT      (6 | SMIME_IP | SMIME_OP)
+#define SMIME_VERIFY_RECEIPT    (7 | SMIME_IP)
+#define SMIME_DIGEST_CREATE     (8 | SMIME_OP)
 #define SMIME_DIGEST_VERIFY     (9 | SMIME_IP)
-#define SMIME_DIGEST_CREATE     (10 | SMIME_OP)
+#define SMIME_COMPRESS          (10 | SMIME_OP)
 #define SMIME_UNCOMPRESS        (11 | SMIME_IP)
-#define SMIME_COMPRESS          (12 | SMIME_OP)
+#define SMIME_ENCRYPTED_ENCRYPT (12 | SMIME_OP)
 #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
-#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
-#define SMIME_SIGN_RECEIPT      (15 | SMIME_IP | SMIME_OP)
-#define SMIME_VERIFY_RECEIPT    (16 | SMIME_IP)
+#define SMIME_DATA_CREATE       (14 | SMIME_OP)
+#define SMIME_DATA_OUT          (15 | SMIME_IP)
+#define SMIME_CMSOUT            (16 | SMIME_IP | SMIME_OP)
 
 static int verify_err = 0;
 
@@ -89,141 +89,152 @@ typedef enum OPTION_choice {
 
 const OPTIONS cms_options[] = {
     {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
 
     OPT_SECTION("General"),
-    {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
-    {"outform", OPT_OUTFORM, 'c',
-     "Output format SMIME (default), PEM or DER"},
     {"in", OPT_IN, '<', "Input file"},
     {"out", OPT_OUT, '>', "Output file"},
-    {"debug_decrypt", OPT_DEBUG_DECRYPT, '-',
-        "Disable MMA protection and return an error if no recipient found"
-        " (see documentation)"},
-    {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
-    {"indef", OPT_INDEF, '-', "Same as -stream"},
-    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
-    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
-    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
-    {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
-    {"CAstore", OPT_CASTORE, ':', "trusted certificates store URI"},
-    {"no-CAfile", OPT_NOCAFILE, '-',
-     "Do not load the default certificates file"},
-    {"no-CApath", OPT_NOCAPATH, '-',
-     "Do not load certificates from the default certificates directory"},
-    {"no-CAstore", OPT_NOCASTORE, '-',
-     "Do not load certificates from the default certificates store"},
-# ifndef OPENSSL_NO_ENGINE
-    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
     OPT_CONFIG_OPTION,
 
-    OPT_SECTION("Action"),
+    OPT_SECTION("Operation"),
     {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
     {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
     {"sign", OPT_SIGN, '-', "Sign message"},
-    {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
-    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
-    {"cades", OPT_CADES, '-', "Include or check signingCertificate (CAdES-BES)"},
     {"verify", OPT_VERIFY, '-', "Verify signed message"},
-    {"verify_retcode", OPT_VERIFY_RETCODE, '-',
-        "Exit non-zero on verification failure"},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"sign_receipt", OPT_SIGN_RECEIPT, '-',
+     "Generate a signed receipt for a message"},
     {"verify_receipt", OPT_VERIFY_RECEIPT, '<',
-        "Verify receipts; exit if receipt signatures do not verify"},
-    {"digest_verify", OPT_DIGEST_VERIFY, '-',
-        "Verify a CMS \"DigestedData\" object and output it"},
+     "Verify receipts; exit if receipt signatures do not verify"},
     {"digest_create", OPT_DIGEST_CREATE, '-',
-        "Create a CMS \"DigestedData\" object"},
+     "Create a CMS \"DigestedData\" object"},
+    {"digest_verify", OPT_DIGEST_VERIFY, '-',
+     "Verify a CMS \"DigestedData\" object and output it"},
     {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"},
     {"uncompress", OPT_UNCOMPRESS, '-',
-        "Uncompress a CMS \"CompressedData\" object"},
-    {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-',
-        "Decrypt CMS \"EncryptedData\" object using symmetric key"},
+     "Uncompress a CMS \"CompressedData\" object"},
     {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-',
-        "Create CMS \"EncryptedData\" object using symmetric key"},
-    {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"},
+     "Create CMS \"EncryptedData\" object using symmetric key"},
+    {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-',
+     "Decrypt CMS \"EncryptedData\" object using symmetric key"},
     {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"},
+    {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"},
     {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
-    {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-',
-        "Do not verify signed content signatures"},
-    {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-',
-        "Do not verify signed attribute signatures"},
-    {"nointern", OPT_NOINTERN, '-',
-        "Don't search certificates in message for signer"},
-    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
 
-    OPT_SECTION("Formatting"),
-    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
-    {"asciicrlf", OPT_ASCIICRLF, '-',
-        "Perform CRLF canonicalisation when signing"},
-    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
-    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
-    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
-    {"binary", OPT_BINARY, '-', "Treat input as binary: do not translate to canonical form"},
-    {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
-    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
-    {"nocerts", OPT_NOCERTS, '-',
-     "Don't include signers certificate when signing"},
-    {"noout", OPT_NOOUT, '-',
-        "For the -cmsout operation do not output the parsed CMS structure"},
-    {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
-    {"receipt_request_all", OPT_RR_ALL, '-',
-        "When signing, create a receipt request for all recipients"},
-    {"receipt_request_first", OPT_RR_FIRST, '-',
-        "When signing, create a receipt request for first recipient"},
+    OPT_SECTION("File format"),
+    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
+    {"outform", OPT_OUTFORM, 'c',
+     "Output format SMIME (default), PEM or DER"},
     {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
-    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
-    {"content", OPT_CONTENT, '<',
-     "Supply or override content for detached signature"},
-    {"print", OPT_PRINT, '-',
-     "For the -cmsout operation print out all fields of the CMS structure"},
-    {"nameopt", OPT_NAMEOPT, 's',
-     "For the -print option specifies various strings printing options"},
-    {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
+    {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+    {"indef", OPT_INDEF, '-', "Same as -stream"},
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"binary", OPT_BINARY, '-',
+     "Treat input as binary: do not translate to canonical form"},
+    {"crlfeol", OPT_CRLFEOL, '-',
+     "Use CRLF as EOL termination instead of CR only" },
+    {"asciicrlf", OPT_ASCIICRLF, '-',
+     "Perform CRLF canonicalisation when signing"},
 
-    OPT_SECTION("Keying"),
+    OPT_SECTION("Keys and passwords"),
+    {"pwri_password", OPT_PWRI_PASSWORD, 's',
+     "Specific password for recipient"},
     {"secretkey", OPT_SECRETKEY, 's',
-        "Use specified hex-encoded key to decrypt/encrypt recipients or content"},
+     "Use specified hex-encoded key to decrypt/encrypt recipients or content"},
     {"secretkeyid", OPT_SECRETKEYID, 's',
-        "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"},
-    {"pwri_password", OPT_PWRI_PASSWORD, 's',
-        "Specific password for recipient"},
-    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+     "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"},
     {"inkey", OPT_INKEY, 's',
      "Input private key (if not signer or recipient)"},
-    {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
     {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
+    {"keyform", OPT_KEYFORM, 'f',
+     "Input private key format (ENGINE, other values ignored)"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+#endif
+    OPT_PROV_OPTIONS,
+    OPT_R_OPTIONS,
 
-    OPT_SECTION("Mail header"),
-    {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"},
-    {"to", OPT_TO, 's', "To address"},
-    {"from", OPT_FROM, 's', "From address"},
-    {"subject", OPT_SUBJECT, 's', "Subject"},
-    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    OPT_SECTION("Encryption and decryption"),
     {"originator", OPT_ORIGINATOR, 's', "Originator certificate file"},
-    {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
-    {"receipt_request_from", OPT_RR_FROM, 's',
-        "Create signed receipt request with specified email address"},
-    {"receipt_request_to", OPT_RR_TO, 's',
-        "Create signed receipt targeted to specified address"},
-
-    OPT_SECTION("Encryption"),
-    {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
-    {"", OPT_CIPHER, '-', "Any supported cipher"},
-
-    OPT_SECTION("Key-wrapping"),
+    {"recip", OPT_RECIP, '<', "Recipient cert file"},
+    {"cert...", OPT_PARAM, '.',
+     "Recipient certs (optional; used only when encrypting)"},
+    {"", OPT_CIPHER, '-',
+     "The encryption algorithm to use (any supported cipher)"},
+    {"wrap", OPT_WRAP, 's',
+     "Key wrap algorithm to use when encrypting with key agreement"},
     {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
     {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
     {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
     {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
-    {"wrap", OPT_WRAP, 's', "Any wrap cipher to wrap key"},
+    {"debug_decrypt", OPT_DEBUG_DECRYPT, '-',
+     "Disable MMA protection, return error if no recipient found (see doc)"},
 
-    OPT_R_OPTIONS,
-    OPT_V_OPTIONS,
-    OPT_PROV_OPTIONS,
+    OPT_SECTION("Signing"),
+    {"md", OPT_MD, 's', "Digest algorithm to use"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate input file"},
+    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+    {"cades", OPT_CADES, '-',
+     "Include signingCertificate attribute (CAdES-BES)"},
+    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+    {"nocerts", OPT_NOCERTS, '-',
+     "Don't include signer's certificate when signing"},
+    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"receipt_request_all", OPT_RR_ALL, '-',
+     "When signing, create a receipt request for all recipients"},
+    {"receipt_request_first", OPT_RR_FIRST, '-',
+     "When signing, create a receipt request for first recipient"},
+    {"receipt_request_from", OPT_RR_FROM, 's',
+     "Create signed receipt request with specified email address"},
+    {"receipt_request_to", OPT_RR_TO, 's',
+     "Create signed receipt targeted to specified address"},
 
-    OPT_PARAMETERS(),
-    {"cert", 0, 0, "Recipient certs (optional; used only when encrypting)"},
+    OPT_SECTION("Verification"),
+    {"signer", OPT_DUP, 's', "Signer certificate(s) output file"},
+    {"content", OPT_CONTENT, '<',
+     "Supply or override content for detached signature"},
+    {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-',
+     "Do not verify signed content signatures"},
+    {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-',
+     "Do not verify signed attribute signatures"},
+    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+    {"nointern", OPT_NOINTERN, '-',
+     "Don't search certificates in message for signer"},
+    {"cades", OPT_DUP, '-', "Check signingCertificate (CAdES-BES)"},
+    {"verify_retcode", OPT_VERIFY_RETCODE, '-',
+     "Exit non-zero on verification failure"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
+    {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"no-CAstore", OPT_NOCASTORE, '-',
+     "Do not load certificates from the default certificates store"},
+
+    OPT_SECTION("Output"),
+    {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
+    {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"},
+    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+    {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
+    {"to", OPT_TO, 's', "To address"},
+    {"from", OPT_FROM, 's', "From address"},
+    {"subject", OPT_SUBJECT, 's', "Subject"},
+
+    OPT_SECTION("Printing"),
+    {"noout", OPT_NOOUT, '-',
+     "For the -cmsout operation do not output the parsed CMS structure"},
+    {"print", OPT_PRINT, '-',
+     "For the -cmsout operation print out all fields of the CMS structure"},
+    {"nameopt", OPT_NAMEOPT, 's',
+     "For the -print option specifies various strings printing options"},
+    {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
+
+    OPT_V_OPTIONS,
     {NULL}
 };
 
@@ -347,6 +358,7 @@ int cms_main(int argc, char **argv)
         case OPT_OUT:
             outfile = opt_arg();
             break;
+
         case OPT_ENCRYPT:
             operation = SMIME_ENCRYPT;
             break;
@@ -356,49 +368,50 @@ int cms_main(int argc, char **argv)
         case OPT_SIGN:
             operation = SMIME_SIGN;
             break;
-        case OPT_SIGN_RECEIPT:
-            operation = SMIME_SIGN_RECEIPT;
+        case OPT_VERIFY:
+            operation = SMIME_VERIFY;
             break;
         case OPT_RESIGN:
             operation = SMIME_RESIGN;
             break;
-        case OPT_VERIFY:
-            operation = SMIME_VERIFY;
-            break;
-        case OPT_VERIFY_RETCODE:
-            verify_retcode = 1;
+        case OPT_SIGN_RECEIPT:
+            operation = SMIME_SIGN_RECEIPT;
             break;
         case OPT_VERIFY_RECEIPT:
             operation = SMIME_VERIFY_RECEIPT;
             rctfile = opt_arg();
             break;
-        case OPT_CMSOUT:
-            operation = SMIME_CMSOUT;
-            break;
-        case OPT_DATA_OUT:
-            operation = SMIME_DATAOUT;
+        case OPT_VERIFY_RETCODE:
+            verify_retcode = 1;
             break;
-        case OPT_DATA_CREATE:
-            operation = SMIME_DATA_CREATE;
+        case OPT_DIGEST_CREATE:
+            operation = SMIME_DIGEST_CREATE;
             break;
         case OPT_DIGEST_VERIFY:
             operation = SMIME_DIGEST_VERIFY;
             break;
-        case OPT_DIGEST_CREATE:
-            operation = SMIME_DIGEST_CREATE;
-            break;
         case OPT_COMPRESS:
             operation = SMIME_COMPRESS;
             break;
         case OPT_UNCOMPRESS:
             operation = SMIME_UNCOMPRESS;
             break;
+        case OPT_ED_ENCRYPT:
+            operation = SMIME_ENCRYPTED_ENCRYPT;
+            break;
         case OPT_ED_DECRYPT:
             operation = SMIME_ENCRYPTED_DECRYPT;
             break;
-        case OPT_ED_ENCRYPT:
-            operation = SMIME_ENCRYPTED_ENCRYPT;
+        case OPT_DATA_CREATE:
+            operation = SMIME_DATA_CREATE;
+            break;
+        case OPT_DATA_OUT:
+            operation = SMIME_DATA_OUT;
+            break;
+        case OPT_CMSOUT:
+            operation = SMIME_CMSOUT;
             break;
+
         case OPT_DEBUG_DECRYPT:
             flags |= CMS_DEBUG_DECRYPT;
             break;
@@ -693,15 +706,15 @@ int cms_main(int argc, char **argv)
             if (conf == NULL)
                 goto end;
             break;
-        case OPT_3DES_WRAP:
+        case OPT_WRAP:
+            wrapname = opt_unknown();
+            break;
         case OPT_AES128_WRAP:
         case OPT_AES192_WRAP:
         case OPT_AES256_WRAP:
+        case OPT_3DES_WRAP:
             wrapname = opt_flag() + 1;
             break;
-        case OPT_WRAP:
-            wrapname = opt_unknown();
-            break;
         }
     }
     if (!app_RAND_load())
@@ -812,12 +825,12 @@ int cms_main(int argc, char **argv)
 
     if (operation == SMIME_ENCRYPT) {
         if (!cipher) {
-# ifndef OPENSSL_NO_DES
+#ifndef OPENSSL_NO_DES
             cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
-# else
+#else
             BIO_printf(bio_err, "No cipher selected\n");
             goto end;
-# endif
+#endif
         }
 
         if (secret_key && !secret_keyid) {
@@ -1149,7 +1162,7 @@ int cms_main(int argc, char **argv)
             BIO_printf(bio_err, "Error decrypting CMS structure\n");
             goto end;
         }
-    } else if (operation == SMIME_DATAOUT) {
+    } else if (operation == SMIME_DATA_OUT) {
         if (!CMS_data(cms, out, flags))
             goto end;
     } else if (operation == SMIME_UNCOMPRESS) {
@@ -1177,8 +1190,8 @@ int cms_main(int argc, char **argv)
             goto end;
         }
         if (signerfile != NULL) {
-            STACK_OF(X509) *signers;
-            signers = CMS_get0_signers(cms);
+            STACK_OF(X509) *signers = CMS_get0_signers(cms);
+
             if (!save_certs(signerfile, signers)) {
                 BIO_printf(bio_err,
                            "Error writing signers to %s\n", signerfile);
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 5d85877301..951557974b 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -316,6 +316,9 @@ typedef struct options_st {
     int valtype;
     const char *helpstr;
 } OPTIONS;
+/* Special retval values: */
+#define OPT_PARAM 0 /* same as OPT_EOF usually defined in apps */
+#define OPT_DUP -2 /* marks duplicate occurrence of option in help output */
 
 /*
  * A string/int pairing; widely use for option value lookup, hence the
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 4b75b46681..0f08da2df4 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -184,9 +184,13 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
 
         /* Make sure options are legit. */
         OPENSSL_assert(o->name[0] != '-');
-        OPENSSL_assert(o->retval > 0);
+        if (o->valtype == '.')
+            OPENSSL_assert(o->retval == OPT_PARAM);
+        else
+            OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM);
         switch (i) {
-        case   0: case '-': case '/': case '<': case '>': case 'E': case 'F':
+        case   0: case '-': case '.':
+        case '/': case '<': case '>': case 'E': case 'F':
         case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
         case 'u': case 'c': case ':': case 'N':
             break;
@@ -199,8 +203,13 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
             /*
              * Some compilers inline strcmp and the assert string is too long.
              */
-            duplicated = strcmp(o->name, next->name) == 0;
-            OPENSSL_assert(!duplicated);
+            duplicated = next->retval != OPT_DUP
+                && strcmp(o->name, next->name) == 0;
+            if (duplicated) {
+                opt_printf_stderr("%s: Internal error: duplicate option %s\n",
+                                  prog, o->name);
+                OPENSSL_assert(!duplicated);
+            }
         }
 #endif
         if (o->name[0] == '\0') {
@@ -821,6 +830,9 @@ int opt_next(void)
         case ':':
             /* Just a string. */
             break;
+        case '.':
+            /* Parameters */
+            break;
         case '/':
             if (opt_isdir(arg) > 0)
                 break;
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index bdfb607134..6e0f86804a 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -9,96 +9,131 @@ openssl-cms - CMS command
 
 B<openssl> B<cms>
 [B<-help>]
+
+General options:
+
+[B<-in> I<filename>]
+[B<-out> I<filename>]
+{- $OpenSSL::safe::opt_config_synopsis -}
+
+Operation options:
+
 [B<-encrypt>]
 [B<-decrypt>]
-[B<-debug_decrypt>]
 [B<-sign>]
 [B<-verify>]
-[B<-verify_retcode>]
-[B<-no_attr_verify>]
-[B<-nosigs>]
-[B<-no_content_verify>]
-[B<-cmsout>]
 [B<-resign>]
-[B<-cades>]
-[B<-data_create>]
-[B<-data_out>]
+[B<-sign_receipt>]
+[B<-verify_receipt> I<receipt>]
 [B<-digest_create>]
 [B<-digest_verify>]
 [B<-compress>]
 [B<-uncompress>]
-[B<-EncryptedData_decrypt>]
 [B<-EncryptedData_encrypt>]
-[B<-sign_receipt>]
-[B<-verify_receipt> I<receipt>]
-[B<-in> I<filename>]
-[B<-out> I<filename>]
+[B<-EncryptedData_decrypt>]
+[B<-data_create>]
+[B<-data_out>]
+[B<-cmsout>]
+
+File format options:
+
 [B<-inform> B<DER>|B<PEM>|B<SMIME>]
 [B<-outform> B<DER>|B<PEM>|B<SMIME>]
 [B<-rctform> B<DER>|B<PEM>|B<SMIME>]
-[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
 [B<-stream>]
 [B<-indef>]
 [B<-noindef>]
-[B<-content> I<filename>]
-[B<-text>]
-[B<-noout>]
-[B<-print>]
-[B<-nameopt> I<option>]
-[B<-md> I<digest>]
+[B<-binary>]
+[B<-crlfeol>]
+[B<-asciicrlf>]
+
+Keys and password options:
+
+[B<-pwri_password> I<password>]
+[B<-secretkey> I<key>]
+[B<-secretkeyid> I<id>]
+[B<-inkey> I<filename>|I<uri>]
+[B<-passin> I<arg>]
+[B<-keyopt> I<name>:I<parameter>]
+[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
+{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
+{- $OpenSSL::safe::opt_r_synopsis -}
+
+Encryption options:
+
+[B<-originator> I<file>]
+[B<-recip> I<file>]
+[I<recipient-cert> ...]
 [B<-I<cipher>>]
 [B<-wrap> I<cipher>]
 [B<-aes128-wrap>]
 [B<-aes192-wrap>]
 [B<-aes256-wrap>]
 [B<-des3-wrap>]
-[B<-nointern>]
-[B<-noverify>]
+[B<-debug_decrypt>]
+
+Signing options:
+
+[B<-md> I<digest>]
+[B<-signer> I<file>]
+[B<-certfile> I<file>]
+[B<-cades>]
+[B<-nodetach>]
 [B<-nocerts>]
 [B<-noattr>]
 [B<-nosmimecap>]
-[B<-binary>]
-[B<-crlfeol>]
-[B<-asciicrlf>]
-[B<-nodetach>]
-[B<-certfile> I<file>]
-[B<-certsout> I<file>]
-[B<-signer> I<file>]
-[B<-originator> I<file>]
-[B<-recip> I<file>]
-[B<-keyid>]
 [B<-receipt_request_all>]
 [B<-receipt_request_first>]
 [B<-receipt_request_from> I<emailaddress>]
 [B<-receipt_request_to> I<emailaddress>]
-[B<-receipt_request_print>]
-[B<-pwri_password> I<password>]
-[B<-secretkey> I<key>]
-[B<-secretkeyid> I<id>]
+
+Verification options:
+
+[B<-signer> I<file>]
+[B<-content> I<filename>]
+[B<-no_content_verify>]
+[B<-no_attr_verify>]
+[B<-nosigs>]
+[B<-noverify>]
+[B<-nointern>]
+[B<-cades>]
+[B<-verify_retcode>]
+{- $OpenSSL::safe::opt_trust_synopsis -}
+
+Output options:
+
+[B<-keyid>]
 [B<-econtent_type> I<type>]
-[B<-inkey> I<filename>|I<uri>]
-[B<-keyopt> I<name>:I<parameter>]
-[B<-passin> I<arg>]
+[B<-text>]
+[B<-certsout> I<file>]
 [B<-to> I<addr>]
 [B<-from> I<addr>]
 [B<-subject> I<subj>]
+
+Printing options:
+
+[B<-noout>]
+[B<-print>]
+[B<-nameopt> I<option>]
+[B<-receipt_request_print>]
+
+Validation options:
+
 {- $OpenSSL::safe::opt_v_synopsis -}
-{- $OpenSSL::safe::opt_trust_synopsis -}
-{- $OpenSSL::safe::opt_r_synopsis -}
-{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
-{- $OpenSSL::safe::opt_config_synopsis -}
-[I<recipient-cert> ...]
 
 =head1 DESCRIPTION
 
-This command handles S/MIME v3.1 mail. It can encrypt, decrypt,
-sign and verify, compress and uncompress S/MIME messages.
+This command handles data in CMS format such as S/MIME v3.1 email messages.
+It can encrypt, decrypt, sign, verify, compress, uncompress, and print messages.
 
 =head1 OPTIONS
 
-There are fourteen operation options that set the type of operation to be
-performed. The meaning of the other options varies according to the operation
-type.
+There are a number of operation options that set the type of operation to be
+performed: encrypt, decrypt, sign, verify, resign, sign_receipt, verify_receipt,
+digest_create, digest_verify, compress, uncompress,
+EncryptedData_encrypt, EncryptedData_decrypt, data_create, data_out, or cmsout.
+The relevance of the other options depends on the operation type
+and their meaning may vary according to it.
 
 =over 4
 
@@ -106,77 +141,71 @@ type.
 
 Print out a usage message.
 
-=item B<-encrypt>
-
-Encrypt mail for the given recipient certificates. Input file is the message
-to be encrypted. The output file is the encrypted mail in MIME format. The
-actual CMS type is B<EnvelopedData>.
+=back
 
-Note that no revocation check is done for the recipient cert, so if that
-key has been compromised, others may be able to decrypt the text.
+=head2 General options
 
-=item B<-decrypt>
+=over 4
 
-Decrypt mail using the supplied certificate and private key. Expects an
-encrypted mail message in MIME format for the input file. The decrypted mail
-is written to the output file.
+=item B<-in> I<filename>
 
-=item B<-debug_decrypt>
+The input message to be encrypted or signed or the message to be decrypted
+or verified.
 
-This option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
-with caution: see the notes section below.
+=item B<-out> I<filename>
 
-=item B<-sign>
+The message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
 
-Sign mail using the supplied certificate and private key. Input file is
-the message to be signed. The signed message in MIME format is written
-to the output file.
+{- $OpenSSL::safe::opt_config_item -}
 
-=item B<-verify>
+=back
 
-Verify signed mail. Expects a signed mail message on input and outputs
-the signed data. Both clear text and opaque signing is supported.
+=head2 Operation options
 
-=item B<-verify_retcode>
+=over 4
 
-Exit nonzero on verification failure.
+=item B<-encrypt>
 
-=item B<-no_attr_verify>
+Encrypt data for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted data in MIME format. The
+actual CMS type is B<EnvelopedData>.
 
-Do not verify signed attribute signatures.
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
 
-=item B<-no_content_verify>
+=item B<-decrypt>
 
-Do not verify signed content signatures.
+Decrypt data using the supplied certificate and private key. Expects
+encrypted datain MIME format for the input file. The decrypted data
+is written to the output file.
 
-=item B<-nosigs>
+=item B<-sign>
 
-Don't verify message signature.
+Sign data using the supplied certificate and private key. Input file is
+the message to be signed. The signed data in MIME format is written
+to the output file.
 
-=item B<-cmsout>
+=item B<-verify>
 
-Takes an input message and writes out a PEM encoded CMS structure.
+Verify signed data. Expects a signed data on input and outputs
+the signed data. Both clear text and opaque signing is supported.
 
 =item B<-resign>
 
 Resign a message: take an existing message and one or more new signers.
 
-=item B<-cades>
-
-When used with B<-sign>,
-add an ESS signingCertificate or ESS signingCertificateV2 signed-attribute
-to the SignerInfo, in order to make the signature comply with the requirements
-for a CAdES Basic Electronic Signature (CAdES-BES).
-When used with B<-verify>, require and check signer certificate digest.
-See the NOTES section for more details.
-
-=item B<-data_create>
+=item B<-sign_receipt>
 
-Create a CMS B<Data> type.
+Generate and output a signed receipt for the supplied message. The input
+message B<must> contain a signed receipt request. Functionality is otherwise
+similar to the B<-sign> operation.
 
-=item B<-data_out>
+=item B<-verify_receipt> I<receipt>
 
-B<Data> type and output the content.
+Verify a signed receipt in filename B<receipt>. The input message B<must>
+contain the original receipt request. Functionality is otherwise similar
+to the B<-verify> operation.
 
 =item B<-digest_create>
 
@@ -197,37 +226,33 @@ Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be
 compiled with B<zlib> support for this option to work, otherwise it will
 output an error.
 
-=item B<-EncryptedData_decrypt>
+=item B<-EncryptedData_encrypt>
 
-Decrypt content using supplied symmetric key and algorithm using a CMS
+Encrypt content using supplied symmetric key and algorithm using a CMS
 B<EncryptedData> type and output the content.
 
-=item B<-EncryptedData_encrypt>
+=item B<-EncryptedData_decrypt>
 
-Encrypt content using supplied symmetric key and algorithm using a CMS
+Decrypt content using supplied symmetric key and algorithm using a CMS
 B<EncryptedData> type and output the content.
 
-=item B<-sign_receipt>
+=item B<-data_create>
 
-Generate and output a signed receipt for the supplied message. The input
-message B<must> contain a signed receipt request. Functionality is otherwise
-similar to the B<-sign> operation.
+Create a CMS B<Data> type.
 
-=item B<-verify_receipt> I<receipt>
+=item B<-data_out>
 
-Verify a signed receipt in filename B<receipt>. The input message B<must>
-contain the original receipt request. Functionality is otherwise similar
-to the B<-verify> operation.
+B<Data> type and output the content.
 
-=item B<-in> I<filename>
+=item B<-cmsout>
 
-The input message to be encrypted or signed or the message to be decrypted
-or verified.
+Takes an input message and writes out a PEM encoded CMS structure.
 
-=item B<-out> I<filename>
+=back
 
-The message text that has been decrypted or verified or the output MIME
-format message that has been signed or verified.
+=head2 File format options
+
+=over 4
 
 =item B<-inform> B<DER>|B<PEM>|B<SMIME>
 
@@ -241,68 +266,132 @@ The output format of the CMS structure (if one is being written);
 the default is B<SMIME>.
 See L<openssl-format-options(1)> for details.
 
-=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
-
-The format of the private key file; unspecified by default.
-See L<openssl-format-options(1)> for details.
-
 =item B<-rctform> B<DER>|B<PEM>|B<SMIME>
 
 The signed receipt format for use with the B<-receipt_verify>; the default
 is B<SMIME>.
 See L<openssl-format-options(1)> for details.
 
-=item B<-stream>, B<-indef>
+=item B<-stream>, B<-indef>
+
+The B<-stream> and B<-indef> options are equivalent and enable streaming I/O
+for encoding operations. This permits single pass processing of data without
+the need to hold the entire contents in memory, potentially supporting very
+large files. Streaming is automatically set for S/MIME signing with detached
+data if the output format is B<SMIME> it is currently off by default for all
+other operations.
+
+=item B<-noindef>
+
+Disable streaming I/O where it would produce and indefinite length constructed
+encoding. This option currently has no effect. In future streaming will be
+enabled by default on all relevant operations and this option will disable it.
+
+=item B<-binary>
+
+Normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+
+=item B<-crlfeol>
+
+Normally the output file uses a single B<LF> as end of line. When this
+option is present B<CRLF> is used instead.
+
+=item B<-asciicrlf>
+
+When signing use ASCII CRLF format canonicalisation. This strips trailing
+whitespace from all lines, deletes trailing blank lines at EOF and sets
+the encapsulated content type. This option is normally used with detached
+content and an output signature format of DER. This option is not normally
+needed when verifying as it is enabled automatically if the encapsulated
+content format is detected.
+
+=back
+
+=head2 Keys and password options
+
+=over 4
+
+=item B<-pwri_password> I<password>
+
+Specify password for recipient.
+
+=item B<-secretkey> I<key>
+
+Specify symmetric key to use. The key must be supplied in hex format and be
+consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt>
+B<-EncryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
+with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the
+content encryption key using an AES key in the B<KEKRecipientInfo> type.
+
+=item B<-secretkeyid> I<id>
+
+The key identifier for the supplied symmetric key for B<KEKRecipientInfo> type.
+This option B<must> be present if the B<-secretkey> option is used with
+B<-encrypt>. With B<-decrypt> operations the I<id> is used to locate the
+relevant key if it is not supplied then an attempt is used to decrypt any
+B<KEKRecipientInfo> structures.
+
+=item B<-inkey> I<filename>|I<uri>
+
+The private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file. When signing this option can be used
+multiple times to specify successive keys.
+
+=item B<-passin> I<arg>
+
+The private key password source. For more information about the format of B<arg>
+see L<openssl-passphrase-options(1)>.
+
+=item B<-keyopt> I<name>:I<parameter>
+
+For signing and encryption this option can be used multiple times to
+set customised parameters for the preceding key or certificate. It can
+currently be used to set RSA-PSS for signing, RSA-OAEP for encryption
+or to modify default parameters for ECDH.
+
+=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
-The B<-stream> and B<-indef> options are equivalent and enable streaming I/O
-for encoding operations. This permits single pass processing of data without
-the need to hold the entire contents in memory, potentially supporting very
-large files. Streaming is automatically set for S/MIME signing with detached
-data if the output format is B<SMIME> it is currently off by default for all
-other operations.
+The format of the private key file; unspecified by default.
+See L<openssl-format-options(1)> for details.
 
-=item B<-noindef>
+{- $OpenSSL::safe::opt_engine_item -}
 
-Disable streaming I/O where it would produce and indefinite length constructed
-encoding. This option currently has no effect. In future streaming will be
-enabled by default on all relevant operations and this option will disable it.
+{- $OpenSSL::safe::opt_provider_item -}
 
-=item B<-content> I<filename>
+{- $OpenSSL::safe::opt_r_item -}
 
-This specifies a file containing the detached content, this is only
-useful with the B<-verify> command. This is only usable if the CMS
-structure is using the detached signature form where the content is
-not included. This option will override any content if the input format
-is S/MIME and it uses the multipart/signed MIME content type.
+=back
 
-=item B<-text>
+=head2 Encryption and decryption options
 
-This option adds plain text (text/plain) MIME headers to the supplied
-message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of MIME
-type text/plain then an error occurs.
+=over 4
 
-=item B<-noout>
+=item B<-originator> I<file>
 
-For the B<-cmsout> operation do not output the parsed CMS structure. This
-is useful when combined with the B<-print> option or if the syntax of the CMS
-structure is being checked.
+A certificate of the originator of the encrypted message. Necessary for
+decryption when Key Agreement is in use for a shared key.
 
-=item B<-print>
+=item B<-recip> I<file>
 
-For the B<-cmsout> operation print out all fields of the CMS structure. This
-is mainly useful for testing purposes.
+When decrypting a message this specifies the certificate of the recipient.
+The certificate must match one of the recipients of the message.
 
-=item B<-nameopt> I<option>
+When encrypting a message this option may be used multiple times to specify
+each recipient. This form B<must> be used if customised parameters are
+required (for example to specify RSA-OAEP).
 
-For the B<-cmsout> operation when B<-print> option is in use, specifies
-printing options for string fields. For most cases B<utf8> is reasonable value.
-See L<openssl-namedisplay-options(1)> for details.
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+option.
 
-=item B<-md> I<digest>
+=item I<recipient-cert> ...
 
-Digest algorithm to use when signing or resigning. If not present then the
-default digest algorithm for the signing key will be used (usually SHA1).
+This is an alternative to using the B<-recip> option when encrypting a message.
+One or more certificate filennames may be given.
 
 =item B<-I<cipher>>
 
@@ -327,17 +416,49 @@ wrap.
 =item B<-aes128-wrap>, B<-aes192-wrap>, B<-aes256-wrap>, B<-des3-wrap>
 
 Use AES128, AES192, AES256, or 3DES-EDE, respectively, to wrap key.
+Depending on the OpenSSL build options used, B<-des3-wrap> may not be supported.
 
-=item B<-nointern>
+=item B<-debug_decrypt>
 
-When verifying a message normally certificates (if any) included in
-the message are searched for the signing certificate. With this option
-only the certificates specified in the B<-certfile> option are used.
-The supplied certificates can still be used as untrusted CAs however.
+This option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
+with caution: see the notes section below.
 
-=item B<-noverify>
+=back
 
-Do not verify the signers certificate of a signed message.
+=head2 Signing options
+
+=over 4
+
+=item B<-md> I<digest>
+
+Digest algorithm to use when signing or resigning. If not present then the
+default digest algorithm for the signing key will be used (usually SHA1).
+
+=item B<-signer> I<file>
+
+A signing certificate.  When signing or resigning a message, this option can be
+used multiple times if more than one signer is required.
+
+=item B<-certfile> I<file>
+
+Allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates.
+The input can be in PEM, DER, or PKCS#12 format.
+
+=item B<-cades>
+
+When used with B<-sign>,
+add an ESS signingCertificate or ESS signingCertificateV2 signed-attribute
+to the SignerInfo, in order to make the signature comply with the requirements
+for a CAdES Basic Electronic Signature (CAdES-BES).
+
+=item B<-nodetach>
+
+When signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.  Without this option cleartext signing with
+the MIME type multipart/signed is used.
 
 =item B<-nocerts>
 
@@ -357,116 +478,86 @@ option they are not included.
 Exclude the list of supported algorithms from signed attributes, other options
 such as signing time and content type are still included.
 
-=item B<-binary>
-
-Normally the input message is converted to "canonical" format which is
-effectively using CR and LF as end of line: as required by the S/MIME
-specification. When this option is present no translation occurs. This
-is useful when handling binary data which may not be in MIME format.
-
-=item B<-crlfeol>
-
-Normally the output file uses a single B<LF> as end of line. When this
-option is present B<CRLF> is used instead.
+=item B<-receipt_request_all>, B<-receipt_request_first>
 
-=item B<-asciicrlf>
+For B<-sign> option include a signed receipt request. Indicate requests should
+be provided by all recipient or first tier recipients (those mailed directly
+and not from a mailing list). Ignored it B<-receipt_request_from> is included.
 
-When signing use ASCII CRLF format canonicalisation. This strips trailing
-whitespace from all lines, deletes trailing blank lines at EOF and sets
-the encapsulated content type. This option is normally used with detached
-content and an output signature format of DER. This option is not normally
-needed when verifying as it is enabled automatically if the encapsulated
-content format is detected.
+=item B<-receipt_request_from> I<emailaddress>
 
-=item B<-nodetach>
+For B<-sign> option include a signed receipt request. Add an explicit email
+address where receipts should be supplied.
 
-When signing a message use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME.  Without this option cleartext signing with
-the MIME type multipart/signed is used.
+=item B<-receipt_request_to> I<emailaddress>
 
-=item B<-certfile> I<file>
+Add an explicit email address where signed receipts should be sent to. This
+option B<must> but supplied if a signed receipt is requested.
 
-Allows additional certificates to be specified. When signing these will
-be included with the message. When verifying these will be searched for
-the signers certificates.
-The input can be in PEM, DER, or PKCS#12 format.
+=back
 
-=item B<-certsout> I<file>
+=head2 Verification options
 
-Any certificates contained in the message are written to I<file>.
+=over 4
 
 =item B<-signer> I<file>
 
-A signing certificate when signing or resigning a message, this option can be
-used multiple times if more than one signer is required. If a message is being
-verified then the signers certificates will be written to this file if the
-verification was successful.
+If a message has been verified successfully then the signers certificate(s)
+will be written to this file if the verification was successful.
 
-=item B<-originator> I<file>
+=item B<-content> I<filename>
 
-A certificate of the originator of the encrypted message. Necessary for
-decryption when Key Agreement is in use for a shared key.
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the CMS
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
 
-=item B<-recip> I<file>
+=item B<-no_content_verify>
 
-When decrypting a message this specifies the recipients certificate. The
-certificate must match one of the recipients of the message or an error
-occurs.
+Do not verify signed content signatures.
 
-When encrypting a message this option may be used multiple times to specify
-each recipient. This form B<must> be used if customised parameters are
-required (for example to specify RSA-OAEP).
+=item B<-no_attr_verify>
 
-Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
-option.
+Do not verify signed attribute signatures.
 
-=item B<-keyid>
+=item B<-nosigs>
 
-Use subject key identifier to identify certificates instead of issuer name and
-serial number. The supplied certificate B<must> include a subject key
-identifier extension. Supported by B<-sign> and B<-encrypt> options.
+Don't verify message signature.
 
-=item B<-receipt_request_all>, B<-receipt_request_first>
+=item B<-noverify>
 
-For B<-sign> option include a signed receipt request. Indicate requests should
-be provided by all recipient or first tier recipients (those mailed directly
-and not from a mailing list). Ignored it B<-receipt_request_from> is included.
+Do not verify the signers certificate of a signed message.
 
-=item B<-receipt_request_from> I<emailaddress>
+=item B<-nointern>
 
-For B<-sign> option include a signed receipt request. Add an explicit email
-address where receipts should be supplied.
+When verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
 
-=item B<-receipt_request_to> I<emailaddress>
+=item B<-cades>
 
-Add an explicit email address where signed receipts should be sent to. This
-option B<must> but supplied if a signed receipt it requested.
+When used with B<-verify>, require and check signer certificate digest.
+See the NOTES section for more details.
 
-=item B<-receipt_request_print>
+=item B<-verify_retcode>
 
-For the B<-verify> operation print out the contents of any signed receipt
-requests.
+Exit nonzero on verification failure.
 
-=item B<-pwri_password> I<password>
+{- $OpenSSL::safe::opt_trust_item -}
 
-Specify password for recipient.
+=back
 
-=item B<-secretkey> I<key>
+=head2 Output options
 
-Specify symmetric key to use. The key must be supplied in hex format and be
-consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt>
-B<-EncryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
-with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the
-content encryption key using an AES key in the B<KEKRecipientInfo> type.
+=over 4
 
-=item B<-secretkeyid> I<id>
+=item B<-keyid>
 
-The key identifier for the supplied symmetric key for B<KEKRecipientInfo> type.
-This option B<must> be present if the B<-secretkey> option is used with
-B<-encrypt>. With B<-decrypt> operations the I<id> is used to locate the
-relevant key if it is not supplied then an attempt is used to decrypt any
-B<KEKRecipientInfo> structures.
+Use subject key identifier to identify certificates instead of issuer name and
+serial number. The supplied certificate B<must> include a subject key
+identifier extension. Supported by B<-sign> and B<-encrypt> options.
 
 =item B<-econtent_type> I<type>
 
@@ -474,51 +565,61 @@ Set the encapsulated content type to I<type> if not supplied the B<Data> type
 is used. The I<type> argument can be any valid OID name in either text or
 numerical format.
 
-=item B<-inkey> I<filename>|I<uri>
-
-The private key to use when signing or decrypting. This must match the
-corresponding certificate. If this option is not specified then the
-private key must be included in the certificate file specified with
-the B<-recip> or B<-signer> file. When signing this option can be used
-multiple times to specify successive keys.
-
-=item B<-keyopt> I<name>:I<parameter>
+=item B<-text>
 
-For signing and encryption this option can be used multiple times to
-set customised parameters for the preceding key or certificate. It can
-currently be used to set RSA-PSS for signing, RSA-OAEP for encryption
-or to modify default parameters for ECDH.
+This option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME
+type text/plain then an error occurs.
 
-=item B<-passin> I<arg>
+=item B<-certsout> I<file>
 
-The private key password source. For more information about the format of B<arg>
-see L<openssl-passphrase-options(1)>.
+Any certificates contained in the input message are written to I<file>.
 
 =item B<-to>, B<-from>, B<-subject>
 
-The relevant mail headers. These are included outside the signed
+The relevant email headers. These are included outside the signed
 portion of a message so they may be included manually. If signing
 then many S/MIME mail clients check the signers certificate's email
 address matches that specified in the From: address.
 
-{- $OpenSSL::safe::opt_v_item -}
+=back
 
-Any verification errors cause the command to exit.
+=head2 Printing options
 
-{- $OpenSSL::safe::opt_trust_item -}
+=over 4
 
-{- $OpenSSL::safe::opt_r_item -}
+=item B<-noout>
 
-{- $OpenSSL::safe::opt_engine_item -}
+For the B<-cmsout> operation do not output the parsed CMS structure.
+This is useful if the syntax of the CMS structure is being checked.
 
-{- $OpenSSL::safe::opt_provider_item -}
+=item B<-print>
 
-{- $OpenSSL::safe::opt_config_item -}
+For the B<-cmsout> operation print out all fields of the CMS structure.
+This implies B<-noout>.
+This is mainly useful for testing purposes.
 
-=item I<recipient-cert> ...
+=item B<-nameopt> I<option>
+
+For the B<-cmsout> operation when B<-print> option is in use, specifies
+printing options for string fields. For most cases B<utf8> is reasonable value.
+See L<openssl-namedisplay-options(1)> for details.
+
+=item B<-receipt_request_print>
+
+For the B<-verify> operation print out the contents of any signed receipt
+requests.
+
+=back
+
+=head2 Validation options
+
+=over 4
 
-One or more certificates of message recipients: used when encrypting
-a message.
+{- $OpenSSL::safe::opt_v_item -}
+
+Any validation errors cause the command to exit.
 
 =back
 
@@ -710,7 +811,7 @@ Sign and encrypt mail:
 Note: the encryption command does not include the B<-text> option because the
 message being encrypted already has MIME headers.
 
-Decrypt mail:
+Decrypt a message:
 
  openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
 
@@ -738,12 +839,12 @@ Add a signer to an existing message:
 
  openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
 
-Sign mail using RSA-PSS:
+Sign a message using RSA-PSS:
 
  openssl cms -sign -in message.txt -text -out mail.msg \
         -signer mycert.pem -keyopt rsa_padding_mode:pss
 
-Create encrypted mail using RSA-OAEP:
+Create an encrypted message using RSA-OAEP:
 
  openssl cms -encrypt -in plain.txt -out mail.msg \
         -recip cert.pem -keyopt rsa_padding_mode:oaep
@@ -753,6 +854,10 @@ Use SHA256 KDF with an ECDH certificate:
  openssl cms -encrypt -in plain.txt -out mail.msg \
         -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
 
+Print CMS signed binary data in human-readable form:
+
+openssl cms -in signed.cms -binary -inform DER -cmsout -print
+
 =head1 BUGS
 
 The MIME parser isn't very clever: it seems to handle most messages that I've

From matt at openssl.org  Thu May 20 15:25:23 2021
From: matt at openssl.org (Matt Caswell)
Date: Thu, 20 May 2021 15:25:23 +0000
Subject: [openssl]  master update
Message-ID: <1621524323.776171.8692.nullmailer@dev.openssl.org>

The branch master has been updated
       via  2ed0a45a65b0df10648a4c11d365e2e1ebb1e697 (commit)
      from  340cf8759f904859e609cecf4315b7cb50cde561 (commit)


- Log -----------------------------------------------------------------
commit 2ed0a45a65b0df10648a4c11d365e2e1ebb1e697
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 15:44:10 2021 +0100

    Add ordinal numbers to the .num files
    
    Now that our next release is expected to be a beta release, "make update"
    wants to see ordinal numbers in the .num files.
    
    Run make update to add them.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15384)

-----------------------------------------------------------------------

Summary of changes:
 util/libcrypto.num | 2020 ++++++++++++++++++++++++++--------------------------
 util/libssl.num    |   46 +-
 2 files changed, 1033 insertions(+), 1033 deletions(-)

diff --git a/util/libcrypto.num b/util/libcrypto.num
index f83bb186e2..c0c9ee7024 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4403,1013 +4403,1013 @@ OCSP_resp_get0_respdata                 4530	3_0_0	EXIST::FUNCTION:OCSP
 EVP_MD_CTX_set_pkey_ctx                 4531	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_meth_set_digest_custom         4532	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_PKEY_meth_get_digest_custom         4533	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_MAC_CTX_new                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_free                        ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_dup                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_mac                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_get_mac_size                ?	3_0_0	EXIST::FUNCTION:
-EVP_Q_mac                               ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_init                            ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_final                           ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_finalXOF                        ?	3_0_0	EXIST::FUNCTION:
-OSSL_EC_curve_nid2name                  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_digestsign_supports_digest     ?	3_0_0	EXIST::FUNCTION:
-SRP_VBASE_add0_user                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_user_pwd_new                        ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_user_pwd_set_gN                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_user_pwd_set1_ids                   ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_user_pwd_set0_sv                    ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-OPENSSL_version_major                   ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_version_minor                   ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_version_patch                   ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_version_pre_release             ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_version_build_metadata          ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_INIT_set_config_filename        ?	3_0_0	EXIST::FUNCTION:STDIO
-OPENSSL_INIT_set_config_file_flags      ?	3_0_0	EXIST::FUNCTION:STDIO
-ASYNC_WAIT_CTX_get_callback             ?	3_0_0	EXIST::FUNCTION:
-ASYNC_WAIT_CTX_set_callback             ?	3_0_0	EXIST::FUNCTION:
-ASYNC_WAIT_CTX_set_status               ?	3_0_0	EXIST::FUNCTION:
-ASYNC_WAIT_CTX_get_status               ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_free                        ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_reset                       ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_get_kdf_size                ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_derive                          ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_name                            ?	3_0_0	EXIST::FUNCTION:
-EC_GROUP_get0_field                     ?	3_0_0	EXIST::FUNCTION:EC
-CRYPTO_alloc_ex_data                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_LIB_CTX_new                        ?	3_0_0	EXIST::FUNCTION:
-OSSL_LIB_CTX_free                       ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_LH_flush                        ?	3_0_0	EXIST::FUNCTION:
-BN_native2bn                            ?	3_0_0	EXIST::FUNCTION:
-BN_bn2nativepad                         ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_get_category_num             ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_get_category_name            ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_set_channel                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_set_prefix                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_set_suffix                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_set_callback                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_enabled                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_begin                        ?	3_0_0	EXIST::FUNCTION:
-OSSL_trace_end                          ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_load                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_try_load                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_unload                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_add_builtin               ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_gettable_params           ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_get_params                ?	3_0_0	EXIST::FUNCTION:
-d2i_OSSL_CRMF_ENCRYPTEDVALUE            ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_ENCRYPTEDVALUE            ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_ENCRYPTEDVALUE_free           ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_ENCRYPTEDVALUE_new            ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_ENCRYPTEDVALUE_it             ?	3_0_0	EXIST::FUNCTION:CRMF
-d2i_OSSL_CRMF_MSG                       ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_MSG                       ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_dup                       ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_free                      ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_new                       ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_it                        ?	3_0_0	EXIST::FUNCTION:CRMF
-d2i_OSSL_CRMF_PBMPARAMETER              ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_PBMPARAMETER              ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_PBMPARAMETER_free             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_PBMPARAMETER_new              ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_PBMPARAMETER_it               ?	3_0_0	EXIST::FUNCTION:CRMF
-d2i_OSSL_CRMF_CERTID                    ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_CERTID                    ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTID_dup                    ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTID_free                   ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTID_new                    ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTID_it                     ?	3_0_0	EXIST::FUNCTION:CRMF
-d2i_OSSL_CRMF_PKIPUBLICATIONINFO        ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_PKIPUBLICATIONINFO        ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_PKIPUBLICATIONINFO_free       ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_PKIPUBLICATIONINFO_new        ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_PKIPUBLICATIONINFO_it         ?	3_0_0	EXIST::FUNCTION:CRMF
-d2i_OSSL_CRMF_SINGLEPUBINFO             ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_SINGLEPUBINFO             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_SINGLEPUBINFO_free            ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_SINGLEPUBINFO_new             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_SINGLEPUBINFO_it              ?	3_0_0	EXIST::FUNCTION:CRMF
-d2i_OSSL_CRMF_CERTTEMPLATE              ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_CERTTEMPLATE              ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTTEMPLATE_free             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTTEMPLATE_new              ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTTEMPLATE_it               ?	3_0_0	EXIST::FUNCTION:CRMF
-d2i_OSSL_CRMF_MSGS                      ?	3_0_0	EXIST::FUNCTION:CRMF
-i2d_OSSL_CRMF_MSGS                      ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSGS_free                     ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSGS_new                      ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSGS_it                       ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_pbmp_new                      ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_pbm_new                       ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set1_regCtrl_regToken     ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set1_regCtrl_authenticator ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set0_SinglePubInfo        ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set_PKIPublicationInfo_action ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set1_regCtrl_oldCertID    ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTID_gen                    ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set1_regInfo_utf8Pairs    ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set1_regInfo_certReq      ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set0_validity             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set_certReqId             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_get_certReqId             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_set0_extensions           ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_push0_extension           ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_create_popo               ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSGS_verify_popo              ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_MSG_get0_tmpl                 ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTTEMPLATE_get0_serialNumber ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTTEMPLATE_get0_issuer      ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTTEMPLATE_fill             ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert   ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_PARAM_locate                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_int                ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_uint               ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_long               ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_ulong              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_int32              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_uint32             ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_int64              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_uint64             ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_size_t             ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_BN                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_double             ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_utf8_string        ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_utf8_ptr           ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_octet_string       ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_octet_ptr          ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_int                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_uint                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_long                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_ulong                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_int32                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_uint32                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_int64                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_uint64                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_size_t                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_int                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_uint                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_long                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_ulong                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_int32                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_uint32                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_int64                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_uint64                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_size_t                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_double                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_double                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_BN                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_BN                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_utf8_string              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_utf8_string              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_octet_string             ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_octet_string             ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_utf8_ptr                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_utf8_ptr                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_octet_ptr                ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_octet_ptr                ?	3_0_0	EXIST::FUNCTION:
-X509_set0_distinguishing_id             ?	3_0_0	EXIST::FUNCTION:
-X509_get0_distinguishing_id             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get0_engine                    ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-EVP_MD_up_ref                           ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_fetch                            ?	3_0_0	EXIST::FUNCTION:
-EVP_set_default_properties              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_end                ?	3_0_0	EXIST::FUNCTION:
-EC_GROUP_check_named_curve              ?	3_0_0	EXIST::FUNCTION:EC
-EVP_CIPHER_up_ref                       ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_fetch                        ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_mode                         ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_info                            ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_new                         ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_kdf                         ?	3_0_0	EXIST::FUNCTION:
-i2d_KeyParams                           ?	3_0_0	EXIST::FUNCTION:
-d2i_KeyParams                           ?	3_0_0	EXIST::FUNCTION:
-i2d_KeyParams_bio                       ?	3_0_0	EXIST::FUNCTION:
-d2i_KeyParams_bio                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_CMP_PKISTATUS_it                   ?	3_0_0	EXIST::FUNCTION:CMP
-d2i_OSSL_CMP_PKIHEADER                  ?	3_0_0	EXIST::FUNCTION:CMP
-i2d_OSSL_CMP_PKIHEADER                  ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_PKIHEADER_free                 ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_PKIHEADER_new                  ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_PKIHEADER_it                   ?	3_0_0	EXIST::FUNCTION:CMP
-d2i_OSSL_CMP_MSG                        ?	3_0_0	EXIST::FUNCTION:CMP
-i2d_OSSL_CMP_MSG                        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_MSG_it                         ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_create                    ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_set0                      ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_get0_type                 ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_get0_value                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_push0_stack_item          ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_free                      ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_MSG_free                       ?	3_0_0	EXIST::FUNCTION:CMP
-EVP_MD_CTX_set_params                   ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_CTX_get_params                   ?	3_0_0	EXIST::FUNCTION:
-BN_CTX_new_ex                           ?	3_0_0	EXIST::FUNCTION:
-BN_CTX_secure_new_ex                    ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_thread_stop_ex                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_locate_const                 ?	3_0_0	EXIST::FUNCTION:
-X509_REQ_set0_distinguishing_id         ?	3_0_0	EXIST::FUNCTION:
-X509_REQ_get0_distinguishing_id         ?	3_0_0	EXIST::FUNCTION:
-BN_rand_ex                              ?	3_0_0	EXIST::FUNCTION:
-BN_priv_rand_ex                         ?	3_0_0	EXIST::FUNCTION:
-BN_rand_range_ex                        ?	3_0_0	EXIST::FUNCTION:
-BN_priv_rand_range_ex                   ?	3_0_0	EXIST::FUNCTION:
-BN_generate_prime_ex2                   ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_free                        ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_up_ref                      ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_fetch                       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_pad                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_params                 ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_fetch                       ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_up_ref                      ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_free                        ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_provider                    ?	3_0_0	EXIST::FUNCTION:
-X509_PUBKEY_dup                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_name                             ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_name                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_provider                         ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_provider                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_name                      ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_do_all_provided              ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_do_all_provided                  ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_provider                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_available                 ?	3_0_0	EXIST::FUNCTION:
-ERR_new                                 ?	3_0_0	EXIST::FUNCTION:
-ERR_set_debug                           ?	3_0_0	EXIST::FUNCTION:
-ERR_set_error                           ?	3_0_0	EXIST::FUNCTION:
-ERR_vset_error                          ?	3_0_0	EXIST::FUNCTION:
-X509_get0_authority_issuer              ?	3_0_0	EXIST::FUNCTION:
-X509_get0_authority_serial              ?	3_0_0	EXIST::FUNCTION:
-X509_self_signed                        ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_hexstr2buf_ex                   ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_buf2hexstr_ex                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_allocate_from_text           ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_gettable_params                  ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_CTX_settable_params              ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_CTX_gettable_params              ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_get_params                   ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_set_params               ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_get_params               ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_gettable_params              ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_settable_ctx_params          ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_gettable_ctx_params          ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_get_params                       ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_fetch                           ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_settable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_set_params                  ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_get_params                  ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_gettable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_free                            ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_up_ref                          ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_get_params                      ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_gettable_params                 ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_provider                        ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_do_all_provided                 ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_name                            ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_free                             ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_free                         ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_up_ref                          ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_free                            ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_fetch                           ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_dup                         ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_provider                        ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_get_params                      ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_get_params                  ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_set_params                  ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_gettable_params                 ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_gettable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_settable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_do_all_provided                 ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_free                      ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_up_ref                    ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_provider                  ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_fetch                     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_signature_md           ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_signature_md           ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_params                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_gettable_params            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_settable_params            ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_tag_length               ?	3_0_0	EXIST::FUNCTION:
-ERR_get_error_all                       ?	3_0_0	EXIST::FUNCTION:
-ERR_peek_error_func                     ?	3_0_0	EXIST::FUNCTION:
-ERR_peek_error_data                     ?	3_0_0	EXIST::FUNCTION:
-ERR_peek_error_all                      ?	3_0_0	EXIST::FUNCTION:
-ERR_peek_last_error_func                ?	3_0_0	EXIST::FUNCTION:
-ERR_peek_last_error_data                ?	3_0_0	EXIST::FUNCTION:
-ERR_peek_last_error_all                 ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_is_a                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_is_a                            ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_settable_ctx_params              ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_gettable_ctx_params              ?	3_0_0	EXIST::FUNCTION:
-OSSL_CMP_CTX_new                        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_free                       ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_reinit                     ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_option                 ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get_option                 ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_log_cb                 ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_print_errors               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_serverPath            ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_server                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_serverPort             ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_proxy                 ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_no_proxy              ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_http_cb                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_http_cb_arg            ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get_http_cb_arg            ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_transfer_cb            ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_transfer_cb_arg        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get_transfer_cb_arg        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_srvCert               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_expected_sender       ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set0_trustedStore          ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get0_trustedStore          ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_untrusted             ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get0_untrusted             ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_cert                  ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_pkey                  ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_build_cert_chain           ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_referenceValue        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_secretValue           ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_recipient             ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_push0_geninfo_ITAV         ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_extraCertsOut         ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set0_newPkey               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get0_newPkey               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_issuer                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_subjectName           ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_push1_subjectAltName       ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set0_reqExtensions         ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_reqExtensions_have_SAN     ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_push0_policy               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_oldCert               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_p10CSR                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_push0_genm_ITAV            ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_certConf_cb            ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set_certConf_cb_arg        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get_certConf_cb_arg        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get_status                 ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get0_statusString          ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get_failInfoCode           ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get0_newCert               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get1_newChain              ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get1_caPubs                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get1_extraCertsIn          ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_transactionID         ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_senderNonce           ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_log_open                       ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_log_close                      ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_print_to_bio                   ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_print_errors_cb                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CRMF_CERTID_get0_issuer            ?	3_0_0	EXIST::FUNCTION:CRMF
-OSSL_CRMF_CERTID_get0_serialNumber      ?	3_0_0	EXIST::FUNCTION:CRMF
-EVP_DigestSignUpdate                    ?	3_0_0	EXIST::FUNCTION:
-EVP_DigestVerifyUpdate                  ?	3_0_0	EXIST::FUNCTION:
-BN_check_prime                          ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_is_a                        ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_do_all_provided             ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_is_a                        ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_do_all_provided             ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_is_a                            ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_is_a                             ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_is_a                      ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_do_all_provided           ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_names_do_all                     ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_names_do_all                 ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_names_do_all                    ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_names_do_all                ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_names_do_all                ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_names_do_all                    ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_names_do_all              ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_number                           ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_number                       ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_number                          ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_number                      ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_number                      ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_number                          ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_number                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_CMP_CTX_snprint_PKIStatus          ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_HDR_get0_transactionID         ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_HDR_get0_recipNonce            ?	3_0_0	EXIST::FUNCTION:CMP
-X509_LOOKUP_store                       ?	3_0_0	EXIST::FUNCTION:
-X509_add_cert                           ?	3_0_0	EXIST::FUNCTION:
-X509_add_certs                          ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_file                    ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_path                    ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_store                   ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_fromdata                       ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_free                    ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_up_ref                  ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_provider                ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_fetch                   ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_is_a                    ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_number                  ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_do_all_provided         ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_names_do_all            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_padding            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_rsa_padding            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_mgf1_md            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_mgf1_md_name       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_rsa_mgf1_md            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_oaep_md            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_oaep_md_name       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_rsa_oaep_md            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set0_rsa_oaep_label        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_rsa_oaep_label        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_rsa_mgf1_md_name       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_rsa_oaep_md_name       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_meth_set_digestsign            ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_meth_set_digestverify          ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_meth_get_digestsign            ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_meth_get_digestverify          ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-OSSL_ENCODER_up_ref                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_free                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_fetch                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_number                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_is_a                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_provider                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_do_all_provided            ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_names_do_all               ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_settable_ctx_params        ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_new                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_params             ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_free                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_properties                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_to_bio                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_to_fp                      ?	3_0_0	EXIST::FUNCTION:STDIO
-OSSL_ENCODER_CTX_new_for_pkey           ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_cipher             ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_passphrase         ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_pem_password_cb    ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_passphrase_ui      ?	3_0_0	EXIST::FUNCTION:
-PEM_read_X509_PUBKEY                    ?	3_0_0	EXIST::FUNCTION:STDIO
-PEM_write_X509_PUBKEY                   ?	3_0_0	EXIST::FUNCTION:STDIO
-PEM_read_bio_X509_PUBKEY                ?	3_0_0	EXIST::FUNCTION:
-PEM_write_bio_X509_PUBKEY               ?	3_0_0	EXIST::FUNCTION:
-d2i_X509_PUBKEY_fp                      ?	3_0_0	EXIST::FUNCTION:STDIO
-i2d_X509_PUBKEY_fp                      ?	3_0_0	EXIST::FUNCTION:STDIO
-d2i_X509_PUBKEY_bio                     ?	3_0_0	EXIST::FUNCTION:
-i2d_X509_PUBKEY_bio                     ?	3_0_0	EXIST::FUNCTION:
-RSA_get0_pss_params                     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-X509_cmp_timeframe                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_CMP_MSG_get0_header                ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_MSG_update_transactionID       ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_setup_CRM                  ?	3_0_0	EXIST::FUNCTION:CMP
-BIO_f_prefix                            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_new_from_name              ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_new_from_pkey              ?	3_0_0	EXIST::FUNCTION:
-OSSL_SELF_TEST_set_callback             ?	3_0_0	EXIST::FUNCTION:
-OSSL_SELF_TEST_get_callback             ?	3_0_0	EXIST::FUNCTION:
-ASN1_TIME_dup                           ?	3_0_0	EXIST::FUNCTION:
-ASN1_UTCTIME_dup                        ?	3_0_0	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_dup                ?	3_0_0	EXIST::FUNCTION:
-RAND_priv_bytes_ex                      ?	3_0_0	EXIST::FUNCTION:
-RAND_bytes_ex                           ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_default_digest_name        ?	3_0_0	EXIST::FUNCTION:
-CMS_decrypt_set1_pkey_and_peer          ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_add1_recipient                      ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_kari_set0_pkey_and_peer ?	3_0_0	EXIST::FUNCTION:CMS
-PKCS8_pkey_add1_attr                    ?	3_0_0	EXIST::FUNCTION:
-PKCS8_pkey_add1_attr_by_OBJ             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_private_check                  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_pairwise_check                 ?	3_0_0	EXIST::FUNCTION:
-ASN1_item_verify_ctx                    ?	3_0_0	EXIST::FUNCTION:
-ASN1_item_sign_ex                       ?	3_0_0	EXIST::FUNCTION:
-ASN1_item_verify_ex                     ?	3_0_0	EXIST::FUNCTION:
-BIO_socket_wait                         ?	3_0_0	EXIST::FUNCTION:SOCK
-BIO_wait                                ?	3_0_0	EXIST::FUNCTION:
-BIO_do_connect_retry                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_parse_url                          ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_REQ_CTX_get_resp_len          ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_REQ_CTX_set_expected          ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_is_alive                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_open                          ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_proxy_connect                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_set_request                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_exchange                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_get                           ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_transfer                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_HTTP_close                         ?	3_0_0	EXIST::FUNCTION:
-ASN1_item_i2d_mem_bio                   ?	3_0_0	EXIST::FUNCTION:
-ERR_add_error_txt                       ?	3_0_0	EXIST::FUNCTION:
-ERR_add_error_mem_bio                   ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_CTX_print_verify_cb          ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_get1_all_certs               ?	3_0_0	EXIST::FUNCTION:
-OSSL_CMP_validate_msg                   ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_validate_cert_path             ?	3_0_0	EXIST::FUNCTION:CMP
-EVP_PKEY_CTX_set_ecdh_cofactor_mode     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_ecdh_cofactor_mode     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_ecdh_kdf_type          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_ecdh_kdf_type          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_ecdh_kdf_md            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_ecdh_kdf_md            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_ecdh_kdf_outlen        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_ecdh_kdf_outlen        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set0_ecdh_kdf_ukm          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_ecdh_kdf_ukm          ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_CTX_set_rsa_pss_saltlen        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_rsa_pss_saltlen        ?	3_0_0	EXIST::FUNCTION:
-d2i_ISSUER_SIGN_TOOL                    ?	3_0_0	EXIST::FUNCTION:
-i2d_ISSUER_SIGN_TOOL                    ?	3_0_0	EXIST::FUNCTION:
-ISSUER_SIGN_TOOL_free                   ?	3_0_0	EXIST::FUNCTION:
-ISSUER_SIGN_TOOL_new                    ?	3_0_0	EXIST::FUNCTION:
-ISSUER_SIGN_TOOL_it                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_SELF_TEST_new                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_SELF_TEST_free                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_SELF_TEST_onbegin                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_SELF_TEST_oncorrupt_byte           ?	3_0_0	EXIST::FUNCTION:
-OSSL_SELF_TEST_onend                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_set_default_search_path   ?	3_0_0	EXIST::FUNCTION:
-X509_digest_sig                         ?	3_0_0	EXIST::FUNCTION:
-OSSL_CMP_MSG_dup                        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_dup                       ?	3_0_0	EXIST::FUNCTION:CMP
-d2i_OSSL_CMP_PKISI                      ?	3_0_0	EXIST::FUNCTION:CMP
-i2d_OSSL_CMP_PKISI                      ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_PKISI_free                     ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_PKISI_new                      ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_PKISI_it                       ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_PKISI_dup                      ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_snprint_PKIStatusInfo          ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_STATUSINFO_new                 ?	3_0_0	EXIST::FUNCTION:CMP
-d2i_OSSL_CMP_MSG_bio                    ?	3_0_0	EXIST::FUNCTION:CMP
-i2d_OSSL_CMP_MSG_bio                    ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_process_request            ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_server_perform             ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_new                    ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_free                   ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_init                   ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_get0_cmp_ctx           ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_get0_custom_ctx        ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_set_send_unprotected_errors ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_set_accept_unprotected ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_set_accept_raverified  ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_SRV_CTX_set_grant_implicit_confirm ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_exec_certreq                   ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_try_certreq                    ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_certConf_cb                    ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_exec_RR_ses                    ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_exec_GENM_ses                  ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_MSG_http_perform               ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_MSG_read                       ?	3_0_0	EXIST::FUNCTION:CMP
-OSSL_CMP_MSG_write                      ?	3_0_0	EXIST::FUNCTION:CMP
-EVP_PKEY_Q_keygen                       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_generate                       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_keygen_bits        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_keygen_pubexp      ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_CTX_set1_rsa_keygen_pubexp     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_keygen_primes      ?	3_0_0	EXIST::FUNCTION:
-NCONF_new_ex                            ?	3_0_0	EXIST::FUNCTION:
-CONF_modules_load_file_ex               ?	3_0_0	EXIST::FUNCTION:
-OSSL_LIB_CTX_load_config                ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_to_param                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_int                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_uint                ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_long                ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_ulong               ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_int32               ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_uint32              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_int64               ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_uint64              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_size_t              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_double              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_BN                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_BN_pad              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_utf8_string         ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_utf8_ptr            ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_octet_string        ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_octet_ptr           ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_new                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_free                     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set_type_by_keymgmt            ?	3_0_0	EXIST::FUNCTION:
-OCSP_RESPID_set_by_key_ex               ?	3_0_0	EXIST::FUNCTION:OCSP
-OCSP_RESPID_match_ex                    ?	3_0_0	EXIST::FUNCTION:OCSP
-SRP_create_verifier_ex                  ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_create_verifier_BN_ex               ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_Calc_B_ex                           ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_Calc_u_ex                           ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_Calc_x_ex                           ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SRP_Calc_client_key_ex                  ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-EVP_PKEY_gettable_params                ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_int_param                  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_size_t_param               ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_bn_param                   ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_utf8_string_param          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_is_a                           ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_can_sign                       ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_CTX_new_ex                   ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_CTX_verify                   ?	3_0_0	EXIST::FUNCTION:
-CT_POLICY_EVAL_CTX_new_ex               ?	3_0_0	EXIST::FUNCTION:CT
-CTLOG_new_ex                            ?	3_0_0	EXIST::FUNCTION:CT
-CTLOG_new_from_base64_ex                ?	3_0_0	EXIST::FUNCTION:CT
-CTLOG_STORE_new_ex                      ?	3_0_0	EXIST::FUNCTION:CT
-EVP_PKEY_set_ex_data                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_ex_data                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_group_name             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_group_name             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_ec_paramgen_curve_nid  ?	3_0_0	EXIST::FUNCTION:
-d2i_PrivateKey_ex                       ?	3_0_0	EXIST::FUNCTION:
-d2i_AutoPrivateKey_ex                   ?	3_0_0	EXIST::FUNCTION:
-d2i_PrivateKey_ex_fp                    ?	3_0_0	EXIST::FUNCTION:STDIO
-d2i_PrivateKey_ex_bio                   ?	3_0_0	EXIST::FUNCTION:
-PEM_read_bio_PrivateKey_ex              ?	3_0_0	EXIST::FUNCTION:
-PEM_read_PrivateKey_ex                  ?	3_0_0	EXIST::FUNCTION:STDIO
-EVP_PKEY_CTX_set_dsa_paramgen_bits      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dsa_paramgen_q_bits    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dsa_paramgen_md_props  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dsa_paramgen_gindex    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dsa_paramgen_type      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dsa_paramgen_seed      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dsa_paramgen_md        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_paramgen_type       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_paramgen_gindex     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_paramgen_seed       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_paramgen_prime_len  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_paramgen_subprime_len ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_paramgen_generator  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_nid                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_rfc5114             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dhx_rfc5114            ?	3_0_0	EXIST::FUNCTION:
-X509_VERIFY_PARAM_get0_host             ?	3_0_0	EXIST::FUNCTION:
-X509_VERIFY_PARAM_get0_email            ?	3_0_0	EXIST::FUNCTION:
-X509_VERIFY_PARAM_get1_ip_asc           ?	3_0_0	EXIST::FUNCTION:
-X509_ALGOR_copy                         ?	3_0_0	EXIST::FUNCTION:
-X509_REQ_set0_signature                 ?	3_0_0	EXIST::FUNCTION:
-X509_REQ_set1_signature_algo            ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_modified                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_all_unmodified           ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_fetch                          ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_up_ref                         ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_free                           ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_number                         ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_name                           ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_is_a                           ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_provider                       ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_get_params                     ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_new                        ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_free                       ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_rand                       ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_get_params                 ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_set_params                 ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_gettable_params                ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_gettable_ctx_params            ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_settable_ctx_params            ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_do_all_provided                ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_names_do_all                   ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_instantiate                    ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_uninstantiate                  ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_generate                       ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_reseed                         ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_nonce                          ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_enable_locking                 ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_verify_zeroization             ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_strength                       ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_state                          ?	3_0_0	EXIST::FUNCTION:
-EVP_default_properties_is_fips_enabled  ?	3_0_0	EXIST::FUNCTION:
-EVP_default_properties_enable_fips      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_new_raw_private_key_ex         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_new_raw_public_key_ex          ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_BLD_push_time_t              ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_construct_time_t             ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_time_t                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_set_time_t                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_attach                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_attach            ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_do_all                    ?	3_0_0	EXIST::FUNCTION:
-EC_GROUP_get_field_type                 ?	3_0_0	EXIST::FUNCTION:EC
-X509_PUBKEY_eq                          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_eq                             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_parameters_eq                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_query_operation           ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_unquery_operation         ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_get0_provider_ctx         ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_get_capabilities          ?	3_0_0	EXIST::FUNCTION:
-EC_GROUP_new_by_curve_name_ex           ?	3_0_0	EXIST::FUNCTION:EC
-EC_KEY_new_ex                           ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-EC_KEY_new_by_curve_name_ex             ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-OSSL_LIB_CTX_set0_default               ?	3_0_0	EXIST::FUNCTION:
-PEM_X509_INFO_read_bio_ex               ?	3_0_0	EXIST::FUNCTION:
-PEM_X509_INFO_read_ex                   ?	3_0_0	EXIST::FUNCTION:STDIO
-X509_REQ_verify_ex                      ?	3_0_0	EXIST::FUNCTION:
-X509_new_ex                             ?	3_0_0	EXIST::FUNCTION:
-X509_LOOKUP_ctrl_ex                     ?	3_0_0	EXIST::FUNCTION:
-X509_load_cert_file_ex                  ?	3_0_0	EXIST::FUNCTION:
-X509_load_cert_crl_file_ex              ?	3_0_0	EXIST::FUNCTION:
-X509_LOOKUP_by_subject_ex               ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_file_ex                 ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_store_ex                ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_locations_ex            ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_set_default_paths_ex         ?	3_0_0	EXIST::FUNCTION:
-X509_build_chain                        ?	3_0_0	EXIST::FUNCTION:
-X509V3_set_issuer_pkey                  ?	3_0_0	EXIST::FUNCTION:
-i2s_ASN1_UTF8STRING                     ?	3_0_0	EXIST::FUNCTION:
-s2i_ASN1_UTF8STRING                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_open_ex                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_fetch                      ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_up_ref                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_free                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_provider                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_properties                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_number                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_is_a                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_do_all_provided            ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_names_do_all               ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_settable_ctx_params        ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_new                    ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_params             ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_free                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_passphrase         ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_pem_password_cb    ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_passphrase_ui      ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_from_bio                   ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_from_fp                    ?	3_0_0	EXIST::FUNCTION:STDIO
-OSSL_DECODER_CTX_add_decoder            ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_add_extra              ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_get_num_decoders       ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_input_type         ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_export                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_INSTANCE_get_decoder       ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_INSTANCE_get_decoder_ctx   ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_gettable_params            ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_get_params                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_new_for_pkey           ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_construct          ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_construct_data     ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_cleanup            ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_get_construct          ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_get_construct_data     ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_get_cleanup            ?	3_0_0	EXIST::FUNCTION:
-RAND_get0_primary                       ?	3_0_0	EXIST::FUNCTION:
-RAND_get0_public                        ?	3_0_0	EXIST::FUNCTION:
-RAND_get0_private                       ?	3_0_0	EXIST::FUNCTION:
-PKCS12_SAFEBAG_get0_bag_obj             ?	3_0_0	EXIST::FUNCTION:
-PKCS12_SAFEBAG_get0_bag_type            ?	3_0_0	EXIST::FUNCTION:
-PKCS12_SAFEBAG_create_secret            ?	3_0_0	EXIST::FUNCTION:
-PKCS12_add1_attr_by_NID                 ?	3_0_0	EXIST::FUNCTION:
-PKCS12_add1_attr_by_txt                 ?	3_0_0	EXIST::FUNCTION:
-PKCS12_add_secret                       ?	3_0_0	EXIST::FUNCTION:
-SMIME_write_ASN1_ex                     ?	3_0_0	EXIST::FUNCTION:
-SMIME_read_ASN1_ex                      ?	3_0_0	EXIST::FUNCTION:
-CMS_ContentInfo_new_ex                  ?	3_0_0	EXIST::FUNCTION:CMS
-SMIME_read_CMS_ex                       ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_sign_ex                             ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_data_create_ex                      ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_digest_create_ex                    ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_EncryptedData_encrypt_ex            ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_encrypt_ex                          ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_EnvelopedData_create_ex             ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_create0_ex           ?	3_0_0	EXIST::FUNCTION:CMS
-EVP_SignFinal_ex                        ?	3_0_0	EXIST::FUNCTION:
-EVP_VerifyFinal_ex                      ?	3_0_0	EXIST::FUNCTION:
-EVP_DigestSignInit_ex                   ?	3_0_0	EXIST::FUNCTION:
-EVP_DigestVerifyInit_ex                 ?	3_0_0	EXIST::FUNCTION:
-PKCS7_new_ex                            ?	3_0_0	EXIST::FUNCTION:
-PKCS7_sign_ex                           ?	3_0_0	EXIST::FUNCTION:
-PKCS7_encrypt_ex                        ?	3_0_0	EXIST::FUNCTION:
-SMIME_read_PKCS7_ex                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_self_test                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_tls1_prf_md            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set1_tls1_prf_secret       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_add1_tls1_prf_seed         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_hkdf_md                ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set1_hkdf_salt             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set1_hkdf_key              ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_add1_hkdf_info             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_hkdf_mode                  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set1_pbe_pass              ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set1_scrypt_salt           ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_scrypt_N               ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_scrypt_r               ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_scrypt_p               ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_scrypt_maxmem_bytes    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_kdf_type            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_dh_kdf_type            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set0_dh_kdf_oid            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_dh_kdf_oid            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_kdf_md              ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_dh_kdf_md              ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_dh_kdf_outlen          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_dh_kdf_outlen          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set0_dh_kdf_ukm            ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_dh_kdf_ukm            ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EVP_CIPHER_CTX_get_updated_iv           ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_get_original_iv          ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_gettable_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_settable_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_gen_settable_params         ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_gettable_ctx_params       ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_settable_ctx_params       ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_gettable_ctx_params         ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_settable_ctx_params         ?	3_0_0	EXIST::FUNCTION:
-d2i_PUBKEY_ex                           ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_INFO_new_PUBKEY              ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_INFO_get0_PUBKEY             ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_INFO_get1_PUBKEY             ?	3_0_0	EXIST::FUNCTION:
-PEM_read_bio_PUBKEY_ex                  ?	3_0_0	EXIST::FUNCTION:
-PEM_read_PUBKEY_ex                      ?	3_0_0	EXIST::FUNCTION:STDIO
-PEM_read_bio_Parameters_ex              ?	3_0_0	EXIST::FUNCTION:
-EC_GROUP_new_from_params                ?	3_0_0	EXIST::FUNCTION:EC
-OSSL_STORE_LOADER_set_open_ex           ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-OSSL_STORE_LOADER_fetch                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_up_ref                ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_provider              ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_properties            ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_number                ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_is_a                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_do_all_provided       ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_names_do_all          ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_utf8_string_ptr          ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_get_octet_string_ptr         ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_passphrase_cb      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_mac_key                ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_INFO_new                     ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_INFO_get0_data               ?	3_0_0	EXIST::FUNCTION:
-asn1_d2i_read_bio                       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKCS82PKEY_ex                       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set1_id                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get1_id                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get1_id_len                ?	3_0_0	EXIST::FUNCTION:
-CMS_AuthEnvelopedData_create            ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_AuthEnvelopedData_create_ex         ?	3_0_0	EXIST::FUNCTION:CMS
-EVP_PKEY_CTX_set_ec_param_enc           ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get0_type_name                 ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_name                        ?	3_0_0	EXIST::FUNCTION:
-EC_KEY_decoded_from_explicit_params     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-EVP_KEM_free                            ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_up_ref                          ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_provider                        ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_fetch                           ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_is_a                            ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_number                          ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_do_all_provided                 ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_names_do_all                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_encapsulate_init               ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_encapsulate                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_decapsulate_init               ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_decapsulate                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_kem_op                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_gettable_params            ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_get_params                 ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_output_type        ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_add_encoder            ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_add_extra              ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_get_num_encoders       ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_selection          ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_INSTANCE_get_encoder       ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_INSTANCE_get_encoder_ctx   ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_INSTANCE_get_input_type    ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_INSTANCE_get_output_type   ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_construct          ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_construct_data     ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_cleanup            ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_passphrase_cb      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_type_names_do_all              ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_INSTANCE_get_input_type    ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_gettable_ctx_params     ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_settable_ctx_params     ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_gettable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_settable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
-PKCS7_type_is_other                     ?	3_0_0	EXIST::FUNCTION:
-PKCS7_get_octet_string                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_from_data                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_to_data                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_libctx                ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_propq                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set1_encoded_public_key        ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get1_encoded_public_key        ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_selection          ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_CTX_set_input_structure    ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_INSTANCE_get_input_structure ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_CTX_set_output_structure   ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_INSTANCE_get_output_structure ?	3_0_0	EXIST::FUNCTION:
-PEM_write_PrivateKey_ex                 ?	3_0_0	EXIST::FUNCTION:STDIO
-PEM_write_bio_PrivateKey_ex             ?	3_0_0	EXIST::FUNCTION:
-PEM_write_PUBKEY_ex                     ?	3_0_0	EXIST::FUNCTION:STDIO
-PEM_write_bio_PUBKEY_ex                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_group_name                 ?	3_0_0	EXIST::FUNCTION:
-CRYPTO_atomic_or                        ?	3_0_0	EXIST::FUNCTION:
-CRYPTO_atomic_load                      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_pss_keygen_md      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_rsa_pss_keygen_md_name ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_settable_params                ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set_params                     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set_int_param                  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set_size_t_param               ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set_bn_param                   ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set_utf8_string_param          ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_ec_point_conv_form         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_field_type                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get_params                     ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_fromdata_init                  ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_fromdata_settable              ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_param_check_quick              ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_public_check_quick             ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_is_a                       ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_settable_params          ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_gettable_params          ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_gettable_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_CTX_settable_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_gettable_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_settable_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_gettable_params            ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_settable_params            ?	3_0_0	EXIST::FUNCTION:
-RAND_set_DRBG_type                      ?	3_0_0	EXIST::FUNCTION:
-RAND_set_seed_source_type               ?	3_0_0	EXIST::FUNCTION:
-BN_mod_exp_mont_consttime_x2            ?	3_0_0	EXIST::FUNCTION:
-BIO_f_readbuffer                        ?	3_0_0	EXIST::FUNCTION:
-OSSL_ESS_check_signing_certs            ?	3_0_0	EXIST::FUNCTION:
-OSSL_ESS_signing_cert_new_init          ?	3_0_0	EXIST::FUNCTION:
-OSSL_ESS_signing_cert_v2_new_init       ?	3_0_0	EXIST::FUNCTION:
-ESS_SIGNING_CERT_it                     ?	3_0_0	EXIST::FUNCTION:
-ESS_SIGNING_CERT_V2_it                  ?	3_0_0	EXIST::FUNCTION:
-EVP_Q_digest                            ?	3_0_0	EXIST::FUNCTION:
-EVP_DigestInit_ex2                      ?	3_0_0	EXIST::FUNCTION:
-EVP_EncryptInit_ex2                     ?	3_0_0	EXIST::FUNCTION:
-EVP_DecryptInit_ex2                     ?	3_0_0	EXIST::FUNCTION:
-EVP_CipherInit_ex2                      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_sign_init_ex                   ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_verify_init_ex                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_verify_recover_init_ex         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_encrypt_init_ex                ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_decrypt_init_ex                ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_derive_init_ex                 ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_print_public_fp                ?	3_0_0	EXIST::FUNCTION:STDIO
-EVP_PKEY_print_private_fp               ?	3_0_0	EXIST::FUNCTION:STDIO
-EVP_PKEY_print_params_fp                ?	3_0_0	EXIST::FUNCTION:STDIO
-TS_RESP_CTX_new_ex                      ?	3_0_0	EXIST::FUNCTION:TS
-X509_REQ_new_ex                         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_dup                            ?	3_0_0	EXIST::FUNCTION:
-RSA_PSS_PARAMS_dup                      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_derive_set_peer_ex             ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_name                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_name                       ?	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_description                ?	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_description                ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_description           ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_description                      ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_description                  ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_description                     ?	3_0_0	EXIST::FUNCTION:
-EVP_RAND_description                    ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_description                    ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_description                 ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_description               ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_description             ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_description                     ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_description                 ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_description                     ?	3_0_0	EXIST::FUNCTION:
-OPENSSL_sk_find_all                     ?	3_0_0	EXIST::FUNCTION:
-X509_CRL_new_ex                         ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_dup                          ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_merge                        ?	3_0_0	EXIST::FUNCTION:
-OSSL_PARAM_free                         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_todata                         ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_export                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_CTX_get0_md                      ?	3_0_0	EXIST::FUNCTION:
-EVP_MD_CTX_get1_md                      ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_get0_cipher              ?	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_get1_cipher              ?	3_0_0	EXIST::FUNCTION:
-OSSL_LIB_CTX_get0_global_default        ?	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_name                      ?	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_name                    ?	3_0_0	EXIST::FUNCTION:
-EVP_KEM_name                            ?	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_name                        ?	3_0_0	EXIST::FUNCTION:
-PKCS5_v2_PBE_keyivgen_ex                ?	3_0_0	EXIST::FUNCTION:
-EVP_PBE_scrypt_ex                       ?	3_0_0	EXIST::FUNCTION:SCRYPT
-PKCS5_v2_scrypt_keyivgen_ex             ?	3_0_0	EXIST::FUNCTION:SCRYPT
-EVP_PBE_CipherInit_ex                   ?	3_0_0	EXIST::FUNCTION:
-EVP_PBE_find_ex                         ?	3_0_0	EXIST::FUNCTION:
-PKCS12_SAFEBAG_create_pkcs8_encrypt_ex  ?	3_0_0	EXIST::FUNCTION:
-PKCS8_decrypt_ex                        ?	3_0_0	EXIST::FUNCTION:
-PKCS12_decrypt_skey_ex                  ?	3_0_0	EXIST::FUNCTION:
-PKCS8_encrypt_ex                        ?	3_0_0	EXIST::FUNCTION:
-PKCS8_set0_pbe_ex                       ?	3_0_0	EXIST::FUNCTION:
-PKCS12_pack_p7encdata_ex                ?	3_0_0	EXIST::FUNCTION:
-PKCS12_pbe_crypt_ex                     ?	3_0_0	EXIST::FUNCTION:
-PKCS12_item_decrypt_d2i_ex              ?	3_0_0	EXIST::FUNCTION:
-PKCS12_item_i2d_encrypt_ex              ?	3_0_0	EXIST::FUNCTION:
-PKCS12_init_ex                          ?	3_0_0	EXIST::FUNCTION:
-PKCS12_key_gen_asc_ex                   ?	3_0_0	EXIST::FUNCTION:
-PKCS12_key_gen_uni_ex                   ?	3_0_0	EXIST::FUNCTION:
-PKCS12_key_gen_utf8_ex                  ?	3_0_0	EXIST::FUNCTION:
-PKCS12_PBE_keyivgen_ex                  ?	3_0_0	EXIST::FUNCTION:
-PKCS12_create_ex                        ?	3_0_0	EXIST::FUNCTION:
-PKCS12_add_key_ex                       ?	3_0_0	EXIST::FUNCTION:
-PKCS12_add_safe_ex                      ?	3_0_0	EXIST::FUNCTION:
-PKCS12_add_safes_ex                     ?	3_0_0	EXIST::FUNCTION:
-PKCS5_pbe_set0_algor_ex                 ?	3_0_0	EXIST::FUNCTION:
-PKCS5_pbe_set_ex                        ?	3_0_0	EXIST::FUNCTION:
-PKCS5_pbe2_set_iv_ex                    ?	3_0_0	EXIST::FUNCTION:
-PKCS5_pbkdf2_set_ex                     ?	3_0_0	EXIST::FUNCTION:
-BIO_new_from_core_bio                   ?	3_0_0	EXIST::FUNCTION:
-BIO_new_ex                              ?	3_0_0	EXIST::FUNCTION:
-BIO_s_core                              ?	3_0_0	EXIST::FUNCTION:
-BIO_get_line                            ?	3_0_0	EXIST::FUNCTION:
-OSSL_LIB_CTX_new_from_dispatch          ?	3_0_0	EXIST::FUNCTION:
-OSSL_LIB_CTX_new_child                  ?	3_0_0	EXIST::FUNCTION:
-OSSL_PROVIDER_get0_dispatch             ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_new                         4534	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_free                        4535	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_dup                         4536	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_mac                         4537	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_get_mac_size                4538	3_0_0	EXIST::FUNCTION:
+EVP_Q_mac                               4539	3_0_0	EXIST::FUNCTION:
+EVP_MAC_init                            4540	3_0_0	EXIST::FUNCTION:
+EVP_MAC_update                          4541	3_0_0	EXIST::FUNCTION:
+EVP_MAC_final                           4542	3_0_0	EXIST::FUNCTION:
+EVP_MAC_finalXOF                        4543	3_0_0	EXIST::FUNCTION:
+OSSL_EC_curve_nid2name                  4544	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_digestsign_supports_digest     4545	3_0_0	EXIST::FUNCTION:
+SRP_VBASE_add0_user                     4546	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_user_pwd_new                        4547	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_user_pwd_set_gN                     4548	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_user_pwd_set1_ids                   4549	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_user_pwd_set0_sv                    4550	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+OPENSSL_version_major                   4551	3_0_0	EXIST::FUNCTION:
+OPENSSL_version_minor                   4552	3_0_0	EXIST::FUNCTION:
+OPENSSL_version_patch                   4553	3_0_0	EXIST::FUNCTION:
+OPENSSL_version_pre_release             4554	3_0_0	EXIST::FUNCTION:
+OPENSSL_version_build_metadata          4555	3_0_0	EXIST::FUNCTION:
+OPENSSL_INIT_set_config_filename        4556	3_0_0	EXIST::FUNCTION:STDIO
+OPENSSL_INIT_set_config_file_flags      4557	3_0_0	EXIST::FUNCTION:STDIO
+ASYNC_WAIT_CTX_get_callback             4558	3_0_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_set_callback             4559	3_0_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_set_status               4560	3_0_0	EXIST::FUNCTION:
+ASYNC_WAIT_CTX_get_status               4561	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_free                        4562	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_reset                       4563	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_get_kdf_size                4564	3_0_0	EXIST::FUNCTION:
+EVP_KDF_derive                          4565	3_0_0	EXIST::FUNCTION:
+EVP_KDF_name                            4566	3_0_0	EXIST::FUNCTION:
+EC_GROUP_get0_field                     4567	3_0_0	EXIST::FUNCTION:EC
+CRYPTO_alloc_ex_data                    4568	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_new                        4569	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_free                       4570	3_0_0	EXIST::FUNCTION:
+OPENSSL_LH_flush                        4571	3_0_0	EXIST::FUNCTION:
+BN_native2bn                            4572	3_0_0	EXIST::FUNCTION:
+BN_bn2nativepad                         4573	3_0_0	EXIST::FUNCTION:
+OSSL_trace_get_category_num             4574	3_0_0	EXIST::FUNCTION:
+OSSL_trace_get_category_name            4575	3_0_0	EXIST::FUNCTION:
+OSSL_trace_set_channel                  4576	3_0_0	EXIST::FUNCTION:
+OSSL_trace_set_prefix                   4577	3_0_0	EXIST::FUNCTION:
+OSSL_trace_set_suffix                   4578	3_0_0	EXIST::FUNCTION:
+OSSL_trace_set_callback                 4579	3_0_0	EXIST::FUNCTION:
+OSSL_trace_enabled                      4580	3_0_0	EXIST::FUNCTION:
+OSSL_trace_begin                        4581	3_0_0	EXIST::FUNCTION:
+OSSL_trace_end                          4582	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_load                      4583	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_try_load                  4584	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_unload                    4585	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_add_builtin               4586	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_gettable_params           4587	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get_params                4588	3_0_0	EXIST::FUNCTION:
+d2i_OSSL_CRMF_ENCRYPTEDVALUE            4589	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_ENCRYPTEDVALUE            4590	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_ENCRYPTEDVALUE_free           4591	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_ENCRYPTEDVALUE_new            4592	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_ENCRYPTEDVALUE_it             4593	3_0_0	EXIST::FUNCTION:CRMF
+d2i_OSSL_CRMF_MSG                       4594	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_MSG                       4595	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_dup                       4596	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_free                      4597	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_new                       4598	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_it                        4599	3_0_0	EXIST::FUNCTION:CRMF
+d2i_OSSL_CRMF_PBMPARAMETER              4600	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_PBMPARAMETER              4601	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_PBMPARAMETER_free             4602	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_PBMPARAMETER_new              4603	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_PBMPARAMETER_it               4604	3_0_0	EXIST::FUNCTION:CRMF
+d2i_OSSL_CRMF_CERTID                    4605	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_CERTID                    4606	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTID_dup                    4607	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTID_free                   4608	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTID_new                    4609	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTID_it                     4610	3_0_0	EXIST::FUNCTION:CRMF
+d2i_OSSL_CRMF_PKIPUBLICATIONINFO        4611	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_PKIPUBLICATIONINFO        4612	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_PKIPUBLICATIONINFO_free       4613	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_PKIPUBLICATIONINFO_new        4614	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_PKIPUBLICATIONINFO_it         4615	3_0_0	EXIST::FUNCTION:CRMF
+d2i_OSSL_CRMF_SINGLEPUBINFO             4616	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_SINGLEPUBINFO             4617	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_SINGLEPUBINFO_free            4618	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_SINGLEPUBINFO_new             4619	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_SINGLEPUBINFO_it              4620	3_0_0	EXIST::FUNCTION:CRMF
+d2i_OSSL_CRMF_CERTTEMPLATE              4621	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_CERTTEMPLATE              4622	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_free             4623	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_new              4624	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_it               4625	3_0_0	EXIST::FUNCTION:CRMF
+d2i_OSSL_CRMF_MSGS                      4626	3_0_0	EXIST::FUNCTION:CRMF
+i2d_OSSL_CRMF_MSGS                      4627	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSGS_free                     4628	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSGS_new                      4629	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSGS_it                       4630	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_pbmp_new                      4631	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_pbm_new                       4632	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set1_regCtrl_regToken     4633	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set1_regCtrl_authenticator 4634	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo 4635	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set0_SinglePubInfo        4636	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set_PKIPublicationInfo_action 4637	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo 4638	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey 4639	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set1_regCtrl_oldCertID    4640	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTID_gen                    4641	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set1_regInfo_utf8Pairs    4642	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set1_regInfo_certReq      4643	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set0_validity             4644	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set_certReqId             4645	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get_certReqId             4646	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_set0_extensions           4647	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_push0_extension           4648	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_create_popo               4649	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSGS_verify_popo              4650	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_MSG_get0_tmpl                 4651	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_get0_serialNumber 4652	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_get0_issuer      4653	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTTEMPLATE_fill             4654	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert   4655	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_PARAM_locate                       4656	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_int                4657	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_uint               4658	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_long               4659	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_ulong              4660	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_int32              4661	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_uint32             4662	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_int64              4663	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_uint64             4664	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_size_t             4665	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_BN                 4666	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_double             4667	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_utf8_string        4668	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_utf8_ptr           4669	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_octet_string       4670	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_octet_ptr          4671	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_int                      4672	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_uint                     4673	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_long                     4674	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_ulong                    4675	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_int32                    4676	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_uint32                   4677	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_int64                    4678	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_uint64                   4679	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_size_t                   4680	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_int                      4681	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_uint                     4682	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_long                     4683	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_ulong                    4684	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_int32                    4685	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_uint32                   4686	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_int64                    4687	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_uint64                   4688	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_size_t                   4689	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_double                   4690	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_double                   4691	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_BN                       4692	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_BN                       4693	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_utf8_string              4694	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_utf8_string              4695	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_octet_string             4696	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_octet_string             4697	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_utf8_ptr                 4698	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_utf8_ptr                 4699	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_octet_ptr                4700	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_octet_ptr                4701	3_0_0	EXIST::FUNCTION:
+X509_set0_distinguishing_id             4702	3_0_0	EXIST::FUNCTION:
+X509_get0_distinguishing_id             4703	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get0_engine                    4704	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
+EVP_MD_up_ref                           4705	3_0_0	EXIST::FUNCTION:
+EVP_MD_fetch                            4706	3_0_0	EXIST::FUNCTION:
+EVP_set_default_properties              4707	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_end                4708	3_0_0	EXIST::FUNCTION:
+EC_GROUP_check_named_curve              4709	3_0_0	EXIST::FUNCTION:EC
+EVP_CIPHER_up_ref                       4710	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_fetch                        4711	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_mode                         4712	3_0_0	EXIST::FUNCTION:
+OPENSSL_info                            4713	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_new                         4714	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_kdf                         4715	3_0_0	EXIST::FUNCTION:
+i2d_KeyParams                           4716	3_0_0	EXIST::FUNCTION:
+d2i_KeyParams                           4717	3_0_0	EXIST::FUNCTION:
+i2d_KeyParams_bio                       4718	3_0_0	EXIST::FUNCTION:
+d2i_KeyParams_bio                       4719	3_0_0	EXIST::FUNCTION:
+OSSL_CMP_PKISTATUS_it                   4720	3_0_0	EXIST::FUNCTION:CMP
+d2i_OSSL_CMP_PKIHEADER                  4721	3_0_0	EXIST::FUNCTION:CMP
+i2d_OSSL_CMP_PKIHEADER                  4722	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_PKIHEADER_free                 4723	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_PKIHEADER_new                  4724	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_PKIHEADER_it                   4725	3_0_0	EXIST::FUNCTION:CMP
+d2i_OSSL_CMP_MSG                        4726	3_0_0	EXIST::FUNCTION:CMP
+i2d_OSSL_CMP_MSG                        4727	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_it                         4728	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_create                    4729	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_set0                      4730	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_get0_type                 4731	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_get0_value                4732	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_push0_stack_item          4733	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_free                      4734	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_free                       4735	3_0_0	EXIST::FUNCTION:CMP
+EVP_MD_CTX_set_params                   4736	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_get_params                   4737	3_0_0	EXIST::FUNCTION:
+BN_CTX_new_ex                           4738	3_0_0	EXIST::FUNCTION:
+BN_CTX_secure_new_ex                    4739	3_0_0	EXIST::FUNCTION:
+OPENSSL_thread_stop_ex                  4740	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_locate_const                 4741	3_0_0	EXIST::FUNCTION:
+X509_REQ_set0_distinguishing_id         4742	3_0_0	EXIST::FUNCTION:
+X509_REQ_get0_distinguishing_id         4743	3_0_0	EXIST::FUNCTION:
+BN_rand_ex                              4744	3_0_0	EXIST::FUNCTION:
+BN_priv_rand_ex                         4745	3_0_0	EXIST::FUNCTION:
+BN_rand_range_ex                        4746	3_0_0	EXIST::FUNCTION:
+BN_priv_rand_range_ex                   4747	3_0_0	EXIST::FUNCTION:
+BN_generate_prime_ex2                   4748	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_free                        4749	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_up_ref                      4750	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_fetch                       4751	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_pad                 4752	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_params                 4753	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_fetch                       4754	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_up_ref                      4755	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_free                        4756	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_provider                    4757	3_0_0	EXIST::FUNCTION:
+X509_PUBKEY_dup                         4758	3_0_0	EXIST::FUNCTION:
+EVP_MD_name                             4759	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_name                         4760	3_0_0	EXIST::FUNCTION:
+EVP_MD_provider                         4761	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_provider                     4762	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_name                      4763	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_do_all_provided              4764	3_0_0	EXIST::FUNCTION:
+EVP_MD_do_all_provided                  4765	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_provider                    4766	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_available                 4767	3_0_0	EXIST::FUNCTION:
+ERR_new                                 4768	3_0_0	EXIST::FUNCTION:
+ERR_set_debug                           4769	3_0_0	EXIST::FUNCTION:
+ERR_set_error                           4770	3_0_0	EXIST::FUNCTION:
+ERR_vset_error                          4771	3_0_0	EXIST::FUNCTION:
+X509_get0_authority_issuer              4772	3_0_0	EXIST::FUNCTION:
+X509_get0_authority_serial              4773	3_0_0	EXIST::FUNCTION:
+X509_self_signed                        4774	3_0_0	EXIST::FUNCTION:
+OPENSSL_hexstr2buf_ex                   4775	3_0_0	EXIST::FUNCTION:
+OPENSSL_buf2hexstr_ex                   4776	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_allocate_from_text           4777	3_0_0	EXIST::FUNCTION:
+EVP_MD_gettable_params                  4778	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_settable_params              4779	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_gettable_params              4780	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_params                   4781	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_params               4782	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_params               4783	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_gettable_params              4784	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_settable_ctx_params          4785	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_gettable_ctx_params          4786	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_params                       4787	3_0_0	EXIST::FUNCTION:
+EVP_MAC_fetch                           4788	3_0_0	EXIST::FUNCTION:
+EVP_MAC_settable_ctx_params             4789	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_set_params                  4790	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_get_params                  4791	3_0_0	EXIST::FUNCTION:
+EVP_MAC_gettable_ctx_params             4792	3_0_0	EXIST::FUNCTION:
+EVP_MAC_free                            4793	3_0_0	EXIST::FUNCTION:
+EVP_MAC_up_ref                          4794	3_0_0	EXIST::FUNCTION:
+EVP_MAC_get_params                      4795	3_0_0	EXIST::FUNCTION:
+EVP_MAC_gettable_params                 4796	3_0_0	EXIST::FUNCTION:
+EVP_MAC_provider                        4797	3_0_0	EXIST::FUNCTION:
+EVP_MAC_do_all_provided                 4798	3_0_0	EXIST::FUNCTION:
+EVP_MAC_name                            4799	3_0_0	EXIST::FUNCTION:
+EVP_MD_free                             4800	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_free                         4801	3_0_0	EXIST::FUNCTION:
+EVP_KDF_up_ref                          4802	3_0_0	EXIST::FUNCTION:
+EVP_KDF_free                            4803	3_0_0	EXIST::FUNCTION:
+EVP_KDF_fetch                           4804	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_dup                         4805	3_0_0	EXIST::FUNCTION:
+EVP_KDF_provider                        4806	3_0_0	EXIST::FUNCTION:
+EVP_KDF_get_params                      4807	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_get_params                  4808	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_set_params                  4809	3_0_0	EXIST::FUNCTION:
+EVP_KDF_gettable_params                 4810	3_0_0	EXIST::FUNCTION:
+EVP_KDF_gettable_ctx_params             4811	3_0_0	EXIST::FUNCTION:
+EVP_KDF_settable_ctx_params             4812	3_0_0	EXIST::FUNCTION:
+EVP_KDF_do_all_provided                 4813	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_free                      4814	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_up_ref                    4815	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_provider                  4816	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_fetch                     4817	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_signature_md           4818	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_signature_md           4819	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_params                 4820	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_gettable_params            4821	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_settable_params            4822	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_tag_length               4823	3_0_0	EXIST::FUNCTION:
+ERR_get_error_all                       4824	3_0_0	EXIST::FUNCTION:
+ERR_peek_error_func                     4825	3_0_0	EXIST::FUNCTION:
+ERR_peek_error_data                     4826	3_0_0	EXIST::FUNCTION:
+ERR_peek_error_all                      4827	3_0_0	EXIST::FUNCTION:
+ERR_peek_last_error_func                4828	3_0_0	EXIST::FUNCTION:
+ERR_peek_last_error_data                4829	3_0_0	EXIST::FUNCTION:
+ERR_peek_last_error_all                 4830	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_is_a                         4831	3_0_0	EXIST::FUNCTION:
+EVP_MAC_is_a                            4832	3_0_0	EXIST::FUNCTION:
+EVP_MD_settable_ctx_params              4833	3_0_0	EXIST::FUNCTION:
+EVP_MD_gettable_ctx_params              4834	3_0_0	EXIST::FUNCTION:
+OSSL_CMP_CTX_new                        4835	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_free                       4836	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_reinit                     4837	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_option                 4838	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get_option                 4839	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_log_cb                 4840	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_print_errors               4841	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_serverPath            4842	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_server                4843	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_serverPort             4844	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_proxy                 4845	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_no_proxy              4846	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_http_cb                4847	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_http_cb_arg            4848	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get_http_cb_arg            4849	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_transfer_cb            4850	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_transfer_cb_arg        4851	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get_transfer_cb_arg        4852	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_srvCert               4853	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_expected_sender       4854	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set0_trustedStore          4855	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get0_trustedStore          4856	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_untrusted             4857	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get0_untrusted             4858	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_cert                  4859	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_pkey                  4860	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_build_cert_chain           4861	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_referenceValue        4862	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_secretValue           4863	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_recipient             4864	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_push0_geninfo_ITAV         4865	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_extraCertsOut         4866	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set0_newPkey               4867	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get0_newPkey               4868	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_issuer                4869	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_subjectName           4870	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_push1_subjectAltName       4871	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set0_reqExtensions         4872	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_reqExtensions_have_SAN     4873	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_push0_policy               4874	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_oldCert               4875	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_p10CSR                4876	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_push0_genm_ITAV            4877	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_certConf_cb            4878	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set_certConf_cb_arg        4879	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get_certConf_cb_arg        4880	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get_status                 4881	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get0_statusString          4882	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get_failInfoCode           4883	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get0_newCert               4884	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get1_newChain              4885	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get1_caPubs                4886	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get1_extraCertsIn          4887	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_transactionID         4888	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_senderNonce           4889	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_log_open                       4890	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_log_close                      4891	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_print_to_bio                   4892	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_print_errors_cb                4893	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CRMF_CERTID_get0_issuer            4894	3_0_0	EXIST::FUNCTION:CRMF
+OSSL_CRMF_CERTID_get0_serialNumber      4895	3_0_0	EXIST::FUNCTION:CRMF
+EVP_DigestSignUpdate                    4896	3_0_0	EXIST::FUNCTION:
+EVP_DigestVerifyUpdate                  4897	3_0_0	EXIST::FUNCTION:
+BN_check_prime                          4898	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_is_a                        4899	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_do_all_provided             4900	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_is_a                        4901	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_do_all_provided             4902	3_0_0	EXIST::FUNCTION:
+EVP_KDF_is_a                            4903	3_0_0	EXIST::FUNCTION:
+EVP_MD_is_a                             4904	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_is_a                      4905	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_do_all_provided           4906	3_0_0	EXIST::FUNCTION:
+EVP_MD_names_do_all                     4907	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_names_do_all                 4908	3_0_0	EXIST::FUNCTION:
+EVP_MAC_names_do_all                    4909	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_names_do_all                4910	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_names_do_all                4911	3_0_0	EXIST::FUNCTION:
+EVP_KDF_names_do_all                    4912	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_names_do_all              4913	3_0_0	EXIST::FUNCTION:
+EVP_MD_number                           4914	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_number                       4915	3_0_0	EXIST::FUNCTION:
+EVP_MAC_number                          4916	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_number                      4917	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_number                      4918	3_0_0	EXIST::FUNCTION:
+EVP_KDF_number                          4919	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_number                    4920	3_0_0	EXIST::FUNCTION:
+OSSL_CMP_CTX_snprint_PKIStatus          4921	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_HDR_get0_transactionID         4922	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_HDR_get0_recipNonce            4923	3_0_0	EXIST::FUNCTION:CMP
+X509_LOOKUP_store                       4924	3_0_0	EXIST::FUNCTION:
+X509_add_cert                           4925	3_0_0	EXIST::FUNCTION:
+X509_add_certs                          4926	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_file                    4927	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_path                    4928	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_store                   4929	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_fromdata                       4930	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_free                    4931	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_up_ref                  4932	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_provider                4933	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_fetch                   4934	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_is_a                    4935	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_number                  4936	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_do_all_provided         4937	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_names_do_all            4938	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_padding            4939	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_rsa_padding            4940	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_mgf1_md            4941	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_mgf1_md_name       4942	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_rsa_mgf1_md            4943	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_oaep_md            4944	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_oaep_md_name       4945	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_rsa_oaep_md            4946	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_rsa_oaep_label        4947	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_rsa_oaep_label        4948	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_rsa_mgf1_md_name       4949	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_rsa_oaep_md_name       4950	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_meth_set_digestsign            4951	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+EVP_PKEY_meth_set_digestverify          4952	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+EVP_PKEY_meth_get_digestsign            4953	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+EVP_PKEY_meth_get_digestverify          4954	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_ENCODER_up_ref                     4955	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_free                       4956	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_fetch                      4957	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_number                     4958	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_is_a                       4959	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_provider                   4960	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_do_all_provided            4961	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_names_do_all               4962	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_settable_ctx_params        4963	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_new                    4964	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_params             4965	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_free                   4966	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_properties                 4967	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_to_bio                     4968	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_to_fp                      4969	3_0_0	EXIST::FUNCTION:STDIO
+OSSL_ENCODER_CTX_new_for_pkey           4970	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_cipher             4971	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_passphrase         4972	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_pem_password_cb    4973	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_passphrase_ui      4974	3_0_0	EXIST::FUNCTION:
+PEM_read_X509_PUBKEY                    4975	3_0_0	EXIST::FUNCTION:STDIO
+PEM_write_X509_PUBKEY                   4976	3_0_0	EXIST::FUNCTION:STDIO
+PEM_read_bio_X509_PUBKEY                4977	3_0_0	EXIST::FUNCTION:
+PEM_write_bio_X509_PUBKEY               4978	3_0_0	EXIST::FUNCTION:
+d2i_X509_PUBKEY_fp                      4979	3_0_0	EXIST::FUNCTION:STDIO
+i2d_X509_PUBKEY_fp                      4980	3_0_0	EXIST::FUNCTION:STDIO
+d2i_X509_PUBKEY_bio                     4981	3_0_0	EXIST::FUNCTION:
+i2d_X509_PUBKEY_bio                     4982	3_0_0	EXIST::FUNCTION:
+RSA_get0_pss_params                     4983	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+X509_cmp_timeframe                      4984	3_0_0	EXIST::FUNCTION:
+OSSL_CMP_MSG_get0_header                4985	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_update_transactionID       4986	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_setup_CRM                  4987	3_0_0	EXIST::FUNCTION:CMP
+BIO_f_prefix                            4988	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_new_from_name              4989	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_new_from_pkey              4990	3_0_0	EXIST::FUNCTION:
+OSSL_SELF_TEST_set_callback             4991	3_0_0	EXIST::FUNCTION:
+OSSL_SELF_TEST_get_callback             4992	3_0_0	EXIST::FUNCTION:
+ASN1_TIME_dup                           4993	3_0_0	EXIST::FUNCTION:
+ASN1_UTCTIME_dup                        4994	3_0_0	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_dup                4995	3_0_0	EXIST::FUNCTION:
+RAND_priv_bytes_ex                      4996	3_0_0	EXIST::FUNCTION:
+RAND_bytes_ex                           4997	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_default_digest_name        4998	3_0_0	EXIST::FUNCTION:
+CMS_decrypt_set1_pkey_and_peer          4999	3_0_0	EXIST::FUNCTION:CMS
+CMS_add1_recipient                      5000	3_0_0	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kari_set0_pkey_and_peer 5001	3_0_0	EXIST::FUNCTION:CMS
+PKCS8_pkey_add1_attr                    5002	3_0_0	EXIST::FUNCTION:
+PKCS8_pkey_add1_attr_by_OBJ             5003	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_private_check                  5004	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_pairwise_check                 5005	3_0_0	EXIST::FUNCTION:
+ASN1_item_verify_ctx                    5006	3_0_0	EXIST::FUNCTION:
+ASN1_item_sign_ex                       5007	3_0_0	EXIST::FUNCTION:
+ASN1_item_verify_ex                     5008	3_0_0	EXIST::FUNCTION:
+BIO_socket_wait                         5009	3_0_0	EXIST::FUNCTION:SOCK
+BIO_wait                                5010	3_0_0	EXIST::FUNCTION:
+BIO_do_connect_retry                    5011	3_0_0	EXIST::FUNCTION:
+OSSL_parse_url                          5012	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_get_resp_len          5013	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_set_expected          5014	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_is_alive                      5015	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_open                          5016	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_proxy_connect                 5017	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_set_request                   5018	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_exchange                      5019	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_get                           5020	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_transfer                      5021	3_0_0	EXIST::FUNCTION:
+OSSL_HTTP_close                         5022	3_0_0	EXIST::FUNCTION:
+ASN1_item_i2d_mem_bio                   5023	3_0_0	EXIST::FUNCTION:
+ERR_add_error_txt                       5024	3_0_0	EXIST::FUNCTION:
+ERR_add_error_mem_bio                   5025	3_0_0	EXIST::FUNCTION:
+X509_STORE_CTX_print_verify_cb          5026	3_0_0	EXIST::FUNCTION:
+X509_STORE_get1_all_certs               5027	3_0_0	EXIST::FUNCTION:
+OSSL_CMP_validate_msg                   5028	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_validate_cert_path             5029	3_0_0	EXIST::FUNCTION:CMP
+EVP_PKEY_CTX_set_ecdh_cofactor_mode     5030	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_ecdh_cofactor_mode     5031	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_ecdh_kdf_type          5032	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_ecdh_kdf_type          5033	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_ecdh_kdf_md            5034	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_ecdh_kdf_md            5035	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_ecdh_kdf_outlen        5036	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_ecdh_kdf_outlen        5037	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_ecdh_kdf_ukm          5038	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_ecdh_kdf_ukm          5039	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+EVP_PKEY_CTX_set_rsa_pss_saltlen        5040	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_rsa_pss_saltlen        5041	3_0_0	EXIST::FUNCTION:
+d2i_ISSUER_SIGN_TOOL                    5042	3_0_0	EXIST::FUNCTION:
+i2d_ISSUER_SIGN_TOOL                    5043	3_0_0	EXIST::FUNCTION:
+ISSUER_SIGN_TOOL_free                   5044	3_0_0	EXIST::FUNCTION:
+ISSUER_SIGN_TOOL_new                    5045	3_0_0	EXIST::FUNCTION:
+ISSUER_SIGN_TOOL_it                     5046	3_0_0	EXIST::FUNCTION:
+OSSL_SELF_TEST_new                      5047	3_0_0	EXIST::FUNCTION:
+OSSL_SELF_TEST_free                     5048	3_0_0	EXIST::FUNCTION:
+OSSL_SELF_TEST_onbegin                  5049	3_0_0	EXIST::FUNCTION:
+OSSL_SELF_TEST_oncorrupt_byte           5050	3_0_0	EXIST::FUNCTION:
+OSSL_SELF_TEST_onend                    5051	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_set_default_search_path   5052	3_0_0	EXIST::FUNCTION:
+X509_digest_sig                         5053	3_0_0	EXIST::FUNCTION:
+OSSL_CMP_MSG_dup                        5054	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_dup                       5055	3_0_0	EXIST::FUNCTION:CMP
+d2i_OSSL_CMP_PKISI                      5056	3_0_0	EXIST::FUNCTION:CMP
+i2d_OSSL_CMP_PKISI                      5057	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_PKISI_free                     5058	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_PKISI_new                      5059	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_PKISI_it                       5060	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_PKISI_dup                      5061	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_snprint_PKIStatusInfo          5062	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_STATUSINFO_new                 5063	3_0_0	EXIST::FUNCTION:CMP
+d2i_OSSL_CMP_MSG_bio                    5064	3_0_0	EXIST::FUNCTION:CMP
+i2d_OSSL_CMP_MSG_bio                    5065	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_process_request            5066	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_server_perform             5067	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_new                    5068	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_free                   5069	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_init                   5070	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_get0_cmp_ctx           5071	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_get0_custom_ctx        5072	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_set_send_unprotected_errors 5073	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_set_accept_unprotected 5074	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_set_accept_raverified  5075	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_SRV_CTX_set_grant_implicit_confirm 5076	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_exec_certreq                   5077	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_try_certreq                    5078	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_certConf_cb                    5079	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_exec_RR_ses                    5080	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_exec_GENM_ses                  5081	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_http_perform               5082	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_read                       5083	3_0_0	EXIST::FUNCTION:CMP
+OSSL_CMP_MSG_write                      5084	3_0_0	EXIST::FUNCTION:CMP
+EVP_PKEY_Q_keygen                       5085	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_generate                       5086	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_keygen_bits        5087	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_keygen_pubexp      5088	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+EVP_PKEY_CTX_set1_rsa_keygen_pubexp     5089	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_keygen_primes      5090	3_0_0	EXIST::FUNCTION:
+NCONF_new_ex                            5091	3_0_0	EXIST::FUNCTION:
+CONF_modules_load_file_ex               5092	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_load_config                5093	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_to_param                 5094	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_int                 5095	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_uint                5096	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_long                5097	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_ulong               5098	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_int32               5099	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_uint32              5100	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_int64               5101	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_uint64              5102	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_size_t              5103	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_double              5104	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_BN                  5105	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_BN_pad              5106	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_utf8_string         5107	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_utf8_ptr            5108	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_octet_string        5109	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_octet_ptr           5110	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_new                      5111	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_free                     5112	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_type_by_keymgmt            5113	3_0_0	EXIST::FUNCTION:
+OCSP_RESPID_set_by_key_ex               5114	3_0_0	EXIST::FUNCTION:OCSP
+OCSP_RESPID_match_ex                    5115	3_0_0	EXIST::FUNCTION:OCSP
+SRP_create_verifier_ex                  5116	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_create_verifier_BN_ex               5117	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_Calc_B_ex                           5118	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_Calc_u_ex                           5119	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_Calc_x_ex                           5120	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+SRP_Calc_client_key_ex                  5121	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
+EVP_PKEY_gettable_params                5122	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_int_param                  5123	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_size_t_param               5124	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_bn_param                   5125	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_utf8_string_param          5126	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_octet_string_param         5127	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_is_a                           5128	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_can_sign                       5129	3_0_0	EXIST::FUNCTION:
+X509_STORE_CTX_new_ex                   5130	3_0_0	EXIST::FUNCTION:
+X509_STORE_CTX_verify                   5131	3_0_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_new_ex               5132	3_0_0	EXIST::FUNCTION:CT
+CTLOG_new_ex                            5133	3_0_0	EXIST::FUNCTION:CT
+CTLOG_new_from_base64_ex                5134	3_0_0	EXIST::FUNCTION:CT
+CTLOG_STORE_new_ex                      5135	3_0_0	EXIST::FUNCTION:CT
+EVP_PKEY_set_ex_data                    5136	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_ex_data                    5137	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_group_name             5138	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_group_name             5139	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_ec_paramgen_curve_nid  5140	3_0_0	EXIST::FUNCTION:
+d2i_PrivateKey_ex                       5141	3_0_0	EXIST::FUNCTION:
+d2i_AutoPrivateKey_ex                   5142	3_0_0	EXIST::FUNCTION:
+d2i_PrivateKey_ex_fp                    5143	3_0_0	EXIST::FUNCTION:STDIO
+d2i_PrivateKey_ex_bio                   5144	3_0_0	EXIST::FUNCTION:
+PEM_read_bio_PrivateKey_ex              5145	3_0_0	EXIST::FUNCTION:
+PEM_read_PrivateKey_ex                  5146	3_0_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_CTX_set_dsa_paramgen_bits      5147	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_q_bits    5148	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_md_props  5149	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_gindex    5150	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_type      5151	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_seed      5152	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dsa_paramgen_md        5153	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_paramgen_type       5154	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_paramgen_gindex     5155	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_paramgen_seed       5156	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_paramgen_prime_len  5157	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len 5158	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_paramgen_generator  5159	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_nid                 5160	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_rfc5114             5161	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dhx_rfc5114            5162	3_0_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get0_host             5163	3_0_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get0_email            5164	3_0_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get1_ip_asc           5165	3_0_0	EXIST::FUNCTION:
+X509_ALGOR_copy                         5166	3_0_0	EXIST::FUNCTION:
+X509_REQ_set0_signature                 5167	3_0_0	EXIST::FUNCTION:
+X509_REQ_set1_signature_algo            5168	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_modified                     5169	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_all_unmodified           5170	3_0_0	EXIST::FUNCTION:
+EVP_RAND_fetch                          5171	3_0_0	EXIST::FUNCTION:
+EVP_RAND_up_ref                         5172	3_0_0	EXIST::FUNCTION:
+EVP_RAND_free                           5173	3_0_0	EXIST::FUNCTION:
+EVP_RAND_number                         5174	3_0_0	EXIST::FUNCTION:
+EVP_RAND_name                           5175	3_0_0	EXIST::FUNCTION:
+EVP_RAND_is_a                           5176	3_0_0	EXIST::FUNCTION:
+EVP_RAND_provider                       5177	3_0_0	EXIST::FUNCTION:
+EVP_RAND_get_params                     5178	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_new                        5179	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_free                       5180	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_rand                       5181	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_get_params                 5182	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_set_params                 5183	3_0_0	EXIST::FUNCTION:
+EVP_RAND_gettable_params                5184	3_0_0	EXIST::FUNCTION:
+EVP_RAND_gettable_ctx_params            5185	3_0_0	EXIST::FUNCTION:
+EVP_RAND_settable_ctx_params            5186	3_0_0	EXIST::FUNCTION:
+EVP_RAND_do_all_provided                5187	3_0_0	EXIST::FUNCTION:
+EVP_RAND_names_do_all                   5188	3_0_0	EXIST::FUNCTION:
+EVP_RAND_instantiate                    5189	3_0_0	EXIST::FUNCTION:
+EVP_RAND_uninstantiate                  5190	3_0_0	EXIST::FUNCTION:
+EVP_RAND_generate                       5191	3_0_0	EXIST::FUNCTION:
+EVP_RAND_reseed                         5192	3_0_0	EXIST::FUNCTION:
+EVP_RAND_nonce                          5193	3_0_0	EXIST::FUNCTION:
+EVP_RAND_enable_locking                 5194	3_0_0	EXIST::FUNCTION:
+EVP_RAND_verify_zeroization             5195	3_0_0	EXIST::FUNCTION:
+EVP_RAND_strength                       5196	3_0_0	EXIST::FUNCTION:
+EVP_RAND_state                          5197	3_0_0	EXIST::FUNCTION:
+EVP_default_properties_is_fips_enabled  5198	3_0_0	EXIST::FUNCTION:
+EVP_default_properties_enable_fips      5199	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_new_raw_private_key_ex         5200	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_new_raw_public_key_ex          5201	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_BLD_push_time_t              5202	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_construct_time_t             5203	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_time_t                   5204	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_set_time_t                   5205	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_attach                       5206	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_attach            5207	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen 5208	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md 5209	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name 5210	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_do_all                    5211	3_0_0	EXIST::FUNCTION:
+EC_GROUP_get_field_type                 5212	3_0_0	EXIST::FUNCTION:EC
+X509_PUBKEY_eq                          5213	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_eq                             5214	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_parameters_eq                  5215	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_query_operation           5216	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_unquery_operation         5217	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get0_provider_ctx         5218	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get_capabilities          5219	3_0_0	EXIST::FUNCTION:
+EC_GROUP_new_by_curve_name_ex           5220	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_new_ex                           5221	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
+EC_KEY_new_by_curve_name_ex             5222	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
+OSSL_LIB_CTX_set0_default               5223	3_0_0	EXIST::FUNCTION:
+PEM_X509_INFO_read_bio_ex               5224	3_0_0	EXIST::FUNCTION:
+PEM_X509_INFO_read_ex                   5225	3_0_0	EXIST::FUNCTION:STDIO
+X509_REQ_verify_ex                      5226	3_0_0	EXIST::FUNCTION:
+X509_new_ex                             5227	3_0_0	EXIST::FUNCTION:
+X509_LOOKUP_ctrl_ex                     5228	3_0_0	EXIST::FUNCTION:
+X509_load_cert_file_ex                  5229	3_0_0	EXIST::FUNCTION:
+X509_load_cert_crl_file_ex              5230	3_0_0	EXIST::FUNCTION:
+X509_LOOKUP_by_subject_ex               5231	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_file_ex                 5232	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_store_ex                5233	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_locations_ex            5234	3_0_0	EXIST::FUNCTION:
+X509_STORE_set_default_paths_ex         5235	3_0_0	EXIST::FUNCTION:
+X509_build_chain                        5236	3_0_0	EXIST::FUNCTION:
+X509V3_set_issuer_pkey                  5237	3_0_0	EXIST::FUNCTION:
+i2s_ASN1_UTF8STRING                     5238	3_0_0	EXIST::FUNCTION:
+s2i_ASN1_UTF8STRING                     5239	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_open_ex                      5240	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_fetch                      5241	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_up_ref                     5242	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_free                       5243	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_provider                   5244	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_properties                 5245	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_number                     5246	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_is_a                       5247	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_do_all_provided            5248	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_names_do_all               5249	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_settable_ctx_params        5250	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_new                    5251	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_params             5252	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_free                   5253	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_passphrase         5254	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_pem_password_cb    5255	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_passphrase_ui      5256	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_from_bio                   5257	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_from_fp                    5258	3_0_0	EXIST::FUNCTION:STDIO
+OSSL_DECODER_CTX_add_decoder            5259	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_add_extra              5260	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_get_num_decoders       5261	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_input_type         5262	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_export                     5263	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_INSTANCE_get_decoder       5264	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_INSTANCE_get_decoder_ctx   5265	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_gettable_params            5266	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_get_params                 5267	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_new_for_pkey           5268	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_construct          5269	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_construct_data     5270	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_cleanup            5271	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_get_construct          5272	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_get_construct_data     5273	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_get_cleanup            5274	3_0_0	EXIST::FUNCTION:
+RAND_get0_primary                       5275	3_0_0	EXIST::FUNCTION:
+RAND_get0_public                        5276	3_0_0	EXIST::FUNCTION:
+RAND_get0_private                       5277	3_0_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_bag_obj             5278	3_0_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_get0_bag_type            5279	3_0_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_create_secret            5280	3_0_0	EXIST::FUNCTION:
+PKCS12_add1_attr_by_NID                 5281	3_0_0	EXIST::FUNCTION:
+PKCS12_add1_attr_by_txt                 5282	3_0_0	EXIST::FUNCTION:
+PKCS12_add_secret                       5283	3_0_0	EXIST::FUNCTION:
+SMIME_write_ASN1_ex                     5284	3_0_0	EXIST::FUNCTION:
+SMIME_read_ASN1_ex                      5285	3_0_0	EXIST::FUNCTION:
+CMS_ContentInfo_new_ex                  5286	3_0_0	EXIST::FUNCTION:CMS
+SMIME_read_CMS_ex                       5287	3_0_0	EXIST::FUNCTION:CMS
+CMS_sign_ex                             5288	3_0_0	EXIST::FUNCTION:CMS
+CMS_data_create_ex                      5289	3_0_0	EXIST::FUNCTION:CMS
+CMS_digest_create_ex                    5290	3_0_0	EXIST::FUNCTION:CMS
+CMS_EncryptedData_encrypt_ex            5291	3_0_0	EXIST::FUNCTION:CMS
+CMS_encrypt_ex                          5292	3_0_0	EXIST::FUNCTION:CMS
+CMS_EnvelopedData_create_ex             5293	3_0_0	EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_create0_ex           5294	3_0_0	EXIST::FUNCTION:CMS
+EVP_SignFinal_ex                        5295	3_0_0	EXIST::FUNCTION:
+EVP_VerifyFinal_ex                      5296	3_0_0	EXIST::FUNCTION:
+EVP_DigestSignInit_ex                   5297	3_0_0	EXIST::FUNCTION:
+EVP_DigestVerifyInit_ex                 5298	3_0_0	EXIST::FUNCTION:
+PKCS7_new_ex                            5299	3_0_0	EXIST::FUNCTION:
+PKCS7_sign_ex                           5300	3_0_0	EXIST::FUNCTION:
+PKCS7_encrypt_ex                        5301	3_0_0	EXIST::FUNCTION:
+SMIME_read_PKCS7_ex                     5302	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_self_test                 5303	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_tls1_prf_md            5304	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set1_tls1_prf_secret       5305	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_add1_tls1_prf_seed         5306	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_hkdf_md                5307	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set1_hkdf_salt             5308	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set1_hkdf_key              5309	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_add1_hkdf_info             5310	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_hkdf_mode                  5311	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set1_pbe_pass              5312	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set1_scrypt_salt           5313	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_scrypt_N               5314	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_scrypt_r               5315	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_scrypt_p               5316	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_scrypt_maxmem_bytes    5317	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_kdf_type            5318	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_dh_kdf_type            5319	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_dh_kdf_oid            5320	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_dh_kdf_oid            5321	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_kdf_md              5322	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_dh_kdf_md              5323	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_dh_kdf_outlen          5324	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_dh_kdf_outlen          5325	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_dh_kdf_ukm            5326	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_dh_kdf_ukm            5327	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+EVP_CIPHER_CTX_get_updated_iv           5328	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_original_iv          5329	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_gettable_params             5330	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_settable_params             5331	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_gen_settable_params         5332	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_gettable_ctx_params       5333	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_settable_ctx_params       5334	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_gettable_ctx_params         5335	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_settable_ctx_params         5336	3_0_0	EXIST::FUNCTION:
+d2i_PUBKEY_ex                           5337	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_INFO_new_PUBKEY              5338	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_PUBKEY             5339	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_PUBKEY             5340	3_0_0	EXIST::FUNCTION:
+PEM_read_bio_PUBKEY_ex                  5341	3_0_0	EXIST::FUNCTION:
+PEM_read_PUBKEY_ex                      5342	3_0_0	EXIST::FUNCTION:STDIO
+PEM_read_bio_Parameters_ex              5343	3_0_0	EXIST::FUNCTION:
+EC_GROUP_new_from_params                5344	3_0_0	EXIST::FUNCTION:EC
+OSSL_STORE_LOADER_set_open_ex           5345	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_LOADER_fetch                 5346	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_up_ref                5347	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_provider              5348	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_properties            5349	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_number                5350	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_is_a                  5351	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_do_all_provided       5352	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_names_do_all          5353	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_utf8_string_ptr          5354	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_get_octet_string_ptr         5355	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_passphrase_cb      5356	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_mac_key                5357	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_INFO_new                     5358	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_data               5359	3_0_0	EXIST::FUNCTION:
+asn1_d2i_read_bio                       5360	3_0_0	EXIST::FUNCTION:
+EVP_PKCS82PKEY_ex                       5361	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set1_id                    5362	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get1_id                    5363	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get1_id_len                5364	3_0_0	EXIST::FUNCTION:
+CMS_AuthEnvelopedData_create            5365	3_0_0	EXIST::FUNCTION:CMS
+CMS_AuthEnvelopedData_create_ex         5366	3_0_0	EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_set_ec_param_enc           5367	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get0_type_name                 5368	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_name                        5369	3_0_0	EXIST::FUNCTION:
+EC_KEY_decoded_from_explicit_params     5370	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
+EVP_KEM_free                            5371	3_0_0	EXIST::FUNCTION:
+EVP_KEM_up_ref                          5372	3_0_0	EXIST::FUNCTION:
+EVP_KEM_provider                        5373	3_0_0	EXIST::FUNCTION:
+EVP_KEM_fetch                           5374	3_0_0	EXIST::FUNCTION:
+EVP_KEM_is_a                            5375	3_0_0	EXIST::FUNCTION:
+EVP_KEM_number                          5376	3_0_0	EXIST::FUNCTION:
+EVP_KEM_do_all_provided                 5377	3_0_0	EXIST::FUNCTION:
+EVP_KEM_names_do_all                    5378	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_encapsulate_init               5379	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_encapsulate                    5380	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_decapsulate_init               5381	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_decapsulate                    5382	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_kem_op                 5383	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_gettable_params            5384	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_get_params                 5385	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_output_type        5386	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_add_encoder            5387	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_add_extra              5388	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_get_num_encoders       5389	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_selection          5390	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_INSTANCE_get_encoder       5391	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_INSTANCE_get_encoder_ctx   5392	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_INSTANCE_get_input_type    5393	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_INSTANCE_get_output_type   5394	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_construct          5395	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_construct_data     5396	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_cleanup            5397	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_passphrase_cb      5398	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_type_names_do_all              5399	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_INSTANCE_get_input_type    5400	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_gettable_ctx_params     5401	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_settable_ctx_params     5402	3_0_0	EXIST::FUNCTION:
+EVP_KEM_gettable_ctx_params             5403	3_0_0	EXIST::FUNCTION:
+EVP_KEM_settable_ctx_params             5404	3_0_0	EXIST::FUNCTION:
+PKCS7_type_is_other                     5405	3_0_0	EXIST::FUNCTION:
+PKCS7_get_octet_string                  5406	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_from_data                  5407	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_to_data                    5408	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_libctx                5409	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_propq                 5410	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set1_encoded_public_key        5411	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get1_encoded_public_key        5412	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_selection          5413	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_CTX_set_input_structure    5414	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_INSTANCE_get_input_structure 5415	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_CTX_set_output_structure   5416	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_INSTANCE_get_output_structure 5417	3_0_0	EXIST::FUNCTION:
+PEM_write_PrivateKey_ex                 5418	3_0_0	EXIST::FUNCTION:STDIO
+PEM_write_bio_PrivateKey_ex             5419	3_0_0	EXIST::FUNCTION:
+PEM_write_PUBKEY_ex                     5420	3_0_0	EXIST::FUNCTION:STDIO
+PEM_write_bio_PUBKEY_ex                 5421	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_group_name                 5422	3_0_0	EXIST::FUNCTION:
+CRYPTO_atomic_or                        5423	3_0_0	EXIST::FUNCTION:
+CRYPTO_atomic_load                      5424	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_pss_keygen_md      5425	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_rsa_pss_keygen_md_name 5426	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_settable_params                5427	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_params                     5428	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_int_param                  5429	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_size_t_param               5430	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_bn_param                   5431	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_utf8_string_param          5432	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_octet_string_param         5433	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_ec_point_conv_form         5434	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_field_type                 5435	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_params                     5436	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_fromdata_init                  5437	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_fromdata_settable              5438	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_param_check_quick              5439	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_public_check_quick             5440	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_is_a                       5441	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_settable_params          5442	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_gettable_params          5443	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_gettable_params             5444	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_settable_params             5445	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_gettable_params             5446	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_settable_params             5447	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_gettable_params            5448	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_settable_params            5449	3_0_0	EXIST::FUNCTION:
+RAND_set_DRBG_type                      5450	3_0_0	EXIST::FUNCTION:
+RAND_set_seed_source_type               5451	3_0_0	EXIST::FUNCTION:
+BN_mod_exp_mont_consttime_x2            5452	3_0_0	EXIST::FUNCTION:
+BIO_f_readbuffer                        5453	3_0_0	EXIST::FUNCTION:
+OSSL_ESS_check_signing_certs            5454	3_0_0	EXIST::FUNCTION:
+OSSL_ESS_signing_cert_new_init          5455	3_0_0	EXIST::FUNCTION:
+OSSL_ESS_signing_cert_v2_new_init       5456	3_0_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_it                     5457	3_0_0	EXIST::FUNCTION:
+ESS_SIGNING_CERT_V2_it                  5458	3_0_0	EXIST::FUNCTION:
+EVP_Q_digest                            5459	3_0_0	EXIST::FUNCTION:
+EVP_DigestInit_ex2                      5460	3_0_0	EXIST::FUNCTION:
+EVP_EncryptInit_ex2                     5461	3_0_0	EXIST::FUNCTION:
+EVP_DecryptInit_ex2                     5462	3_0_0	EXIST::FUNCTION:
+EVP_CipherInit_ex2                      5463	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_sign_init_ex                   5464	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_verify_init_ex                 5465	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init_ex         5466	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_encrypt_init_ex                5467	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_decrypt_init_ex                5468	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_derive_init_ex                 5469	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_print_public_fp                5470	3_0_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_print_private_fp               5471	3_0_0	EXIST::FUNCTION:STDIO
+EVP_PKEY_print_params_fp                5472	3_0_0	EXIST::FUNCTION:STDIO
+TS_RESP_CTX_new_ex                      5473	3_0_0	EXIST::FUNCTION:TS
+X509_REQ_new_ex                         5474	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_dup                            5475	3_0_0	EXIST::FUNCTION:
+RSA_PSS_PARAMS_dup                      5476	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_derive_set_peer_ex             5477	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_name                       5478	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_name                       5479	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_description                5480	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_description                5481	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_description           5482	3_0_0	EXIST::FUNCTION:
+EVP_MD_description                      5483	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_description                  5484	3_0_0	EXIST::FUNCTION:
+EVP_MAC_description                     5485	3_0_0	EXIST::FUNCTION:
+EVP_RAND_description                    5486	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_description                    5487	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_description                 5488	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_description               5489	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_description             5490	3_0_0	EXIST::FUNCTION:
+EVP_KEM_description                     5491	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_description                 5492	3_0_0	EXIST::FUNCTION:
+EVP_KDF_description                     5493	3_0_0	EXIST::FUNCTION:
+OPENSSL_sk_find_all                     5494	3_0_0	EXIST::FUNCTION:
+X509_CRL_new_ex                         5495	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_dup                          5496	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_merge                        5497	3_0_0	EXIST::FUNCTION:
+OSSL_PARAM_free                         5498	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_todata                         5499	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_export                         5500	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_get0_md                      5501	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_get1_md                      5502	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get0_cipher              5503	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get1_cipher              5504	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_get0_global_default        5505	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_name                      5506	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_name                    5507	3_0_0	EXIST::FUNCTION:
+EVP_KEM_name                            5508	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_name                        5509	3_0_0	EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen_ex                5510	3_0_0	EXIST::FUNCTION:
+EVP_PBE_scrypt_ex                       5511	3_0_0	EXIST::FUNCTION:SCRYPT
+PKCS5_v2_scrypt_keyivgen_ex             5512	3_0_0	EXIST::FUNCTION:SCRYPT
+EVP_PBE_CipherInit_ex                   5513	3_0_0	EXIST::FUNCTION:
+EVP_PBE_find_ex                         5514	3_0_0	EXIST::FUNCTION:
+PKCS12_SAFEBAG_create_pkcs8_encrypt_ex  5515	3_0_0	EXIST::FUNCTION:
+PKCS8_decrypt_ex                        5516	3_0_0	EXIST::FUNCTION:
+PKCS12_decrypt_skey_ex                  5517	3_0_0	EXIST::FUNCTION:
+PKCS8_encrypt_ex                        5518	3_0_0	EXIST::FUNCTION:
+PKCS8_set0_pbe_ex                       5519	3_0_0	EXIST::FUNCTION:
+PKCS12_pack_p7encdata_ex                5520	3_0_0	EXIST::FUNCTION:
+PKCS12_pbe_crypt_ex                     5521	3_0_0	EXIST::FUNCTION:
+PKCS12_item_decrypt_d2i_ex              5522	3_0_0	EXIST::FUNCTION:
+PKCS12_item_i2d_encrypt_ex              5523	3_0_0	EXIST::FUNCTION:
+PKCS12_init_ex                          5524	3_0_0	EXIST::FUNCTION:
+PKCS12_key_gen_asc_ex                   5525	3_0_0	EXIST::FUNCTION:
+PKCS12_key_gen_uni_ex                   5526	3_0_0	EXIST::FUNCTION:
+PKCS12_key_gen_utf8_ex                  5527	3_0_0	EXIST::FUNCTION:
+PKCS12_PBE_keyivgen_ex                  5528	3_0_0	EXIST::FUNCTION:
+PKCS12_create_ex                        5529	3_0_0	EXIST::FUNCTION:
+PKCS12_add_key_ex                       5530	3_0_0	EXIST::FUNCTION:
+PKCS12_add_safe_ex                      5531	3_0_0	EXIST::FUNCTION:
+PKCS12_add_safes_ex                     5532	3_0_0	EXIST::FUNCTION:
+PKCS5_pbe_set0_algor_ex                 5533	3_0_0	EXIST::FUNCTION:
+PKCS5_pbe_set_ex                        5534	3_0_0	EXIST::FUNCTION:
+PKCS5_pbe2_set_iv_ex                    5535	3_0_0	EXIST::FUNCTION:
+PKCS5_pbkdf2_set_ex                     5536	3_0_0	EXIST::FUNCTION:
+BIO_new_from_core_bio                   5537	3_0_0	EXIST::FUNCTION:
+BIO_new_ex                              5538	3_0_0	EXIST::FUNCTION:
+BIO_s_core                              5539	3_0_0	EXIST::FUNCTION:
+BIO_get_line                            5540	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_new_from_dispatch          5541	3_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_new_child                  5542	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get0_dispatch             5543	3_0_0	EXIST::FUNCTION:
diff --git a/util/libssl.num b/util/libssl.num
index 22222ddd04..f055c967bf 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -497,26 +497,26 @@ SSL_get_recv_max_early_data             497	3_0_0	EXIST::FUNCTION:
 SSL_CTX_get_recv_max_early_data         498	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_recv_max_early_data         499	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_post_handshake_auth         500	3_0_0	EXIST::FUNCTION:
-SSL_get_signature_type_nid              ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_async_callback              ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_async_callback_arg          ?	3_0_0	EXIST::FUNCTION:
-SSL_set_async_callback                  ?	3_0_0	EXIST::FUNCTION:
-SSL_set_async_callback_arg              ?	3_0_0	EXIST::FUNCTION:
-SSL_get_async_status                    ?	3_0_0	EXIST::FUNCTION:
-SSL_sendfile                            ?	3_0_0	EXIST::FUNCTION:
-OSSL_default_cipher_list                ?	3_0_0	EXIST::FUNCTION:
-OSSL_default_ciphersuites               ?	3_0_0	EXIST::FUNCTION:
-SSL_add_store_cert_subjects_to_stack    ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_default_verify_store        ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_load_verify_file                ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_load_verify_dir                 ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_load_verify_store               ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set_tlsext_ticket_key_evp_cb    ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_new_ex                          ?	3_0_0	EXIST::FUNCTION:
-SSL_new_session_ticket                  ?	3_0_0	EXIST::FUNCTION:
-SSL_get0_peer_certificate               ?	3_0_0	EXIST::FUNCTION:
-SSL_get1_peer_certificate               ?	3_0_0	EXIST::FUNCTION:
-SSL_load_client_CA_file_ex              ?	3_0_0	EXIST::FUNCTION:
-SSL_set0_tmp_dh_pkey                    ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_set0_tmp_dh_pkey                ?	3_0_0	EXIST::FUNCTION:
-SSL_group_to_name                       ?	3_0_0	EXIST::FUNCTION:
+SSL_get_signature_type_nid              501	3_0_0	EXIST::FUNCTION:
+SSL_CTX_set_async_callback              502	3_0_0	EXIST::FUNCTION:
+SSL_CTX_set_async_callback_arg          503	3_0_0	EXIST::FUNCTION:
+SSL_set_async_callback                  504	3_0_0	EXIST::FUNCTION:
+SSL_set_async_callback_arg              505	3_0_0	EXIST::FUNCTION:
+SSL_get_async_status                    506	3_0_0	EXIST::FUNCTION:
+SSL_sendfile                            507	3_0_0	EXIST::FUNCTION:
+OSSL_default_cipher_list                508	3_0_0	EXIST::FUNCTION:
+OSSL_default_ciphersuites               509	3_0_0	EXIST::FUNCTION:
+SSL_add_store_cert_subjects_to_stack    510	3_0_0	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_store        511	3_0_0	EXIST::FUNCTION:
+SSL_CTX_load_verify_file                512	3_0_0	EXIST::FUNCTION:
+SSL_CTX_load_verify_dir                 513	3_0_0	EXIST::FUNCTION:
+SSL_CTX_load_verify_store               514	3_0_0	EXIST::FUNCTION:
+SSL_CTX_set_tlsext_ticket_key_evp_cb    515	3_0_0	EXIST::FUNCTION:
+SSL_CTX_new_ex                          516	3_0_0	EXIST::FUNCTION:
+SSL_new_session_ticket                  517	3_0_0	EXIST::FUNCTION:
+SSL_get0_peer_certificate               518	3_0_0	EXIST::FUNCTION:
+SSL_get1_peer_certificate               519	3_0_0	EXIST::FUNCTION:
+SSL_load_client_CA_file_ex              520	3_0_0	EXIST::FUNCTION:
+SSL_set0_tmp_dh_pkey                    521	3_0_0	EXIST::FUNCTION:
+SSL_CTX_set0_tmp_dh_pkey                522	3_0_0	EXIST::FUNCTION:
+SSL_group_to_name                       523	3_0_0	EXIST::FUNCTION:

From no-reply at appveyor.com  Thu May 20 21:15:45 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 20 May 2021 21:15:45 +0000
Subject: Build failed: openssl master.42096
Message-ID: <20210520211545.1.53E573CA442808DC@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210520/aa247b02/attachment.html>

From no-reply at appveyor.com  Thu May 20 22:31:56 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 20 May 2021 22:31:56 +0000
Subject: Build failed: openssl master.42097
Message-ID: <20210520223156.1.930D3510A726CE11@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210520/5b749ef7/attachment.html>

From no-reply at appveyor.com  Thu May 20 23:49:07 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 20 May 2021 23:49:07 +0000
Subject: Build failed: openssl master.42098
Message-ID: <20210520234907.1.86448B1471C5E4F7@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210520/174a9e1a/attachment.html>

From pauli at openssl.org  Fri May 21 00:03:50 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 21 May 2021 00:03:50 +0000
Subject: [openssl]  master update
Message-ID: <1621555430.443427.31631.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0a281eefb6355d62b2e2a66e425c6966d7f29486 (commit)
       via  8a709c5e4b5a6b91ebf5001a94ed80ab20f05472 (commit)
      from  2ed0a45a65b0df10648a4c11d365e2e1ebb1e697 (commit)


- Log -----------------------------------------------------------------
commit 0a281eefb6355d62b2e2a66e425c6966d7f29486
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 19 18:21:44 2021 +0200

    Exchange no-siv and no-ec2m between daily and ci workflows
    
    The no-ec2m with ec enabled is much more likely to show
    regressions such as #15170 than the no-siv build.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15355)

commit 8a709c5e4b5a6b91ebf5001a94ed80ab20f05472
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 19 18:16:21 2021 +0200

    pem_read_bio_key_legacy: Do not obscure real error if there is one
    
    Fixes #15170
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15355)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/run-checker-ci.yml    | 2 +-
 .github/workflows/run-checker-daily.yml | 2 +-
 crypto/pem/pem_pkey.c                   | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml
index 48ff9c9765..9a34e5d42e 100644
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -13,8 +13,8 @@ jobs:
           no-ct,
           no-dtls,
           no-ec,
+          no-ec2m,
           no-legacy,
-          no-siv,
           no-sock,
           no-srp,
           no-srtp,
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
index efe350c254..a85ad2cb71 100644
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -44,7 +44,6 @@ jobs:
           no-dtls1_2,
           no-dtls1_2-method,
           no-dtls1-method,
-          no-ec2m,
           no-ecdh,
           no-ecdsa,
           enable-ec_nistp_64_gcc_128,
@@ -96,6 +95,7 @@ jobs:
           no-seed,
           no-shared,
           no-siphash,
+          no-siv,
           no-sm2,
           no-sm3,
           no-sm4,
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 3f0a9e4fef..adbf8bcfe7 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -171,7 +171,8 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x,
     }
 
  p8err:
-    if (ret == NULL)
+    if (ret == NULL && ERR_peek_last_error() == 0)
+        /* ensure some error is reported but do not hide the real one */
         ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
  err:
     OPENSSL_secure_free(nm);

From pauli at openssl.org  Fri May 21 00:07:07 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 21 May 2021 00:07:07 +0000
Subject: [openssl]  master update
Message-ID: <1621555627.124397.719.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8a196fe228dbe5c38bbb39a9d42845257cab605c (commit)
       via  1202103583b591da0e67d07626d35fd72d87dafa (commit)
      from  0a281eefb6355d62b2e2a66e425c6966d7f29486 (commit)


- Log -----------------------------------------------------------------
commit 8a196fe228dbe5c38bbb39a9d42845257cab605c
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 19 17:20:53 2021 +0200

    BIO_s_accept.pod: Document port auto-selection feature of BIO_set_accept_port()
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15354)

commit 1202103583b591da0e67d07626d35fd72d87dafa
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 19 16:12:49 2021 +0200

    EVP_DigestSignInit.pod: Clarification in EVP_DigestSignFinal() parameter 'sig'
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15354)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/BIO_s_accept.pod       | 2 ++
 doc/man3/EVP_DigestSignInit.pod | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod
index 02c6006453..f49eb532fc 100644
--- a/doc/man3/BIO_s_accept.pod
+++ b/doc/man3/BIO_s_accept.pod
@@ -77,6 +77,8 @@ port.  "port" has the same syntax as the port specified in
 BIO_set_conn_port() for connect BIOs, that is it can be a numerical
 port string or a string to lookup using getservbyname() and a string
 table.
+If the given port is C<0> then a random available port is chosen.
+It may be queried using BIO_sock_info() and L<BIO_ADDR_service_string(3)>.
 
 BIO_new_accept() combines BIO_new() and BIO_set_accept_name() into
 a single call: that is it creates a new accept BIO with port
diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index d61f20bed3..a24db53949 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -118,8 +118,9 @@ EVP_DigestSignUpdate() hashes I<cnt> bytes of data at I<d> into the
 signature context I<ctx>. This function can be called several times on the
 same I<ctx> to include additional data.
 
-EVP_DigestSignFinal() signs the data in I<ctx> and places the signature in I<sig>.
-If I<sig> is NULL then the maximum size of the output buffer is written to
+Unless I<sig> is NULL EVP_DigestSignFinal() signs the data in I<ctx>
+and places the signature in I<sig>.
+Otherwise the maximum necessary size of the output buffer is written to
 the I<siglen> parameter. If I<sig> is not NULL then before the call the
 I<siglen> parameter should contain the length of the I<sig> buffer. If the
 call is successful the signature is written to I<sig> and the amount of data

From pauli at openssl.org  Fri May 21 00:08:15 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 21 May 2021 00:08:15 +0000
Subject: [openssl]  master update
Message-ID: <1621555695.180849.3234.nullmailer@dev.openssl.org>

The branch master has been updated
       via  cc9f9b98997ce3aca276dc6dbbe6d98efab4e65d (commit)
      from  8a196fe228dbe5c38bbb39a9d42845257cab605c (commit)


- Log -----------------------------------------------------------------
commit cc9f9b98997ce3aca276dc6dbbe6d98efab4e65d
Author: Matt Caswell <matt at openssl.org>
Date:   Wed May 19 11:46:00 2021 +0100

    Clean up the "fips" option to Configure
    
    Don't die if someone says "fips" instead of "enable-fips"
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15346)

-----------------------------------------------------------------------

Summary of changes:
 Configure | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/Configure b/Configure
index 635dc1c84e..e6ac9afd35 100755
--- a/Configure
+++ b/Configure
@@ -799,6 +799,7 @@ while (@argvcopy)
         s /^threads$/enable-threads/;
         s /^zlib$/enable-zlib/;
         s /^zlib-dynamic$/enable-zlib-dynamic/;
+        s /^fips$/enable-fips/;
 
         if (/^(no|disable|enable)-(.+)$/)
                 {
@@ -923,20 +924,12 @@ while (@argvcopy)
                 }
         elsif (/^386$/)
                 { $config{processor}=386; }
-        elsif (/^fips$/)
-                {
-                die "FIPS mode not supported\n";
-                }
         elsif (/^rsaref$/)
                 {
                 # No RSAref support any more since it's not needed.
                 # The check for the option is there so scripts aren't
                 # broken
                 }
-        elsif (/^nofipscanistercheck$/)
-                {
-                die "FIPS mode not supported\n";
-                }
         elsif (m|^[-+/]|)
                 {
                 if (/^--prefix=(.*)$/)

From no-reply at appveyor.com  Fri May 21 01:08:26 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 01:08:26 +0000
Subject: Build failed: openssl master.42099
Message-ID: <20210521010826.1.DA54CF5A612F1794@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/36960f01/attachment-0001.html>

From no-reply at appveyor.com  Fri May 21 02:27:33 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 02:27:33 +0000
Subject: Build failed: openssl master.42100
Message-ID: <20210521022733.1.4B84B9F57D241A3E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/b0b2b3e6/attachment.html>

From no-reply at appveyor.com  Fri May 21 03:43:36 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 03:43:36 +0000
Subject: Build failed: openssl master.42101
Message-ID: <20210521034336.1.53950160AE675D77@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/6c423c76/attachment.html>

From no-reply at appveyor.com  Fri May 21 04:59:30 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 04:59:30 +0000
Subject: Build failed: openssl master.42102
Message-ID: <20210521045930.1.AC5C66FE426057DA@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/b72dc415/attachment.html>

From no-reply at appveyor.com  Fri May 21 06:17:22 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 06:17:22 +0000
Subject: Build failed: openssl master.42103
Message-ID: <20210521061722.1.E7CE559BFE74A8F2@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/5f98cbaf/attachment.html>

From no-reply at appveyor.com  Fri May 21 07:10:33 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 07:10:33 +0000
Subject: Build failed: openssl openssl-3.0.0-alpha17.42104
Message-ID: <20210521071033.1.91249B6A95C1B9E4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/7a15a1a4/attachment.html>

From tomas at openssl.org  Fri May 21 07:43:19 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 21 May 2021 07:43:19 +0000
Subject: [openssl]  master update
Message-ID: <1621582999.927924.8605.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9ad400f788fd4f1e36f0814c1952e2c4cbc3b970 (commit)
      from  cc9f9b98997ce3aca276dc6dbbe6d98efab4e65d (commit)


- Log -----------------------------------------------------------------
commit 9ad400f788fd4f1e36f0814c1952e2c4cbc3b970
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 19 09:50:17 2021 +0200

    FIPS label CI: Save PR number and use it
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15345)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/fips-checksums.yml | 20 +++++++-----------
 .github/workflows/fips-label.yml     | 40 +++++++++++++++++++++++++++---------
 2 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml
index 973778b62f..17d8b4073d 100644
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@@ -16,8 +16,7 @@ jobs:
         run: |
           mkdir ./build-pristine
           mkdir ./build
-          mkdir ./empty
-          touch ./empty/placeholder
+          mkdir ./artifact
       - name: config pristine
         run: ../config enable-fips && perl configdata.pm --dump
         working-directory: ./build-pristine
@@ -44,17 +43,12 @@ jobs:
         run: touch providers/fips.checksum.new && make update-fips-checksums
         working-directory: ./build-pristine
       - name: make diff-fips-checksums
-        run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV
+        run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
         working-directory: ./build
-      - name: save artifact fips_changed
-        if: ${{ env.fips_changed }}
+      - name: save PR number
+        run: echo ${{ github.event.number }} > ./artifact/pr_num
+      - name: save artifact
         uses: actions/upload-artifact at v2
         with:
-          name: fips_changed
-          path: empty/
-      - name: save artifact fips_unchanged
-        if: ${{ env.fips_unchanged }}
-        uses: actions/upload-artifact at v2
-        with:
-          name: fips_unchanged
-          path: empty/
+          name: fips_checksum
+          path: artifact/
diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml
index a46f213f1c..eb87f200f5 100644
--- a/.github/workflows/fips-label.yml
+++ b/.github/workflows/fips-label.yml
@@ -10,27 +10,47 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.event == 'pull_request' }}
     steps:
-      - name: 'Check artifact and apply'
+      - name: 'Download artifact'
         if: ${{ github.event.workflow_run.conclusion == 'success' }}
         uses: actions/github-script at v4
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             var artifacts = await github.actions.listWorkflowRunArtifacts({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              run_id: ${{ github.event.workflow_run.id }}
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "fips_checksum"
+            })[0];
+            var download = await github.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
             });
-            if ( artifacts.data.artifacts[0].name == 'fips_changed' ) {
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
+      - run: unzip artifact.zip
+        if: ${{ github.event.workflow_run.conclusion == 'success' }}
+      - name: 'Check artifact and apply'
+        if: ${{ github.event.workflow_run.conclusion == 'success' }}
+        uses: actions/github-script at v4
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            var fs = require('fs');
+            var pr_num = Number(fs.readFileSync('./pr_num'));
+            if ( fs.existsSync('./fips_changed') ) {
               github.issues.addLabels({
-                issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                issue_number: pr_num,
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 labels: ['severity: fips change']
               });
-            } else if ( artifacts.data.artifacts[0].name == 'fips_unchanged' ) {
+            } else if ( fs.existsSync('./fips_unchanged') ) {
               var labels = await github.issues.listLabelsOnIssue({
-                issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                issue_number: pr_num,
                 owner: context.repo.owner,
                 repo: context.repo.repo
               });
@@ -38,7 +58,7 @@ jobs:
               for ( var label in labels.data ) {
                 if (labels.data[label].name == 'severity: fips change') {
                   github.issues.removeLabel({
-                    issue_number: ${{ github.event.workflow_run.pull_requests[0].number }},
+                    issue_number: pr_num,
                     owner: context.repo.owner,
                     repo: context.repo.repo,
                     name: 'severity: fips change'

From tomas at openssl.org  Fri May 21 08:00:36 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 21 May 2021 08:00:36 +0000
Subject: [openssl]  master update
Message-ID: <1621584036.058143.12636.nullmailer@dev.openssl.org>

The branch master has been updated
       via  57cea5baf616a4a435650d174bfb435578c770c5 (commit)
      from  9ad400f788fd4f1e36f0814c1952e2c4cbc3b970 (commit)


- Log -----------------------------------------------------------------
commit 57cea5baf616a4a435650d174bfb435578c770c5
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 18 17:20:49 2021 +0200

    apps: Cleanup useless bio_open_default() calls for key input
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15331)

-----------------------------------------------------------------------

Summary of changes:
 apps/ec.c      | 9 +--------
 apps/ecparam.c | 6 +-----
 apps/pkey.c    | 3 +--
 3 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/apps/ec.c b/apps/ec.c
index e3ce437076..3a7f505474 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -67,7 +67,7 @@ int ec_main(int argc, char **argv)
     OSSL_DECODER_CTX *dctx = NULL;
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *eckey = NULL;
-    BIO *in = NULL, *out = NULL;
+    BIO *out = NULL;
     ENGINE *e = NULL;
     EVP_CIPHER *enc = NULL;
     char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
@@ -174,12 +174,6 @@ int ec_main(int argc, char **argv)
         goto end;
     }
 
-    if (informat != FORMAT_ENGINE) {
-        in = bio_open_default(infile, 'r', informat);
-        if (in == NULL)
-            goto end;
-    }
-
     BIO_printf(bio_err, "read EC key\n");
 
     if (pubin)
@@ -285,7 +279,6 @@ int ec_main(int argc, char **argv)
 end:
     if (ret != 0)
         ERR_print_errors(bio_err);
-    BIO_free(in);
     BIO_free_all(out);
     EVP_PKEY_free(eckey);
     EVP_CIPHER_free(enc);
diff --git a/apps/ecparam.c b/apps/ecparam.c
index a801ad69bf..c3dbd75365 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -100,7 +100,7 @@ int ecparam_main(int argc, char **argv)
     OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL;
     OSSL_DECODER_CTX *dctx_params = NULL;
     ENGINE *e = NULL;
-    BIO *in = NULL, *out = NULL;
+    BIO *out = NULL;
     char *curve_name = NULL;
     char *asn1_encoding = NULL;
     char *point_format = NULL;
@@ -195,9 +195,6 @@ int ecparam_main(int argc, char **argv)
 
     private = genkey ? 1 : 0;
 
-    in = bio_open_default(infile, 'r', informat);
-    if (in == NULL)
-        goto end;
     out = bio_open_owner(outfile, outformat, private);
     if (out == NULL)
         goto end;
@@ -342,7 +339,6 @@ end:
     OSSL_DECODER_CTX_free(dctx_params);
     OSSL_ENCODER_CTX_free(ectx_params);
     OSSL_ENCODER_CTX_free(ectx_key);
-    BIO_free(in);
     BIO_free_all(out);
     return ret;
 }
diff --git a/apps/pkey.c b/apps/pkey.c
index ddc3414d0c..781f376837 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -67,7 +67,7 @@ const OPTIONS pkey_options[] = {
 
 int pkey_main(int argc, char **argv)
 {
-    BIO *in = NULL, *out = NULL;
+    BIO *out = NULL;
     ENGINE *e = NULL;
     EVP_PKEY *pkey = NULL;
     EVP_PKEY_CTX *ctx = NULL;
@@ -321,7 +321,6 @@ int pkey_main(int argc, char **argv)
     EVP_CIPHER_free(cipher);
     release_engine(e);
     BIO_free_all(out);
-    BIO_free(in);
     OPENSSL_free(passin);
     OPENSSL_free(passout);
 

From no-reply at appveyor.com  Fri May 21 08:34:54 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 08:34:54 +0000
Subject: Build failed: openssl master.42105
Message-ID: <20210521083454.1.8EA160FBF7E958D1@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/0ed34056/attachment.html>

From tomas at openssl.org  Fri May 21 09:01:44 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 21 May 2021 09:01:44 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1621587704.864096.24746.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  fdb4cbd20f50e60fc266d9de4b83890e995d3502 (commit)
      from  7e12c2b3d9ccf97186e4d2cb27aafb084c893ce5 (commit)


- Log -----------------------------------------------------------------
commit fdb4cbd20f50e60fc266d9de4b83890e995d3502
Author: Christian Heimes <christian at python.org>
Date:   Tue Mar 30 12:02:42 2021 +0200

    Inherit hostflags verify params even without hosts
    
    X509_VERIFY_PARAM_inherit() now copies hostflags independently of hosts.
    
    Previously hostflags were only copied when at least one host was set.
    Typically applications don't configure hosts on SSL_CTX. The change
    enables applications to configure hostflags on SSL_CTX and have OpenSSL
    copy the flags from SSL_CTX to SSL.
    
    Fixes: https://github.com/openssl/openssl/issues/14579
    Signed-off-by: Christian Heimes <christian at python.org>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14856)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_vpm.c |  4 ++--
 test/sslapitest.c      | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 68b681d5ee..0645df4a31 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -199,7 +199,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
             return 0;
     }
 
-    /* Copy the host flags if and only if we're copying the host list */
+    x509_verify_param_copy(hostflags, 0);
+
     if (test_x509_verify_param_copy(hosts, NULL)) {
         sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
         dest->hosts = NULL;
@@ -208,7 +209,6 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
                 sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
             if (dest->hosts == NULL)
                 return 0;
-            dest->hostflags = src->hostflags;
         }
     }
 
diff --git a/test/sslapitest.c b/test/sslapitest.c
index b866135065..7ae8b0638a 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -17,6 +17,7 @@
 #include <openssl/srp.h>
 #include <openssl/txt_db.h>
 #include <openssl/aes.h>
+#include <openssl/x509v3.h>
 
 #include "ssltestlib.h"
 #include "testutil.h"
@@ -6787,6 +6788,47 @@ end:
     return testresult;
 }
 
+static int test_inherit_verify_param(void)
+{
+    int testresult = 0;
+
+    SSL_CTX *ctx = NULL;
+    X509_VERIFY_PARAM *cp = NULL;
+    SSL *ssl = NULL;
+    X509_VERIFY_PARAM *sp = NULL;
+    int hostflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
+
+    ctx = SSL_CTX_new(TLS_server_method());
+    if (!TEST_ptr(ctx))
+        goto end;
+
+    cp = SSL_CTX_get0_param(ctx);
+    if (!TEST_ptr(cp))
+        goto end;
+    if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(cp), 0))
+        goto end;
+
+    X509_VERIFY_PARAM_set_hostflags(cp, hostflags);
+
+    ssl = SSL_new(ctx);
+    if (!TEST_ptr(ssl))
+        goto end;
+
+    sp = SSL_get0_param(ssl);
+    if (!TEST_ptr(sp))
+        goto end;
+    if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(sp), hostflags))
+        goto end;
+
+    testresult = 1;
+
+ end:
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+
+    return testresult;
+}
+
 int setup_tests(void)
 {
     if (!TEST_ptr(certsdir = test_get_argument(0))
@@ -6914,6 +6956,7 @@ int setup_tests(void)
     ADD_TEST(test_sni_tls13);
 #endif
     ADD_TEST(test_set_alpn);
+    ADD_TEST(test_inherit_verify_param);
     return 1;
 }
 

From tomas at openssl.org  Fri May 21 09:03:52 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 21 May 2021 09:03:52 +0000
Subject: [openssl]  master update
Message-ID: <1621587832.165609.27613.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d2f82495a25d835e4821c0c1a79e8e39b66eed66 (commit)
      from  57cea5baf616a4a435650d174bfb435578c770c5 (commit)


- Log -----------------------------------------------------------------
commit d2f82495a25d835e4821c0c1a79e8e39b66eed66
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 18 17:39:56 2021 +0100

    Cleanup the missing*.txt files
    
    One macro existed that was added since 1.1.1 and was undocumented. This
    had been added to missingmacro.txt. This is the wrong approach and so
    has been removed from there.
    
    There were some entries in missingcrypto.txt that don't exist as functions
    at all. There were also some which were in fact documented.
    
    Additionally 2 entries from missingcrypto.txt have been moved to
    missingmacro.txt. These entries existed in 1.1.1 and were undocumented. In
    master they have been deprecated and compatibility macros for them
    implemented. The replacement functions have been documented.
    
    An entry in missingcrypto111.txt was not in alphabetical order (and was
    also) duplicated, but the equivalent entry in missingcrypto.txt was in the
    correct place. This has been corrected to make comparisons between the files
    easier.
    
    Finally a function has been added to missingcrypto111.txt. This function
    did exist in 1.1.1 and was undocumented. Its unclear why this wasn't in
    missingcrypto111.txt to start with.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15333)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/OSSL_CORE_MAKE_FUNC.pod  |  4 +++-
 doc/man3/X509_LOOKUP_hash_dir.pod |  1 -
 doc/man3/X509_check_host.pod      |  3 +--
 doc/man7/EVP_KDF-KRB5KDF.pod      |  1 -
 util/missingcrypto.txt            | 15 ---------------
 util/missingcrypto111.txt         |  4 ++--
 util/missingmacro.txt             |  3 ++-
 util/other.syms                   |  1 +
 8 files changed, 9 insertions(+), 23 deletions(-)

diff --git a/doc/man3/OSSL_CORE_MAKE_FUNC.pod b/doc/man3/OSSL_CORE_MAKE_FUNC.pod
index 751a01fc57..a7a902a336 100644
--- a/doc/man3/OSSL_CORE_MAKE_FUNC.pod
+++ b/doc/man3/OSSL_CORE_MAKE_FUNC.pod
@@ -3,7 +3,8 @@
 =head1 NAME
 
 OSSL_CORE_MAKE_FUNC,
-SSL_OP_BIT
+SSL_OP_BIT,
+EXT_UTF8STRING
 - OpenSSL reserved symbols
 
 =head1 SYNOPSIS
@@ -12,6 +13,7 @@ SSL_OP_BIT
 
  #define OSSL_CORE_MAKE_FUNC(type,name,args)
  #define SSL_OP_BIT(n)
+ #define EXT_UTF8STRING(nid)
 
 =head1 DESCRIPTION
 
diff --git a/doc/man3/X509_LOOKUP_hash_dir.pod b/doc/man3/X509_LOOKUP_hash_dir.pod
index 9212228828..22a5996925 100644
--- a/doc/man3/X509_LOOKUP_hash_dir.pod
+++ b/doc/man3/X509_LOOKUP_hash_dir.pod
@@ -142,7 +142,6 @@ the number of loaded objects or 0 on error.
 
 L<PEM_read_PrivateKey(3)>,
 L<X509_STORE_load_locations(3)>,
-L<X509_store_add_lookup(3)>,
 L<SSL_CTX_load_verify_locations(3)>,
 L<X509_LOOKUP_meth_new(3)>,
 L<ossl_store(7)>
diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod
index 23476a81df..3a9f616f48 100644
--- a/doc/man3/X509_check_host.pod
+++ b/doc/man3/X509_check_host.pod
@@ -145,8 +145,7 @@ L<SSL_get_verify_result(3)>,
 L<X509_VERIFY_PARAM_set1_host(3)>,
 L<X509_VERIFY_PARAM_add1_host(3)>,
 L<X509_VERIFY_PARAM_set1_email(3)>,
-L<X509_VERIFY_PARAM_set1_ip(3)>,
-L<X509_VERIFY_PARAM_set1_ipasc(3)>
+L<X509_VERIFY_PARAM_set1_ip(3)>
 
 =head1 HISTORY
 
diff --git a/doc/man7/EVP_KDF-KRB5KDF.pod b/doc/man7/EVP_KDF-KRB5KDF.pod
index b239f4ed30..1d71aca17b 100644
--- a/doc/man7/EVP_KDF-KRB5KDF.pod
+++ b/doc/man7/EVP_KDF-KRB5KDF.pod
@@ -94,7 +94,6 @@ RFC 3961
 
 L<EVP_KDF(3)>,
 L<EVP_KDF_CTX_free(3)>,
-L<EVP_KDF_ctrl(3)>,
 L<EVP_KDF_CTX_get_kdf_size(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 0946be28a0..00083c834d 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -505,7 +505,6 @@ ECPARAMETERS_it(3)
 ECPKPARAMETERS_it(3)
 ECParameters_print(3)
 ECParameters_print_fp(3)
-EC_GROUP_get_field_type(3)
 EC_GROUP_get_mont_data(3)
 EC_KEY_METHOD_free(3)
 EC_KEY_METHOD_get_compute_key(3)
@@ -590,7 +589,6 @@ EVP_KEYMGMT-DSA(7)
 EVP_KEYMGMT-RSA(7)
 EVP_KEYMGMT-X25519(7)
 EVP_KEYMGMT-X448(7)
-EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(3)
 EVP_SIGNATURE-DSA(7)
 EVP_SIGNATURE-ECDSA(7)
 EVP_SIGNATURE-ED25519(7)
@@ -602,7 +600,6 @@ ERR_load_ASYNC_strings(3)
 ERR_load_BIO_strings(3)
 ERR_load_BN_strings(3)
 ERR_load_BUF_strings(3)
-ERR_load_CMP_strings(3)
 ERR_load_CMS_strings(3)
 ERR_load_COMP_strings(3)
 ERR_load_CONF_strings(3)
@@ -646,7 +643,6 @@ EVP_CIPHER_do_all_sorted(3)
 EVP_CIPHER_get_asn1_iv(3)
 EVP_CIPHER_impl_ctx_size(3)
 EVP_CIPHER_set_asn1_iv(3)
-EVP_KDF_ctrl(3)
 EVP_MD_do_all(3)
 EVP_MD_do_all_sorted(3)
 EVP_PBE_alg_add(3)
@@ -678,11 +674,9 @@ EVP_add_alg_module(3)
 EVP_add_cipher(3)
 EVP_add_digest(3)
 EVP_get_pw_prompt(3)
-EVP_hex2ctrl(3)
 EVP_read_pw_string(3)
 EVP_read_pw_string_min(3)
 EVP_set_pw_prompt(3)
-EVP_str2ctrl(3)
 EXTENDED_KEY_USAGE_it(3)
 GENERAL_NAMES_it(3)
 GENERAL_NAME_cmp(3)
@@ -776,10 +770,6 @@ OCSP_ONEREQ_get_ext_by_critical(3)
 OCSP_ONEREQ_get_ext_count(3)
 OCSP_ONEREQ_it(3)
 OCSP_REQINFO_it(3)
-OCSP_REQ_CTX_get0_mem_bio(3)
-OCSP_REQ_CTX_http(3)
-OCSP_REQ_CTX_new(3)
-OCSP_REQ_CTX_nbio(3)
 OCSP_REQUEST_add1_ext_i2d(3)
 OCSP_REQUEST_add_ext(3)
 OCSP_REQUEST_delete_ext(3)
@@ -842,9 +832,6 @@ OPENSSL_strnlen(3)
 OPENSSL_uni2asc(3)
 OPENSSL_uni2utf8(3)
 OPENSSL_utf82uni(3)
-OSSL_CRMF_CERTID_dup(3)
-OSSL_PARAM_modified(3)
-OSSL_PARAM_set_all_unmodified(3)
 OSSL_ENCODER-DH(7)
 OSSL_ENCODER-DSA(7)
 OSSL_ENCODER-EC(7)
@@ -1329,7 +1316,6 @@ X509_VERIFY_PARAM_lookup(3)
 X509_VERIFY_PARAM_move_peername(3)
 X509_VERIFY_PARAM_new(3)
 X509_VERIFY_PARAM_set1(3)
-X509_VERIFY_PARAM_set1_ipasc(3)
 X509_VERIFY_PARAM_set1_name(3)
 X509_VERIFY_PARAM_table_cleanup(3)
 X509_add1_reject_object(3)
@@ -1383,7 +1369,6 @@ X509_print_fp(3)
 X509_reject_clear(3)
 X509_signature_dump(3)
 X509_signature_print(3)
-X509_store_add_lookup(3)
 X509_subject_name_hash(3)
 X509_subject_name_hash_old(3)
 X509_supported_extension(3)
diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt
index 4be52cf25c..76dde23a3d 100644
--- a/util/missingcrypto111.txt
+++ b/util/missingcrypto111.txt
@@ -28,8 +28,6 @@ ASIdentifierChoice_it(3)
 ASIdentifierChoice_it(3)
 ASIdentifiers_it(3)
 ASIdentifiers_it(3)
-ASRange_it(3)
-ASRange_it(3)
 ASN1_ANY_it(3)
 ASN1_BIT_STRING_check(3)
 ASN1_BIT_STRING_free(3)
@@ -182,6 +180,7 @@ ASN1_sign(3)
 ASN1_str2mask(3)
 ASN1_tag2bit(3)
 ASN1_verify(3)
+ASRange_it(3)
 AUTHORITY_INFO_ACCESS_it(3)
 AUTHORITY_INFO_ACCESS_it(3)
 AUTHORITY_KEYID_it(3)
@@ -1232,6 +1231,7 @@ SRP_create_verifier(3)
 SRP_create_verifier_BN(3)
 SRP_get_default_gN(3)
 SRP_user_pwd_free(3)
+SSL_CTX_set0_ctlog_store(3)
 SXNETID_it(3)
 SXNETID_it(3)
 SXNET_add_id_INTEGER(3)
diff --git a/util/missingmacro.txt b/util/missingmacro.txt
index 6b7f9fa2b3..97d22205af 100644
--- a/util/missingmacro.txt
+++ b/util/missingmacro.txt
@@ -93,6 +93,8 @@ int_implement_lhash_doall(3)
 OBJ_create_and_add_object(3)
 OBJ_bsearch(3)
 OBJ_bsearch_ex(3)
+OCSP_REQ_CTX_http(3)
+OCSP_REQ_CTX_new(3)
 PEM_read_bio_OCSP_REQUEST(3)
 PEM_read_bio_OCSP_RESPONSE(3)
 PEM_write_bio_OCSP_REQUEST(3)
@@ -172,4 +174,3 @@ X509V3_set_ctx_test(3)
 X509V3_set_ctx_nodb(3)
 EXT_BITSTRING(3)
 EXT_IA5STRING(3)
-EXT_UTF8STRING(3)
diff --git a/util/other.syms b/util/other.syms
index 466373ad7f..706ad7f5da 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -333,6 +333,7 @@ EVP_rc5_32_12_16_cfb                    define
 EVP_RSA_gen                             define
 EVP_seed_cfb                            define
 EVP_sm4_cfb                             define
+EXT_UTF8STRING                          define
 OBJ_cleanup                             define deprecated 1.1.0
 OCSP_parse_url                          define
 OCSP_REQ_CTX                            datatype deprecated 3.0.0

From no-reply at appveyor.com  Fri May 21 09:56:29 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 09:56:29 +0000
Subject: Build failed: openssl master.42106
Message-ID: <20210521095629.1.EB426905F8D6781E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/685c44a8/attachment.html>

From levitte at openssl.org  Fri May 21 10:09:06 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 21 May 2021 10:09:06 +0000
Subject: [openssl]  master update
Message-ID: <1621591746.891021.29869.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b938544969577e3b74da6f8c689c87c90ceced22 (commit)
      from  d2f82495a25d835e4821c0c1a79e8e39b66eed66 (commit)


- Log -----------------------------------------------------------------
commit b938544969577e3b74da6f8c689c87c90ceced22
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed May 19 18:51:07 2021 +0200

    PROV: Relegate most of the FIPS provider code to libfips.a
    
    provider/fips/fipsprov.c contains a number of symbols that get used by
    anything that's included in libfips.a, at least on Unix.
    Unfortunately, there are platforms that do not support resolving
    symbols to things that are already included in the end product (module
    in this case) being built; they only support resolving symbols with
    what comes next in the linking process.
    
    The offending symbols in this case are FIPS_security_check_enabled,
    c_thread_start and ossl_fips_intern_provider_init.
    
    We resolve this by placing provider/fips/fipsprov.c in libfips.a along
    with everything else there.  That takes care of the offending symbols.
    What remains is to ensure that there is an entry point in an object
    file used directly when linking the module, providers/fips/fips_entry.c
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15370)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips/build.info                        |  8 ++++++--
 test/filterprov.h => providers/fips/fips_entry.c | 13 +++++++++----
 providers/fips/fipsprov.c                        | 24 ++++++++++++++++++++----
 3 files changed, 35 insertions(+), 10 deletions(-)
 copy test/filterprov.h => providers/fips/fips_entry.c (50%)

diff --git a/providers/fips/build.info b/providers/fips/build.info
index 8d3c5e2049..2bfc58501e 100644
--- a/providers/fips/build.info
+++ b/providers/fips/build.info
@@ -1,2 +1,6 @@
-SOURCE[../fips]=fipsprov.c self_test.c self_test_kats.c
-INCLUDE[../fips]=../implementations/include ../common/include ../..
+# We include the provider implementation into ../libfips.a, so that all
+# platforms can resolve symbols in other members of that library.
+SOURCE[../libfips.a]=fipsprov.c self_test.c self_test_kats.c
+
+# It is necessary to have an explicit entry point
+SOURCE[../fips]=fips_entry.c
diff --git a/test/filterprov.h b/providers/fips/fips_entry.c
similarity index 50%
copy from test/filterprov.h
copy to providers/fips/fips_entry.c
index 3c63071556..c2c8d5de2c 100644
--- a/test/filterprov.h
+++ b/providers/fips/fips_entry.c
@@ -7,8 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/core_dispatch.h>
+#include <openssl/core.h>
 
-OSSL_provider_init_fn filter_provider_init;
-int filter_provider_set_filter(int operation, const char *name);
-int filter_provider_check_clean_finish(void);
+OSSL_provider_init_fn OSSL_provider_init_int;
+int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+                       const OSSL_DISPATCH *in,
+                       const OSSL_DISPATCH **out,
+                       void **provctx)
+{
+    return OSSL_provider_init_int(handle, in, out, provctx);
+}
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index c28995fc44..580eea574f 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -518,10 +518,26 @@ static const OSSL_DISPATCH intern_dispatch_table[] = {
     { 0, NULL }
 };
 
-int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
-                       const OSSL_DISPATCH *in,
-                       const OSSL_DISPATCH **out,
-                       void **provctx)
+/*
+ * On VMS, the provider init function name is expected to be uppercase,
+ * see the pragmas in <openssl/core.h>.  Let's do the same with this
+ * internal name.  This is how symbol names are treated by default
+ * by the compiler if nothing else is said, but since this is part
+ * of libfips, and we build our libraries with mixed case symbol names,
+ * we must switch back to this default explicitly here.
+ */
+#ifdef __VMS
+# pragma names save
+# pragma names uppercase,truncated
+#endif
+OSSL_provider_init_fn OSSL_provider_init_int;
+#ifdef __VMS
+# pragma names restore
+#endif
+int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
+                           const OSSL_DISPATCH *in,
+                           const OSSL_DISPATCH **out,
+                           void **provctx)
 {
     FIPS_GLOBAL *fgbl;
     OSSL_LIB_CTX *libctx = NULL;

From tomas at openssl.org  Fri May 21 11:05:45 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 21 May 2021 11:05:45 +0000
Subject: [openssl]  master update
Message-ID: <1621595145.834417.9550.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6d3f798cba8075e700003aaf34f1e72bb930086c (commit)
      from  b938544969577e3b74da6f8c689c87c90ceced22 (commit)


- Log -----------------------------------------------------------------
commit 6d3f798cba8075e700003aaf34f1e72bb930086c
Author: Jean-Philippe Boivin <jpboivin at me.com>
Date:   Mon May 17 16:38:14 2021 -0400

    Properly restore XMM registers in ChaCha20's AVX-512(VL) assembly
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15315)

-----------------------------------------------------------------------

Summary of changes:
 crypto/chacha/asm/chacha-x86_64.pl | 52 ++++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 10 deletions(-)

diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl
index 964c926fde..45f0084767 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
@@ -473,7 +473,7 @@ sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
 	&por	($b,$t);
 }
 
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_ssse3,\@function,5
@@ -2501,7 +2501,7 @@ sub AVX512ROUND {	# critical path is 14 "SIMD ticks" per round
 	&vprold	($b,$b,7);
 }
 
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_avx512,\@function,5
@@ -2517,8 +2517,16 @@ ChaCha20_avx512:
 	sub	\$64+$xframe,%rsp
 ___
 $code.=<<___	if ($win64);
-	movaps	%xmm6,-0x28(%r9)
-	movaps	%xmm7,-0x18(%r9)
+	movaps	%xmm6,-0xa8(%r9)
+	movaps	%xmm7,-0x98(%r9)
+	movaps	%xmm8,-0x88(%r9)
+	movaps	%xmm9,-0x78(%r9)
+	movaps	%xmm10,-0x68(%r9)
+	movaps	%xmm11,-0x58(%r9)
+	movaps	%xmm12,-0x48(%r9)
+	movaps	%xmm13,-0x38(%r9)
+	movaps	%xmm14,-0x28(%r9)
+	movaps	%xmm15,-0x18(%r9)
 .Lavx512_body:
 ___
 $code.=<<___;
@@ -2685,8 +2693,16 @@ $code.=<<___;
 	vzeroall
 ___
 $code.=<<___	if ($win64);
-	movaps	-0x28(%r9),%xmm6
-	movaps	-0x18(%r9),%xmm7
+	movaps	-0xa8(%r9),%xmm6
+	movaps	-0x98(%r9),%xmm7
+	movaps	-0x88(%r9),%xmm8
+	movaps	-0x78(%r9),%xmm9
+	movaps	-0x68(%r9),%xmm10
+	movaps	-0x58(%r9),%xmm11
+	movaps	-0x48(%r9),%xmm12
+	movaps	-0x38(%r9),%xmm13
+	movaps	-0x28(%r9),%xmm14
+	movaps	-0x18(%r9),%xmm15
 ___
 $code.=<<___;
 	lea	(%r9),%rsp
@@ -2713,8 +2729,16 @@ ChaCha20_avx512vl:
 	sub	\$64+$xframe,%rsp
 ___
 $code.=<<___	if ($win64);
-	movaps	%xmm6,-0x28(%r9)
-	movaps	%xmm7,-0x18(%r9)
+	movaps	%xmm6,-0xa8(%r9)
+	movaps	%xmm7,-0x98(%r9)
+	movaps	%xmm8,-0x88(%r9)
+	movaps	%xmm9,-0x78(%r9)
+	movaps	%xmm10,-0x68(%r9)
+	movaps	%xmm11,-0x58(%r9)
+	movaps	%xmm12,-0x48(%r9)
+	movaps	%xmm13,-0x38(%r9)
+	movaps	%xmm14,-0x28(%r9)
+	movaps	%xmm15,-0x18(%r9)
 .Lavx512vl_body:
 ___
 $code.=<<___;
@@ -2838,8 +2862,16 @@ $code.=<<___;
 	vzeroall
 ___
 $code.=<<___	if ($win64);
-	movaps	-0x28(%r9),%xmm6
-	movaps	-0x18(%r9),%xmm7
+	movaps	-0xa8(%r9),%xmm6
+	movaps	-0x98(%r9),%xmm7
+	movaps	-0x88(%r9),%xmm8
+	movaps	-0x78(%r9),%xmm9
+	movaps	-0x68(%r9),%xmm10
+	movaps	-0x58(%r9),%xmm11
+	movaps	-0x48(%r9),%xmm12
+	movaps	-0x38(%r9),%xmm13
+	movaps	-0x28(%r9),%xmm14
+	movaps	-0x18(%r9),%xmm15
 ___
 $code.=<<___;
 	lea	(%r9),%rsp

From tomas at openssl.org  Fri May 21 11:06:05 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 21 May 2021 11:06:05 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1621595165.370924.10543.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  ca28c2422a7b32644161caa55f818dfafd8eeb9a (commit)
      from  fdb4cbd20f50e60fc266d9de4b83890e995d3502 (commit)


- Log -----------------------------------------------------------------
commit ca28c2422a7b32644161caa55f818dfafd8eeb9a
Author: Jean-Philippe Boivin <jpboivin at me.com>
Date:   Mon May 17 16:38:14 2021 -0400

    Properly restore XMM registers in ChaCha20's AVX-512(VL) assembly
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15315)
    
    (cherry picked from commit 6d3f798cba8075e700003aaf34f1e72bb930086c)

-----------------------------------------------------------------------

Summary of changes:
 crypto/chacha/asm/chacha-x86_64.pl | 52 ++++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 10 deletions(-)

diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl
index 227ee59ff2..2ad3c1a38f 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
@@ -471,7 +471,7 @@ sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round
 	&por	($b,$t);
 }
 
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_ssse3,\@function,5
@@ -2499,7 +2499,7 @@ sub AVX512ROUND {	# critical path is 14 "SIMD ticks" per round
 	&vprold	($b,$b,7);
 }
 
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
 
 $code.=<<___;
 .type	ChaCha20_avx512,\@function,5
@@ -2515,8 +2515,16 @@ ChaCha20_avx512:
 	sub	\$64+$xframe,%rsp
 ___
 $code.=<<___	if ($win64);
-	movaps	%xmm6,-0x28(%r9)
-	movaps	%xmm7,-0x18(%r9)
+	movaps	%xmm6,-0xa8(%r9)
+	movaps	%xmm7,-0x98(%r9)
+	movaps	%xmm8,-0x88(%r9)
+	movaps	%xmm9,-0x78(%r9)
+	movaps	%xmm10,-0x68(%r9)
+	movaps	%xmm11,-0x58(%r9)
+	movaps	%xmm12,-0x48(%r9)
+	movaps	%xmm13,-0x38(%r9)
+	movaps	%xmm14,-0x28(%r9)
+	movaps	%xmm15,-0x18(%r9)
 .Lavx512_body:
 ___
 $code.=<<___;
@@ -2683,8 +2691,16 @@ $code.=<<___;
 	vzeroall
 ___
 $code.=<<___	if ($win64);
-	movaps	-0x28(%r9),%xmm6
-	movaps	-0x18(%r9),%xmm7
+	movaps	-0xa8(%r9),%xmm6
+	movaps	-0x98(%r9),%xmm7
+	movaps	-0x88(%r9),%xmm8
+	movaps	-0x78(%r9),%xmm9
+	movaps	-0x68(%r9),%xmm10
+	movaps	-0x58(%r9),%xmm11
+	movaps	-0x48(%r9),%xmm12
+	movaps	-0x38(%r9),%xmm13
+	movaps	-0x28(%r9),%xmm14
+	movaps	-0x18(%r9),%xmm15
 ___
 $code.=<<___;
 	lea	(%r9),%rsp
@@ -2711,8 +2727,16 @@ ChaCha20_avx512vl:
 	sub	\$64+$xframe,%rsp
 ___
 $code.=<<___	if ($win64);
-	movaps	%xmm6,-0x28(%r9)
-	movaps	%xmm7,-0x18(%r9)
+	movaps	%xmm6,-0xa8(%r9)
+	movaps	%xmm7,-0x98(%r9)
+	movaps	%xmm8,-0x88(%r9)
+	movaps	%xmm9,-0x78(%r9)
+	movaps	%xmm10,-0x68(%r9)
+	movaps	%xmm11,-0x58(%r9)
+	movaps	%xmm12,-0x48(%r9)
+	movaps	%xmm13,-0x38(%r9)
+	movaps	%xmm14,-0x28(%r9)
+	movaps	%xmm15,-0x18(%r9)
 .Lavx512vl_body:
 ___
 $code.=<<___;
@@ -2836,8 +2860,16 @@ $code.=<<___;
 	vzeroall
 ___
 $code.=<<___	if ($win64);
-	movaps	-0x28(%r9),%xmm6
-	movaps	-0x18(%r9),%xmm7
+	movaps	-0xa8(%r9),%xmm6
+	movaps	-0x98(%r9),%xmm7
+	movaps	-0x88(%r9),%xmm8
+	movaps	-0x78(%r9),%xmm9
+	movaps	-0x68(%r9),%xmm10
+	movaps	-0x58(%r9),%xmm11
+	movaps	-0x48(%r9),%xmm12
+	movaps	-0x38(%r9),%xmm13
+	movaps	-0x28(%r9),%xmm14
+	movaps	-0x18(%r9),%xmm15
 ___
 $code.=<<___;
 	lea	(%r9),%rsp

From beldmit at gmail.com  Fri May 21 11:08:13 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Fri, 21 May 2021 11:08:13 +0000
Subject: [openssl]  master update
Message-ID: <1621595293.142552.12069.nullmailer@dev.openssl.org>

The branch master has been updated
       via  819b94c0c0d338fbec0aee828f3b61d7878c3837 (commit)
      from  6d3f798cba8075e700003aaf34f1e72bb930086c (commit)


- Log -----------------------------------------------------------------
commit 819b94c0c0d338fbec0aee828f3b61d7878c3837
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Thu May 20 10:59:07 2021 +0200

    HMAC doesn't work with a default digest
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15371)

-----------------------------------------------------------------------

Summary of changes:
 apps/dgst.c                 |  2 ++
 test/recipes/20-test_dgst.t | 16 +++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/apps/dgst.c b/apps/dgst.c
index 15f9e2e685..7ac1013303 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -330,6 +330,8 @@ int dgst_main(int argc, char **argv)
     }
 
     if (hmac_key != NULL) {
+        if (md == NULL)
+            md = (EVP_MD *)EVP_sha256();
         sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
                                               (unsigned char *)hmac_key,
                                               strlen(hmac_key));
diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t
index 1083da71b8..d64d810edd 100644
--- a/test/recipes/20-test_dgst.t
+++ b/test/recipes/20-test_dgst.t
@@ -17,7 +17,7 @@ use OpenSSL::Test::Utils;
 
 setup("test_dgst");
 
-plan tests => 7;
+plan tests => 8;
 
 sub tsignverify {
     my $testtext = shift;
@@ -117,6 +117,20 @@ subtest "HMAC generation with `dgst` CLI" => sub {
        "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
 };
 
+subtest "HMAC generation with `dgst` CLI, default digest" => sub {
+    plan tests => 2;
+
+    my $testdata = srctop_file('test', 'data.bin');
+    #HMAC the data twice to check consistency
+    my @hmacdata = run(app(['openssl', 'dgst', '-hmac', '123456',
+                            $testdata, $testdata]), capture => 1);
+    chomp(@hmacdata);
+    my $expected = qr/HMAC-SHA256\(\Q$testdata\E\)= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
+    ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
+    ok($hmacdata[1] =~ $expected,
+       "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
+};
+
 subtest "Custom length XOF digest generation with `dgst` CLI" => sub {
     plan tests => 2;
 

From no-reply at appveyor.com  Fri May 21 11:14:18 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 11:14:18 +0000
Subject: Build failed: openssl master.42107
Message-ID: <20210521111418.1.EDF6793C8DAC86BA@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/1eea2706/attachment.html>

From no-reply at appveyor.com  Fri May 21 12:31:42 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 12:31:42 +0000
Subject: Build failed: openssl master.42108
Message-ID: <20210521123142.1.3D8C7F828207CFE1@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/d0a4cd35/attachment.html>

From levitte at openssl.org  Fri May 21 13:04:15 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 21 May 2021 13:04:15 +0000
Subject: [openssl]  master update
Message-ID: <1621602255.162394.30044.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0491691342cf8fefb61de14b8edd56a937b458ac (commit)
      from  819b94c0c0d338fbec0aee828f3b61d7878c3837 (commit)


- Log -----------------------------------------------------------------
commit 0491691342cf8fefb61de14b8edd56a937b458ac
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 20 13:32:28 2021 +0200

    DOCS: Fixups of the migration guide and the FIPS module manual
    
    The markup needed a few touch-ups
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/15377)

-----------------------------------------------------------------------

Summary of changes:
 doc/man7/fips_module.pod     |  112 ++--
 doc/man7/migration_guide.pod | 1256 +++++++++++++++++++++++++++++-------------
 2 files changed, 940 insertions(+), 428 deletions(-)

diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod
index b8a343eb09..3fdbfc0386 100644
--- a/doc/man7/fips_module.pod
+++ b/doc/man7/fips_module.pod
@@ -14,17 +14,29 @@ This guide details different ways that OpenSSL can be used in conjunction
 with the FIPS module. Which is the correct approach to use will depend on your
 own specific circumstances and what you are attempting to achieve.
 
-Note that the old functions 'FIPS_mode()` and `FIPS_mode_set()` are no longer
+Note that the old functions FIPS_mode() and FIPS_mode_set() are no longer
 present so you must remove them from your application if you use them.
 
 Applications written to use the OpenSSL 3.0 FIPS module should not use any
 legacy APIs or features that avoid the FIPS module. Specifically this includes:
 
-- Low level cryptographic APIs (use the high level APIs, such as EVP, instead)
-- Engines
-- Any functions that create or modify custom "METHODS" (for example
-`EVP_MD_meth_new`, `EVP_CIPHER_meth_new`, `EVP_PKEY_meth_new`, `RSA_meth_new`,
-`EC_KEY_METHOD_new`, etc.)
+=over 4
+
+=item -
+
+Low level cryptographic APIs (use the high level APIs, such as EVP, instead)
+
+=item -
+
+Engines
+
+=item -
+
+Any functions that create or modify custom "METHODS" (for example
+EVP_MD_meth_new(), EVP_CIPHER_meth_new(), EVP_PKEY_meth_new(), RSA_meth_new(),
+EC_KEY_METHOD_new(), etc.)
+
+=back
 
 All of the above APIs are deprecated in OpenSSL 3.0 - so a simple rule is to
 avoid using all deprecated functions. See L<migration_guide(7)> for a list of
@@ -55,9 +67,9 @@ running an OpenSSL 3.0 version like this:
     $ openssl version -v
     OpenSSL 3.0.0-dev xx XXX xxxx (Library: OpenSSL 3.0.0-dev xx XXX xxxx)
 
-The OPENSSLDIR value above gives the directory name for where the default config
-file is stored. So in this case the default config file will be called
-`/usr/local/ssl/openssl.cnf`
+The B<OPENSSLDIR> value above gives the directory name for where the default
+config file is stored. So in this case the default config file will be called
+F</usr/local/ssl/openssl.cnf>.
 
 Edit the config file to add the following lines near the beginning:
 
@@ -93,23 +105,31 @@ some disadvantages to this approach:
 
 =over 4
 
-=item You may not want all applications to use the FIPS module.
+=item -
+
+You may not want all applications to use the FIPS module.
 
 It may be the case that some applications should and some should not use the
 FIPS module.
 
-=item If applications take explicit steps to not load the default config file or
+=item -
+
+If applications take explicit steps to not load the default config file or
 set different settings.
 
 This method will not work for these cases.
 
-=item The algorithms available in the FIPS module are a subset of the algorithms
+=item -
+
+The algorithms available in the FIPS module are a subset of the algorithms
 that are available in the default OpenSSL Provider.
 
 If any applications attempt to use any algorithms that are not present,
 then they will fail.
 
--=item Usage of certain deprecated APIs avoids the use of the FIPS module.
+=item -
+
+Usage of certain deprecated APIs avoids the use of the FIPS module.
 
 If any applications use those APIs then the FIPS module will not be used.
 
@@ -119,8 +139,8 @@ If any applications use those APIs then the FIPS module will not be used.
 
 A variation on the above approach is to do the same thing on an individual
 application basis. The default OpenSSL config file depends on the compiled in
-value for OPENSSLDIR as described in the section above. However it is also
-possible to override the config file to be used via the `OPENSSL_CONF`
+value for B<OPENSSLDIR> as described in the section above. However it is also
+possible to override the config file to be used via the B<OPENSSL_CONF>
 environment variable. For example the following, on Unix, will cause the
 application to be executed with a non-standard config file location:
 
@@ -143,8 +163,8 @@ file.
 
 To do things this way configure as per
 L</Making all applications use the FIPS module by default> above, but edit the
-`fipsmodule.cnf` file to remove or comment out the line which says
-`activate = 1` (note that setting this value to 0 is I<not> sufficient).
+F<fipsmodule.cnf> file to remove or comment out the line which says
+C<activate = 1> (note that setting this value to 0 is I<not> sufficient).
 This means all the required config information will be available to load the
 FIPS module, but it is not automatically loaded when the application starts. The
 FIPS provider can then be loaded programmatically like this:
@@ -205,7 +225,7 @@ can use a property query string during algorithm fetches to specify which
 implementation you would like to use.
 
 For example to fetch an implementation of SHA256 which conforms to FIPS
-standards you can specify the property query `fips=yes` like this:
+standards you can specify the property query C<fips=yes> like this:
 
     EVP_MD *sha256;
 
@@ -223,8 +243,8 @@ default provider:
     sha256 = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
 
 It is also possible to set a default property query string. The following
-example sets the default property query of "fips=yes" for all fetches within the
-default library context:
+example sets the default property query of C<fips=yes> for all fetches within
+the default library context:
 
     EVP_set_default_properties(NULL, "fips=yes");
 
@@ -236,12 +256,12 @@ same property name is specified in both.
 There are two important built-in properties that you should be aware of:
 
 The "provider" property enables you to specify which provider you want an
-implementation to be fetched from, e.g. `provider=default` or `provider=fips`.
+implementation to be fetched from, e.g. C<provider=default> or C<provider=fips>.
 All algorithms implemented in a provider have this property set on them.
 
-There is also the `fips` property. All FIPS algorithms match against the
-property query `fips=yes`. There are also some non-cryptographic algorithms
-available in the default and base providers that also have the `fips=yes`
+There is also the C<fips> property. All FIPS algorithms match against the
+property query C<fips=yes>. There are also some non-cryptographic algorithms
+available in the default and base providers that also have the C<fips=yes>
 property defined for them. These are the encoder and decoder algorithms that
 can (for example) be used to write out a key generated in the FIPS provider to a
 file. The encoder and decoder algorithms are not in the FIPS module itself but
@@ -249,7 +269,7 @@ are allowed to be used in conjunction with the FIPS algorithms.
 
 It is possible to specify default properties within a config file. For example
 the following config file automatically loads the default and fips providers and
-sets the default property value to be `fips=yes`. Note that this config file
+sets the default property value to be C<fips=yes>. Note that this config file
 does not load the "base" provider. All supporting algorithms that are in "base"
 are also in "default", so it is unnecessary in this case:
 
@@ -276,7 +296,7 @@ are also in "default", so it is unnecessary in this case:
 In addition to using properties to separate usage of the FIPS module from other
 usages this can also be achieved using library contexts. In this example we
 create two library contexts. In one we assume the existence of a config file
-called "openssl-fips.cnf" that automatically loads and configures the FIPS and
+called F<openssl-fips.cnf> that automatically loads and configures the FIPS and
 base providers. The other library context will just use the default provider.
 
     OSSL_LIB_CTX *fips_libctx, *nonfips_libctx;
@@ -285,8 +305,8 @@ base providers. The other library context will just use the default provider.
     int ret = 1;
 
     /*
-     * Create two nondefault library contexts. One for fips usage and one for
-     * non-fips usage
+     * Create two nondefault library contexts. One for fips usage and
+     * one for non-fips usage
      */
     fips_libctx = OSSL_LIB_CTX_new();
     nonfips_libctx = OSSL_LIB_CTX_new();
@@ -297,17 +317,18 @@ base providers. The other library context will just use the default provider.
     defctxnull = OSSL_PROVIDER_load(NULL, "null");
 
     /*
-     * Load config file for the FIPS library context. We assume that this
-     * config file will automatically activate the FIPS and base providers so we
-     * don't need to explicitly load them here.
+     * Load config file for the FIPS library context. We assume that
+     * this config file will automatically activate the FIPS and base
+     * providers so we don't need to explicitly load them here.
      */
     if (!OSSL_LIB_CTX_load_config(fips_libctx, "openssl-fips.cnf"))
         goto err;
 
     /*
-     * We don't need to do anything special to load the default provider into
-     * nonfips_libctx. This happens automatically if no other providers are
-     * loaded. Because we don't call OSSL_LIB_CTX_load_config() explicitly for
+     * We don't need to do anything special to load the default
+     * provider into nonfips_libctx. This happens automatically if no
+     * other providers are loaded.
+     * Because we don't call OSSL_LIB_CTX_load_config() explicitly for
      * nonfips_libctx it will just use the default config file.
      */
 
@@ -368,7 +389,7 @@ the key or parameter object. The built-in OpenSSL encoders and decoders are
 implemented in both the default and base providers and are not in the FIPS
 module boundary. However since they are not cryptographic algorithms themselves
 it is still possible to use them in conjunction with the FIPS module, and
-therefore these encoders/decoders have the "fips=yes" property against them.
+therefore these encoders/decoders have the C<fips=yes> property against them.
 You should ensure that either the default or base provider is loaded into the
 library context in this case.
 
@@ -389,13 +410,13 @@ In this first example we create two SSL_CTX objects using two different library
 contexts.
 
     /*
-     * We assume that a nondefault library context with the FIPS provider
-     * loaded has been created called fips_libctx.
-     /
+     * We assume that a nondefault library context with the FIPS
+     * provider loaded has been created called fips_libctx.
+     */
     SSL_CTX *fips_ssl_ctx = SSL_CTX_new_ex(fips_libctx, NULL, TLS_method());
     /*
-     * We assume that a nondefault library context with the default provider
-     * loaded has been created called non_fips_libctx.
+     * We assume that a nondefault library context with the default
+     * provider loaded has been created called non_fips_libctx.
      */
     SSL_CTX *non_fips_ssl_ctx = SSL_CTX_new_ex(non_fips_libctx, NULL,
                                                TLS_method());
@@ -404,14 +425,15 @@ In this second example we create two SSL_CTX objects using different properties
 to specify FIPS usage:
 
     /*
-     * The "fips=yes" property includes all FIPS approved algorithms as well as
-     * encoders from the default provider that are allowed to be used. The NULL
-     * below indicates that we are using the default library context.
+     * The "fips=yes" property includes all FIPS approved algorithms
+     * as well as encoders from the default provider that are allowed
+     * to be used. The NULL below indicates that we are using the
+     * default library context.
      */
     SSL_CTX *fips_ssl_ctx = SSL_CTX_new_ex(NULL, "fips=yes", TLS_method());
     /*
-     * The "provider!=fips" property allows algorithms from any provider except
-     * the FIPS provider
+     * The "provider!=fips" property allows algorithms from any
+     * provider except the FIPS provider
      */
     SSL_CTX *non_fips_ssl_ctx = SSL_CTX_new_ex(NULL, "provider!=fips",
                                                TLS_method());
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 58260860de..022ac88207 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -16,7 +16,7 @@ L<https://github.com/openssl/openssl/blob/master/CHANGES.md>.
 For an overview of some of the key concepts introduced in OpenSSL 3.0 see
 L<crypto(7)>.
 
-=head1 OPENSSL 3_0
+=head1 OPENSSL 3.0
 
 =head2 Main Changes from OpenSSL 1.1.1
 
@@ -47,15 +47,16 @@ config file, which providers you want to use for any given application.
 OpenSSL 3.0 comes with 5 different providers as standard. Over time third
 parties may distribute additional providers that can be plugged into OpenSSL.
 All algorithm implementations available via providers are accessed through the
-"high level" APIs (for example those functions prefixed with "EVP"). They cannot
+"high level" APIs (for example those functions prefixed with C<EVP>). They cannot
 be accessed using the L</Low Level APIs>.
+
 One of the standard providers available is the FIPS provider. This makes
 available FIPS validated cryptographic algorithms.
 The FIPS provider is disabled by default and needs to be enabled explicitly
-at configuration time using the `enable-fips` option. If it is enabled,
+at configuration time using the C<enable-fips> option. If it is enabled,
 the FIPS provider gets built and installed in addition to the other standard
 providers. No separate installation procedure is necessary.
-There is however a dedicated `install_fips` make target, which serves the
+There is however a dedicated C<install_fips> make target, which serves the
 special purpose of installing only the FIPS provider into an existing
 OpenSSL installation.
 
@@ -67,7 +68,7 @@ L</Using the FIPS Module in applications>.
 =head3 Low Level APIs
 
 OpenSSL has historically provided two sets of APIs for invoking cryptographic
-algorithms: the "high level" APIs (such as the "EVP" APIs) and the "low level"
+algorithms: the "high level" APIs (such as the C<EVP> APIs) and the "low level"
 APIs. The high level APIs are typically designed to work across all algorithm
 types. The "low level" APIs are targeted at a specific algorithm implementation.
 For example, the EVP APIs provide the functions L<EVP_EncryptInit_ex(3)>,
@@ -128,6 +129,8 @@ change in the second (MINOR) number indicates that new features may have been
 added. OpenSSL versions with the same major number are API and ABI compatible.
 If the major number changes then API and ABI compatibility is not guaranteed. 
 
+For more information, see L<OpenSSL_version(3)>.
+
 =head3 Other major new features
 
 =head4 Certificate Management Protocol (CMP, RFC 4210)
@@ -167,31 +170,41 @@ and L<OSSL_PROVIDER-FIPS(7)/Message Authentication Code (MAC)>.
 
 =head4 Support for Linux Kernel TLS
 
-In order to use KTLS, support for it must be compiled in using the 'enable-ktls'
-compile time option. It must also be enabled at run time using the
-B<SSL_OP_ENABLE_KTLS> option.
+In order to use KTLS, support for it must be compiled in using the
+C<enable-ktls> configuration option. It must also be enabled at run time using
+the B<SSL_OP_ENABLE_KTLS> option.
 
 =head4 New Algorithms
 
 =over 4
 
-=item KDF algorithms "SINGLE STEP" and "SSH"
+=item -
+
+KDF algorithms "SINGLE STEP" and "SSH"
 
 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
 
-=item MAC Algorithms "GMAC" and "KMAC"
+=item -
+
+MAC Algorithms "GMAC" and "KMAC"
 
 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
 
-=item KEM Algorithm "RSASVE"
+=item -
+
+KEM Algorithm "RSASVE"
 
 See L<EVP_KEM-RSA(7)>.
 
-=item Cipher Algorithm "AES-SIV"
+=item -
+
+Cipher Algorithm "AES-SIV"
 
 See L<EVP_EncryptInit(3)/SIV Mode>.
 
-=item AES Key Wrap inverse ciphers supported by EVP layer.
+=item -
+
+AES Key Wrap inverse ciphers supported by EVP layer.
 
 The inverse ciphers use AES decryption for wrapping, and AES encryption for
 unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV",
@@ -209,17 +222,25 @@ CS1, CS2 and CS3 variants are supported.
 
 =over 4
 
-=item Added CAdES-BES signature verification support.
+=item -
+
+Added CAdES-BES signature verification support.
 
-=item Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
+=item -
 
-=item Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM
+Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
+
+=item -
+
+Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM
 
 This uses the AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax.
 Its purpose is to support encryption and decryption of a digital envelope that
 is both authenticated and encrypted using AES GCM mode.
 
-=item L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
+=item -
+
+L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
 
 =back
 
@@ -233,7 +254,7 @@ algorithm for the MAC computation was changed to SHA-256. The pkcs12
 application now supports -legacy option that restores the previous
 default algorithms to support interoperability with legacy systems.
 
-Added enhanced PKCS#12 APIs which accept a library context `OSSL_LIB_CTX`
+Added enhanced PKCS#12 APIs which accept a library context B<OSSL_LIB_CTX>
 and (where relevant) a property query. Other APIs which handle PKCS#7 and
 PKCS#8 objects have also been enhanced where required. This includes:
 
@@ -262,7 +283,7 @@ supported by the OS, otherwise CriticalSection continues to be used.
 A new generic trace API has been added which provides support for enabling
 instrumentation through trace output. This feature is mainly intended as an aid
 for developers and is disabled by default. To utilize it, OpenSSL needs to be
-configured with the `enable-trace` option.
+configured with the C<enable-trace> option.
 
 If the tracing API is enabled, the application can activate trace output by
 registering BIOs as trace channels for a number of tracing and debugging
@@ -281,7 +302,7 @@ parameters then L<EVP_PKEY_param_check(3)> will always return 1.
 
 This code is now always set to zero. Related functions are deprecated.
 
-=head4 STACK and HASH macro's have been cleaned up
+=head4 STACK and HASH macros have been cleaned up
 
 The type-safe wrappers are declared everywhere and implemented once.
 See L<DEFINE_STACK_OF(3)> and L<DECLARE_LHASH_OF(3)>.
@@ -329,7 +350,7 @@ EC EVP_PKEYs with the SM2 curve have been reworked to automatically become
 EVP_PKEY_SM2 rather than EVP_PKEY_EC.
 
 Unlike in previous OpenSSL versions, this means that applications cannot
-call `EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)` to get SM2 computations.
+call C<EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)> to get SM2 computations.
 
 Parameter and key generation is also reworked to make it possible
 to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
@@ -384,12 +405,12 @@ To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0).
 The output from numerous "printing" functions such as L<X509_signature_print(3)>,
 L<X509_print_ex(3)>, L<X509_CRL_print_ex(3)>, and other similar functions has been
 amended such that there may be cosmetic differences between the output
-observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
-x509 and crl applications.
+observed in 1.1.1 and 3.0. This also applies to the B<-text> output from the
+B<openssl x509> and B<openssl crl> applications.
 
-=head4 Interactive mode from the `openssl` program has been removed
+=head4 Interactive mode from the B<openssl> program has been removed
 
-From now on, running it without arguments is equivalent to `openssl help`.
+From now on, running it without arguments is equivalent to B<openssl help>.
 
 =head4 The error return values from some control calls (ctrl) have changed
 
@@ -418,11 +439,17 @@ application. If this happens you have 3 options:
 
 =over 4
 
-=item 1) Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL.
+=item 1)
+
+Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL.
 
-=item 2) Suppress the warnings. Refer to your compiler documentation on how to do this.
+=item 2)
 
-=item 3) Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead
+Suppress the warnings. Refer to your compiler documentation on how to do this.
+
+=item 3)
+
+Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead
 
 =back
 
@@ -434,18 +461,22 @@ L</Upgrading from OpenSSL 1.1.1>, the main things to be aware of are:
 
 =over 4
 
-=item 1) The build and installation procedure has changed significantly.
+=item 1)
+
+The build and installation procedure has changed significantly.
 
 Check the file INSTALL.md in the top of the installation for instructions on how
 to build and install OpenSSL for your platform. Also read the various NOTES
 files in the same directory, as applicable for your platform.
 
-=item 2) Many structures have been made opaque in OpenSSL 3.0.
+=item 2)
+
+Many structures have been made opaque in OpenSSL 3.0.
 
 The structure definitions have been removed from the public header files and
 moved to internal header files. In practice this means that you can no longer
 stack allocate some structures. Instead they must be heap allocated through some
-function call (typically those function names have a `_new` suffix to them).
+function call (typically those function names have a C<_new> suffix to them).
 Additionally you must use "setter" or "getter" functions to access the fields
 within those structures.
 
@@ -464,7 +495,9 @@ For example code that previously looked like this:
  ...
  EVP_MD_CTX_free(md_ctx);
 
-=item 3) Support for TLSv1.3 has been added.
+=item 3)
+
+Support for TLSv1.3 has been added.
 
 This has a number of implications for SSL/TLS applications. See the 
 L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
@@ -483,7 +516,7 @@ In OpenSSL 3.0 the FIPS support is fully integrated into the mainline version of
 OpenSSL and is no longer a separate download. For further information see
 L</Completing the installation of the FIPS Module>.
 
-The function calls 'FIPS_mode()' and 'FIPS_mode_set()' have been removed
+The function calls FIPS_mode() and FIPS_mode_set() have been removed
 from OpenSSL 3.0. You should rewrite your application to not use them.
 See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
 
@@ -534,93 +567,165 @@ mappings are listed along with the respective name.
 
 =over 4
 
-=item L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
+=item -
+
+L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
+
+=item -
 
-=item L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
+L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
 
-=item L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
+=item -
+
+L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
 L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>,
 L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)>
 
-=item L<CONF_modules_load_file(3)>
+=item -
+
+L<CONF_modules_load_file(3)>
+
+=item -
+
+L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
 
-=item L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
+=item -
 
-=item L<CT_POLICY_EVAL_CTX_new(3)>
+L<CT_POLICY_EVAL_CTX_new(3)>
 
-=item L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
+=item -
 
-=item L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
+L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
+
+=item -
+
+L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
 
 Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)>
 
-=item L<EC_GROUP_new(3)>
+=item -
+
+L<EC_GROUP_new(3)>
 
 Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>.
 
-=item L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
+=item -
+
+L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
+
+=item -
+
+L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
+
+=item -
 
-=item L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
+L<EVP_PKCS82PKEY(3)>
 
-=item L<EVP_PKCS82PKEY(3)>
+=item -
 
-=item L<EVP_PKEY_CTX_new_id(3)>
+L<EVP_PKEY_CTX_new_id(3)>
 
 Use L<EVP_PKEY_CTX_new_from_name(3)>
 
-=item L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
+=item -
+
+L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
 and L<EVP_PKEY_new_raw_public_key(3)>
 
-=item L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
+=item -
+
+L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
+
+=item -
+
+L<NCONF_new(3)>
 
-=item L<NCONF_new(3)>
+=item -
 
-=item L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
+L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
 
-=item L<OPENSSL_thread_stop(3)>
+=item -
 
-=item L<OSSL_STORE_open(3)>
+L<OPENSSL_thread_stop(3)>
 
-=item L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
+=item -
+
+L<OSSL_STORE_open(3)>
+
+=item -
+
+L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
 L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)>
 
-=item L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
+=item -
+
+L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
 and L<PEM_write_PUBKEY(3)>
 
-=item L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
+=item -
 
-=item L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
+L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
+
+=item -
+
+L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
 L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>,
 L<PKCS12_item_i2d_encrypt(3)>, L<PKCS12_key_gen_asc(3)>, L<PKCS12_key_gen_uni(3)>,
 L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>,
 L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)>
 
-=item L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
+=item -
+
+L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
 L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)>
 
-=item L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
+=item -
+
+L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
+
+=item -
+
+L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
+
+=item -
 
-=item L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
+L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
 
-=item L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
+=item -
 
-=item L<SMIME_write_ASN1(3)>
+L<SMIME_write_ASN1(3)>
 
-=item L<TS_RESP_CTX_new(3)>
+=item -
 
-=item L<X509_CRL_new(3)>
+L<TS_RESP_CTX_new(3)>
 
-=item L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
+=item -
 
-=item L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
+L<X509_CRL_new(3)>
 
-=item L<X509_NAME_hash(3)>
+=item -
 
-=item L<X509_new(3)>
+L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
 
-=item L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
+=item -
 
-=item L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
+L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
+
+=item -
+
+L<X509_NAME_hash(3)>
+
+=item -
+
+L<X509_new(3)>
+
+=item -
+
+L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
+
+=item -
+
+L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
 L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)>
 
 =back
@@ -632,66 +737,124 @@ Passing NULL will use the default library context.
 
 =over 4
 
-=item L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
+=item -
+
+L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
+
+=item -
+
+L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
 
-=item L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
+=item -
 
-=item L<EVP_default_properties_enable_fips(3)> and
+L<EVP_default_properties_enable_fips(3)> and
 L<EVP_default_properties_is_fips_enabled(3)>
 
-=item L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
+=item -
+
+L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
+
+=item -
+
+L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
 
-=item L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
+=item -
 
-=item L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
+L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
 
-=item L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
+=item -
 
-=item L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
+L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
 
-=item L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
+=item -
 
-=item L<EVP_PKEY_CTX_new_from_pkey(3)>
+L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
 
-=item L<EVP_PKEY_Q_keygen(3)>
+=item -
 
-=item L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
+L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
 
-=item L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
+=item -
 
-=item L<EVP_set_default_properties(3)>
+L<EVP_PKEY_CTX_new_from_pkey(3)>
 
-=item L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
+=item -
 
-=item L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
+L<EVP_PKEY_Q_keygen(3)>
 
-=item L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
+=item -
 
-=item L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
+L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
 
-=item L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
+=item -
 
-=item L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
+L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
 
-=item L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
+=item -
 
-=item L<OSSL_ENCODER_CTX_add_extra(3)>
+L<EVP_set_default_properties(3)>
 
-=item L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
+=item -
 
-=item L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
+L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
 
-=item L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
+=item -
+
+L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
+
+=item -
+
+L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
+
+=item -
+
+L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
+
+=item -
+
+L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
+
+=item -
+
+L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
+
+=item -
+
+L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
+
+=item -
+
+L<OSSL_ENCODER_CTX_add_extra(3)>
+
+=item -
+
+L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
+
+=item -
+
+L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
+
+=item -
+
+L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
 L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>,
 L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)>
 
-=item L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
+=item -
+
+L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
+
+=item -
+
+L<OSSL_STORE_attach(3)>
+
+=item -
 
-=item L<OSSL_STORE_attach(3)>
+L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
 
-=item L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
+=item -
 
-=item L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
+L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
 L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)>
 
 =back
@@ -768,7 +931,7 @@ high-level EVP_PKEY APIs, e.g. L<EVP_PKEY_new(3)>, L<EVP_PKEY_up_ref(3)> and
 L<EVP_PKEY_free(3)>.
 See also L<EVP_PKEY_CTX_new_from_name(3)> and L<EVP_PKEY_CTX_new_from_pkey(3)>.
 
-EVP_PKEY's may be created in a variety of ways:
+EVP_PKEYs may be created in a variety of ways:
 See also L</Deprecated low-level key generation functions>,
 L</Deprecated low-level key reading and writing functions> and
 L</Deprecated low-level key parameter setters>.
@@ -860,7 +1023,9 @@ The following functions have been deprecated in 3.0.
 
 =over 4
 
-=item AES_bi_ige_encrypt and AES_ige_encrypt
+=item -
+
+AES_bi_ige_encrypt() and AES_ige_encrypt()
 
 There is no replacement for the IGE functions. New code should not use these modes.
 These undocumented functions were never integrated into the EVP layer.
@@ -871,270 +1036,377 @@ AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only one
 is ever used. The security implications are believed to be minimal, but
 this issue was never fixed for backwards compatibility reasons. 
 
-=item AES_encrypt, AES_decrypt, AES_set_encrypt_key, AES_set_decrypt_key,
-AES_cbc_encrypt, AES_cfb128_encrypt, AES_cfb1_encrypt, AES_cfb8_encrypt,
-AES_ecb_encrypt and AES_ofb128_encrypt
+=item -
+
+AES_encrypt(), AES_decrypt(), AES_set_encrypt_key(), AES_set_decrypt_key(),
+AES_cbc_encrypt(), AES_cfb128_encrypt(), AES_cfb1_encrypt(), AES_cfb8_encrypt(),
+AES_ecb_encrypt(), AES_ofb128_encrypt()
 
-=item AES_unwrap_key, AES_wrap_key
+=item -
+
+AES_unwrap_key(), AES_wrap_key()
 
 See L</Deprecated low-level encryption functions>
 
-=item AES_options
+=item -
+
+AES_options()
 
 There is no replacement. It returned a string indicating if the AES code was unrolled.
 
-=item ASN1_digest, ASN1_sign and ASN1_verify
+=item -
+
+ASN1_digest(), ASN1_sign(), ASN1_verify()
 
 There are no replacements. These old functions are not used, and could be
 disabled with the macro NO_ASN1_OLD since OpenSSL 0.9.7.
 
-=item ASN1_STRING_length_set
+=item -
+
+ASN1_STRING_length_set()
 
 Use L<ASN1_STRING_set(3)> or L<ASN1_STRING_set0(3)> instead.
 This was a potentially unsafe function that could change the bounds of a
 previously passed in pointer.
 
-=item BF_encrypt, BF_decrypt, BF_set_key, BF_cbc_encrypt, BF_cfb64_encrypt,
-BF_ecb_encrypt and BF_ofb64_encrypt
+=item -
+
+BF_encrypt(), BF_decrypt(), BF_set_key(), BF_cbc_encrypt(), BF_cfb64_encrypt(),
+BF_ecb_encrypt(), BF_ofb64_encrypt()
 
 See L</Deprecated low-level encryption functions>.
 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item BF_options
+=item -
+
+BF_options()
 
 There is no replacement. This option returned a constant string.
 
-=item BN_is_prime_ex and BN_is_prime_fasttest_ex
+=item -
+
+BN_is_prime_ex(), BN_is_prime_fasttest_ex()
 
 Use L<BN_check_prime(3)> which that avoids possible misuse and always uses at least
 64 rounds of the Miller-Rabin primality test.
 
-=item BN_pseudo_rand and BN_pseudo_rand_range
+=item -
+
+BN_pseudo_rand(), BN_pseudo_rand_range()
 
 Use L<BN_rand(3)> and L<BN_rand_range(3)>.
 
-=item BN_X931_derive_prime_ex, BN_X931_generate_prime_ex and BN_X931_generate_Xpq
+=item -
+
+BN_X931_derive_prime_ex(), BN_X931_generate_prime_ex(), BN_X931_generate_Xpq()
 
 There are no replacements for these low-level functions. They were used internally
 by RSA_X931_derive_ex() and RSA_X931_generate_key_ex() which are also deprecated.
 Use L<EVP_PKEY_keygen(3)> instead.
 
-=item Camellia_encrypt, Camellia_decrypt, Camellia_set_key,
-Camellia_cbc_encrypt, Camellia_cfb128_encrypt, Camellia_cfb1_encrypt,
-Camellia_cfb8_encrypt, Camellia_ctr128_encrypt, Camellia_ecb_encrypt and
-Camellia_ofb128_encrypt.
+=item -
+
+Camellia_encrypt(), Camellia_decrypt(), Camellia_set_key(),
+Camellia_cbc_encrypt(), Camellia_cfb128_encrypt(), Camellia_cfb1_encrypt(),
+Camellia_cfb8_encrypt(), Camellia_ctr128_encrypt(), Camellia_ecb_encrypt(),
+Camellia_ofb128_encrypt()
 
 See L</Deprecated low-level encryption functions>.
 
-=item CAST_encrypt, CAST_decrypt, CAST_set_key, CAST_cbc_encrypt,
-CAST_cfb64_encrypt, CAST_ecb_encrypt and CAST_ofb64_encrypt
+=item -
+
+CAST_encrypt(), CAST_decrypt(), CAST_set_key(), CAST_cbc_encrypt(),
+CAST_cfb64_encrypt(), CAST_ecb_encrypt(), CAST_ofb64_encrypt()
 
 See L</Deprecated low-level encryption functions>.
 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item CMAC_CTX_new, CMAC_CTX_cleanup, CMAC_CTX_copy, CMAC_CTX_free and
-CMAC_CTX_get0_cipher_ctx
+=item -
+
+CMAC_CTX_new(), CMAC_CTX_cleanup(), CMAC_CTX_copy(), CMAC_CTX_free(),
+CMAC_CTX_get0_cipher_ctx()
 
 See L</Deprecated low-level MAC functions>.
 
-=item CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
+=item -
+
+CMAC_Init(), CMAC_Update(), CMAC_Final(), CMAC_resume()
 
 See L</Deprecated low-level MAC functions>.
 
-=item CRYPTO_mem_ctrl, CRYPTO_mem_debug_free, CRYPTO_mem_debug_malloc,
-CRYPTO_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_realloc,
-CRYPTO_mem_leaks, CRYPTO_mem_leaks_cb, CRYPTO_mem_leaks_fp and
-CRYPTO_set_mem_debug
+=item -
+
+CRYPTO_mem_ctrl(), CRYPTO_mem_debug_free(), CRYPTO_mem_debug_malloc(),
+CRYPTO_mem_debug_pop(), CRYPTO_mem_debug_push(), CRYPTO_mem_debug_realloc(),
+CRYPTO_mem_leaks(), CRYPTO_mem_leaks_cb(), CRYPTO_mem_leaks_fp(),
+CRYPTO_set_mem_debug()
 
 Memory-leak checking has been deprecated in favor of more modern development
 tools, such as compiler memory and leak sanitizers or Valgrind.
 
-=item d2i_DHparams, d2i_DHxparams, d2i_DSAparams, d2i_DSAPrivateKey,
-d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio,
-d2i_DSA_PUBKEY_fp, d2i_DSAPublicKey,
-d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp,
-d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, o2i_ECPublicKey,
-d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp,
-d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_RSAPublicKey,
-d2i_RSAPublicKey_bio and d2i_RSAPublicKey_fp
+=item -
+
+d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(),
+d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(),
+d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(),
+d2i_ECParameters(), d2i_ECPrivateKey(), d2i_ECPrivateKey_bio(),
+d2i_ECPrivateKey_fp(), d2i_EC_PUBKEY(), d2i_EC_PUBKEY_bio(),
+d2i_EC_PUBKEY_fp(), o2i_ECPublicKey(), d2i_RSAPrivateKey(),
+d2i_RSAPrivateKey_bio(), d2i_RSAPrivateKey_fp(), d2i_RSA_PUBKEY(),
+d2i_RSA_PUBKEY_bio(), d2i_RSA_PUBKEY_fp(), d2i_RSAPublicKey(),
+d2i_RSAPublicKey_bio(), d2i_RSAPublicKey_fp()
 
 See L</Deprecated i2d and d2i functions for low-level key types>
 
-=item DES_crypt, DES_fcrypt, DES_encrypt1, DES_encrypt2, DES_encrypt3,
-DES_decrypt3, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt,
-DES_ede3_cfb_encrypt,DES_ede3_ofb64_encrypt,
-DES_ecb_encrypt, DES_ecb3_encrypt, DES_ofb64_encrypt, DES_ofb_encrypt,
-DES_cfb64_encrypt DES_cfb_encrypt, DES_cbc_encrypt, DES_ncbc_encrypt,
-DES_pcbc_encrypt, DES_xcbc_encrypt, DES_cbc_cksum, DES_quad_cksum, 
-DES_check_key_parity, DES_is_weak_key, DES_key_sched, DES_options,
-DES_random_key, DES_set_key, DES_set_key_checked, DES_set_key_unchecked,
-DES_set_odd_parity, DES_string_to_2keys, DES_string_to_key
+=item -
+
+DES_crypt(), DES_fcrypt(), DES_encrypt1(), DES_encrypt2(), DES_encrypt3(),
+DES_decrypt3(), DES_ede3_cbc_encrypt(), DES_ede3_cfb64_encrypt(),
+DES_ede3_cfb_encrypt(),DES_ede3_ofb64_encrypt(),
+DES_ecb_encrypt(), DES_ecb3_encrypt(), DES_ofb64_encrypt(), DES_ofb_encrypt(),
+DES_cfb64_encrypt DES_cfb_encrypt(), DES_cbc_encrypt(), DES_ncbc_encrypt(),
+DES_pcbc_encrypt(), DES_xcbc_encrypt(), DES_cbc_cksum(), DES_quad_cksum(), 
+DES_check_key_parity(), DES_is_weak_key(), DES_key_sched(), DES_options(),
+DES_random_key(), DES_set_key(), DES_set_key_checked(), DES_set_key_unchecked(),
+DES_set_odd_parity(), DES_string_to_2keys(), DES_string_to_key()
 
 See L</Deprecated low-level encryption functions>.
 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item DH_bits, DH_security_bits and DH_size
+=item -
+
+DH_bits(), DH_security_bits(), DH_size()
 
 Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
 
-=item DH_check, DH_check_ex, DH_check_params, DH_check_params_ex,
-DH_check_pub_key and DH_check_pub_key_ex
+=item -
+
+DH_check(), DH_check_ex(), DH_check_params(), DH_check_params_ex(),
+DH_check_pub_key(), DH_check_pub_key_ex()
 
 See L</Deprecated low-level validation functions>
 
-=item DH_clear_flags, DH_test_flags and DH_set_flags
+=item -
+
+DH_clear_flags(), DH_test_flags(), DH_set_flags()
 
-The DH_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
-The DH_FLAG_TYPE_DH and DH_FLAG_TYPE_DHX have been deprecated.
+The B<DH_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
+The B<DH_FLAG_TYPE_DH> and B<DH_FLAG_TYPE_DHX> have been deprecated.
 Use EVP_PKEY_is_a() to determine the type of a key.
 There is no replacement for setting these flags.
 
-=item DH_compute_key and DH_compute_key_padded
+=item -
+
+DH_compute_key() DH_compute_key_padded()
 
 See L</Deprecated low-level key exchange functions>.
 
-=item DH_new, DH_new_by_nid, DH_free, DH_up_ref
+=item -
+
+DH_new(), DH_new_by_nid(), DH_free(), DH_up_ref()
 
 See L</Deprecated low-level object creation>
 
-=item DH_generate_key and DH_generate_parameters_ex
+=item -
+
+DH_generate_key(), DH_generate_parameters_ex()
 
 See L</Deprecated low-level key generation functions>.
 
-=item DH_get0_pqg, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_key,
-DH_get0_priv_key, DH_get0_pub_key, DH_get_length and DH_get_nid
+=item -
+
+DH_get0_pqg(), DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_key(),
+DH_get0_priv_key(), DH_get0_pub_key(), DH_get_length(), DH_get_nid()
 
 See L</Deprecated low-level key parameter getters>
 
-=item DH_get_1024_160, DH_get_2048_224 and DH_get_2048_256
+=item -
+
+DH_get_1024_160(), DH_get_2048_224(), DH_get_2048_256()
 
 Applications should instead set the B<OSSL_PKEY_PARAM_GROUP_NAME> as specified in
 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
 "dh_2048_256" when generating a DH key.
 
-=item DH_KDF_X9_42
+=item -
+
+DH_KDF_X9_42()
 
 Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead.
 
-=item DH_get_default_method, DH_get0_engine, DH_meth_*, DH_new_method, DH_OpenSSL,
-DH_get_ex_data, DH_set_default_method, DH_set_method and DH_set_ex_data
+=item -
+
+DH_get_default_method(), DH_get0_engine(), DH_meth_*(), DH_new_method(),
+DH_OpenSSL(), DH_get_ex_data(), DH_set_default_method(), DH_set_method(),
+DH_set_ex_data()
 
 See L</Providers are a replacement for engines and low-level method overrides>
 
-=item DHparams_print and DHparams_print_fp
+=item -
+
+DHparams_print(), DHparams_print_fp()
 
 See L</Deprecated low-level key printing functions>
 
-=item DH_set0_key, DH_set0_pqg, DH_set_length
+=item -
+
+DH_set0_key(), DH_set0_pqg(), DH_set_length()
 
 See L</Deprecated low-level key parameter setters>
 
-=item DSA_bits, DSA_security_bits and DSA_size
+=item -
+
+DSA_bits(), DSA_security_bits(), DSA_size()
 
 Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
 
-=item DHparams_dup, DSA_dup_DH
+=item -
+
+DHparams_dup(), DSA_dup_DH()
 
 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
 and L<EVP_PKEY_dup(3)> instead.
 
-=item DSA_generate_key and DSA_generate_parameters_ex
+=item -
+
+DSA_generate_key(), DSA_generate_parameters_ex()
 
 See L</Deprecated low-level key generation functions>.
 
-=item DSA_get0_engine, DSA_get_default_method, DSA_get_ex_data, DSA_get_method,
-DSA_meth_*, DSA_new_method, DSA_OpenSSL, DSA_set_default_method, DSA_set_ex_data
-and DSA_set_method
+=item -
+
+DSA_get0_engine(), DSA_get_default_method(), DSA_get_ex_data(),
+DSA_get_method(), DSA_meth_*(), DSA_new_method(), DSA_OpenSSL(),
+DSA_set_default_method(), DSA_set_ex_data(), DSA_set_method()
 
 See L</Providers are a replacement for engines and low-level method overrides>.
 
-=item DSA_get0_p,  DSA_get0_q, DSA_get0_g, DSA_get0_pqg, DSA_get0_key,
-DSA_get0_priv_key and DSA_get0_pub_key
+=item -
+
+DSA_get0_p(), DSA_get0_q(), DSA_get0_g(), DSA_get0_pqg(), DSA_get0_key(),
+DSA_get0_priv_key(), DSA_get0_pub_key()
 
 See L</Deprecated low-level key parameter getters>.
 
-=item DSA_new, DSA_free, DSA_up_ref
+=item -
+
+DSA_new(), DSA_free(), DSA_up_ref()
 
 See L</Deprecated low-level object creation>
 
-=item DSAparams_dup
+=item -
+
+DSAparams_dup()
 
 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
 and L<EVP_PKEY_dup(3)> instead.
 
-=item DSAparams_print, DSAparams_print_fp, DSA_print and DSA_print_fp
+=item -
+
+DSAparams_print(), DSAparams_print_fp(), DSA_print(), DSA_print_fp()
 
 See L</Deprecated low-level key printing functions>
 
-=item DSA_set0_key, DSA_set0_pqg
+=item -
+
+DSA_set0_key(), DSA_set0_pqg()
 
 See L</Deprecated low-level key parameter setters>
 
-=item DSA_set_flags, DSA_clear_flags, DSA_test_flags
+=item -
+
+DSA_set_flags(), DSA_clear_flags(), DSA_test_flags()
 
-The DSA_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
+The B<DSA_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
 
-=item DSA_sign, DSA_do_sign, DSA_sign_setup, DSA_verify and DSA_do_verify
+=item -
+
+DSA_sign(), DSA_do_sign(), DSA_sign_setup(), DSA_verify(), DSA_do_verify()
 
 See L</Deprecated low-level signing functions>.
 
-=item ECDH_compute_key
+=item -
+
+ECDH_compute_key()
 
 See L</Deprecated low-level key exchange functions>.
 
-=item ECDH_KDF_X9_62
+=item -
+
+ECDH_KDF_X9_62()
 
 Applications may either set this using the helper function
 L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an B<OSSL_PARAM> using the
 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
 
-=item ECDSA_sign, ECDSA_sign_ex, ECDSA_sign_setup, ECDSA_do_sign, ECDSA_do_sign_ex,
-ECDSA_verify and ECDSA_do_verify
+=item -
+
+ECDSA_sign(), ECDSA_sign_ex(), ECDSA_sign_setup(), ECDSA_do_sign(),
+ECDSA_do_sign_ex(), ECDSA_verify(), ECDSA_do_verify()
 
 See L</Deprecated low-level signing functions>.
 
-=item ECDSA_size
+=item -
+
+ECDSA_size()
 
 Applications should use L<EVP_PKEY_size(3)>.
 
-=item EC_GF2m_simple_method, EC_GFp_mont_method, EC_GFp_nist_method,
-EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method and
-EC_GFp_simple_method
+=item -
+
+EC_GF2m_simple_method(), EC_GFp_mont_method(), EC_GFp_nist_method(),
+EC_GFp_nistp224_method(), EC_GFp_nistp256_method(), EC_GFp_nistp521_method(),
+EC_GFp_simple_method()
 
 There are no replacements for these functions. Applications should rely on the
 library automatically assigning a suitable method internally when an EC_GROUP
 is constructed.
 
-=item EC_GROUP_clear_free
+=item -
+
+EC_GROUP_clear_free()
 
 Use L<EC_GROUP_free(3)> instead.
 
-=item EC_GROUP_get_curve_GF2m, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m
-and EC_GROUP_set_curve_GFp
+=item -
+
+EC_GROUP_get_curve_GF2m(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(),
+EC_GROUP_set_curve_GFp()
 
 Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>.
 
-=item EC_GROUP_have_precompute_mult, EC_GROUP_precompute_mult and EC_KEY_precompute_mult
+=item -
+
+EC_GROUP_have_precompute_mult(), EC_GROUP_precompute_mult(),
+EC_KEY_precompute_mult()
 
 These functions are not widely used. Applications should instead switch to
 named curves which OpenSSL has hardcoded lookup tables for.
 
-=item EC_GROUP_new, EC_GROUP_method_of, EC_POINT_method_of
+=item -
+
+EC_GROUP_new(), EC_GROUP_method_of(), EC_POINT_method_of()
 
 EC_METHOD is now an internal-only concept and a suitable EC_METHOD is assigned
 internally without application intervention.
 Users of EC_GROUP_new() should switch to a different suitable constructor.
 
-=item EC_KEY_can_sign
+=item -
+
+EC_KEY_can_sign()
 
 Applications should use L<EVP_PKEY_can_sign(3)> instead.
 
-=item EC_KEY_check_key
+=item -
+
+EC_KEY_check_key()
 
 See L</Deprecated low-level validation functions>
 
-=item EC_KEY_set_flags, EC_KEY_get_flags and EC_KEY_clear_flags
+=item -
+
+EC_KEY_set_flags(), EC_KEY_get_flags(), EC_KEY_clear_flags()
 
 See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
 parameters for B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>,
@@ -1143,102 +1415,147 @@ B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and
 B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>.
 See also L<EVP_PKEY-EC(7)/EXAMPLES>
 
-=item EC_KEY_dup, EC_KEY_copy
+=item -
+
+EC_KEY_dup(), EC_KEY_copy()
 
 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
 and L<EVP_PKEY_dup(3)> instead.
 
-=item EC_KEY_decoded_from_explicit_params
+=item -
+
+EC_KEY_decoded_from_explicit_params()
 
 There is no replacement.
 
-=item EC_KEY_generate_key
+=item -
+
+EC_KEY_generate_key()
 
 See L</Deprecated low-level key generation functions>.
 
-=item EC_KEY_get0_group, EC_KEY_get0_private_key, EC_KEY_get0_public_key,
-EC_KEY_get_conv_form and EC_KEY_get_enc_flags
+=item -
+
+EC_KEY_get0_group(), EC_KEY_get0_private_key(), EC_KEY_get0_public_key(),
+EC_KEY_get_conv_form(), EC_KEY_get_enc_flags()
 
 See L</Deprecated low-level key parameter getters>.
 
-=item EC_KEY_get0_engine, EC_KEY_get_default_method, EC_KEY_get_method,
-EC_KEY_new_method, EC_KEY_get_ex_data, EC_KEY_OpenSSL, EC_KEY_set_ex_data,
-EC_KEY_set_default_method, EC_KEY_METHOD_*, EC_KEY_set_method
+=item -
+
+EC_KEY_get0_engine(), EC_KEY_get_default_method(), EC_KEY_get_method(),
+EC_KEY_new_method(), EC_KEY_get_ex_data(), EC_KEY_OpenSSL(),
+EC_KEY_set_ex_data(), EC_KEY_set_default_method(), EC_KEY_METHOD_*(),
+EC_KEY_set_method()
 
 See L</Providers are a replacement for engines and low-level method overrides>
 
-=item EC_METHOD_get_field_type
+=item -
+
+EC_METHOD_get_field_type()
 
 Use L<EC_GROUP_get_field_type(3)> instead.
 See L</Providers are a replacement for engines and low-level method overrides>
 
-=item EC_KEY_key2buf, EC_KEY_oct2key, EC_KEY_oct2priv, EC_KEY_priv2buf and EC_KEY_priv2oct
+=item -
+
+EC_KEY_key2buf(), EC_KEY_oct2key(), EC_KEY_oct2priv(), EC_KEY_priv2buf(),
+EC_KEY_priv2oct()
 
 There are no replacements for these.
 
-=item EC_KEY_new, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_up_ref
+=item -
+
+EC_KEY_new(), EC_KEY_new_by_curve_name(), EC_KEY_free(), EC_KEY_up_ref()
 
 See L</Deprecated low-level object creation>
 
-=item EC_KEY_print, EC_KEY_print_fp
+=item -
+
+EC_KEY_print(), EC_KEY_print_fp()
 
 See L</Deprecated low-level key printing functions>
 
-=item EC_KEY_set_asn1_flag, EC_KEY_set_conv_form, EC_KEY_set_enc_flags
+=item -
+
+EC_KEY_set_asn1_flag(), EC_KEY_set_conv_form(), EC_KEY_set_enc_flags()
 
 See L</Deprecated low-level key parameter setters>.
 
-=item EC_KEY_set_group, EC_KEY_set_private_key, EC_KEY_set_public_key, EC_KEY_set_public_key_affine_coordinates
+=item -
+
+EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(),
+EC_KEY_set_public_key_affine_coordinates()
 
 See L</Deprecated low-level key parameter setters>.
 
-=item ECParameters_print, ECParameters_print_fp, ECPKParameters_print and
-ECPKParameters_print_fp
+=item -
+
+ECParameters_print(), ECParameters_print_fp(), ECPKParameters_print(),
+ECPKParameters_print_fp()
 
 See L</Deprecated low-level key printing functions>
 
-=item EC_POINT_bn2point and EC_POINT_point2bn
+=item -
+
+EC_POINT_bn2point(), EC_POINT_point2bn()
 
 These functions were not particularly useful, since EC point serialization
 formats are not individual big-endian integers.
 
-=item EC_POINT_get_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GFp,
-EC_POINT_set_affine_coordinates_GF2m and EC_POINT_set_affine_coordinates_GFp
+=item -
+
+EC_POINT_get_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GFp(),
+EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_set_affine_coordinates_GFp()
 
 Applications should use L<EC_POINT_get_affine_coordinates(3)> and
 L<EC_POINT_set_affine_coordinates(3)> instead.
 
-=item EC_POINT_get_Jprojective_coordinates_GFp and EC_POINT_set_Jprojective_coordinates_GFp
+=item -
+
+EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_Jprojective_coordinates_GFp()
 
 These functions are not widely used. Applications should instead use the
 L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)>
 functions.
 
-=item EC_POINT_make_affine and EC_POINTs_make_affine
+=item -
+
+EC_POINT_make_affine(), EC_POINTs_make_affine()
 
 There is no replacement. These functions were not widely used, and OpenSSL
 automatically performs this conversion when needed.
 
-=item EC_POINT_set_compressed_coordinates_GF2m and EC_POINT_set_compressed_coordinates_GFp
+=item -
+
+EC_POINT_set_compressed_coordinates_GF2m(), EC_POINT_set_compressed_coordinates_GFp()
 
 Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead.
 
-=item EC_POINTs_mul
+=item -
+
+EC_POINTs_mul()
 
 This function is not widely used. Applications should instead use the
 L<EC_POINT_mul(3)> function.
 
-=item ENGINE_*
+=item -
+
+B<ENGINE_*()>
 
 All engine functions are deprecated. An engine should be rewritten as a provider.
 See L</Providers are a replacement for engines and low-level method overrides>.
 
-=item ERR_load_*, ERR_func_error_string, ERR_get_error_line,
-ERR_get_error_line_data and ERR_get_state
+=item -
+
+B<ERR_load_*()>, ERR_func_error_string(), ERR_get_error_line(),
+ERR_get_error_line_data(), ERR_get_state()
 
 OpenSSL now loads error strings automatically so these functions are not needed.
 
-=item ERR_peek_error_line_data and ERR_peek_last_error_line_data
+=item -
+
+ERR_peek_error_line_data(), ERR_peek_last_error_line_data()
 
 The new functions are L<ERR_peek_error_func(3)>, L<ERR_peek_last_error_func(3)>,
 L<ERR_peek_error_data(3)>, L<ERR_peek_last_error_data(3)>, L<ERR_get_error_all(3)>,
@@ -1247,68 +1564,96 @@ Applications should use L<ERR_get_error_all(3)>, or pick information
 with ERR_peek functions and finish off with getting the error code by using
 L<ERR_get_error(3)>.
 
-=item EVP_CIPHER_CTX_iv, EVP_CIPHER_CTX_iv_noconst and EVP_CIPHER_CTX_original_iv
+=item -
+
+EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_iv_noconst(), EVP_CIPHER_CTX_original_iv()
 
 Applications should instead use L<EVP_CIPHER_CTX_get_updated_iv(3)>,
 L<EVP_CIPHER_CTX_get_updated_iv(3)> and L<EVP_CIPHER_CTX_get_original_iv(3)>
 respectively.
 See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information.
 
-=item EVP_CIPHER_meth_*, EVP_MD_CTX_set_update_fn, EVP_MD_CTX_update_fn, and EVP_MD_meth_*
+=item -
+
+B<EVP_CIPHER_meth_*()>, EVP_MD_CTX_set_update_fn(), EVP_MD_CTX_update_fn(),
+B<EVP_MD_meth_*()>
 
 See L</Providers are a replacement for engines and low-level method overrides>.
 
-=item EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
-EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
-EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN.
+=item -
+
+EVP_PKEY_CTRL_PKCS7_ENCRYPT(), EVP_PKEY_CTRL_PKCS7_DECRYPT(),
+EVP_PKEY_CTRL_PKCS7_SIGN(), EVP_PKEY_CTRL_CMS_ENCRYPT(),
+EVP_PKEY_CTRL_CMS_DECRYPT(), and EVP_PKEY_CTRL_CMS_SIGN()
 
 These control operations are not invoked by the OpenSSL library anymore and
 are replaced by direct checks of the key operation against the key type
 when the operation is initialized.
 
-=item EVP_PKEY_CTX_get0_dh_kdf_ukm and EVP_PKEY_CTX_get0_ecdh_kdf_ukm
+=item -
+
+EVP_PKEY_CTX_get0_dh_kdf_ukm(), EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
 
 See the "kdf-ukm" item in L<EVP_KEYEXCH-DH(7)/DH key exchange parameters> and
 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
 These functions are obsolete and should not be required.
 
-=item EVP_PKEY_CTX_set_rsa_keygen_pubexp
+=item -
+
+EVP_PKEY_CTX_set_rsa_keygen_pubexp()
 
 Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead.
 
-=item EVP_PKEY_cmp and EVP_PKEY_cmp_parameters()
+=item -
+
+EVP_PKEY_cmp(), EVP_PKEY_cmp_parameters()
 
 Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead.
 See L<EVP_PKEY_copy_parameters(3)> for further details.
 
-=item EVP_PKEY_encrypt_old, EVP_PKEY_decrypt_old, 
+=item -
+
+EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(), 
 
 Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
 L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
 
-=item EVP_PKEY_get0
+=item -
+
+EVP_PKEY_get0()
 
 This function returns NULL if the key comes from a provider.
 
-=item EVP_PKEY_get0_DH, EVP_PKEY_get0_DSA, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get0_RSA,
-EVP_PKEY_get1_DH, EVP_PKEY_get1_DSA, EVP_PKEY_get1_EC_KEY and EVP_PKEY_get1_RSA,
-EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305 and EVP_PKEY_get0_siphash
+=item -
+
+EVP_PKEY_get0_DH(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_RSA(),
+EVP_PKEY_get1_DH(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_EC_KEY and EVP_PKEY_get1_RSA(),
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash()
 
 See L</Functions that return an internal key should be treated as read only>.
 
-=item EVP_PKEY_meth_*
+=item -
+
+B<EVP_PKEY_meth_*()>
 
 See L</Providers are a replacement for engines and low-level method overrides>.
 
-=item EVP_PKEY_new_CMAC_key
+=item -
+
+EVP_PKEY_new_CMAC_key()
 
 See L</Deprecated low-level MAC functions>.
 
-=item EVP_PKEY_assign, EVP_PKEY_set1_DH, EVP_PKEY_set1_DSA, EVP_PKEY_set1_EC_KEY and EVP_PKEY_set1_RSA
+=item -
+
+EVP_PKEY_assign(), EVP_PKEY_set1_DH(), EVP_PKEY_set1_DSA(),
+EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_RSA()
 
 See L</Deprecated low-level key object getters and setters>
 
-=item EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint().
+=item -
+
+EVP_PKEY_set1_tls_encodedpoint() EVP_PKEY_get1_tls_encodedpoint()
 
 These functions were previously used by libssl to set or get an encoded public
 key into/from an EVP_PKEY object. With OpenSSL 3.0 these are replaced by the more
@@ -1317,277 +1662,384 @@ L<EVP_PKEY_get1_encoded_public_key(3)>.
 The old versions have been converted to deprecated macros that just call the
 new functions.
 
-=item EVP_PKEY_set1_engine and EVP_PKEY_get0_engine
+=item -
+
+EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine()
 
 See L</Providers are a replacement for engines and low-level method overrides>.
 
-=item EVP_PKEY_set_alias_type
+=item -
+
+EVP_PKEY_set_alias_type()
 
 This function has been removed. There is no replacement.
 See L</EVP_PKEY_set_alias_type() method has been removed>
 
-=item HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_size
+=item -
+
+HMAC_Init_ex(), HMAC_Update(), HMAC_Final(), HMAC_size()
 
 See L</Deprecated low-level MAC functions>.
 
-=item HMAC_CTX_new, HMAC_CTX_free, HMAC_CTX_copy, HMAC_CTX_reset,
-HMAC_CTX_set_flags and HMAC_CTX_get_md
+=item -
+
+HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_copy(), HMAC_CTX_reset(),
+HMAC_CTX_set_flags(), HMAC_CTX_get_md()
 
 See L</Deprecated low-level MAC functions>.
 
-=item i2d_DHparams, i2d_DHxparams
+=item -
+
+i2d_DHparams(), i2d_DHxparams()
 
 See L</Deprecated low-level key reading and writing functions>
 and L<d2i_RSAPrivateKey(3)/Migration> 
 
-=item i2d_DSAparams, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio,
-i2d_DSAPrivateKey_fp, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp and
-i2d_DSAPublicKey
+=item -
+
+i2d_DSAparams(), i2d_DSAPrivateKey(), i2d_DSAPrivateKey_bio(),
+i2d_DSAPrivateKey_fp(), i2d_DSA_PUBKEY(), i2d_DSA_PUBKEY_bio(),
+i2d_DSA_PUBKEY_fp(), i2d_DSAPublicKey()
 
 See L</Deprecated low-level key reading and writing functions>
 and L<d2i_RSAPrivateKey(3)/Migration> 
 
-=item i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio,
-i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp and
-i2o_ECPublicKey.
+=item -
+
+i2d_ECParameters(), i2d_ECPrivateKey(), i2d_ECPrivateKey_bio(),
+i2d_ECPrivateKey_fp(), i2d_EC_PUBKEY(), i2d_EC_PUBKEY_bio(),
+i2d_EC_PUBKEY_fp(), i2o_ECPublicKey()
 
 See L</Deprecated low-level key reading and writing functions>
 and L<d2i_RSAPrivateKey(3)/Migration> 
 
-=item i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp.
-i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_RSAPublicKey
-i2d_RSAPublicKey_bio and i2d_RSAPublicKey_fp
+=item -
+
+i2d_RSAPrivateKey(), i2d_RSAPrivateKey_bio(), i2d_RSAPrivateKey_fp(),
+i2d_RSA_PUBKEY(), i2d_RSA_PUBKEY_bio(), i2d_RSA_PUBKEY_fp(),
+i2d_RSAPublicKey(), i2d_RSAPublicKey_bio(), i2d_RSAPublicKey_fp()
 
 See L</Deprecated low-level key reading and writing functions>
 and L<d2i_RSAPrivateKey(3)/Migration> 
 
-=item IDEA_encrypt, IDEA_set_decrypt_key, IDEA_set_encrypt_key,
-IDEA_cbc_encrypt, IDEA_cfb64_encrypt, IDEA_ecb_encrypt and IDEA_ofb64_encrypt
+=item -
+
+IDEA_encrypt(), IDEA_set_decrypt_key(), IDEA_set_encrypt_key(),
+IDEA_cbc_encrypt(), IDEA_cfb64_encrypt(), IDEA_ecb_encrypt(),
+IDEA_ofb64_encrypt()
 
 See L</Deprecated low-level encryption functions>.
 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item IDEA_options
+=item -
+
+IDEA_options()
 
 There is no replacement. This function returned a constant string.
 
-=item MD2, MD2_Init, MD2_Update and MD2_Final
+=item -
+
+MD2(), MD2_Init(), MD2_Update(), MD2_Final()
 
 See L</Deprecated low-level encryption functions>.
 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item MD2_options
+=item -
+
+MD2_options()
 
 There is no replacement. This function returned a constant string.
 
-=item MD4, MD4_Init, MD4_Update, MD4_Final and MD4_Transform
+=item -
+
+MD4(), MD4_Init(), MD4_Update(), MD4_Final(), MD4_Transform()
 
 See L</Deprecated low-level encryption functions>.
 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item MDC2, MDC2_Init, MDC2_Update and MDC2_Final
+=item -
+
+MDC2(), MDC2_Init(), MDC2_Update(), MDC2_Final()
 
 See L</Deprecated low-level encryption functions>.
 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item MD5, MD5_Init, MD5_Update, MD5_Final and MD5_Transform
+=item -
+
+MD5(), MD5_Init(), MD5_Update(), MD5_Final(), MD5_Transform()
 
 See L</Deprecated low-level encryption functions>.
 
-=item NCONF_WIN32
+=item -
+
+NCONF_WIN32()
 
 This undocumented function has no replacement.
 See L<config(5)/HISTORY> for more details.
 
-=item OCSP_parse_url()
+=item -
+
+OCSP_parse_url()
 
 Use L<OSSL_HTTP_parse_url(3)> instead.
 
-=item OCSP_REQ_CTX type and OCSP_REQ_CTX_*() methods.
+=item -
+
+B<OCSP_REQ_CTX> type and B<OCSP_REQ_CTX_*()> functions
 
 These methods were used to collect all necessary data to form a HTTP request,
 and to perform the HTTP transfer with that request.  With OpenSSL 3.0, the
-type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
-with OSSL_HTTP_REQ_CTX_*(). See L<OSSL_HTTP_REQ_CTX(3)> for additional details.
+type is B<OSSL_HTTP_REQ_CTX>, and the deprecated functions are replaced
+with B<OSSL_HTTP_REQ_CTX_*()>. See L<OSSL_HTTP_REQ_CTX(3)> for additional
+details.
 
-=item OPENSSL_fork_child, OPENSSL_fork_parent and OPENSSL_fork_prepare
+=item -
+
+OPENSSL_fork_child(), OPENSSL_fork_parent(), OPENSSL_fork_prepare()
 
 There is no replacement for these functions. These pthread fork support methods
 were unused by OpenSSL.
 
-=item OSSL_STORE_ctrl, OSSL_STORE_do_all_loaders, OSSL_STORE_LOADER_get0_engine,
-OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_new,
-OSSL_STORE_LOADER_set_attach, OSSL_STORE_LOADER_set_close,
-OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_eof
-OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_expect,
-OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load,
-OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_open_ex,
-OSSL_STORE_register_loader, OSSL_STORE_unregister_loader and OSSL_STORE_vctrl
+=item -
+
+OSSL_STORE_ctrl(), OSSL_STORE_do_all_loaders(), OSSL_STORE_LOADER_get0_engine(),
+OSSL_STORE_LOADER_get0_scheme(), OSSL_STORE_LOADER_new(),
+OSSL_STORE_LOADER_set_attach(), OSSL_STORE_LOADER_set_close(),
+OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_eof(),
+OSSL_STORE_LOADER_set_error(), OSSL_STORE_LOADER_set_expect(),
+OSSL_STORE_LOADER_set_find(), OSSL_STORE_LOADER_set_load(),
+OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_open_ex(),
+OSSL_STORE_register_loader(), OSSL_STORE_unregister_loader(),
+OSSL_STORE_vctrl()
 
 These functions helped applications and engines create loaders for
 schemes they supported.  These are all deprecated and discouraged in favour of
 provider implementations, see L<provider-storemgmt(7)>.
 
-=item PEM_read_DHparams, PEM_read_bio_DHparams,
-PEM_read_DSAparams, PEM_read_bio_DSAparams,
-PEM_read_DSAPrivateKey, PEM_read_DSA_PUBKEY,
-PEM_read_bio_DSAPrivateKey and PEM_read_bio_DSA_PUBKEY,
-PEM_read_ECPKParameters, PEM_read_ECPrivateKey, PEM_read_EC_PUBKEY,
-PEM_read_bio_ECPKParameters, PEM_read_bio_ECPrivateKey, PEM_read_bio_EC_PUBKEY,
-PEM_read_RSAPrivateKey, PEM_read_RSA_PUBKEY, PEM_read_RSAPublicKey,
-PEM_read_bio_RSAPrivateKey, PEM_read_bio_RSA_PUBKEY, PEM_read_bio_RSAPublicKey,
-PEM_write_bio_DHparams, PEM_write_bio_DHxparams, PEM_write_DHparams, PEM_write_DHxparams,
-PEM_write_DSAparams, PEM_write_DSAPrivateKey, PEM_write_DSA_PUBKEY,
-PEM_write_bio_DSAparams, PEM_write_bio_DSAPrivateKey, PEM_write_bio_DSA_PUBKEY,
-PEM_write_ECPKParameters, PEM_write_ECPrivateKey, PEM_write_EC_PUBKEY,
-PEM_write_bio_ECPKParameters, PEM_write_bio_ECPrivateKey, PEM_write_bio_EC_PUBKEY,
-PEM_write_RSAPrivateKey, PEM_write_RSA_PUBKEY, PEM_write_RSAPublicKey,
-PEM_write_bio_RSAPrivateKey, PEM_write_bio_RSA_PUBKEY and PEM_write_bio_RSAPublicKey.
+=item -
+
+PEM_read_DHparams(), PEM_read_bio_DHparams(),
+PEM_read_DSAparams(), PEM_read_bio_DSAparams(),
+PEM_read_DSAPrivateKey(), PEM_read_DSA_PUBKEY(),
+PEM_read_bio_DSAPrivateKey and PEM_read_bio_DSA_PUBKEY(),
+PEM_read_ECPKParameters(), PEM_read_ECPrivateKey(), PEM_read_EC_PUBKEY(),
+PEM_read_bio_ECPKParameters(), PEM_read_bio_ECPrivateKey(), PEM_read_bio_EC_PUBKEY(),
+PEM_read_RSAPrivateKey(), PEM_read_RSA_PUBKEY(), PEM_read_RSAPublicKey(),
+PEM_read_bio_RSAPrivateKey(), PEM_read_bio_RSA_PUBKEY(), PEM_read_bio_RSAPublicKey(),
+PEM_write_bio_DHparams(), PEM_write_bio_DHxparams(), PEM_write_DHparams(), PEM_write_DHxparams(),
+PEM_write_DSAparams(), PEM_write_DSAPrivateKey(), PEM_write_DSA_PUBKEY(),
+PEM_write_bio_DSAparams(), PEM_write_bio_DSAPrivateKey(), PEM_write_bio_DSA_PUBKEY(),
+PEM_write_ECPKParameters(), PEM_write_ECPrivateKey(), PEM_write_EC_PUBKEY(),
+PEM_write_bio_ECPKParameters(), PEM_write_bio_ECPrivateKey(), PEM_write_bio_EC_PUBKEY(),
+PEM_write_RSAPrivateKey(), PEM_write_RSA_PUBKEY(), PEM_write_RSAPublicKey(),
+PEM_write_bio_RSAPrivateKey(), PEM_write_bio_RSA_PUBKEY(),
+PEM_write_bio_RSAPublicKey(),
 
 See L</Deprecated low-level key reading and writing functions>
 
-=item PKCS1_MGF1
+=item -
+
+PKCS1_MGF1()
 
 See L</Deprecated low-level encryption functions>.
 
-=item RAND_get_rand_method, RAND_set_rand_method, RAND_OpenSSL and RAND_set_rand_engine
+=item -
+
+RAND_get_rand_method(), RAND_set_rand_method(), RAND_OpenSSL(),
+RAND_set_rand_engine()
 
 Applications should instead use L<RAND_set_DRBG_type(3)>,
 L<EVP_RAND(3)> and L<EVP_RAND(7)>.
 See L<RAND_set_rand_method(3)> for more details.
 
-=item RC2_encrypt, RC2_decrypt, RC2_set_key, RC2_cbc_encrypt, RC2_cfb64_encrypt,
-RC2_ecb_encrypt, RC2_ofb64_encrypt,
-RC4, RC4_set_key, RC4_options,
-RC5_32_encrypt, RC5_32_set_key, RC5_32_decrypt, RC5_32_cbc_encrypt,
-RC5_32_cfb64_encrypt, RC5_32_ecb_encrypt and RC5_32_ofb64_encrypt
+=item -
+
+RC2_encrypt(), RC2_decrypt(), RC2_set_key(), RC2_cbc_encrypt(), RC2_cfb64_encrypt(),
+RC2_ecb_encrypt(), RC2_ofb64_encrypt(),
+RC4(), RC4_set_key(), RC4_options(),
+RC5_32_encrypt(), RC5_32_set_key(), RC5_32_decrypt(), RC5_32_cbc_encrypt(),
+RC5_32_cfb64_encrypt(), RC5_32_ecb_encrypt(), RC5_32_ofb64_encrypt()
 
 See L</Deprecated low-level encryption functions>.
 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final and RIPEMD160_Transform
+=item -
+
+RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update(), RIPEMD160_Final(),
+RIPEMD160_Transform()
 
 See L</Deprecated low-level digest functions>.
 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item RSA_bits, RSA_security_bits and RSA_size
+=item -
+
+RSA_bits(), RSA_security_bits(), RSA_size()
 
 Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
 
-=item RSA_check_key and RSA_check_key_ex
+=item -
+
+RSA_check_key(), RSA_check_key_ex()
 
 See L</Deprecated low-level validation functions>
 
-=item RSA_clear_flags, RSA_flags, RSA_set_flags, RSA_test_flags,
-RSA_setup_blinding, RSA_blinding_off and RSA_blinding_on
+=item -
+
+RSA_clear_flags(), RSA_flags(), RSA_set_flags(), RSA_test_flags(),
+RSA_setup_blinding(), RSA_blinding_off(), RSA_blinding_on()
 
 All of these RSA flags have been deprecated without replacement:
 
-RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC,
-RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and
-RSA_METHOD_FLAG_NO_CHECK.
+B<RSA_FLAG_BLINDING>, B<RSA_FLAG_CACHE_PRIVATE>, B<RSA_FLAG_CACHE_PUBLIC>,
+B<RSA_FLAG_EXT_PKEY>, B<RSA_FLAG_NO_BLINDING>, B<RSA_FLAG_THREAD_SAFE>
+B<RSA_METHOD_FLAG_NO_CHECK>
 
-=item RSA_generate_key_ex, RSA_generate_multi_prime_key
+=item -
+
+RSA_generate_key_ex(), RSA_generate_multi_prime_key()
 
 See L</Deprecated low-level key generation functions>.
 
-=item RSA_get0_engine
+=item -
+
+RSA_get0_engine()
 
 See L</Providers are a replacement for engines and low-level method overrides>
 
-=item RSA_get0_crt_params, RSA_get0_d, RSA_get0_dmp1, RSA_get0_dmq1,
-RSA_get0_e, RSA_get0_factors, RSA_get0_iqmp, RSA_get0_key,
-RSA_get0_multi_prime_crt_params, RSA_get0_multi_prime_factors, RSA_get0_n,
-RSA_get0_p, RSA_get0_pss_params, RSA_get0_q and RSA_get_multi_prime_extra_count.
+=item -
+
+RSA_get0_crt_params(), RSA_get0_d(), RSA_get0_dmp1(), RSA_get0_dmq1(),
+RSA_get0_e(), RSA_get0_factors(), RSA_get0_iqmp(), RSA_get0_key(),
+RSA_get0_multi_prime_crt_params(), RSA_get0_multi_prime_factors(), RSA_get0_n(),
+RSA_get0_p(), RSA_get0_pss_params(), RSA_get0_q(),
+RSA_get_multi_prime_extra_count()
 
 See L</Deprecated low-level key parameter getters>
 
-=item RSA_new, RSA_free and RSA_up_ref
+=item -
+
+RSA_new(), RSA_free(), RSA_up_ref()
 
 See L</Deprecated low-level object creation>.
 
-=item RSA_get_default_method, RSA_get_ex_data and RSA_get_method
+=item -
+
+RSA_get_default_method(), RSA_get_ex_data and RSA_get_method()
 
 See L</Providers are a replacement for engines and low-level method overrides>.
 
-=item RSA_get_version
+=item -
+
+RSA_get_version()
 
 There is no replacement.
 
-=item RSA_meth_*, RSA_new_method, RSA_null_method and RSA_PKCS1_OpenSSL
+=item -
+
+B<RSA_meth_*()>, RSA_new_method(), RSA_null_method and RSA_PKCS1_OpenSSL()
 
 See L</Providers are a replacement for engines and low-level method overrides>.
 
-=item RSA_padding_add_* and RSA_padding_check_*
+=item -
+
+B<RSA_padding_add_*()>, B<RSA_padding_check_*()>
 
 See L</Deprecated low-level signing functions> and
 L</Deprecated low-level encryption functions>.
 
-=item RSA_print and RSA_print_fp
+=item -
+
+RSA_print(), RSA_print_fp()
 
 See L</Deprecated low-level key printing functions>
 
-=item RSA_public_encrypt and RSA_private_decrypt
+=item -
+
+RSA_public_encrypt(), RSA_private_decrypt()
 
 See L</Deprecated low-level encryption functions>
 
-=item RSA_private_encrypt and RSA_public_decrypt
+=item -
+
+RSA_private_encrypt(), RSA_public_decrypt()
 
 This is equivalent to doing sign and verify operations (with a padding mode
 of none). See L</Deprecated low-level signing functions>.
 
-=item RSAPrivateKey_dup, RSAPublicKey_dup
+=item -
+
+RSAPrivateKey_dup(), RSAPublicKey_dup()
 
 There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>.
 
-=item RSAPublicKey_it and RSAPrivateKey_it
+=item -
+
+RSAPublicKey_it(), RSAPrivateKey_it()
 
 See L</Deprecated low-level key reading and writing functions>
 
-=item RSA_set0_crt_params, RSA_set0_factors, RSA_set0_key and RSA_set0_multi_prime_params
+=item -
+
+RSA_set0_crt_params(), RSA_set0_factors(), RSA_set0_key(),
+RSA_set0_multi_prime_params()
 
 See L</Deprecated low-level key parameter setters>.
 
-=item RSA_set_default_method, RSA_set_method, RSA_set_ex_data
+=item -
+
+RSA_set_default_method(), RSA_set_method(), RSA_set_ex_data()
 
 See L</Providers are a replacement for engines and low-level method overrides>
 
-=item RSA_sign, RSA_sign_ASN1_OCTET_STRING, RSA_verify, RSA_verify_ASN1_OCTET_STRING,
-RSA_verify_PKCS1_PSS and RSA_verify_PKCS1_PSS_mgf1
+=item -
+
+RSA_sign(), RSA_sign_ASN1_OCTET_STRING(), RSA_verify(),
+RSA_verify_ASN1_OCTET_STRING(), RSA_verify_PKCS1_PSS(),
+RSA_verify_PKCS1_PSS_mgf1()
 
 See L</Deprecated low-level signing functions>.
 
-=item RSA_X931_derive_ex, RSA_X931_generate_key_ex and RSA_X931_hash_id.
+=item -
+
+RSA_X931_derive_ex(), RSA_X931_generate_key_ex(), RSA_X931_hash_id()
 
 There are no replacements for these functions.
 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
 See B<OSSL_SIGNATURE_PARAM_PAD_MODE>.
 
-=item SEED_encrypt, SEED_decrypt, SEED_set_key, SEED_cbc_encrypt,
-SEED_cfb128_encrypt, SEED_ecb_encrypt and SEED_ofb128_encrypt.
+=item -
+
+SEED_encrypt(), SEED_decrypt(), SEED_set_key(), SEED_cbc_encrypt(),
+SEED_cfb128_encrypt(), SEED_ecb_encrypt(), SEED_ofb128_encrypt()
 
 See L</Deprecated low-level encryption functions>.
 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item SHA1_Init, SHA1_Update, SHA1_Final, SHA1_Transform,
-SHA224_Init, SHA224_Update, SHA224_Final,
-SHA256_Init, SHA256_Update, SHA256_Final, SHA256_Transform,
-SHA384_Init, SHA384_Update, SHA384_Final,
-SHA512_Init, SHA512_Update, SHA512_Final and SHA512_Transform
+=item -
+
+SHA1_Init(), SHA1_Update(), SHA1_Final(), SHA1_Transform(),
+SHA224_Init(), SHA224_Update(), SHA224_Final(),
+SHA256_Init(), SHA256_Update(), SHA256_Final(), SHA256_Transform(),
+SHA384_Init(), SHA384_Update(), SHA384_Final(),
+SHA512_Init(), SHA512_Update(), SHA512_Final(), SHA512_Transform()
 
 See L</Deprecated low-level digest functions>.
 
-=item SRP_Calc_A, SRP_Calc_B, SRP_Calc_client_key, SRP_Calc_server_key,
-SRP_Calc_u, SRP_Calc_x, SRP_check_known_gN_param, SRP_create_verifier,
-SRP_create_verifier_BN, SRP_get_default_gN, SRP_user_pwd_free, SRP_user_pwd_new,
-SRP_user_pwd_set0_sv, SRP_user_pwd_set1_ids, SRP_user_pwd_set_gN,
-SRP_VBASE_add0_user, SRP_VBASE_free, SRP_VBASE_get1_by_user, SRP_VBASE_init,
-SRP_VBASE_new, SRP_Verify_A_mod_N, SRP_Verify_B_mod_N
+=item -
+
+SRP_Calc_A(), SRP_Calc_B(), SRP_Calc_client_key(), SRP_Calc_server_key(),
+SRP_Calc_u(), SRP_Calc_x(), SRP_check_known_gN_param(), SRP_create_verifier(),
+SRP_create_verifier_BN(), SRP_get_default_gN(), SRP_user_pwd_free(), SRP_user_pwd_new(),
+SRP_user_pwd_set0_sv(), SRP_user_pwd_set1_ids(), SRP_user_pwd_set_gN(),
+SRP_VBASE_add0_user(), SRP_VBASE_free(), SRP_VBASE_get1_by_user(), SRP_VBASE_init(),
+SRP_VBASE_new(), SRP_Verify_A_mod_N(), SRP_Verify_B_mod_N()
 
 There are no replacements for the SRP functions.
 
-=item SSL_CTX_set_tmp_dh_callback, SSL_set_tmp_dh_callback,
-SSL_CTX_set_tmp_dh and SSL_set_tmp_dh.
+=item -
+
+SSL_CTX_set_tmp_dh_callback(), SSL_set_tmp_dh_callback(),
+SSL_CTX_set_tmp_dh(), SSL_set_tmp_dh()
 
 These are used to set the Diffie-Hellman (DH) parameters that are to be used by
 servers requiring ephemeral DH keys. Instead applications should consider using
@@ -1600,21 +2052,30 @@ parameters for export and non-export ciphersuites. Export ciphersuites are no
 longer supported by OpenSSL. Use of the callback functions should be replaced
 by one of the other methods described above.
 
-=item SSL_CTX_set_tlsext_ticket_key_cb.
+=item -
+
+SSL_CTX_set_tlsext_ticket_key_cb()
 
 Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead.
 
-=item WHIRLPOOL, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final and WHIRLPOOL_BitUpdate
+=item -
+
+WHIRLPOOL(), WHIRLPOOL_Init(), WHIRLPOOL_Update(), WHIRLPOOL_Final(),
+WHIRLPOOL_BitUpdate()
 
 See L</Deprecated low-level digest functions>.
 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
 
-=item X509_certificate_type
+=item -
+
+X509_certificate_type()
 
 This was an undocumented function. Applications can use L<X509_get0_pubkey(3)>
 and L<X509_get0_signature(3)> instead.
 
-=item X509_http_nbio and X509_CRL_http_nbio
+=item -
+
+X509_http_nbio(), X509_CRL_http_nbio()
 
 Use L<X509_load_http(3)> and L<X509_CRL_load_http(3)> instead.
 
@@ -1628,77 +2089,86 @@ See L<fips_module(7)> and L<OSSL_PROVIDER-FIPS(7)> for details.
 
 =head3 New applications
 
-L<'kdf'|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
-L<'mac'|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
+L<B<openssl kdf>|openssl-kdf(1)> uses the new L<EVP_KDF(3)> API.
+L<B<openssl kdf>|openssl-mac(1)> uses the new L<EVP_MAC(3)> API.
 
 =head3 Added options
 
-'-provider_path' and '-provider' are available to all apps and can be used
-multiple times to load any providers, such as the 'legacy' provider or
-third party providers. If used then the 'default' provider would also need to be
-specified if required. The '-provider_path' must be specified before the
-'-provider' option. 
+B<-provider_path> and B<-provider> are available to all apps and can be used
+multiple times to load any providers, such as the 'legacy' provider or third
+party providers. If used then the 'default' provider would also need to be
+specified if required. The B<-provider_path> must be specified before the
+B<-provider> option. 
 
-The 'list' app has many new options. See L<openssl-list(1)> for more information.
+The B<list> app has many new options. See L<openssl-list(1)> for more
+information.
 
-`-crl_lastupdate` and `-crl_nextupdate` used by 'ca' allows explicit setting of
-fields in the generated CRL.
+B<-crl_lastupdate> and B<-crl_nextupdate> used by B<openssl ca> allows
+explicit setting of fields in the generated CRL.
 
 =head3 Removed options
 
 Interactive mode is not longer available.
 
-The `-crypt` option used by `passwd`.
-The '-c' option used by `x509`, `dhparam`, `dsaparam`, and `ecparam`.
+The B<-crypt> option used by B<openssl passwd>.
+The B<-c> option used by B<openssl x509>, B<openssl dhparam>,
+B<openssl dsaparam>, and B<openssl ecparam>.
 
 =head3 Other Changes
 
 The output of Command line applications may have minor changes.
 These are primarily changes in capitalisation and white space.  However, in some
 cases, there are additional differences.
-For example, the DH parameters output from `dhparam` now lists 'P', 'Q', 'G' and
-'pcounter' instead of 'prime', 'generator', 'subgroup order' and 'counter'
-respectively.
+For example, the DH parameters output from B<openssl dhparam> now lists 'P',
+'Q', 'G' and 'pcounter' instead of 'prime', 'generator', 'subgroup order' and
+'counter' respectively.
 
-The openssl commands that read keys, certificates, and CRLs now
+The B<openssl> commands that read keys, certificates, and CRLs now
 automatically detect the PEM or DER format of the input files so it is not
 necessary to explicitly specify the input format anymore. However if the
 input format option is used the specified format will be required.
 
-`speed` no longer uses low-level API calls.
+B<openssl speed> no longer uses low-level API calls.
 This implies some of the performance numbers might not be comparable with the
 previous releases due to higher overhead. This applies particularly to
 measuring performance on smaller data chunks.
 
-'dhparam', 'dsa', 'gendsa', 'dsaparam', 'genrsa' and 'rsa' have been
-modified to use PKEY APIs.
-'genrsa' and 'rsa' now write PKCS #8 keys by default.
+b<openssl dhparam>, B<openssl dsa>, B<openssl gendsa>, B<openssl dsaparam>,
+B<openssl genrsa> and B<openssl rsa> have been modified to use PKEY APIs.
+B<openssl genrsa> and B<openssl rsa> now write PKCS #8 keys by default.
 
 =head3 Default settings
 
-"SHA256" is now the default digest for TS query used by `ts`.
+"SHA256" is now the default digest for TS query used by B<openssl ts>.
 
 =head3 Deprecated apps
 
-'rsautl' has been deprecated, use 'pkeyutl' instead.
-'dhparam', 'dsa', 'gendsa', 'dsaparam', 'genrsa', 'rsa', 'genrsa' and 'rsa' are
+B<openssl rsautl> is deprecated, use B<openssl pkeyutl> instead.
+B<openssl dhparam>, B<openssl dsa>, B<openssl gendsa>, B<openssl dsaparam>,
+B<openssl genrsa>, B<openssl rsa>, B<openssl genrsa> and B<openssl rsa> are
 now in maintenance mode and no new features will be added to them.
 
 =head2 TLS Changes
 
 =over 4
 
-=item TLS 1.3 FFDHE key exchange support added
+=item -
+
+TLS 1.3 FFDHE key exchange support added
 
 This uses DH safe prime named groups.
 
-=item Support for fully "pluggable" TLSv1.3 groups.
+=item -
+
+Support for fully "pluggable" TLSv1.3 groups.
 
 This means that providers may supply their own group implementations (using
 either the "key exchange" or the "key encapsulation" methods) which will
 automatically be detected and used by libssl.
 
-=item SSL and SSL_CTX options are now 64 bit instead of 32 bit.
+=item -
+
+SSL and SSL_CTX options are now 64 bit instead of 32 bit.
 
 The signatures of the functions to get and set options on SSL and
 SSL_CTX objects changed from "unsigned long" to "uint64_t" type.
@@ -1708,24 +2178,32 @@ This may require source code changes.
 See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>,
 L<SSL_get_options(3)> and L<SSL_set_options(3)>.
 
-=item SSL_set1_host() and SSL_add1_host() Changes
+=item -
+
+SSL_set1_host() and SSL_add1_host() Changes
 
 These functions now take IP literal addresses as well as actual hostnames.
 
-=item Added SSL option SSL_OP_CLEANSE_PLAINTEXT
+=item -
+
+Added SSL option SSL_OP_CLEANSE_PLAINTEXT
 
 If the option is set, openssl cleanses (zeroizes) plaintext bytes from
 internal buffers after delivering them to the application. Note,
 the application is still responsible for cleansing other copies
 (e.g.: data received by L<SSL_read(3)>).
 
-=item Client-initiated renegotiation is disabled by default.
+=item -
+
+Client-initiated renegotiation is disabled by default.
 
-To allow it, use the '-client_renegotiation' option,
-the B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION> flag, or the "ClientRenegotiation"
+To allow it, use the B<-client_renegotiation> option,
+the B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION> flag, or the C<ClientRenegotiation>
 config parameter as appropriate.
 
-=item Secure renegotiation is now required by default for TLS connections
+=item -
+
+Secure renegotiation is now required by default for TLS connections
 
 Support for RFC 5746 secure renegotiation is now required by default for
 SSL or TLS connections to succeed.  Applications that require the ability
@@ -1733,7 +2211,9 @@ to connect to legacy peers will need to explicitly set
 SSL_OP_LEGACY_SERVER_CONNECT.  Accordingly, SSL_OP_LEGACY_SERVER_CONNECT
 is no longer set as part of SSL_OP_ALL.
 
-=item Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
+=item -
+
+Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
 
 Typically if OpenSSL has no EC or DH algorithms then it cannot support
 connections with TLSv1.3. However OpenSSL now supports "pluggable" groups
@@ -1743,11 +2223,15 @@ TLS connections in such a build without also disabling TLSv1.3 at run time or
 using third party provider groups may result in handshake failures. TLSv1.3
 can be disabled at compile time using the "no-tls1_3" Configure option.
 
-=item SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() changes.
+=item -
+
+SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() changes.
 
 The methods now ignore unknown ciphers.
 
-=item Security callback change.
+=item -
+
+Security callback change.
 
 The security callback, which can be customised by application code, supports
 the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
@@ -1758,32 +2242,38 @@ according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
 of the other locations. Therefore this client side call has been changed to
 pass an EVP_PKEY instead.
 
-=item New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF
+=item -
+
+New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF
 
 The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option
 is set, an unexpected EOF is ignored, it pretends a close notify was received
 instead and so the returned error becomes SSL_ERROR_ZERO_RETURN.
 
-=item The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
+=item -
+
+The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
 
 This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
 working at the default security level of 1 and instead requires security
 level 0. The security level can be changed either using the cipher string
-with `@SECLEVEL`, or calling L<SSL_CTX_set_security_level(3)>. This also means
+with `C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means
 that where the signature algorithms extension is missing from a ClientHello
 then the handshake will fail in TLS 1.2 at security level 1. This is because,
 although this extension is optional, failing to provide one means that
 OpenSSL will fallback to a default set of signature algorithms. This default
 set requires the availability of SHA1.
 
-=item X509 certificates signed using SHA1 are no longer allowed at security level 1 and above.
+=item -
+
+X509 certificates signed using SHA1 are no longer allowed at security level 1 and above.
 
 In TLS/SSL the default security level is 1. It can be set either using the cipher
-string with `@SECLEVEL`, or calling L<SSL_CTX_set_security_level(3)>. If the
+string with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. If the
 leaf certificate is signed with SHA-1, a call to L<SSL_CTX_use_certificate(3)>
 will fail if the security level is not lowered first.
 Outside TLS/SSL, the default security level is -1 (effectively 0). It can
-be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the `-auth_level`
+be set using L<X509_VERIFY_PARAM_set_auth_level(3)> or using the B<-auth_level>
 options of the commands.
 
 =back

From no-reply at appveyor.com  Fri May 21 13:58:05 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 13:58:05 +0000
Subject: Build failed: openssl master.42109
Message-ID: <20210521135805.1.DC967B147169666F@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/0046dc00/attachment.html>

From no-reply at appveyor.com  Fri May 21 15:17:51 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 15:17:51 +0000
Subject: Build failed: openssl master.42110
Message-ID: <20210521151751.1.3054E08E404562AE@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/8dae7f8c/attachment.html>

From beldmit at gmail.com  Fri May 21 15:19:50 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Fri, 21 May 2021 15:19:50 +0000
Subject: [openssl]  master update
Message-ID: <1621610390.661057.10337.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3f987381929ee725daf4746591144dde18f313e1 (commit)
      from  0491691342cf8fefb61de14b8edd56a937b458ac (commit)


- Log -----------------------------------------------------------------
commit 3f987381929ee725daf4746591144dde18f313e1
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Thu May 20 16:03:05 2021 +0200

    Cleanup the peer point formats on regotiation
    
    Fixes #14875
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15383)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/extensions.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index ee047dc638..42d591e11e 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -45,6 +45,7 @@ static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
 #ifndef OPENSSL_NO_SRP
 static int init_srp(SSL *s, unsigned int context);
 #endif
+static int init_ec_point_formats(SSL *s, unsigned int context);
 static int init_etm(SSL *s, unsigned int context);
 static int init_ems(SSL *s, unsigned int context);
 static int final_ems(SSL *s, unsigned int context, int sent);
@@ -159,7 +160,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         TLSEXT_TYPE_ec_point_formats,
         SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
         | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
-        NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
+        init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
         tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
         final_ec_pt_formats
     },
@@ -1145,6 +1146,15 @@ static int init_srp(SSL *s, unsigned int context)
 }
 #endif
 
+static int init_ec_point_formats(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->ext.peer_ecpointformats);
+    s->ext.peer_ecpointformats = NULL;
+    s->ext.peer_ecpointformats_len = 0;
+
+    return 1;
+}
+
 static int init_etm(SSL *s, unsigned int context)
 {
     s->ext.use_etm = 0;

From beldmit at gmail.com  Fri May 21 15:29:06 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Fri, 21 May 2021 15:29:06 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1621610946.601753.12645.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  7fc0b9376135e9e5db76c713122a6e319c0b9768 (commit)
      from  ca28c2422a7b32644161caa55f818dfafd8eeb9a (commit)


- Log -----------------------------------------------------------------
commit 7fc0b9376135e9e5db76c713122a6e319c0b9768
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Thu May 20 16:03:05 2021 +0200

    Cleanup the peer point formats on regotiation
    
    Fixes #14875
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15383)
    
    (cherry picked from commit 3f987381929ee725daf4746591144dde18f313e1)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/extensions.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 07803537ba..19e91b6f4e 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -42,6 +42,7 @@ static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
 #ifndef OPENSSL_NO_SRP
 static int init_srp(SSL *s, unsigned int context);
 #endif
+static int init_ec_point_formats(SSL *s, unsigned int context);
 static int init_etm(SSL *s, unsigned int context);
 static int init_ems(SSL *s, unsigned int context);
 static int final_ems(SSL *s, unsigned int context, int sent);
@@ -159,7 +160,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         TLSEXT_TYPE_ec_point_formats,
         SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
         | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
-        NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
+        init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
         tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
         final_ec_pt_formats
     },
@@ -1165,6 +1166,15 @@ static int init_srp(SSL *s, unsigned int context)
 }
 #endif
 
+static int init_ec_point_formats(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->ext.peer_ecpointformats);
+    s->ext.peer_ecpointformats = NULL;
+    s->ext.peer_ecpointformats_len = 0;
+
+    return 1;
+}
+
 static int init_etm(SSL *s, unsigned int context)
 {
     s->ext.use_etm = 0;

From no-reply at appveyor.com  Fri May 21 16:32:45 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 16:32:45 +0000
Subject: Build failed: openssl master.42111
Message-ID: <20210521163245.1.4FA1DD2BC3AF157E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/0e63a3f3/attachment.html>

From no-reply at appveyor.com  Fri May 21 17:50:08 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 17:50:08 +0000
Subject: Build failed: openssl master.42112
Message-ID: <20210521175008.1.D7D152E1B88A32B5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/1c86c837/attachment.html>

From no-reply at appveyor.com  Fri May 21 19:09:17 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 19:09:17 +0000
Subject: Build failed: openssl master.42113
Message-ID: <20210521190917.1.95A667CF7590AD64@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/a2a1ba31/attachment.html>

From no-reply at appveyor.com  Fri May 21 20:28:50 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 20:28:50 +0000
Subject: Build failed: openssl master.42114
Message-ID: <20210521202850.1.551DCFA5F23F318A@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/fda83b67/attachment-0001.html>

From no-reply at appveyor.com  Fri May 21 21:46:28 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 21:46:28 +0000
Subject: Build failed: openssl master.42115
Message-ID: <20210521214628.1.25537A92BAA2D4B7@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/7955e10b/attachment.html>

From no-reply at appveyor.com  Fri May 21 22:56:24 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 21 May 2021 22:56:24 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42116
Message-ID: <20210521225624.1.B471B1E9468D32DC@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210521/7c657dec/attachment.html>

From no-reply at appveyor.com  Sat May 22 00:11:34 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 00:11:34 +0000
Subject: Build failed: openssl master.42117
Message-ID: <20210522001134.1.95182A4202C35BF2@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/920003ec/attachment.html>

From no-reply at appveyor.com  Sat May 22 01:25:10 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 01:25:10 +0000
Subject: Build failed: openssl master.42118
Message-ID: <20210522012510.1.B967D3B7D0193C8B@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/6ad96bd9/attachment.html>

From no-reply at appveyor.com  Sat May 22 02:39:15 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 02:39:15 +0000
Subject: Build failed: openssl master.42119
Message-ID: <20210522023915.1.29B7320A46EC0D8B@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/06759205/attachment.html>

From no-reply at appveyor.com  Sat May 22 03:45:53 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 03:45:53 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42120
Message-ID: <20210522034553.1.1D5A0961691576C8@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/1c7c6233/attachment.html>

From no-reply at appveyor.com  Sat May 22 04:59:49 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 04:59:49 +0000
Subject: Build failed: openssl master.42121
Message-ID: <20210522045949.1.780C3A51706C2516@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/206bcc94/attachment.html>

From levitte at openssl.org  Sat May 22 05:21:23 2021
From: levitte at openssl.org (Richard Levitte)
Date: Sat, 22 May 2021 05:21:23 +0000
Subject: [openssl]  master update
Message-ID: <1621660883.783204.16176.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a066841554bd23281ae4bb48badc088753f734ca (commit)
      from  3f987381929ee725daf4746591144dde18f313e1 (commit)


- Log -----------------------------------------------------------------
commit a066841554bd23281ae4bb48badc088753f734ca
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 20 10:31:21 2021 +0200

    VMS: don't use app_malloc() in apps/lib/vms_decc_argv.c
    
    The reason being that it would otherwise force test programs to link
    with all of libapps.a, which unfortunately causes multiple symbol
    definition issues.
    
    The quick and dirty fix is to use OPENSSL_malloc() instead of
    app_malloc() in apps/lib/vms_decc_argv.c, and clean up libapps.a
    later.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15368)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/vms_decc_argv.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/lib/vms_decc_argv.c b/apps/lib/vms_decc_argv.c
index 932b51a837..25b42eb801 100644
--- a/apps/lib/vms_decc_argv.c
+++ b/apps/lib/vms_decc_argv.c
@@ -10,7 +10,6 @@
 #include <stdlib.h>
 #include <openssl/crypto.h>
 #include "platform.h"            /* for copy_argv() */
-#include "apps.h"                /* for app_malloc() */
 
 char **newargv = NULL;
 
@@ -51,7 +50,13 @@ char **copy_argv(int *argc, char *argv[])
 
     cleanup_argv();
 
-    newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy");
+    /*
+     * We purposefully use OPENSSL_malloc() rather than app_malloc() here,
+     * to avoid symbol name clashes in test programs that would otherwise
+     * get them when linking with all of libapps.a.
+     * See comment in test/build.info.
+     */
+    newargv = OPENSSL_malloc(sizeof(*newargv) * (count + 1));
     if (newargv == NULL)
         return NULL;
 

From levitte at openssl.org  Sat May 22 05:24:46 2021
From: levitte at openssl.org (Richard Levitte)
Date: Sat, 22 May 2021 05:24:46 +0000
Subject: [openssl]  master update
Message-ID: <1621661086.445790.17336.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b54611922b5eb760bd64de0c8edfeb13ae81fa65 (commit)
       via  6251895ca8f816a7a8b234eb7f0842fcff2937f4 (commit)
      from  a066841554bd23281ae4bb48badc088753f734ca (commit)


- Log -----------------------------------------------------------------
commit b54611922b5eb760bd64de0c8edfeb13ae81fa65
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 20 09:42:22 2021 +0200

    test/params_conversion_test.c: fix the use of strtoumax and strtoimax on VMS
    
    We do this by making them aliases for strtoull and strtoll, since long
    long is the current largest integer that have this sort of routine on
    VMS.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15366)

commit 6251895ca8f816a7a8b234eb7f0842fcff2937f4
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu May 20 09:42:12 2021 +0200

    Include "internal/numbers.h" in test programs using SIZE_MAX
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15366)

-----------------------------------------------------------------------

Summary of changes:
 test/evp_kdf_test.c           | 1 +
 test/params_conversion_test.c | 5 +++++
 test/params_test.c            | 1 +
 3 files changed, 7 insertions(+)

diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index cc172db42e..1bed159227 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -16,6 +16,7 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 #include <openssl/core_names.h>
+#include "internal/numbers.h"
 #include "testutil.h"
 
 static EVP_KDF_CTX *get_kdfbyname(const char *name)
diff --git a/test/params_conversion_test.c b/test/params_conversion_test.c
index 1c3a4716a6..2fc17cc592 100644
--- a/test/params_conversion_test.c
+++ b/test/params_conversion_test.c
@@ -19,6 +19,11 @@
 #  define strcasecmp _stricmp
 # endif
 
+# ifdef OPENSSL_SYS_VMS
+#  define strtoumax strtoull
+#  define strtoimax strtoll
+# endif
+
 typedef struct {
     OSSL_PARAM *param;
     int32_t i32;
diff --git a/test/params_test.c b/test/params_test.c
index dd2d13b862..205c2deab0 100644
--- a/test/params_test.c
+++ b/test/params_test.c
@@ -16,6 +16,7 @@
 #include <openssl/bn.h>
 #include <openssl/core.h>
 #include <openssl/params.h>
+#include "internal/numbers.h"
 #include "internal/nelem.h"
 #include "testutil.h"
 

From pauli at openssl.org  Sat May 22 05:30:54 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 22 May 2021 05:30:54 +0000
Subject: [openssl]  master update
Message-ID: <1621661454.419929.19168.nullmailer@dev.openssl.org>

The branch master has been updated
       via  862497a9183412d50615afe2d2bfde1ac6c7ffa8 (commit)
      from  b54611922b5eb760bd64de0c8edfeb13ae81fa65 (commit)


- Log -----------------------------------------------------------------
commit 862497a9183412d50615afe2d2bfde1ac6c7ffa8
Author: Pauli <pauli at openssl.org>
Date:   Fri May 21 11:19:30 2021 +1000

    property: convert integers to strings properly.
    
    The int64_t type was converted to int (truncation).
    Negative values were not handled at all.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15396)

-----------------------------------------------------------------------

Summary of changes:
 crypto/property/property_parse.c | 10 +++--
 test/property_test.c             | 85 +++++++++++++++++++---------------------
 2 files changed, 48 insertions(+), 47 deletions(-)

diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c
index aab8cbe8a4..6352def860 100644
--- a/crypto/property/property_parse.c
+++ b/crypto/property/property_parse.c
@@ -658,11 +658,15 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
     }
 }
 
-static void put_num(int val, char **buf, size_t *remain, size_t *needed)
+static void put_num(int64_t val, char **buf, size_t *remain, size_t *needed)
 {
-    int tmpval = val;
+    int64_t tmpval = val;
     size_t len = 1;
 
+    if (tmpval < 0) {
+        len++;
+        tmpval = -tmpval;
+    }
     for (; tmpval > 9; len++, tmpval /= 10);
 
     *needed += len;
@@ -670,7 +674,7 @@ static void put_num(int val, char **buf, size_t *remain, size_t *needed)
     if (*remain == 0)
         return;
 
-    BIO_snprintf(*buf, *remain, "%d", val);
+    BIO_snprintf(*buf, *remain, "%lld", (long long int)val);
     if (*remain < len) {
         *buf += *remain;
         *remain = 0;
diff --git a/test/property_test.c b/test/property_test.c
index 94540bc776..6cc8eec138 100644
--- a/test/property_test.c
+++ b/test/property_test.c
@@ -435,54 +435,51 @@ err:
     return ret;
 }
 
-static int test_property_list_to_string(void)
+static struct {
+    const char *in;
+    const char *out;
+} to_string_tests[] = {
+    { "fips=yes", "fips=yes" },
+    { "fips!=yes", "fips!=yes" },
+    { "fips = yes", "fips=yes" },
+    { "fips", "fips=yes" },
+    { "fips=no", "fips=no" },
+    { "-fips", "-fips" },
+    { "?fips=yes", "?fips=yes" },
+    { "fips=yes,provider=fips", "fips=yes,provider=fips" },
+    { "fips = yes , provider = fips", "fips=yes,provider=fips" },
+    { "fips=yes,provider!=fips", "fips=yes,provider!=fips" },
+    { "fips=yes,?provider=fips", "fips=yes,?provider=fips" },
+    { "fips=yes,-provider", "fips=yes,-provider" },
+      /* foo is an unknown internal name */
+    { "foo=yes,fips=yes", "fips=yes"},
+    { "", "" },
+    { "fips=3", "fips=3" },
+    { "fips=-3", "fips=-3" },
+    { NULL, "" }
+};
+
+static int test_property_list_to_string(int i)
 {
     OSSL_PROPERTY_LIST *pl = NULL;
     int ret = 0;
-    struct props_list_str {
-        const char *in;
-        const char *out;
-    } props[] = {
-        { "fips=yes", "fips=yes" },
-        { "fips!=yes", "fips!=yes" },
-        { "fips = yes", "fips=yes" },
-        { "fips", "fips=yes" },
-        { "fips=no", "fips=no" },
-        { "-fips", "-fips" },
-        { "?fips=yes", "?fips=yes" },
-        { "fips=yes,provider=fips", "fips=yes,provider=fips" },
-        { "fips = yes , provider = fips", "fips=yes,provider=fips" },
-        { "fips=yes,provider!=fips", "fips=yes,provider!=fips" },
-        { "fips=yes,?provider=fips", "fips=yes,?provider=fips" },
-        { "fips=yes,-provider", "fips=yes,-provider" },
-          /* foo is an unknown internal name */
-        { "foo=yes,fips=yes", "fips=yes"},
-        { "", "" },
-        { NULL, "" }
-    };
-    size_t i, bufsize;
+    size_t bufsize;
     char *buf = NULL;
 
-    for (i = 0; i < OSSL_NELEM(props); i++) {
-        if (props[i].in != NULL
-                && !TEST_ptr(pl = ossl_parse_query(NULL, props[i].in, 1)))
-            goto err;
-        bufsize = ossl_property_list_to_string(NULL, pl, NULL, 0);
-        if (!TEST_size_t_gt(bufsize, 0))
-            goto err;
-        buf = OPENSSL_malloc(bufsize);
-        if (!TEST_ptr(buf)
-                || !TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf,
-                                                                bufsize),
-                                   bufsize)
-                || !TEST_str_eq(props[i].out, buf)
-                || !TEST_size_t_eq(bufsize, strlen(props[i].out) + 1))
-            goto err;
-        OPENSSL_free(buf);
-        buf = NULL;
-        ossl_property_free(pl);
-        pl = NULL;
-    }
+    if (to_string_tests[i].in != NULL
+            && !TEST_ptr(pl = ossl_parse_query(NULL, to_string_tests[i].in, 1)))
+        goto err;
+    bufsize = ossl_property_list_to_string(NULL, pl, NULL, 0);
+    if (!TEST_size_t_gt(bufsize, 0))
+        goto err;
+    buf = OPENSSL_malloc(bufsize);
+    if (!TEST_ptr(buf)
+            || !TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf,
+                                                            bufsize),
+                               bufsize)
+            || !TEST_str_eq(to_string_tests[i].out, buf)
+            || !TEST_size_t_eq(bufsize, strlen(to_string_tests[i].out) + 1))
+        goto err;
 
     ret = 1;
  err:
@@ -503,6 +500,6 @@ int setup_tests(void)
     ADD_TEST(test_property);
     ADD_TEST(test_query_cache_stochastic);
     ADD_TEST(test_fips_mode);
-    ADD_TEST(test_property_list_to_string);
+    ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
     return 1;
 }

From pauli at openssl.org  Sat May 22 05:35:32 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 22 May 2021 05:35:32 +0000
Subject: [openssl]  master update
Message-ID: <1621661732.832782.21064.nullmailer@dev.openssl.org>

The branch master has been updated
       via  06621ba387f8d45e0c273f77f18573eb52cd66b8 (commit)
       via  d594d2e121d85aa0d57fa7d833a2cb6a8ae9a515 (commit)
       via  f90040f80512cb5905214f1a420e8aab31deb706 (commit)
       via  1d95931d5613163224cb2cb4202e32e16cd1c8db (commit)
       via  810d2354c1ea8f8037edb3816768d4f16120da90 (commit)
      from  862497a9183412d50615afe2d2bfde1ac6c7ffa8 (commit)


- Log -----------------------------------------------------------------
commit 06621ba387f8d45e0c273f77f18573eb52cd66b8
Author: Pauli <pauli at openssl.org>
Date:   Fri May 21 15:24:57 2021 +1000

    configurations: update template makefiles to install documentation images
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15399)

commit d594d2e121d85aa0d57fa7d833a2cb6a8ae9a515
Author: Pauli <pauli at openssl.org>
Date:   Fri May 21 15:16:39 2021 +1000

    configure: build list of image files
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15399)

commit f90040f80512cb5905214f1a420e8aab31deb706
Author: Pauli <pauli at openssl.org>
Date:   Fri May 21 15:16:18 2021 +1000

    doc: process images when installing
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15399)

commit 1d95931d5613163224cb2cb4202e32e16cd1c8db
Author: Pauli <pauli at openssl.org>
Date:   Fri May 21 15:16:03 2021 +1000

    doc: rereference img locations into subdirectory
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15399)

commit 810d2354c1ea8f8037edb3816768d4f16120da90
Author: Pauli <pauli at openssl.org>
Date:   Fri May 21 15:14:57 2021 +1000

    doc: move images into their own subdirectory
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15399)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl    |  80 ++++++++++++++++++++++++++++++++++-
 Configurations/windows-makefile.tmpl |  30 ++++++++++++-
 Configure                            |  19 ++++++++-
 doc/build.info                       |   6 +++
 doc/build.info.in                    |  12 ++++++
 doc/man7/{ => img}/kdf.png           | Bin
 doc/man7/{ => img}/mac.png           | Bin
 doc/man7/{ => img}/rand.png          | Bin
 doc/man7/life_cycle-kdf.pod          |   2 +-
 doc/man7/life_cycle-mac.pod          |   2 +-
 doc/man7/life_cycle-rand.pod         |   2 +-
 11 files changed, 144 insertions(+), 9 deletions(-)
 rename doc/man7/{ => img}/kdf.png (100%)
 rename doc/man7/{ => img}/mac.png (100%)
 rename doc/man7/{ => img}/rand.png (100%)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 59e404b5c7..6fdd761bce 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -207,6 +207,22 @@ MISC_SCRIPTS={-
                                && $unified_info{attributes}->{scripts}->{$_}->{misc} }
                         @{$unified_info{scripts}}))
 -}
+IMAGEDOCS1={-
+        join(" \\\n" . ' ' x 10,
+             fill_lines(" ", $COLUMNS - 10,
+                        @{$unified_info{imagedocs}->{man1}})) -}
+IMAGEDOCS3={-
+        join(" \\\n" . ' ' x 10,
+             fill_lines(" ", $COLUMNS - 10,
+                        @{$unified_info{imagedocs}->{man3}})) -}
+IMAGEDOCS5={-
+        join(" \\\n" . ' ' x 10,
+             fill_lines(" ", $COLUMNS - 10,
+                        @{$unified_info{imagedocs}->{man5}})) -}
+IMAGEDOCS7={-
+        join(" \\\n" . ' ' x 10,
+             fill_lines(" ", $COLUMNS - 10,
+                        @{$unified_info{imagedocs}->{man7}})) -}
 HTMLDOCS1={-
         join(" \\\n" . ' ' x 10,
              fill_lines(" ", $COLUMNS - 10,
@@ -998,7 +1014,7 @@ uninstall_man_docs: build_man_docs
 		$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \
 	done
 
-install_html_docs: build_html_docs
+install_html_docs: install_image_docs build_html_docs
 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3
@@ -1034,7 +1050,7 @@ install_html_docs: build_html_docs
 		chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
 	done
 
-uninstall_html_docs:
+uninstall_html_docs: uninstall_image_docs
 	@$(ECHO) "*** Uninstalling HTML manpages"
 	@set -e; for x in dummy $(HTMLDOCS1); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
@@ -1061,6 +1077,66 @@ uninstall_html_docs:
 		$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
 	done
 
+install_image_docs:
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1/img
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3/img
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5/img
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img
+	@set -e; for x in dummy $(IMAGEDOCS1); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/img/$$fn"; \
+		cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man1/img/$$fn; \
+		chmod 644 $(DESTDIR)$(HTMLDIR)/man1/img/$$fn; \
+	done
+	@set -e; for x in dummy $(IMAGEDOCS3); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/img/$$fn"; \
+		cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man3/img/$$fn; \
+		chmod 644 $(DESTDIR)$(HTMLDIR)/man3/img/$$fn; \
+	done
+	@set -e; for x in dummy $(IMAGEDOCS5); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/img/$$fn"; \
+		cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man5/img/$$fn; \
+		chmod 644 $(DESTDIR)$(HTMLDIR)/man5/img/$$fn; \
+	done
+	@set -e; for x in dummy $(IMAGEDOCS7); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
+		cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
+		chmod 644 $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
+	done
+
+uninstall_image_docs:
+	@set -e; for x in dummy $(IMAGEDOCS1); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/img/$$fn"; \
+		$(RM) $(DESTDIR)$(HTMLDIR)/man1/img/$$fn; \
+	done
+	@set -e; for x in dummy $(IMAGEDOCS3); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/img/$$fn"; \
+		$(RM) $(DESTDIR)$(HTMLDIR)/man3/img/$$fn; \
+	done
+	@set -e; for x in dummy $(IMAGEDOCS5); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/img/$$fn"; \
+		$(RM) $(DESTDIR)$(HTMLDIR)/man5/img/$$fn; \
+	done
+	@set -e; for x in dummy $(IMAGEDOCS7); do \
+		if [ "$$x" = "dummy" ]; then continue; fi; \
+		fn=`basename $$x`; \
+		$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
+		$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
+	done
+
 # Developer targets (note: these are only available on Unix) #########
 
 # It's important that generate_buildinfo comes after ordinals, as ordinals
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index a7123f6a5e..632e5ce4b5 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -145,6 +145,14 @@ MISC_SCRIPTS={-
                          && $unified_info{attributes}->{scripts}->{$_}->{misc} }
                   @{$unified_info{scripts}})
 -}
+IMAGEDOCS1={- our @IMAGEDOCS1 = @{$unified_info{imagedocs}->{man1}};
+             join(" ", @IMAGEDOCS1) -}
+IMAGEDOCS3={- our @IMAGEDOCS3 = @{$unified_info{imagedocs}->{man3}};
+             join(" ", @IMAGEDOCS3) -}
+IMAGEDOCS5={- our @IMAGEDOCS5 = @{$unified_info{imagedocs}->{man5}};
+             join(" ", @IMAGEDOCS5) -}
+IMAGEDOCS7={- our @IMAGEDOCS7 = @{$unified_info{imagedocs}->{man7}};
+             join(" ", @IMAGEDOCS7) -}
 HTMLDOCS1={- our @HTMLDOCS1 = @{$unified_info{htmldocs}->{man1}};
              join(" ", @HTMLDOCS1) -}
 HTMLDOCS3={- our @HTMLDOCS3 = @{$unified_info{htmldocs}->{man3}};
@@ -595,7 +603,7 @@ install_programs: install_runtime_libs build_programs
 
 uninstall_runtime:
 
-install_html_docs: build_html_docs
+install_html_docs: install_image_docs build_html_docs
 	@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
 	@echo *** Installing HTML docs
 	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man1"
@@ -611,7 +619,25 @@ install_html_docs: build_html_docs
 	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\doc\html\man7\*.html \
                                         "$(INSTALLTOP)\html\man7"
 
-uninstall_html_docs:
+uninstall_html_docs: uninstall_image_docs
+
+install_image_docs:
+	@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
+	@echo *** Installing HTML images
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man1\img"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man3\img"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man5\img"
+	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man7\img"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man1\img\*.png \
+                                        "$(INSTALLTOP)\html\man1\img"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man3\img\*.png \
+                                        "$(INSTALLTOP)\html\man3\img"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man5\img\*.png \
+                                        "$(INSTALLTOP)\html\man5\img"
+	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man7\img\*.png \
+                                        "$(INSTALLTOP)\html\man7\img"
+
+uninstall_image_docs:
 
 # Helper targets #####################################################
 
diff --git a/Configure b/Configure
index e6ac9afd35..16f12565ab 100755
--- a/Configure
+++ b/Configure
@@ -1956,6 +1956,7 @@ if ($builder eq "unified") {
         my %defines = ();
         my %depends = ();
         my %generate = ();
+        my %imagedocs = ();
         my %htmldocs = ();
         my %mandocs = ();
 
@@ -2169,6 +2170,11 @@ if ($builder eq "unified") {
                                 \$attributes{scripts}, $+{ATTRIBS},
                                 tokenize($expand_variables->($+{VALUE})))
                          if !@skip || $skip[$#skip] > 0; },
+            qr/^\s* IMAGEDOCS ${index_re} = ${value_re} $/x
+            => sub { $push_to->(\%imagedocs, $expand_variables->($+{INDEX}),
+                                undef, undef,
+                                tokenize($expand_variables->($+{VALUE})))
+                         if !@skip || $skip[$#skip] > 0; },
             qr/^\s* HTMLDOCS ${index_re} = ${value_re} $/x
             => sub { $push_to->(\%htmldocs, $expand_variables->($+{INDEX}),
                                 undef, undef,
@@ -2463,6 +2469,13 @@ EOF
             }
         }
 
+        foreach my $section (keys %imagedocs) {
+            foreach (@{$imagedocs{$section}}) {
+                my $imagedocs = cleanfile($buildd, $_, $blddir);
+                $unified_info{imagedocs}->{$section}->{$imagedocs} = 1;
+            }
+        }
+
         foreach my $section (keys %htmldocs) {
             foreach (@{$htmldocs{$section}}) {
                 my $htmldocs = cleanfile($buildd, $_, $blddir);
@@ -2704,7 +2717,7 @@ EOF
     }
     # Two level structures
     foreach my $l1 (("sources", "shared_sources", "ldadd", "depends",
-                     "htmldocs", "mandocs")) {
+                     "imagedocs", "htmldocs", "mandocs")) {
         foreach my $l2 (sort keys %{$unified_info{$l1}}) {
             my @items =
                 sort
@@ -2751,7 +2764,9 @@ EOF
                      "dso" => [ @{$unified_info{modules}} ],
                      "bin" => [ @{$unified_info{programs}} ],
                      "script" => [ @{$unified_info{scripts}} ],
-                     "docs" => [ (map { @{$unified_info{htmldocs}->{$_} // []} }
+                     "docs" => [ (map { @{$unified_info{imagedocs}->{$_} // []} }
+                                  keys %{$unified_info{imagedocs} // {}}),
+                                 (map { @{$unified_info{htmldocs}->{$_} // []} }
                                   keys %{$unified_info{htmldocs} // {}}),
                                  (map { @{$unified_info{mandocs}->{$_} // []} }
                                   keys %{$unified_info{mandocs} // {}}) ] );
diff --git a/doc/build.info b/doc/build.info
index f64919a7c4..55e7fff306 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -346,6 +346,7 @@ DEPEND[html/man1/tsget.html]=man1/tsget.pod
 GENERATE[html/man1/tsget.html]=man1/tsget.pod
 DEPEND[man/man1/tsget.1]=man1/tsget.pod
 GENERATE[man/man1/tsget.1]=man1/tsget.pod
+IMAGEDOCS[man1]=
 HTMLDOCS[man1]=html/man1/CA.pl.html \
 html/man1/openssl-asn1parse.html \
 html/man1/openssl-ca.html \
@@ -2818,6 +2819,7 @@ DEPEND[html/man3/s2i_ASN1_IA5STRING.html]=man3/s2i_ASN1_IA5STRING.pod
 GENERATE[html/man3/s2i_ASN1_IA5STRING.html]=man3/s2i_ASN1_IA5STRING.pod
 DEPEND[man/man3/s2i_ASN1_IA5STRING.3]=man3/s2i_ASN1_IA5STRING.pod
 GENERATE[man/man3/s2i_ASN1_IA5STRING.3]=man3/s2i_ASN1_IA5STRING.pod
+IMAGEDOCS[man3]=
 HTMLDOCS[man3]=html/man3/ADMISSIONS.html \
 html/man3/ASN1_INTEGER_get_int64.html \
 html/man3/ASN1_INTEGER_new.html \
@@ -4006,6 +4008,7 @@ DEPEND[html/man5/x509v3_config.html]=man5/x509v3_config.pod
 GENERATE[html/man5/x509v3_config.html]=man5/x509v3_config.pod
 DEPEND[man/man5/x509v3_config.5]=man5/x509v3_config.pod
 GENERATE[man/man5/x509v3_config.5]=man5/x509v3_config.pod
+IMAGEDOCS[man5]=
 HTMLDOCS[man5]=html/man5/config.html \
 html/man5/fips_config.html \
 html/man5/x509v3_config.html
@@ -4434,6 +4437,9 @@ DEPEND[html/man7/x509.html]=man7/x509.pod
 GENERATE[html/man7/x509.html]=man7/x509.pod
 DEPEND[man/man7/x509.7]=man7/x509.pod
 GENERATE[man/man7/x509.7]=man7/x509.pod
+IMAGEDOCS[man7]=man7/img/kdf.png \
+man7/img/mac.png \
+man7/img/rand.png
 HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-SM2.html \
 html/man7/EVP_KDF-HKDF.html \
 html/man7/EVP_KDF-KB.html \
diff --git a/doc/build.info.in b/doc/build.info.in
index 408c168818..fa1962f382 100644
--- a/doc/build.info.in
+++ b/doc/build.info.in
@@ -7,8 +7,11 @@ SUBDIRS = man1
  my $sourcedir = catdir($config{sourcedir}, 'doc');
 
  foreach my $section ((1, 3, 5, 7)) {
+     my @imagefiles = ();
      my @htmlfiles = ();
      my @manfiles = ();
+     my %pngfiles =
+         map { $_ => 1 } glob catfile($sourcedir, "man$section", "img", "*.png");
      my %podfiles =
          map { $_ => 1 } glob catfile($sourcedir, "man$section", "*.pod");
      my %podinfiles = 
@@ -62,6 +65,15 @@ DEPEND[$podfile]{pod}=$podinfile
 GENERATE[$podfile]=$podinfile
 _____
      }
+
+     foreach my $p (sort keys %pngfiles) {
+         my $relpath = abs2rel($p, $sourcedir);
+         my $imagefile = abs2rel(catfile($buildtop, "doc", "$relpath"),
+                                 catdir($buildtop, "doc"));
+         push @imagefiles, $imagefile;
+     }
+
+     $OUT .= "IMAGEDOCS[man$section]=" . join(" \\\n", @imagefiles) . "\n";
      $OUT .= "HTMLDOCS[man$section]=" . join(" \\\n", @htmlfiles) . "\n";
      $OUT .= "MANDOCS[man$section]=" . join(" \\\n", @manfiles) . "\n";
  }
diff --git a/doc/man7/kdf.png b/doc/man7/img/kdf.png
similarity index 100%
rename from doc/man7/kdf.png
rename to doc/man7/img/kdf.png
diff --git a/doc/man7/mac.png b/doc/man7/img/mac.png
similarity index 100%
rename from doc/man7/mac.png
rename to doc/man7/img/mac.png
diff --git a/doc/man7/rand.png b/doc/man7/img/rand.png
similarity index 100%
rename from doc/man7/rand.png
rename to doc/man7/img/rand.png
diff --git a/doc/man7/life_cycle-kdf.pod b/doc/man7/life_cycle-kdf.pod
index 7237c4c13e..6a50cc9aa6 100644
--- a/doc/man7/life_cycle-kdf.pod
+++ b/doc/man7/life_cycle-kdf.pod
@@ -64,7 +64,7 @@ The usual life-cycle of a KDF/PRF is illustrated:
 
 =end man
 
-=for html <img src="kdf.png">
+=for html <img src="img/kdf.png">
 
 =head2 Formal State Transitions
 
diff --git a/doc/man7/life_cycle-mac.pod b/doc/man7/life_cycle-mac.pod
index 17be432ab0..7875e53cbe 100644
--- a/doc/man7/life_cycle-mac.pod
+++ b/doc/man7/life_cycle-mac.pod
@@ -83,7 +83,7 @@ The usual life-cycle of a MAC is illustrated:
 
 =end man
 
-=for html <img src="mac.png">
+=for html <img src="img/mac.png">
 
 =head2 Formal State Transitions
 
diff --git a/doc/man7/life_cycle-rand.pod b/doc/man7/life_cycle-rand.pod
index 5b3e81caa9..de2dfcb97e 100644
--- a/doc/man7/life_cycle-rand.pod
+++ b/doc/man7/life_cycle-rand.pod
@@ -76,7 +76,7 @@ The usual life-cycle of a RAND is illustrated:
 
 =end man
 
-=for html <img src="rand.png">
+=for html <img src="img/rand.png">
 
 =head2 Formal State Transitions
 

From no-reply at appveyor.com  Sat May 22 06:13:43 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 06:13:43 +0000
Subject: Build failed: openssl master.42122
Message-ID: <20210522061343.1.6B039053A88AA8ED@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/063e748e/attachment.html>

From no-reply at appveyor.com  Sat May 22 07:26:55 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 07:26:55 +0000
Subject: Build failed: openssl master.42123
Message-ID: <20210522072655.1.DB7E56988144AEC4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/c37232c9/attachment.html>

From no-reply at appveyor.com  Sat May 22 08:33:56 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 08:33:56 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42124
Message-ID: <20210522083356.1.0BDBF1970A53179E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/ad82a3e6/attachment.html>

From no-reply at appveyor.com  Sat May 22 09:51:07 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 09:51:07 +0000
Subject: Build failed: openssl master.42125
Message-ID: <20210522095107.1.8382CFC1E296420F@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/1cf1fa01/attachment.html>

From dev at ddvo.net  Sat May 22 10:10:16 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 22 May 2021 10:10:16 +0000
Subject: [openssl]  master update
Message-ID: <1621678216.772366.20163.nullmailer@dev.openssl.org>

The branch master has been updated
       via  56c98a7d94d25df5999bd12c600788ec947e588c (commit)
      from  06621ba387f8d45e0c273f77f18573eb52cd66b8 (commit)


- Log -----------------------------------------------------------------
commit 56c98a7d94d25df5999bd12c600788ec947e588c
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Apr 3 19:51:36 2021 +0200

    apps/cms: Simplify handling of encerts; add warning if they are ignored
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14843)

-----------------------------------------------------------------------

Summary of changes:
 apps/cms.c | 42 ++++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index 25ef1effd4..e9fe29ab8e 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -307,10 +307,10 @@ int cms_main(int argc, char **argv)
     EVP_MD *sign_md = NULL;
     STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
     STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
-    STACK_OF(X509) *encerts = NULL, *other = NULL;
+    STACK_OF(X509) *encerts = sk_X509_new_null(), *other = NULL;
     X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL;
     X509_STORE *store = NULL;
-    X509_VERIFY_PARAM *vpm = NULL;
+    X509_VERIFY_PARAM *vpm = X509_VERIFY_PARAM_new();
     char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
     const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
     char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
@@ -332,8 +332,8 @@ int cms_main(int argc, char **argv)
     OPTION_CHOICE o;
     OSSL_LIB_CTX *libctx = app_get0_libctx();
 
-    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
-        return 1;
+    if (encerts == NULL || vpm == NULL)
+        goto end;
 
     prog = opt_init(argc, argv, cms_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -641,8 +641,6 @@ int cms_main(int argc, char **argv)
             break;
         case OPT_RECIP:
             if (operation == SMIME_ENCRYPT) {
-                if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
-                    goto end;
                 cert = load_cert(opt_arg(), FORMAT_UNDEF,
                                  "recipient certificate file");
                 if (cert == NULL)
@@ -659,7 +657,7 @@ int cms_main(int argc, char **argv)
         case OPT_KEYOPT:
             keyidx = -1;
             if (operation == SMIME_ENCRYPT) {
-                if (encerts != NULL)
+                if (sk_X509_num(encerts) > 0)
                     keyidx += sk_X509_num(encerts);
             } else {
                 if (keyfile != NULL || signerfile != NULL)
@@ -797,7 +795,7 @@ int cms_main(int argc, char **argv)
         }
     } else if (operation == SMIME_ENCRYPT) {
         if (*argv == NULL && secret_key == NULL
-            && pwri_pass == NULL && encerts == NULL) {
+            && pwri_pass == NULL && sk_X509_num(encerts) <= 0) {
             BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
             goto opthelp;
         }
@@ -838,16 +836,19 @@ int cms_main(int argc, char **argv)
             goto end;
         }
 
-        if (*argv && encerts == NULL)
-            if ((encerts = sk_X509_new_null()) == NULL)
-                goto end;
-        while (*argv) {
-            if ((cert = load_cert(*argv, FORMAT_UNDEF,
-                                  "recipient certificate file")) == NULL)
-                goto end;
-            sk_X509_push(encerts, cert);
-            cert = NULL;
-            argv++;
+        if (*argv != NULL) {
+            if (operation == SMIME_ENCRYPT) {
+                for (; *argv != NULL; argv++) {
+                    cert = load_cert(*argv, FORMAT_UNDEF,
+                                     "recipient certificate file");
+                    if (cert == NULL)
+                        goto end;
+                    sk_X509_push(encerts, cert);
+                    cert = NULL;
+                }
+            } else {
+                BIO_printf(bio_err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
+            }
         }
     }
 
@@ -1182,9 +1183,10 @@ int cms_main(int argc, char **argv)
     } else if (operation == SMIME_VERIFY) {
         if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
             BIO_printf(bio_err, "%s Verification successful\n",
-                       (flags & CMS_CADES) ? "CAdES" : "CMS");
+                       (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
         } else {
-            BIO_printf(bio_err, "Verification failure\n");
+            BIO_printf(bio_err, "%s Verification failure\n",
+                       (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
             if (verify_retcode)
                 ret = verify_err + 32;
             goto end;

From beldmit at gmail.com  Sat May 22 10:19:29 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Sat, 22 May 2021 10:19:29 +0000
Subject: [openssl]  master update
Message-ID: <1621678769.889568.22170.nullmailer@dev.openssl.org>

The branch master has been updated
       via  84faea44e6ad9ff7f470b5958e7303f6c521bf2e (commit)
      from  56c98a7d94d25df5999bd12c600788ec947e588c (commit)


- Log -----------------------------------------------------------------
commit 84faea44e6ad9ff7f470b5958e7303f6c521bf2e
Author: Robbie Harwood <rharwood at redhat.com>
Date:   Wed May 19 15:15:19 2021 -0400

    Fix upgrading docs for RSA_private_encrypt/RSA_public_decrypt
    
    Despite the name, these functions manipulate signatures, which means
    that their replacements are the EVP_PKEY_sign/EVP_PKEY_verify family.
    
    Signed-off-by: Robbie Harwood <rharwood at redhat.com>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/15359)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/RSA_private_encrypt.pod | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod
index a74a39834c..4b97d874c3 100644
--- a/doc/man3/RSA_private_encrypt.pod
+++ b/doc/man3/RSA_private_encrypt.pod
@@ -21,9 +21,9 @@ L<openssl_user_macros(7)>:
 =head1 DESCRIPTION
 
 Both of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_encrypt_init_ex(3)>,
-L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init_ex(3)> and
-L<EVP_PKEY_decrypt(3)>.
+Applications should instead use L<EVP_PKEY_sign_init_ex(3)>,
+L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify_init_ex(3)> and
+L<EVP_PKEY_verify(3)>.
 
 These functions handle RSA signatures at a low-level.
 

From no-reply at appveyor.com  Sat May 22 11:04:47 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 11:04:47 +0000
Subject: Build failed: openssl master.42126
Message-ID: <20210522110447.1.767FDCA16A530CE4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/f03611b7/attachment-0001.html>

From levitte at openssl.org  Sat May 22 11:47:03 2021
From: levitte at openssl.org (Richard Levitte)
Date: Sat, 22 May 2021 11:47:03 +0000
Subject: [openssl]  master update
Message-ID: <1621684023.911515.25238.nullmailer@dev.openssl.org>

The branch master has been updated
       via  1b77f00a9b0469fe578c60710e760ebc2b908e21 (commit)
      from  84faea44e6ad9ff7f470b5958e7303f6c521bf2e (commit)


- Log -----------------------------------------------------------------
commit 1b77f00a9b0469fe578c60710e760ebc2b908e21
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed May 19 10:57:48 2021 +0200

    Configurations/descrip.mms.tmpl: rework the inclusion hacks
    
    Because VMS C has some trouble with recursive inclusion of header
    files, we have had to help it out for object files where there is such
    an inclusion structure.
    
    Previously, we did so with temporary logical names that were the same
    as the first directory in an inclusion, so for example, to enable this
    inclusion (found in ssl/ssl_local.h), we created the logical name
    "record" when building any of the object files in the ssl/
    subdirectories:
    
        #include "record/record.h"
    
    However, there is another way with the VMS C compiler, to selectively
    specify extra include directories in Unix form directly to the
    compiler.  The logic is that from the directory where the source file
    to compile is located, the specified inclusion directory merged with
    the inclusion string should be able to access to specified header
    file.
    
    So for example, when a file in ssl/record/ is compiled, the following
    inclusion is found:
    
        #include "../ssl_local.h"
    
    So far so good, VMS C handles it properly.  However, the recursive
    inclusion of "record/record.h" fails.  However, if the compiler is
    helped out a little bit, with the following extra qualifier, then it
    works:
    
        /INCLUDE="../"
    
    The reason is that the compiler merges "../" and "record/record.h"
    into "../record/record.h", which is the correct path to that header
    file from the directory of the source file being compiled.
    
    All that remained was to figure out all places where this trouble may
    occur, and specify extra Unix formatted inclusion directories to
    specify on per object file basis.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15369)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/descrip.mms.tmpl | 81 +++++++++++++++++------------------------
 1 file changed, 33 insertions(+), 48 deletions(-)

diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 873d74f651..85f90ad518 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -205,43 +205,39 @@
   our $bin_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)');
 
   # This is a horrible hack, but is needed because recursive inclusion of files
-  # in different directories does not work well with HP C.
-  my $sd = sourcedir("crypto", "async", "arch");
+  # in different directories does not work well with VMS C.  We try to help by
+  # specifying extra relative directories.  They must always be in Unix format,
+  # relative to the directory where the .c file is located.  The logic is that
+  # any inclusion, merged with one of these relative directories, will find the
+  # requested inclusion file.
   foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys %{$unified_info{sources}}) {
       my $obj = platform->obj($_);
-      $unified_info{before}->{$obj}
-          = qq(arch_include = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;"
-        define arch 'arch_include');
-      $unified_info{after}->{$obj}
-          = qq(deassign arch);
+      push @{$unified_info{includes_extra}->{$obj}}, qw(../);
   }
-  my $sd32 = sourcedir("crypto", "ec", "curve448", "arch_32");
-  my $sd64 = sourcedir("crypto", "ec", "curve448", "arch_64");
-  foreach (grep /\[\.crypto\.ec\.curve448.*?\].*?\.o$/, keys %{$unified_info{sources}}) {
+  foreach (grep /\[\.crypto\.ec\.curve448\].*?\.o$/, keys %{$unified_info{sources}}) {
       my $obj = platform->obj($_);
-      $unified_info{before}->{$obj}
-          = qq(arch_32_include = F\$PARSE("$sd32","A.;",,,"SYNTAX_ONLY") - "A.;"
-        define arch_32 'arch_32_include'
-        arch_64_include = F\$PARSE("$sd64","A.;",,,"SYNTAX_ONLY") - "A.;"
-        define arch_64 'arch_64_include');
-      $unified_info{after}->{$obj}
-          = qq(deassign arch_64
-        deassign arch_32);
+      push @{$unified_info{includes_extra}->{$obj}}, qw(./arch_32 ./arch64);
   }
-  my $sd1 = sourcedir("ssl","record");
-  my $sd2 = sourcedir("ssl","statem");
-  my @ssl_locl_users = grep(/^\[\.(?:ssl\.(?:record|statem)|test)\].*\.o$/,
-                            keys %{$unified_info{sources}});
-  foreach (@ssl_locl_users) {
+  foreach (grep /\[\.crypto\.ec\.curve448.arch_(?:32|64)\].*?\.o$/, keys %{$unified_info{sources}}) {
       my $obj = platform->obj($_);
-      $unified_info{before}->{$obj}
-          = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
-        define record 'record_include'
-        statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
-        define statem 'statem_include');
-      $unified_info{after}->{$obj}
-          = qq(deassign statem
-        deassign record);
+      push @{$unified_info{includes_extra}->{$obj}}, qw(../);
+  }
+  foreach (grep /\[\.ssl\.(?:record|statem)\].*?\.o$/, keys %{$unified_info{sources}}) {
+      my $obj = platform->obj($_);
+      # Most of the files in [.ssl.record] and [.ssl.statem] include
+      # "../ssl_local.h", which includes things like "record/record.h".
+      # Adding "../" as an inclusion directory helps making this sort of header
+      # from these directories.
+      push @{$unified_info{includes_extra}->{$obj}}, qw(../);
+
+  }
+  foreach (grep /\[\.test\].*?\.o$/, keys %{$unified_info{sources}}) {
+      my $obj = platform->obj($_);
+      push @{$unified_info{includes_extra}->{$obj}}, qw(../ssl ./helpers);
+  }
+  foreach (grep /\[\.test\.helpers\].*?\.o$/, keys %{$unified_info{sources}}) {
+      my $obj = platform->obj($_);
+      push @{$unified_info{includes_extra}->{$obj}}, qw(../../ssl);
   }
 
   # This makes sure things get built in the order they need
@@ -378,15 +374,6 @@ CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags) =~ s|"|""|g;
               $x; -}
 
 # .FIRST and .LAST are special targets with MMS and MMK.
-# The defines in there are for C.  includes that look like
-# this:
-#
-#    #include <openssl/foo.h>
-#    #include "internal/bar.h"
-#
-# will use the logical names to find the files.  Expecting
-# DECompHP C to find files in subdirectories of whatever was
-# given with /INCLUDE is a fantasy, unfortunately.
 NODEBUG=@
 .FIRST :
         $(NODEBUG) sourcetop = F$PARSE("$(SRCDIR)","[]A.;",,,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
@@ -1036,8 +1023,11 @@ EOF
       my $depn = basename($dep);
       my $srcs =
           join(", ", map { abs2rel(rel2abs($_), rel2abs($forward)) } @srcs);
-      my $before = $unified_info{before}->{$obj} || "\@ !";
-      my $after = $unified_info{after}->{$obj} || "\@ !";
+      my $incextra = join(',', map { "\"$_\"" }
+                               @{$unified_info{includes_extra}->{$obj}});
+      $incextra = "/INCLUDE=($incextra)" if $incextra;
+      print STDERR "DEBUG: Looking for extra include directories for $obj, found this: $incextra\n"
+          if $incextra;
 
       my $cflags;
       if ($args{attrs}->{noinst}) {
@@ -1055,6 +1045,7 @@ EOF
 		   lib => $lib_cppflags,
 		   dso => $dso_cppflags,
 		   bin => $bin_cppflags } -> {$args{intent}};
+      $cflags .= $incextra;
       my $defs = join("", map { ",".$_ } @{$args{defs}});
       my $asflags = { shlib => $lib_asflags,
 		      lib => $lib_asflags,
@@ -1064,17 +1055,14 @@ EOF
       if ($srcs[0] =~ /\Q${asmext}\E$/) {
           return <<"EOF";
 $obj : $deps
-        ${before}
         SET DEFAULT $forward
         \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn} $srcs
         SET DEFAULT $backward
-        ${after}
         - PURGE $obj
 EOF
       } elsif ($srcs[0] =~ /.S$/) {
          return <<"EOF";
 $obj : $deps
-        ${before}
         SET DEFAULT $forward
         \@ $incs_on
         \@ extradefines = "$defs"
@@ -1084,7 +1072,6 @@ $obj : $deps
         \@ DELETE/SYMBOL/LOCAL extradefines
         \@ $incs_off
         SET DEFAULT $backward
-        ${after}
         \$(AS) $asflags \$(ASOUTFLAG)$obj $obj-asm
         - PURGE $obj
 EOF
@@ -1107,7 +1094,6 @@ EOF
 
       return <<"EOF";
 $obj : $deps
-        ${before}
         SET DEFAULT $forward
         \@ $incs_on
         \@ extradefines = "$defs"
@@ -1115,7 +1101,6 @@ $obj : $deps
         \@ DELETE/SYMBOL/LOCAL extradefines
         \@ $incs_off
         SET DEFAULT $backward
-        ${after}
         - PURGE $obj
 $incdir_scripture
 EOF

From levitte at openssl.org  Sat May 22 11:49:07 2021
From: levitte at openssl.org (Richard Levitte)
Date: Sat, 22 May 2021 11:49:07 +0000
Subject: [openssl]  master update
Message-ID: <1621684147.669962.26525.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b4810b70ff79bef340a9447789622b6066a6361b (commit)
      from  1b77f00a9b0469fe578c60710e760ebc2b908e21 (commit)


- Log -----------------------------------------------------------------
commit b4810b70ff79bef340a9447789622b6066a6361b
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 21 05:52:01 2021 +0200

    VMS: Fix run of generic generator programs in descrip.mms.tmpl
    
    For a generic program, always go through the MCR utility.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15397)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/descrip.mms.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 85f90ad518..4188e29020 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -984,7 +984,7 @@ EOF
           $gen0 = platform->bin($gen0);
           return <<"EOF";
 $args{src} : $gen0 $deps
-	PIPE $gen0$gen_args > \$@
+	PIPE MCR $gen0$gen_args > \$@
 EOF
       } else {
           #

From levitte at openssl.org  Sat May 22 12:13:24 2021
From: levitte at openssl.org (Richard Levitte)
Date: Sat, 22 May 2021 12:13:24 +0000
Subject: [openssl]  master update
Message-ID: <1621685604.939964.31849.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d0ccefdb77f94bec662d75aeadd0b081641abd19 (commit)
       via  4b2981f13e6d2090a656dec5e877b849331c3b69 (commit)
      from  b4810b70ff79bef340a9447789622b6066a6361b (commit)


- Log -----------------------------------------------------------------
commit d0ccefdb77f94bec662d75aeadd0b081641abd19
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 23:10:11 2021 +0200

    Disable loader_attic by default on VMS
    
    The reason is that it currently doesn't build properly, due to the of
    pvkfmt.c, causing multiply defined symbols since libcrypto exports
    them as well.  At the same time, it can't do without that source file,
    or it won't have access to certain internal symbols from there.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15320)

commit 4b2981f13e6d2090a656dec5e877b849331c3b69
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 17 23:10:02 2021 +0200

    Make it possible to disable the loader_attic engine
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15320)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/10-main.conf |  2 +-
 Configure                   |  1 +
 engines/build.info          | 22 ++++++++++++----------
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 122d3f46db..117598eb06 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1857,7 +1857,7 @@ my %targets = (
         asflags          => sub { vms_info()->{asflags} },
         perlasm_scheme   => sub { vms_info()->{perlasm_scheme} },
 
-        disable          => add('pinshared'),
+        disable          => add('pinshared', 'loadereng'),
 
     },
 
diff --git a/Configure b/Configure
index 16f12565ab..a6fb8324a0 100755
--- a/Configure
+++ b/Configure
@@ -449,6 +449,7 @@ my @disablables = (
     "idea",
     "ktls",
     "legacy",
+    "loadereng",
     "makedepend",
     "md2",
     "md4",
diff --git a/engines/build.info b/engines/build.info
index e275035946..cae014ecc6 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -69,8 +69,19 @@ IF[{- !$disabled{"engine"} -}]
         GENERATE[devcrypto.ld]=../util/engines.num
       ENDIF
     ENDIF
+    IF[{- !$disabled{"loadereng"} -}]
+      MODULES{engine}=loader_attic
+      SOURCE[loader_attic]=e_loader_attic.c ../crypto/pem/pvkfmt.c
+      DEFINE[loader_attic]=OPENSSL_NO_PROVIDER_CODE
+      DEPEND[loader_attic]=../libcrypto
+      INCLUDE[loader_attic]=../include
+      IF[{- defined $target{shared_defflag} -}]
+        SOURCE[loader_attic]=loader_attic.ld
+        GENERATE[loader_attic.ld]=../util/engines.num
+      ENDIF
+    ENDIF
 
-    MODULES{noinst,engine}=ossltest dasync loader_attic
+    MODULES{noinst,engine}=ossltest dasync
     SOURCE[dasync]=e_dasync.c
     DEPEND[dasync]=../libcrypto
     INCLUDE[dasync]=../include
@@ -86,15 +97,6 @@ IF[{- !$disabled{"engine"} -}]
       SOURCE[ossltest]=ossltest.ld
       GENERATE[ossltest.ld]=../util/engines.num
     ENDIF
-
-    SOURCE[loader_attic]=e_loader_attic.c ../crypto/pem/pvkfmt.c
-    DEFINE[loader_attic]=OPENSSL_NO_PROVIDER_CODE
-    DEPEND[loader_attic]=../libcrypto
-    INCLUDE[loader_attic]=../include
-    IF[{- defined $target{shared_defflag} -}]
-      SOURCE[loader_attic]=loader_attic.ld
-      GENERATE[loader_attic.ld]=../util/engines.num
-    ENDIF
   ENDIF
   GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl
   GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl

From dev at ddvo.net  Sat May 22 12:29:27 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 22 May 2021 12:29:27 +0000
Subject: [openssl]  master update
Message-ID: <1621686567.432994.2307.nullmailer@dev.openssl.org>

The branch master has been updated
       via  5771017d06be0ba9d82203de0e5ff45b0c616d66 (commit)
      from  d0ccefdb77f94bec662d75aeadd0b081641abd19 (commit)


- Log -----------------------------------------------------------------
commit 5771017d06be0ba9d82203de0e5ff45b0c616d66
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 19 19:44:22 2021 +0200

    apps/cms.c: Correct -sign output and -verify input with -binary
    
    Also add related warnings on irrelevant use of -nodetach and -content options.
    
    Fixes #15347
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15358)

-----------------------------------------------------------------------

Summary of changes:
 apps/cms.c                        |  25 ++++++++++++++++++++-----
 doc/man1/openssl-cms.pod.in       |   4 ++--
 test/smcont.bin => smcont.signed_ | Bin 8000 -> 10486 bytes
 test/recipes/80-test_cms.t        |  21 +++++++++++----------
 test/smcont.bin                   | Bin 8000 -> 8000 bytes
 5 files changed, 33 insertions(+), 17 deletions(-)
 copy test/smcont.bin => smcont.signed_ (67%)

diff --git a/apps/cms.c b/apps/cms.c
index e9fe29ab8e..da00ece93b 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -287,10 +287,11 @@ static void warn_binary(const char *file)
                 BIO_printf(bio_err, "Warning: input file '%s' contains %s"
                            " character; better use -binary option\n",
                            file, *cur == '\0' ? "NUL" : "8-bit");
-                break;
+                goto end;
             }
         }
     }
+ end:
     BIO_free(bio);
 }
 
@@ -320,7 +321,8 @@ int cms_main(int argc, char **argv)
     char *originatorfile = NULL, *recipfile = NULL, *ciphername = NULL;
     char *to = NULL, *from = NULL, *subject = NULL, *prog;
     cms_key_param *key_first = NULL, *key_param = NULL;
-    int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
+    int flags = CMS_DETACHED, binary_files = 0;
+    int noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
     int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
     int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
     int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
@@ -811,14 +813,26 @@ int cms_main(int argc, char **argv)
 
     ret = 2;
 
-    if (!(operation & SMIME_SIGNERS))
+    if ((operation & SMIME_SIGNERS) == 0) {
+        if ((flags & CMS_DETACHED) == 0)
+            BIO_printf(bio_err,
+                       "Warning: -nodetach option is ignored for non-signing operation\n");
+
         flags &= ~CMS_DETACHED;
+    }
+    if ((operation & SMIME_IP) == 0 && contfile != NULL)
+        BIO_printf(bio_err,
+                   "Warning: -contfile option is ignored for the given operation\n");
 
     if ((flags & CMS_BINARY) != 0) {
         if (!(operation & SMIME_OP))
             outformat = FORMAT_BINARY;
         if (!(operation & SMIME_IP))
             informat = FORMAT_BINARY;
+        if ((operation & SMIME_SIGNERS) != 0 && (flags & CMS_DETACHED) != 0)
+            binary_files = 1;
+        if ((operation & SMIME_IP) != 0 && contfile == NULL)
+            binary_files = 1;
     }
 
     if (operation == SMIME_ENCRYPT) {
@@ -902,7 +916,7 @@ int cms_main(int argc, char **argv)
     if ((flags & CMS_BINARY) == 0)
         warn_binary(infile);
     in = bio_open_default(infile, 'r',
-                          (flags & CMS_BINARY) != 0 ? FORMAT_BINARY : informat);
+                          binary_files ? FORMAT_BINARY : informat);
     if (in == NULL)
         goto end;
 
@@ -945,7 +959,8 @@ int cms_main(int argc, char **argv)
             goto end;
     }
 
-    out = bio_open_default(outfile, 'w', outformat);
+    out = bio_open_default(outfile, 'w',
+                           binary_files ? FORMAT_BINARY : outformat);
     if (out == NULL)
         goto end;
 
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 6e0f86804a..c63a7f330b 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -507,8 +507,8 @@ will be written to this file if the verification was successful.
 
 =item B<-content> I<filename>
 
-This specifies a file containing the detached content, this is only
-useful with the B<-verify> command. This is only usable if the CMS
+This specifies a file containing the detached content for operations taking
+S/MIME input, such as the B<-verify> command. This is only usable if the CMS
 structure is using the detached signature form where the content is
 not included. This option will override any content if the input format
 is S/MIME and it uses the multipart/signed MIME content type.
diff --git a/test/smcont.bin b/smcont.signed_
similarity index 67%
copy from test/smcont.bin
copy to smcont.signed_
index 2a5ce10224..59701f31d4 100644
Binary files a/test/smcont.bin and b/smcont.signed_ differ
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 7896bc9b12..193c738a5d 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -818,7 +818,6 @@ subtest "CMS binary input tests\n" => sub {
     my $cert = srctop_file("test", "certs", "ee-self-signed.pem");
     my $key = srctop_file("test", "certs", "ee-key.pem");
 
-    plan skip_all => "Binary input tests currently disabled on Windows" if $^O =~ /^MSWin32$/;
     plan tests => 11;
 
     ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
@@ -829,29 +828,31 @@ subtest "CMS binary input tests\n" => sub {
                 "-binary", "-in", $signed, "-out", $verified])),
        "verify binary input with -binary");
     is(compare($input, $verified), 0, "binary input retained with -binary");
+
     ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
                 "-signer", $cert, "-inkey", $key,
-                "-in", $input, "-out", $signed])),
+                "-in", $input, "-out", $signed.".nobin"])),
        "sign binary input without -binary");
     ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
-                "-in", $signed, "-out", $verified])),
+                "-in", $signed.".nobin", "-out", $verified.".nobin"])),
        "verify binary input without -binary");
-    is(compare($input, $verified), 1, "binary input not retained without -binary");
+    is(compare($input, $verified.".nobin"), 1, "binary input not retained without -binary");
     ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
-                "-binary", "-in", $signed, "-out", $verified])),
+                "-binary", "-in", $signed, "-out", $verified.".crlfeol"])),
        "verify binary input wrong crlfeol");
 
     ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-crlfeol",
                 "-signer", $cert, "-inkey", $key,
                 "-binary", "-in", $input, "-out", $signed.".crlf"])),
-       "sign binary input crlfeol");
+       "sign binary input with -binary -crlfeol");
     ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
                 "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])),
-       "verify binary input crlfeol");
-    is(compare($input, $verified.".crlf"), 0);
+       "verify binary input with -binary -crlfeol");
+    is(compare($input, $verified.".crlf"), 0,
+       "binary input retained with -binary -crlfeol");
     ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
-                "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])),
-       "verify binary input missing crlfeol");
+                "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf2"])),
+       "verify binary input with -binary missing -crlfeol");
 };
 
 sub check_availability {
diff --git a/test/smcont.bin b/test/smcont.bin
index 2a5ce10224..96e5c57485 100644
Binary files a/test/smcont.bin and b/test/smcont.bin differ

From dev at ddvo.net  Sat May 22 12:31:49 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 22 May 2021 12:31:49 +0000
Subject: [openssl]  master update
Message-ID: <1621686709.837745.23938.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b6f0f050fd6e40286eb33fcdf28507b0f9b79b26 (commit)
      from  5771017d06be0ba9d82203de0e5ff45b0c616d66 (commit)


- Log -----------------------------------------------------------------
commit b6f0f050fd6e40286eb33fcdf28507b0f9b79b26
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri May 21 09:24:10 2021 +0200

    80-test_cmp_http: Invert and correct the logic of success vs. failure exit
    
    This makes the logic more intuitive and corrects the interpretation for NonStop.
    Fixes #15386
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15402)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/80-test_cmp_http.t                    |  16 +-
 .../80-test_cmp_http_data/test_commands.csv        |  96 ++++-----
 .../80-test_cmp_http_data/test_connection.csv      |  74 +++----
 .../80-test_cmp_http_data/test_credentials.csv     |  76 ++++----
 .../80-test_cmp_http_data/test_enrollment.csv      | 214 ++++++++++-----------
 .../80-test_cmp_http_data/test_verification.csv    |  96 ++++-----
 6 files changed, 286 insertions(+), 286 deletions(-)

diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index 8bd9eacde9..c74a5faf03 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -128,19 +128,19 @@ sub test_cmp_http {
     my $i = shift;
     my $title = shift;
     my $params = shift;
-    my $expected_exit = shift;
+    my $expected_result = shift;
     my $path_app = bldtop_dir($app);
     $params = [ '-server', "127.0.0.1:$server_port", @$params ]
         unless grep { $_ eq '-server' } @$params;
 
     with({ exit_checker => sub {
-        my $actual_exit = shift;
-        my $OK = $actual_exit == $expected_exit;
+        my $actual_result = shift == 0;
+        my $OK = $actual_result == $expected_result;
         if ($faillog && !$OK) {
             my $quote_spc_empty = sub { $_ eq "" ? '""' : $_ =~ m/ / ? '"'.$_.'"' : $_ };
             my $invocation = "$path_app ".join(' ', map $quote_spc_empty->($_), @$params);
             print $faillog "$server_name $aspect \"$title\" ($i/$n)".
-                " expected=$expected_exit actual=$actual_exit\n";
+                " expected=$expected_result actual=$actual_result\n";
             print $faillog "$invocation\n\n";
         }
         return $OK; } },
@@ -255,13 +255,13 @@ sub load_tests {
         s/^\s+// for (@fields); # remove leading whitespace from elements
         s/\s+$// for (@fields); # remove trailing whitespace from elements
         s/^\"(\".*?\")\"$/$1/ for (@fields); # remove escaping from quotation marks from elements
-        my $expected_exit = $fields[$column];
+        my $expected_result = $fields[$column];
         my $description = 1;
         my $title = $fields[$description];
-        next LOOP if (!defined($expected_exit)
-                      || ($expected_exit ne 0 && $expected_exit ne 1));
+        next LOOP if (!defined($expected_result)
+                      || ($expected_result ne 0 && $expected_result ne 1));
         @fields = grep {$_ ne 'BLANK'} @fields[$description + 1 .. @fields - 1];
-        push @result, [$title, \@fields, $expected_exit];
+        push @result, [$title, \@fields, $expected_result];
     }
     close($data);
     return \@result;
diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv
index ae9514db97..2384f05f44 100644
--- a/test/recipes/80-test_cmp_http_data/test_commands.csv
+++ b/test/recipes/80-test_cmp_http_data/test_commands.csv
@@ -1,56 +1,56 @@
 expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infotype,val,, -oldcert,val, -revreason,int, -geninfo,val
 ,,,,,Generic,message options:,,,,,,,,Misc,request options:,,
 ,,,,,,,,,,,,,,,,,
-0,minimum options, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,minimum options, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,
-1,no cmd, -section,,BLANK,,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,cmd missing arg, -section,, -cmd,,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,cmd undefined , -section,, -cmd,abc,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,cmd incomplete, -section,, -cmd,i,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,no cmd, -section,,BLANK,,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,cmd missing arg, -section,, -cmd,,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,cmd undefined , -section,, -cmd,abc,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,cmd incomplete, -section,, -cmd,i,,BLANK,,,BLANK,,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,
-0,no cacertsout, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,cacertsout given, -section,, -cmd,ir,, -cacertsout,_RESULT_DIR/test.cacerts.pem,,BLANK,,,BLANK,,BLANK,
-1,cacertsout missing arg, -section,, -cmd,ir,, -cacertsout,,,BLANK,,,BLANK,,BLANK,
+1,no cacertsout, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,cacertsout given, -section,, -cmd,ir,, -cacertsout,_RESULT_DIR/test.cacerts.pem,,BLANK,,,BLANK,,BLANK,
+0,cacertsout missing arg, -section,, -cmd,ir,, -cacertsout,,,BLANK,,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason unspecified, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,0
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason keyCompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,1
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason CACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,2
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason affiliationChanged, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,3
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason superseded, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,4
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason cessationOfOperation, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,5
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason certificateHold, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,6
-0,revreason removeFromCRL, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,8
-1,revreason 7 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,7
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason priviligeWithdrawn, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,9
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,revreason AACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,10
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0, --- use csr for revocation ----, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, -revreason,0, -csr,csr.pem
-0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,without oldcert, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1,oldcert is directory, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,dir/,BLANK,
-1,oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK,
-1,empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK,
-1,oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0
-1,revreason 11 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,11
-1,revreason string, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,abc
-1,revreason out of integer range, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,010000000000000000000
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason unspecified, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,0
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason keyCompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,1
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason CACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,2
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason affiliationChanged, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,3
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason superseded, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,4
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason cessationOfOperation, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,5
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason certificateHold, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,6
+1,revreason removeFromCRL, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,8
+0,revreason 7 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,7
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason priviligeWithdrawn, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,9
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,revreason AACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,10
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1, --- use csr for revocation ----, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, -revreason,0, -csr,csr.pem
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,without oldcert, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,oldcert is directory, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,dir/,BLANK,
+0,oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK,
+0,empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK,
+0,oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0
+0,revreason 11 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,11
+0,revreason string, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,abc
+0,revreason out of integer range, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,010000000000000000000
 ,,,,,,,,,,,,,,,,,
-0,ir + infotype, -section,, -cmd,ir,,BLANK,,, -infotype,signKeyPairTypes,,BLANK,,BLANK,
-1,genm with missing infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,,,BLANK,,BLANK,
-1,genm with invalid infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,asdf,,BLANK,,BLANK,
+1,ir + infotype, -section,, -cmd,ir,,BLANK,,, -infotype,signKeyPairTypes,,BLANK,,BLANK,
+0,genm with missing infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,,,BLANK,,BLANK,
+0,genm with invalid infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,asdf,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,,,,
-0,geninfo, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int:987,BLANK,,BLANK,
-1,geninfo missing argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,,,,,
-1,geninfo bad syntax: leading '.', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,.1.2.3:int:987,BLANK,,BLANK,
-1,geninfo bad syntax: missing ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int987,,,,
-1,geninfo bad syntax: double ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int::987,,,,
-1,geninfo bad syntax: missing ':int', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3,,,,
+1,geninfo, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int:987,BLANK,,BLANK,
+0,geninfo missing argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,,,,,
+0,geninfo bad syntax: leading '.', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,.1.2.3:int:987,BLANK,,BLANK,
+0,geninfo bad syntax: missing ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int987,,,,
+0,geninfo bad syntax: double ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int::987,,,,
+0,geninfo bad syntax: missing ':int', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3,,,,
diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv
index b3290e0e73..55670cf446 100644
--- a/test/recipes/80-test_cmp_http_data/test_connection.csv
+++ b/test/recipes/80-test_cmp_http_data/test_connection.csv
@@ -1,49 +1,49 @@
 expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls_used,noarg, -path,val, -msg_timeout,int, -total_timeout,int, -keep_alive,val
 ,Message transfer options:,,,,,,,,,,,,,,,,,,
 ,,,,,,,,,,,,,,,,,,,
-0,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,,,,,,,,,,,,
 TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
 ,,,,,,,,,,,,,,,,,,,
-1,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
-1,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
-1,server default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
-1,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server missing argument, -section,, -server,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
+0,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
+0,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
+0,server default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
+0,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,server missing argument, -section,, -server,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
 TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,
-1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
-1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
-1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
-1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,, -no_proxy,nonmatch.com,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
+0,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
+0,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
+0,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,, -no_proxy,nonmatch.com,BLANK,,,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,
-0,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
-0,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
-0,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,,,,BLANK,, -path,"""",BLANK,,BLANK,,BLANK,
-1,path missing argument, -section,,,,,,,,BLANK,, -path,,BLANK,,BLANK,,BLANK,
-1,path wrong, -section,,,,,,,,BLANK,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,
-0,path with additional '/'s fine according to RFC 3986, -section,,,,,,,,BLANK,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,
-1,path mixed case, -section,,,,,,,,BLANK,, -path,pKiX/,BLANK,,BLANK,,BLANK,
-1,path upper case, -section,,,,,,,,BLANK,, -path,PKIX/,BLANK,,BLANK,,BLANK,
+1,path explicit, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
+1,path overrides -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/ignored,,,,,BLANK,, -path,_SERVER_PATH,BLANK,,BLANK,,BLANK,
+1,path default -server path, -section,, -server,_SERVER_HOST:_SERVER_PORT/_SERVER_PATH,,,,,BLANK,, -path,"""",BLANK,,BLANK,,BLANK,
+0,path missing argument, -section,,,,,,,,BLANK,, -path,,BLANK,,BLANK,,BLANK,
+0,path wrong, -section,,,,,,,,BLANK,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,
+1,path with additional '/'s fine according to RFC 3986, -section,,,,,,,,BLANK,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,
+0,path mixed case, -section,,,,,,,,BLANK,, -path,pKiX/,BLANK,,BLANK,,BLANK,
+0,path upper case, -section,,,,,,,,BLANK,, -path,PKIX/,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,
-1,msg_timeout missing argument, -section,,,,,,,,BLANK,,,, -msg_timeout,,BLANK,,BLANK,
-1,msg_timeout negative, -section,,,,,,,,BLANK,,,, -msg_timeout,-5,BLANK,,BLANK,
-0,msg_timeout 5, -section,,,,,,,,BLANK,,,, -msg_timeout,5,BLANK,,BLANK,
-0,msg_timeout 0, -section,,,,,,,,BLANK,,,, -msg_timeout,0,BLANK,,BLANK,
+0,msg_timeout missing argument, -section,,,,,,,,BLANK,,,, -msg_timeout,,BLANK,,BLANK,
+0,msg_timeout negative, -section,,,,,,,,BLANK,,,, -msg_timeout,-5,BLANK,,BLANK,
+1,msg_timeout 5, -section,,,,,,,,BLANK,,,, -msg_timeout,5,BLANK,,BLANK,
+1,msg_timeout 0, -section,,,,,,,,BLANK,,,, -msg_timeout,0,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,
-1,total_timeout missing argument, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,,BLANK,
-1,total_timeout negative, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,-5,BLANK,
-0,total_timeout 10, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,10,BLANK,
-0,total_timeout 0, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,0,BLANK,
+0,total_timeout missing argument, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,,BLANK,
+0,total_timeout negative, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,-5,BLANK,
+1,total_timeout 10, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,10,BLANK,
+1,total_timeout 0, -section,,,,,,,,BLANK,,,,BLANK,, -total_timeout,0,BLANK,
 ,,,,,,,,,,,,,,,,,,,
-1,keep_alive missing argument, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,
-1,keep_alive negative, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,-1
-0,keep_alive 0, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,0
-0,keep_alive 1, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,1
-0,keep_alive 2, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,2
-1,keep_alive 3, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,3
+0,keep_alive missing argument, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,
+0,keep_alive negative, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,-1
+1,keep_alive 0, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,0
+1,keep_alive 1, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,1
+1,keep_alive 2, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,2
+0,keep_alive 3, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,, -keep_alive,3
diff --git a/test/recipes/80-test_cmp_http_data/test_credentials.csv b/test/recipes/80-test_cmp_http_data/test_credentials.csv
index bc759567a8..ce508a101d 100644
--- a/test/recipes/80-test_cmp_http_data/test_credentials.csv
+++ b/test/recipes/80-test_cmp_http_data/test_credentials.csv
@@ -1,46 +1,46 @@
 expected,description, -section,val, -ref,val, -secret,val, -cert,val, -key,val, -keypass,val, -extracerts,val, BLANK, BLANK, -digest,val, -unprotected_requests,noarg
 ,,,,,,,,,,,,,,,,,,,,,,
-0,valid secret - wrong cert/key ignored, -section,, -ref,_PBM_REF, -secret,_PBM_SECRET, -cert,root.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,""""
-1,secret missing arg, -section,,BLANK,, -secret,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
-1,wrong secret without ref, -section,,BLANK,, -secret,pass:wrong,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
-1,wrong secret - correct cert, -section,,BLANK,, -secret,pass:wrong, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,""""
+1,valid secret - wrong cert/key ignored, -section,, -ref,_PBM_REF, -secret,_PBM_SECRET, -cert,root.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,""""
+0,secret missing arg, -section,,BLANK,, -secret,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
+0,wrong secret without ref, -section,,BLANK,, -secret,pass:wrong,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
+0,wrong secret - correct cert, -section,,BLANK,, -secret,pass:wrong, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,""""
 ,,,,,,,,,,,,,,,,,,,,,,
-1,ref missing arg, -section,, -ref,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
-0,empty ref but correct cert, -section,, -ref,"""",BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-0,wrong ref but correct cert, -section,, -ref,wrong,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,ref missing arg, -section,, -ref,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
+1,empty ref but correct cert, -section,, -ref,"""",BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+1,wrong ref but correct cert, -section,, -ref,wrong,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,,,,
-0,valid cert and key and keypass, -section,,BLANK,,-secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,cert missing arg, -section,,BLANK,,BLANK,, -cert,, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,key missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,keypass missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,,BLANK,,BLANK,,BLANK,,BLANK,
-1,keypass empty string, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:,BLANK,,BLANK,,BLANK,,BLANK,
-0,keypass no prefix, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,keypass prefix wrong, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,wrong keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123456,BLANK,,BLANK,,BLANK,,BLANK,
+1,valid cert and key and keypass, -section,,BLANK,,-secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,cert missing arg, -section,,BLANK,,BLANK,, -cert,, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,key missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,keypass missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,,BLANK,,BLANK,,BLANK,,BLANK,
+0,keypass empty string, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:,BLANK,,BLANK,,BLANK,,BLANK,
+1,keypass no prefix, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,keypass prefix wrong, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,wrong keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123456,BLANK,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,,,,
-1,no cert, -section,,BLANK,,BLANK,,BLANK,, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,no key, -section,,BLANK,,BLANK,, -cert,signer.crt,BLANK,, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,no keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
-1,wrong cert, -section,,BLANK,,BLANK,, -cert,trusted.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,cert file does not exist, -section,,BLANK,,BLANK,, -cert,idontexist, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,cert file random content, -section,,BLANK,,BLANK,, -cert,random.bin, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,empty cert file, -section,,BLANK,,BLANK,, -cert,empty.txt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,key file random content, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,random.bin, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-1,random keypass file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,file:random.bin,BLANK,,BLANK,,BLANK,,BLANK,
+0,no cert, -section,,BLANK,,BLANK,,BLANK,, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,no key, -section,,BLANK,,BLANK,, -cert,signer.crt,BLANK,, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,no keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,
+0,wrong cert, -section,,BLANK,,BLANK,, -cert,trusted.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,cert file does not exist, -section,,BLANK,,BLANK,, -cert,idontexist, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,cert file random content, -section,,BLANK,,BLANK,, -cert,random.bin, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,empty cert file, -section,,BLANK,,BLANK,, -cert,empty.txt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,key file random content, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,random.bin, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+0,random keypass file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,file:random.bin,BLANK,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,,,,
-0,correct extraCerts, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,issuing.crt,BLANK,,BLANK,,BLANK,
-0,extracerts big file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,big_issuing.crt,BLANK,,BLANK,,BLANK,
-1,extracerts missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,,BLANK,,BLANK,,BLANK,
-1,extracerts empty file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,empty.txt,BLANK,,BLANK,,BLANK,
-1,extracerts random content, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,random.bin,BLANK,,BLANK,,BLANK,
-1,extracerts file does not exist, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,idontexist,BLANK,,BLANK,,BLANK,
+1,correct extraCerts, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,issuing.crt,BLANK,,BLANK,,BLANK,
+1,extracerts big file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,big_issuing.crt,BLANK,,BLANK,,BLANK,
+0,extracerts missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,,BLANK,,BLANK,,BLANK,
+0,extracerts empty file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,empty.txt,BLANK,,BLANK,,BLANK,
+0,extracerts random content, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,random.bin,BLANK,,BLANK,,BLANK,
+0,extracerts file does not exist, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,idontexist,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,,,,
-0,default sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
-0,digest sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256,BLANK,
-0,digest sha512, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha512,BLANK,
-1,digest missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,,BLANK,
-1,digest non-existing, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,idontexist,BLANK,
-1,digest obsolete, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,md2,BLANK,
-1,multiple digests, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256 sha512,BLANK,
+1,default sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,
+1,digest sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256,BLANK,
+1,digest sha512, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha512,BLANK,
+0,digest missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,,BLANK,
+0,digest non-existing, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,idontexist,BLANK,
+0,digest obsolete, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,md2,BLANK,
+0,multiple digests, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256 sha512,BLANK,
 ,,,,,,,,,,,,,,,,,,,,,,
-1,unprotected request, -section,,BLANK,,BLANK,, -cert,"""", -key,"""", -keypass,"""",BLANK,,BLANK,,BLANK,, -unprotected_requests,
+0,unprotected request, -section,,BLANK,,BLANK,, -cert,"""", -key,"""", -keypass,"""",BLANK,,BLANK,,BLANK,, -unprotected_requests,
diff --git a/test/recipes/80-test_cmp_http_data/test_enrollment.csv b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
index 146fb0c1e1..d46a56daeb 100644
--- a/test/recipes/80-test_cmp_http_data/test_enrollment.csv
+++ b/test/recipes/80-test_cmp_http_data/test_enrollment.csv
@@ -1,112 +1,112 @@
 expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, -subject,val, -issuer,val, -days,int, -reqexts,val, -sans,spec, -san_nodefault,noarg, -popo,int, -implicit_confirm,noarg, -disable_confirm,noarg, -certout,val,val2, -out_trusted,val,val2, -oldcert,val, -csr,val, -revreason,val
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Misc,request options:,,,,
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,newkey, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkey missing arg, -section,, -cmd,ir, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkey is directory, -section,, -cmd,ir, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkey too many parameters, -section,, -cmd,ir, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkey is an RSA key, -section,, -cmd,ir, -newkey,test.RSA2048.pem,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,read newkeypass from file, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:12345.txt,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass_file.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,newkeypass no prefix, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass_no_prefix.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,no newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,,BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,missing newkeypass parameter, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,colon missing and no passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkeypass double colon, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass::12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkeypass double passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass5.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkeypass wrongfile, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:random.bin,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass6.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,wrong password for encrypted pem, -section,, -cmd,ir, -newkey,cmp --help ,, -newkeypass,pass:wrong,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass7.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,newkeypass ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,abcdefghijklmnop,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass_ignored.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,newkeypass invalid, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,fp:4,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass8.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-1,subject argument missing, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:, -subject,BLANK,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_subject1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,issuer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,_CA_DN,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_issuer.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,issuer missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_issuer1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,days 1, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,days 0, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days_zero.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,days 365*100 beyond 2038, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,36500,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days_far_future.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,days missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,days negative, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,-10,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,days no not integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1.5,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,days out of range, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0x10000000000000000,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,reqexts, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,reqexts missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,reqexts non-exisitng section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,invalid,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,reqexts malformed section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,reqexts_invalidkey,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,reqexts and sans, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,sans 1 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,sans 1 dns critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_critical.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,sans critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_critical.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,sans 2 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost test,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_two_dns.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,sans 1 dns 1 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost 127.0.0.1,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,sans 2 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_two_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,sans 1 uri, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,https://www.sample.com,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_uri.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,san_nodefault, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4, -san_nodefault,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_nodefault.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-0,san default, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_default.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,popo SIGNATURE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,1,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,popo RAVERIFIED, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,0,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,popo missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,popo too large, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,3,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,popo too small, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-3,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,popo NONE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-1,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo5.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,popo KEYENC not supported, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,2,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo6.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,implicit_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,,BLANK,, -certout,_RESULT_DIR/test.certout_implicit.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,implicit_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,abc,BLANK,, -certout,_RESULT_DIR/test.certout_implicit1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,disable_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,, -certout,_RESULT_DIR/test.certout_disable.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,disable_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,abc, -certout,_RESULT_DIR/test.certout_disable1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-1,no certout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,"""",, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,certout missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,certout is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,dir/,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,certout too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,abc,def, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,no out_trusted, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted.pem,,BLANK,,,BLANK,,BLANK,,,
-0,out_trusted bigcert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted_big.pem,, -out_trusted,big_root.crt,,BLANK,,BLANK,,,
-1,out_trusted missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted1.pem,, -out_trusted,,,BLANK,,BLANK,,,
-1,out_trusted is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted2.pem,, -out_trusted,dir/,,BLANK,,BLANK,,,
-1,out_trusted too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted3.pem,, -out_trusted,abc,def,BLANK,,BLANK,,,
-1,out_trusted empty certificate file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted4.pem,, -out_trusted,empty.txt,,BLANK,,BLANK,,,
-1,out_trusted expired ca certificate, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted5.pem,, -out_trusted,root_expired.crt,,BLANK,,BLANK,,,
-1,out_trusted wrong ca, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted6.pem,, -out_trusted,signer.crt,,BLANK,,BLANK,,,
-1,out_trusted random input, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted7.pem,, -out_trusted,random.bin,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,oldcert ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,
-1,oldcert missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert1.pem,, -out_trusted,root.crt,, -oldcert,,BLANK,,,
-1,oldcert directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert2.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,
-1,oldcert non existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert3.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,
-1,oldcert empty file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert4.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,
-1,oldcert random contents, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert5.pem,, -out_trusted,root.crt,, -oldcert,random.bin,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,csr used in ir, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_csr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
-0,p10cr csr present, -section,, -cmd,p10cr,BLANK,,, BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
-1,p10cr csr missing, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-1,p10cr csr missing arg, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,, -csr,,,
-1,p10cr csr directory, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr2.pem,, -out_trusted,root.crt,,BLANK,, -csr,dir/,,
-1,p10cr csr non-existing file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr3.pem,, -out_trusted,root.crt,,BLANK,, -csr,idontexist,,
-1,p10cr csr empty file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr4.pem,, -out_trusted,root.crt,,BLANK,, -csr,empty.txt,,
+1,newkey, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkey missing arg, -section,, -cmd,ir, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkey is directory, -section,, -cmd,ir, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkey too many parameters, -section,, -cmd,ir, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkey is an RSA key, -section,, -cmd,ir, -newkey,test.RSA2048.pem,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkey4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,read newkeypass from file, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:12345.txt,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass_file.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,newkeypass no prefix, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass_no_prefix.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,no newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,,BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,missing newkeypass parameter, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,colon missing and no passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkeypass double colon, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass::12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkeypass double passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass5.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkeypass wrongfile, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:random.bin,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass6.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,wrong password for encrypted pem, -section,, -cmd,ir, -newkey,cmp --help ,, -newkeypass,pass:wrong,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass7.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,newkeypass ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,abcdefghijklmnop,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass_ignored.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,newkeypass invalid, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,fp:4,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_newkeypass8.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+0,subject argument missing, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:, -subject,BLANK,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_subject1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,issuer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,_CA_DN,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_issuer.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,issuer missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_issuer1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,days 1, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,days 0, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days_zero.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,days 365*100 beyond 2038, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,36500,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days_far_future.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,days missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,days negative, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,-10,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,days no not integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1.5,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,days out of range, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0x10000000000000000,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_days4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,reqexts, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,reqexts missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,reqexts non-exisitng section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,invalid,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,reqexts malformed section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,reqexts_invalidkey,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,reqexts and sans, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_reqexts4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,sans 1 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,sans 1 dns critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_critical.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,sans critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_critical.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,sans 2 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost test,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_two_dns.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,sans 1 dns 1 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost 127.0.0.1,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_dns_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,sans 2 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_two_ip.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,sans 1 uri, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,https://www.sample.com,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_uri.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,san_nodefault, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4, -san_nodefault,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_nodefault.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+1,san default, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_sans_default.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,popo SIGNATURE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,1,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,popo RAVERIFIED, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,0,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,popo missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo2.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,popo too large, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,3,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo3.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,popo too small, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-3,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo4.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,popo NONE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-1,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo5.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,popo KEYENC not supported, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,2,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_popo6.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,implicit_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,,BLANK,, -certout,_RESULT_DIR/test.certout_implicit.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,implicit_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,abc,BLANK,, -certout,_RESULT_DIR/test.certout_implicit1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,disable_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,, -certout,_RESULT_DIR/test.certout_disable.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,disable_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,abc, -certout,_RESULT_DIR/test.certout_disable1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+0,no certout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,"""",, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,certout missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,certout is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,dir/,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,certout too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,abc,def, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,no out_trusted, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted.pem,,BLANK,,,BLANK,,BLANK,,,
+1,out_trusted bigcert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted_big.pem,, -out_trusted,big_root.crt,,BLANK,,BLANK,,,
+0,out_trusted missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted1.pem,, -out_trusted,,,BLANK,,BLANK,,,
+0,out_trusted is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted2.pem,, -out_trusted,dir/,,BLANK,,BLANK,,,
+0,out_trusted too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted3.pem,, -out_trusted,abc,def,BLANK,,BLANK,,,
+0,out_trusted empty certificate file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted4.pem,, -out_trusted,empty.txt,,BLANK,,BLANK,,,
+0,out_trusted expired ca certificate, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted5.pem,, -out_trusted,root_expired.crt,,BLANK,,BLANK,,,
+0,out_trusted wrong ca, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted6.pem,, -out_trusted,signer.crt,,BLANK,,BLANK,,,
+0,out_trusted random input, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted7.pem,, -out_trusted,random.bin,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,oldcert ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,
+0,oldcert missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert1.pem,, -out_trusted,root.crt,, -oldcert,,BLANK,,,
+0,oldcert directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert2.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,
+0,oldcert non existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert3.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,
+0,oldcert empty file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert4.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,
+0,oldcert random contents, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert5.pem,, -out_trusted,root.crt,, -oldcert,random.bin,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,csr used in ir, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_csr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
+1,p10cr csr present, -section,, -cmd,p10cr,BLANK,,, BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr.pem,, -out_trusted,root.crt,,BLANK,, -csr,csr.pem,,
+0,p10cr csr missing, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+0,p10cr csr missing arg, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr1.pem,, -out_trusted,root.crt,,BLANK,, -csr,,,
+0,p10cr csr directory, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr2.pem,, -out_trusted,root.crt,,BLANK,, -csr,dir/,,
+0,p10cr csr non-existing file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr3.pem,, -out_trusted,root.crt,,BLANK,, -csr,idontexist,,
+0,p10cr csr empty file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr4.pem,, -out_trusted,root.crt,,BLANK,, -csr,empty.txt,,
 TODO,p10cr wrong csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_p10cr5.pem,, -out_trusted,root.crt,,BLANK,, -csr,wrong_csr.pem,,
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,ir + ignored revocation, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_revreason.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,5
-1,ir + invalid revreason, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_revreason1.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,11
-1,ir + revreason not an integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_revreason2.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,abc
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,cr, -section,, -cmd,cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_cr.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-0,kur explicit options, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt
-0,kur minimal options, -section,, -cmd,kur,BLANK,,BLANK,, -subject,"""",BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur_minimal.pem,,BLANK,,, -oldcert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt, -secret,""""
-1,kur newkey value missing, -section,, -cmd,kur, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur1.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
-1,kur newkey is directory, -section,, -cmd,kur, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur2.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
-1,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur3.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
-1,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur4.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
-1,kur oldcert is directory, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur5.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
-1,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
-1,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur7.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
-1,kur without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur8.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+1,ir + ignored revocation, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_revreason.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,5
+0,ir + invalid revreason, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_revreason1.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,11
+0,ir + revreason not an integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_revreason2.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,abc
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,cr, -section,, -cmd,cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_cr.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+1,kur explicit options, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt
+1,kur minimal options, -section,, -cmd,kur,BLANK,,BLANK,, -subject,"""",BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur_minimal.pem,,BLANK,,, -oldcert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,_RESULT_DIR/test.certout_newkey.pem, -key,new.key, -extracerts,issuing.crt, -secret,""""
+0,kur newkey value missing, -section,, -cmd,kur, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur1.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur newkey is directory, -section,, -cmd,kur, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur2.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur3.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur4.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur oldcert is directory, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur5.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur7.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
+0,kur without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur8.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT
diff --git a/test/recipes/80-test_cmp_http_data/test_verification.csv b/test/recipes/80-test_cmp_http_data/test_verification.csv
index 8ba0489bc2..c58215eebf 100644
--- a/test/recipes/80-test_cmp_http_data/test_verification.csv
+++ b/test/recipes/80-test_cmp_http_data/test_verification.csv
@@ -1,51 +1,51 @@
 expected,description, -section,val, -recipient,val, -expect_sender,val, -srvcert,val, -trusted,val, -untrusted,val, -ignore_keyusage, -unprotected_errors, -extracertsout,val,val2, -opt1,arg1, -opt2,arg2, -opt3,arg3
 ,,,,,Recipient,options:,,,,,,,,,,,,,,,,,,,
 ,,,,,,,,,,,,,,,,,,,,,,,,,
-0,default test, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-1,recipient missing arg, -section,, -recipient,,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-0,unknown attribute in recipient name, -section,, -recipient,_CA_DN/ABC=123,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,wrong syntax in recipient name: trailing double '/' after value, -section,, -recipient,_CA_DN//,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,wrong syntax in recipient name: missing '=', -section,, -recipient,/CDE,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,wrong syntax in recipient name: C too long, -section,, -recipient,/CN=ECC Issuing CA v10/OU=For test purpose only/O=CMPforOpenSSL/C=DEE,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,config default with expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,expected sender missing arg, -section,, -recipient,_CA_DN, -expect_sender,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,wrong expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=Sample Cert/OU=R&D/O=Company Ltd./L=Dublin 4/C=IE,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-0,unknown attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN/ABC=123,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,extra attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN/serialNumber=123,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,double attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=ECC Issuing CA v10_SERVER_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,missing attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=ECC Issuing CA v10/OU=For test purpose only/C=DE,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,bad syntax in expected sender name: leading double '/', -section,, -recipient,_CA_DN, -expect_sender,//_CA_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,bad syntax in expected sender name: trailing double '/', -section,, -recipient,_CA_DN, -expect_sender,_CA_DN//,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,bad syntax in expected sender name: missing '=', -section,, -recipient,_CA_DN, -expect_sender,/C=DE/CN=ECC Issuing CA v10/OU=For test purpose only/OCMPforOpenSSL,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,expected sender empty attributes, -section,, -recipient,_CA_DN, -expect_sender,/CN=/OU=/O=/C=,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,explicit srvcert, -section,,,,BLANK,, -srvcert,_SERVER_CERT, -trusted,"""",BLANK,,,, -unprotected_errors,BLANK,,,,,,,,
-1,srvcert missing arg, -section,, -recipient,"""",BLANK,, -srvcert,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,wrong srvcert, -section,, -recipient,"""",BLANK,, -srvcert,signer.crt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,srvcert is empty file, -section,, -recipient,"""",BLANK,, -srvcert,empty.txt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,srvcert random content, -section,, -recipient,"""",BLANK,, -srvcert,random.bin, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,no -trusted but srvcert, -section,, -recipient,_CA_DN,BLANK,, -srvcert,_SERVER_CERT,BLANK,,BLANK,,, -unprotected_errors,BLANK,,,,,,,,
-1,trusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,wrong trusted cert, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,signer.crt,BLANK,,BLANK, -unprotected_errors,BLANK, -secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345
-1,trusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,empty.txt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,trusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,random.bin,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,trusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,idontexist,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-1,untrusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,untrusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,empty.txt,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,untrusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,random.bin,BLANK, -unprotected_errors,BLANK,,,,,,,,
-1,untrusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,idontexist,BLANK, -unprotected_errors,BLANK,,,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,ignore key usage, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,, -ignore_keyusage, -unprotected_errors,BLANK,,,,,,,,
-1,ignorekeyusage with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,, -unprotected_errors,BLANK, -ignore_keyusage,1,,,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,no unprotected errors - no errors, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,,,,,,,
-1,unprotected_errors with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,, -unprotected_errors,123,,,,
-,,,,,,,,,,,,,,,,,,,,,,,,,
-0,extracertsout, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,_RESULT_DIR/test.extracerts.pem,,,,,,,
-1,extracertsout no parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,,,,,,,,
-1,extracertsout directory, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,directory/,,,,,,,
-1,extracertsout multiple arguments, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,abc,def,,,,,,
+1,default test, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+0,recipient missing arg, -section,, -recipient,,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+1,unknown attribute in recipient name, -section,, -recipient,_CA_DN/ABC=123,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,wrong syntax in recipient name: trailing double '/' after value, -section,, -recipient,_CA_DN//,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,wrong syntax in recipient name: missing '=', -section,, -recipient,/CDE,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,wrong syntax in recipient name: C too long, -section,, -recipient,/CN=ECC Issuing CA v10/OU=For test purpose only/O=CMPforOpenSSL/C=DEE,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+1,config default with expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,expected sender missing arg, -section,, -recipient,_CA_DN, -expect_sender,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,wrong expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=Sample Cert/OU=R&D/O=Company Ltd./L=Dublin 4/C=IE,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+1,unknown attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN/ABC=123,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,extra attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN/serialNumber=123,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,double attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=ECC Issuing CA v10_SERVER_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,missing attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=ECC Issuing CA v10/OU=For test purpose only/C=DE,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,bad syntax in expected sender name: leading double '/', -section,, -recipient,_CA_DN, -expect_sender,//_CA_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,bad syntax in expected sender name: trailing double '/', -section,, -recipient,_CA_DN, -expect_sender,_CA_DN//,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,bad syntax in expected sender name: missing '=', -section,, -recipient,_CA_DN, -expect_sender,/C=DE/CN=ECC Issuing CA v10/OU=For test purpose only/OCMPforOpenSSL,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,expected sender empty attributes, -section,, -recipient,_CA_DN, -expect_sender,/CN=/OU=/O=/C=,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+1,explicit srvcert, -section,,,,BLANK,, -srvcert,_SERVER_CERT, -trusted,"""",BLANK,,,, -unprotected_errors,BLANK,,,,,,,,
+0,srvcert missing arg, -section,, -recipient,"""",BLANK,, -srvcert,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,wrong srvcert, -section,, -recipient,"""",BLANK,, -srvcert,signer.crt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,srvcert is empty file, -section,, -recipient,"""",BLANK,, -srvcert,empty.txt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,srvcert random content, -section,, -recipient,"""",BLANK,, -srvcert,random.bin, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+1,no -trusted but srvcert, -section,, -recipient,_CA_DN,BLANK,, -srvcert,_SERVER_CERT,BLANK,,BLANK,,, -unprotected_errors,BLANK,,,,,,,,
+0,trusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,wrong trusted cert, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,signer.crt,BLANK,,BLANK, -unprotected_errors,BLANK, -secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345
+0,trusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,empty.txt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,trusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,random.bin,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,trusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,idontexist,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+0,untrusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,untrusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,empty.txt,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,untrusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,random.bin,BLANK, -unprotected_errors,BLANK,,,,,,,,
+0,untrusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,idontexist,BLANK, -unprotected_errors,BLANK,,,,,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+1,ignore key usage, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,, -ignore_keyusage, -unprotected_errors,BLANK,,,,,,,,
+0,ignorekeyusage with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,, -unprotected_errors,BLANK, -ignore_keyusage,1,,,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+1,no unprotected errors - no errors, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,,,,,,,
+0,unprotected_errors with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,, -unprotected_errors,123,,,,
+,,,,,,,,,,,,,,,,,,,,,,,,,
+1,extracertsout, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,_RESULT_DIR/test.extracerts.pem,,,,,,,
+0,extracertsout no parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,,,,,,,,
+0,extracertsout directory, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,directory/,,,,,,,
+0,extracertsout multiple arguments, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,abc,def,,,,,,

From no-reply at appveyor.com  Sat May 22 13:50:11 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 13:50:11 +0000
Subject: Build completed: openssl master.42127
Message-ID: <20210522135011.1.8047656C4820DCF3@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/212450a6/attachment.html>

From no-reply at appveyor.com  Sat May 22 16:24:41 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 16:24:41 +0000
Subject: Build failed: openssl master.42128
Message-ID: <20210522162441.1.ED92E83750E6E9FB@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/ceabed84/attachment.html>

From no-reply at appveyor.com  Sat May 22 18:57:26 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 18:57:26 +0000
Subject: Build failed: openssl master.42129
Message-ID: <20210522185726.1.F81457098490BDA5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/d8210eb0/attachment.html>

From no-reply at appveyor.com  Sat May 22 21:38:36 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 22 May 2021 21:38:36 +0000
Subject: Build failed: openssl master.42130
Message-ID: <20210522213836.1.568160F5C69F7139@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210522/f8d30b29/attachment.html>

From no-reply at appveyor.com  Sun May 23 00:12:17 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 23 May 2021 00:12:17 +0000
Subject: Build failed: openssl master.42131
Message-ID: <20210523001217.1.687A514E3F8BFD6E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210523/fe102f7b/attachment.html>

From no-reply at appveyor.com  Sun May 23 02:43:44 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 23 May 2021 02:43:44 +0000
Subject: Build failed: openssl master.42132
Message-ID: <20210523024344.1.115364094F96F63F@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210523/2ed823c9/attachment.html>

From no-reply at appveyor.com  Sun May 23 05:13:40 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 23 May 2021 05:13:40 +0000
Subject: Build failed: openssl master.42133
Message-ID: <20210523051340.1.6ACCEB986BAA0742@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210523/974458ab/attachment.html>

From no-reply at appveyor.com  Sun May 23 07:41:39 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 23 May 2021 07:41:39 +0000
Subject: Build failed: openssl master.42134
Message-ID: <20210523074139.1.9953070339D68F23@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210523/8569968c/attachment-0001.html>

From scan-admin at coverity.com  Sun May 23 07:48:36 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 23 May 2021 07:48:36 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for openssl/openssl
Message-ID: <60aa08d3d5aab_1469f42ae2c0d3d99881293@prd-scan-dashboard-0.mail>


    Your request for analysis of openssl/openssl has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D5onh_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFbiO7ACNiZsW-2BV7u9V14c7wc734rTYBAAGJk-2BNFMb2W4aTZs-2BNPNFBgmhJFI1vvGw9aqvN5u22LOl4DPVM77TeniCZr6C-2BpOi9dfCjjXN-2FQILQRFvK-2Brs-2F8ID-2F84oKKw6ne-2FdVVbGvoDmu0KsjTZUB0iXqXB6fe-2BGEop-2FQ7dv-2BwXhItfsuWL79rZlf44bbjEU-3D

    Build ID: 387930

    Analysis Summary:
       New defects found: 2
       Defects eliminated: 5

    If you have difficulty understanding any defects, email us at scan-admin at coverity.com,
    or post your question to StackOverflow
    at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3Dv6oO_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFbiO7ACNiZsW-2BV7u9V14c7wc734rTYBAAGJk-2BNFMb2W88MW8RfA7sq4ZP8280zRfML85lG5nhcpjG53wKCifO7qE0Nt6JklHvOYmBJwUuQK5Ik22xF9MSGrzvoQoKfOuVn01SNby3-2B7VC3VE0LSIHMiOofGvnP-2F9M-2Fi-2FnLxNT16EIgSd-2B-2FvlA-2BR-2BpXNzDsp4I-3D

From scan-admin at coverity.com  Sun May 23 07:52:33 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 23 May 2021 07:52:33 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2
Message-ID: <60aa09c11f5ce_146c432ae2c0d3d9988128d@prd-scan-dashboard-0.mail>


    Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DmhEG_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEC5FJJEwRI18Z0k4siodtcHo0MeJEj1efCjt8qkfJdcmoRjpN3s0Nbrpg4fRhAco4f-2FpJb-2B67BpaaM8meUFkvoPwa5jE4Lck6VxaVblvKetMAX7WSNXPgz-2BGs-2F5-2FPaCatVx-2ByTISBaGDjz0-2FVLxJaKjs1mnsBclV0bpKqizQzFC5UaQ4r2ycGQU9VbJSz2rj4-3D

    Build ID: 387931

    Analysis Summary:
       New defects found: 0
       Defects eliminated: 0


From no-reply at appveyor.com  Sun May 23 10:11:16 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sun, 23 May 2021 10:11:16 +0000
Subject: Build failed: openssl master.42135
Message-ID: <20210523101116.1.B0059242AFB3B3B4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210523/fbb9f692/attachment.html>

From pauli at openssl.org  Sun May 23 23:41:27 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sun, 23 May 2021 23:41:27 +0000
Subject: [openssl]  master update
Message-ID: <1621813287.229815.25643.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bca0ffe8b3f229b47a515048505736708e38095b (commit)
       via  c9732f095363251131e6e6a4cbbe45deea285ed0 (commit)
       via  b3135f56a663711a1234e3d419aaae5fe6915f7f (commit)
       via  ec91f1ae199aaef7d4edd00741e0ccc5630871b8 (commit)
       via  235776b2c70fa2e283ea9fb47daf2cab4bc2309a (commit)
      from  b6f0f050fd6e40286eb33fcdf28507b0f9b79b26 (commit)


- Log -----------------------------------------------------------------
commit bca0ffe8b3f229b47a515048505736708e38095b
Author: Pauli <pauli at openssl.org>
Date:   Fri May 21 08:54:07 2021 +1000

    doc: update core_thread_start() documentation
    
    It is now passed an arugment to pass to the callback
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15278)

commit c9732f095363251131e6e6a4cbbe45deea285ed0
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 11:52:56 2021 +0100

    Fix a memleak in the FIPS provider
    
    If the DRBG is used within the scope of the FIPS OSSL_provider_init
    function then it attempts to register a thread callback via c_thread_start.
    However the implementation of c_thread_start assumed that the provider's
    provctx was already present. However because OSSL_provider_init is still
    running it was actually NULL. This means the thread callback fail to work
    correctly and a memory leak resulted.
    
    Instead of having c_thread_start use the provctx as the callback argument
    we change the definition of c_thread_start to have an explicit callback
    argument to use.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15278)

commit b3135f56a663711a1234e3d419aaae5fe6915f7f
Author: Pauli <pauli at openssl.org>
Date:   Mon May 17 12:59:19 2021 +1000

    test: fix typo in comment in threadstest.c
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15278)

commit ec91f1ae199aaef7d4edd00741e0ccc5630871b8
Author: Pauli <pauli at openssl.org>
Date:   Tue May 18 17:54:43 2021 +1000

    core: condition out more in FIPS builds
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15278)

commit 235776b2c70fa2e283ea9fb47daf2cab4bc2309a
Author: Pauli <pauli at openssl.org>
Date:   Fri May 14 15:41:14 2021 +1000

    test: add test case to reliably reproduce RAND leak during POST
    
    The FIPS provider leaks a RAND if the POST is run at initialisation time.
    This test case reliably reproduces this event.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15278)

-----------------------------------------------------------------------

Summary of changes:
 crypto/initthread.c             | 19 +++++++---
 crypto/provider_core.c          |  5 ++-
 doc/man7/provider-base.pod      | 12 +++---
 include/crypto/cryptlib.h       |  2 +-
 include/internal/cryptlib.h     |  4 +-
 include/openssl/core_dispatch.h |  3 +-
 test/build.info                 |  6 ++-
 test/recipes/90-test_threads.t  | 24 +++++++++++-
 test/threadstest.c              | 69 +---------------------------------
 test/threadstest.h              | 82 +++++++++++++++++++++++++++++++++++++++++
 test/threadstest_fips.c         | 49 ++++++++++++++++++++++++
 11 files changed, 191 insertions(+), 84 deletions(-)
 create mode 100644 test/threadstest.h
 create mode 100644 test/threadstest_fips.c

diff --git a/crypto/initthread.c b/crypto/initthread.c
index fec3213047..d86e280fc1 100644
--- a/crypto/initthread.c
+++ b/crypto/initthread.c
@@ -33,7 +33,9 @@ extern OSSL_FUNC_core_thread_start_fn *c_thread_start;
 
 typedef struct thread_event_handler_st THREAD_EVENT_HANDLER;
 struct thread_event_handler_st {
+#ifndef FIPS_MODULE
     const void *index;
+#endif
     void *arg;
     OSSL_thread_stop_handler_fn handfn;
     THREAD_EVENT_HANDLER *next;
@@ -235,12 +237,12 @@ void OPENSSL_thread_stop(void)
     }
 }
 
-void ossl_ctx_thread_stop(void *arg)
+void ossl_ctx_thread_stop(OSSL_LIB_CTX *ctx)
 {
     if (destructor_key.sane != -1) {
         THREAD_EVENT_HANDLER **hands
             = init_get_thread_local(&destructor_key.value, 0, 1);
-        init_thread_stop(arg, hands);
+        init_thread_stop(ctx, hands);
     }
 }
 
@@ -283,10 +285,14 @@ static const OSSL_LIB_CTX_METHOD thread_event_ossl_ctx_method = {
     thread_event_ossl_ctx_free,
 };
 
-void ossl_ctx_thread_stop(void *arg)
+static void ossl_arg_thread_stop(void *arg)
+{
+    ossl_ctx_thread_stop((OSSL_LIB_CTX *)arg);
+}
+
+void ossl_ctx_thread_stop(OSSL_LIB_CTX *ctx)
 {
     THREAD_EVENT_HANDLER **hands;
-    OSSL_LIB_CTX *ctx = PROV_LIBCTX_OF(arg);
     CRYPTO_THREAD_LOCAL *local
         = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX,
                                 &thread_event_ossl_ctx_method);
@@ -365,7 +371,8 @@ int ossl_init_thread_start(const void *index, void *arg,
          * libcrypto to tell us about later thread stop events. c_thread_start
          * is a callback to libcrypto defined in fipsprov.c
          */
-        if (!c_thread_start(FIPS_get_core_handle(ctx), ossl_ctx_thread_stop))
+        if (!c_thread_start(FIPS_get_core_handle(ctx), ossl_arg_thread_stop,
+                            ctx))
             return 0;
     }
 #endif
@@ -376,7 +383,9 @@ int ossl_init_thread_start(const void *index, void *arg,
 
     hand->handfn = handfn;
     hand->arg = arg;
+#ifndef FIPS_MODULE
     hand->index = index;
+#endif
     hand->next = *hands;
     *hands = hand;
 
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 512a16ee66..ca2bfdb8fa 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -1603,7 +1603,8 @@ static OPENSSL_CORE_CTX *core_get_libctx(const OSSL_CORE_HANDLE *handle)
 }
 
 static int core_thread_start(const OSSL_CORE_HANDLE *handle,
-                             OSSL_thread_stop_handler_fn handfn)
+                             OSSL_thread_stop_handler_fn handfn,
+                             void *arg)
 {
     /*
      * We created this object originally and we know it is actually an
@@ -1611,7 +1612,7 @@ static int core_thread_start(const OSSL_CORE_HANDLE *handle,
      */
     OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle;
 
-    return ossl_init_thread_start(prov, prov->provctx, handfn);
+    return ossl_init_thread_start(prov, arg, handfn);
 }
 
 /*
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 10ad301fb4..292752afe9 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -21,7 +21,8 @@ provider-base
 
  typedef void (*OSSL_thread_stop_handler_fn)(void *arg);
  int core_thread_start(const OSSL_CORE_HANDLE *handle,
-                       OSSL_thread_stop_handler_fn handfn);
+                       OSSL_thread_stop_handler_fn handfn,
+                       void *arg);
 
  OPENSSL_CORE_CTX *core_get_libctx(const OSSL_CORE_HANDLE *handle);
  void core_new_error(const OSSL_CORE_HANDLE *handle);
@@ -192,13 +193,14 @@ core_get_params() retrieves parameters from the core for the given I<handle>.
 See L</Core parameters> below for a description of currently known
 parameters.
 
-The core_thread_start() function informs the core that the provider has started
+The core_thread_start() function informs the core that the provider has stated
 an interest in the current thread. The core will inform the provider when the
 thread eventually stops. It must be passed the I<handle> for this provider, as
 well as a callback I<handfn> which will be called when the thread stops. The
-callback will subsequently be called from the thread that is stopping and gets
-passed the provider context as an argument. This may be useful to perform thread
-specific clean up such as freeing thread local variables.
+callback will subsequently be called, with the supplied argument I<arg>, from
+the thread that is stopping and gets passed the provider context as an
+argument. This may be useful to perform thread specific clean up such as
+freeing thread local variables.
 
 core_get_libctx() retrieves the library context in which the library
 object for the current provider is stored, accessible through the I<handle>.
diff --git a/include/crypto/cryptlib.h b/include/crypto/cryptlib.h
index 1e58663b4f..39a956bfd3 100644
--- a/include/crypto/cryptlib.h
+++ b/include/crypto/cryptlib.h
@@ -21,7 +21,7 @@ int ossl_init_thread_start(const void *index, void *arg,
 int ossl_init_thread_deregister(void *index);
 int ossl_init_thread(void);
 void ossl_cleanup_thread(void);
-void ossl_ctx_thread_stop(void *arg);
+void ossl_ctx_thread_stop(OSSL_LIB_CTX *ctx);
 
 /*
  * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index 3499025fa1..1291299b6e 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -155,7 +155,9 @@ typedef struct ossl_ex_data_global_st {
 # define OSSL_LIB_CTX_DRBG_INDEX                     5
 # define OSSL_LIB_CTX_DRBG_NONCE_INDEX               6
 # define OSSL_LIB_CTX_RAND_CRNGT_INDEX               7
-# define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX     8
+# ifdef FIPS_MODULE
+#  define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX    8
+# endif
 # define OSSL_LIB_CTX_FIPS_PROV_INDEX                9
 # define OSSL_LIB_CTX_ENCODER_STORE_INDEX           10
 # define OSSL_LIB_CTX_DECODER_STORE_INDEX           11
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index 458cbb1c9e..2a46c10123 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -68,7 +68,8 @@ OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_CORE_HANDLE *prov,
                                          OSSL_PARAM params[]))
 # define OSSL_FUNC_CORE_THREAD_START           3
 OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_CORE_HANDLE *prov,
-                                           OSSL_thread_stop_handler_fn handfn))
+                                           OSSL_thread_stop_handler_fn handfn,
+                                           void *arg))
 # define OSSL_FUNC_CORE_GET_LIBCTX             4
 OSSL_CORE_MAKE_FUNC(OPENSSL_CORE_CTX *,core_get_libctx,
                     (const OSSL_CORE_HANDLE *prov))
diff --git a/test/build.info b/test/build.info
index 58d75be5d4..183c972602 100644
--- a/test/build.info
+++ b/test/build.info
@@ -47,7 +47,7 @@ IF[{- !$disabled{tests} -}]
           bio_callback_test bio_memleak_test bio_core_test param_build_test \
           bioprinttest sslapitest dtlstest sslcorrupttest \
           bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
-          cipherbytes_test \
+          cipherbytes_test threadstest_fips \
           asn1_encode_test asn1_decode_test asn1_string_table_test \
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
           recordlentest drbgtest rand_status_test sslbuffertest \
@@ -271,6 +271,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[threadstest]=../include ../apps/include
   DEPEND[threadstest]=../libcrypto libtestutil.a
 
+  SOURCE[threadstest_fips]=threadstest_fips.c
+  INCLUDE[threadstest_fips]=../include ../apps/include
+  DEPEND[threadstest_fips]=../libcrypto libtestutil.a
+
   SOURCE[afalgtest]=afalgtest.c
   INCLUDE[afalgtest]=../include ../apps/include
   DEPEND[afalgtest]=../libcrypto libtestutil.a
diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t
index a841a4b2f5..651fa805d5 100644
--- a/test/recipes/90-test_threads.t
+++ b/test/recipes/90-test_threads.t
@@ -23,7 +23,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 my $config_path = abs_path(srctop_file("test", $no_fips ? "default.cnf"
                                                         : "default-and-fips.cnf"));
 
-plan tests => 1;
+plan tests => 2;
 
 if ($no_fips) {
     ok(run(test(["threadstest", "-config", $config_path, data_dir()])),
@@ -32,3 +32,25 @@ if ($no_fips) {
     ok(run(test(["threadstest", "-fips", "-config", $config_path, data_dir()])),
        "running test_threads with FIPS");
 }
+
+# Merge the configuration files into one filtering the contents so the failure
+# condition is reproducable.  A working FIPS configuration without the install
+# status is required.
+
+open CFGBASE, '<', $config_path;
+open CFGINC, '<', bldtop_file('/providers/fipsmodule.cnf');
+open CFGOUT, '>', 'thread.cnf';
+
+while (<CFGBASE>) {
+    print CFGOUT unless m/^[.]include/;
+}
+close CFGBASE;
+print CFGOUT "\n\n";
+while (<CFGINC>) {
+    print CFGOUT unless m/^install-status/;
+}
+close CFGINC;
+close CFGOUT;
+
+$ENV{OPENSSL_CONF} = 'thread.cnf';
+ok(run(test(["threadstest_fips"])), "running test_threads_fips");
diff --git a/test/threadstest.c b/test/threadstest.c
index 359b330024..cb9817aa28 100644
--- a/test/threadstest.c
+++ b/test/threadstest.c
@@ -20,77 +20,12 @@
 #include <openssl/aes.h>
 #include <openssl/rsa.h>
 #include "testutil.h"
+#include "threadstest.h"
 
 static int do_fips = 0;
 static char *privkey;
 static char *config_file = NULL;
 
-#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
-
-typedef unsigned int thread_t;
-
-static int run_thread(thread_t *t, void (*f)(void))
-{
-    f();
-    return 1;
-}
-
-static int wait_for_thread(thread_t thread)
-{
-    return 1;
-}
-
-#elif defined(OPENSSL_SYS_WINDOWS)
-
-typedef HANDLE thread_t;
-
-static DWORD WINAPI thread_run(LPVOID arg)
-{
-    void (*f)(void);
-
-    *(void **) (&f) = arg;
-
-    f();
-    return 0;
-}
-
-static int run_thread(thread_t *t, void (*f)(void))
-{
-    *t = CreateThread(NULL, 0, thread_run, *(void **) &f, 0, NULL);
-    return *t != NULL;
-}
-
-static int wait_for_thread(thread_t thread)
-{
-    return WaitForSingleObject(thread, INFINITE) == 0;
-}
-
-#else
-
-typedef pthread_t thread_t;
-
-static void *thread_run(void *arg)
-{
-    void (*f)(void);
-
-    *(void **) (&f) = arg;
-
-    f();
-    return NULL;
-}
-
-static int run_thread(thread_t *t, void (*f)(void))
-{
-    return pthread_create(t, NULL, thread_run, *(void **) &f) == 0;
-}
-
-static int wait_for_thread(thread_t thread)
-{
-    return pthread_join(thread, NULL) == 0;
-}
-
-#endif
-
 static int test_lock(void)
 {
     CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new();
@@ -431,7 +366,7 @@ static void thread_provider_load_unload(void)
  * Test 2: Simple fetch worker
  * Test 3: Worker downgrading a shared EVP_PKEY
  * Test 4: Worker using a shared EVP_PKEY
- * Test 5: Workder loading and unloading a provider
+ * Test 5: Worker loading and unloading a provider
  */
 static int test_multi(int idx)
 {
diff --git a/test/threadstest.h b/test/threadstest.h
new file mode 100644
index 0000000000..8bdedd7052
--- /dev/null
+++ b/test/threadstest.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <string.h>
+#include "testutil.h"
+
+#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
+
+typedef unsigned int thread_t;
+
+static int run_thread(thread_t *t, void (*f)(void))
+{
+    f();
+    return 1;
+}
+
+static int wait_for_thread(thread_t thread)
+{
+    return 1;
+}
+
+#elif defined(OPENSSL_SYS_WINDOWS)
+
+typedef HANDLE thread_t;
+
+static DWORD WINAPI thread_run(LPVOID arg)
+{
+    void (*f)(void);
+
+    *(void **) (&f) = arg;
+
+    f();
+    return 0;
+}
+
+static int run_thread(thread_t *t, void (*f)(void))
+{
+    *t = CreateThread(NULL, 0, thread_run, *(void **) &f, 0, NULL);
+    return *t != NULL;
+}
+
+static int wait_for_thread(thread_t thread)
+{
+    return WaitForSingleObject(thread, INFINITE) == 0;
+}
+
+#else
+
+typedef pthread_t thread_t;
+
+static void *thread_run(void *arg)
+{
+    void (*f)(void);
+
+    *(void **) (&f) = arg;
+
+    f();
+    return NULL;
+}
+
+static int run_thread(thread_t *t, void (*f)(void))
+{
+    return pthread_create(t, NULL, thread_run, *(void **) &f) == 0;
+}
+
+static int wait_for_thread(thread_t thread)
+{
+    return pthread_join(thread, NULL) == 0;
+}
+
+#endif
+
diff --git a/test/threadstest_fips.c b/test/threadstest_fips.c
new file mode 100644
index 0000000000..b38221d4ed
--- /dev/null
+++ b/test/threadstest_fips.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include "testutil.h"
+#include "threadstest.h"
+
+static int success;
+
+static void thread_fips_rand_fetch(void)
+{
+    EVP_MD *md;
+
+    if (!TEST_true(md = EVP_MD_fetch(NULL, "SHA2-256", NULL)))
+        success = 0;
+    EVP_MD_free(md);
+}
+
+static int test_fips_rand_leak(void)
+{
+    thread_t thread;
+
+    success = 1;
+
+    if (!TEST_true(run_thread(&thread, thread_fips_rand_fetch)))
+        return 0;
+    if (!TEST_true(wait_for_thread(thread)))
+        return 0;
+    return TEST_true(success);
+}
+
+int setup_tests(void)
+{
+    /*
+     * This test MUST be run first.  Once the default library context is set
+     * up, this test will always pass.
+     */
+    ADD_TEST(test_fips_rand_leak);
+    return 1;
+}

From pauli at openssl.org  Sun May 23 23:43:36 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sun, 23 May 2021 23:43:36 +0000
Subject: [openssl]  master update
Message-ID: <1621813416.058893.5286.nullmailer@dev.openssl.org>

The branch master has been updated
       via  c45df3302d20291ff1125f1aeb82fae1cdceaac8 (commit)
      from  bca0ffe8b3f229b47a515048505736708e38095b (commit)


- Log -----------------------------------------------------------------
commit c45df3302d20291ff1125f1aeb82fae1cdceaac8
Author: Pauli <pauli at openssl.org>
Date:   Tue May 18 19:03:28 2021 +1000

    fips: default to running self tests when starting the fips provider
    
    Also add a C++ constructor as per note 7 of IG 9.10 if no DEP is available and
    C++ is being used.
    
    Fixes #15322
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15324)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips/self_test.c | 57 ++++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 27 deletions(-)

diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index dbd744ff7c..34dbf6cb85 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -46,7 +46,6 @@
 #define DIGEST_NAME "SHA256"
 
 static int FIPS_conditional_error_check = 1;
-static int FIPS_state = FIPS_STATE_INIT;
 static CRYPTO_RWLOCK *self_test_lock = NULL;
 static CRYPTO_RWLOCK *fips_state_lock = NULL;
 static unsigned char fixed_key[32] = { FIPS_KEY_ELEMENTS };
@@ -64,19 +63,22 @@ DEFINE_RUN_ONCE_STATIC(do_fips_self_test_init)
     return self_test_lock != NULL;
 }
 
-#define DEP_DECLARE()                                                          \
-void init(void);                                                               \
-void cleanup(void);
+/*
+ * Declarations for the DEP entry/exit points.
+ * Ones not required or incorrect need to be undefined or redefined respectively.
+ */
+#define DEP_INITIAL_STATE   FIPS_STATE_INIT
+#define DEP_INIT_ATTRIBUTE  static
+#define DEP_FINI_ATTRIBUTE  static
+
+#if !defined(__GNUC__)
+static void init(void);
+static void cleanup(void);
+#endif
 
 /*
- * This is the Default Entry Point (DEP) code. Every platform must have a DEP.
+ * This is the Default Entry Point (DEP) code.
  * See FIPS 140-2 IG 9.10
- *
- * If we're run on a platform where we don't know how to define the DEP then
- * the self-tests will never get triggered (FIPS_state never moves to
- * FIPS_STATE_SELFTEST). This will be detected as an error when SELF_TEST_post()
- * is called from OSSL_provider_init(), and so the fips module will be unusable
- * on those platforms.
  */
 #if defined(_WIN32) || defined(__CYGWIN__)
 # ifdef __CYGWIN__
@@ -88,9 +90,6 @@ void cleanup(void);
  */
 # endif
 
-DEP_DECLARE()
-# define DEP_INIT_ATTRIBUTE
-# define DEP_FINI_ATTRIBUTE
 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
 {
@@ -107,30 +106,20 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
     return TRUE;
 }
 #elif defined(__sun) || defined(_AIX)
-
-DEP_DECLARE() /* must be declared before pragma */
-# define DEP_INIT_ATTRIBUTE
-# define DEP_FINI_ATTRIBUTE
 # pragma init(init)
 # pragma fini(cleanup)
 
 #elif defined(__hpux)
-
-DEP_DECLARE()
-# define DEP_INIT_ATTRIBUTE
-# define DEP_FINI_ATTRIBUTE
 # pragma init "init"
 # pragma fini "cleanup"
 
 #elif defined(__GNUC__)
+# undef DEP_INIT_ATTRIBUTE
+# undef DEP_FINI_ATTRIBUTE
 # define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
 # define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
 
 #elif defined(__TANDEM)
-DEP_DECLARE() /* must be declared before calling init() or cleanup() */
-# define DEP_INIT_ATTRIBUTE
-# define DEP_FINI_ATTRIBUTE
-
 /* Method automatically called by the NonStop OS when the DLL loads */
 void __INIT__init(void) {
     init();
@@ -141,14 +130,28 @@ void __TERM__cleanup(void) {
     cleanup();
 }
 
+#else
+/*
+ * This build does not support any kind of DEP.
+ * We force the self-tests to run as part of the FIPS provider initialisation
+ * rather than being triggered by the DEP.
+ */
+# undef DEP_INIT_ATTRIBUTE
+# undef DEP_FINI_ATTRIBUTE
+# undef DEP_INITIAL_STATE
+# define DEP_INITIAL_STATE  FIPS_STATE_SELFTEST
 #endif
 
-#if defined(DEP_INIT_ATTRIBUTE) && defined(DEP_FINI_ATTRIBUTE)
+static int FIPS_state = DEP_INITIAL_STATE;
+
+#if defined(DEP_INIT_ATTRIBUTE)
 DEP_INIT_ATTRIBUTE void init(void)
 {
     FIPS_state = FIPS_STATE_SELFTEST;
 }
+#endif
 
+#if defined(DEP_FINI_ATTRIBUTE)
 DEP_FINI_ATTRIBUTE void cleanup(void)
 {
     CRYPTO_THREAD_lock_free(self_test_lock);

From pauli at openssl.org  Mon May 24 00:12:56 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Mon, 24 May 2021 00:12:56 +0000
Subject: [openssl]  master update
Message-ID: <1621815176.064080.24969.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7c14d0c1c0ece97f7406b4df466df6439146d6c6 (commit)
      from  c45df3302d20291ff1125f1aeb82fae1cdceaac8 (commit)


- Log -----------------------------------------------------------------
commit 7c14d0c1c0ece97f7406b4df466df6439146d6c6
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Fri May 14 13:08:42 2021 +1000

    Rename the field 'provctx and data' to 'algctx' inside some objects containing
    pointers to provider size algorithm contexts.
    
    Fixes #14284
    
    The gettable_ctx_params methods were confusingly passing a 'provctx' and
    a provider context which are completely different objects.
    Some objects such as EVP_KDF used 'data' while others such as EVP_MD used 'provctx'.
    
    For libcrypto this 'ctx' is an opaque ptr returned when a providers algorithm
    implementation creates an internal context using a new_ctx() method.
    Hence the new name 'algctx'.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15275)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/asymcipher.c            |  16 ++---
 crypto/evp/ctrl_params_translate.c |   8 +--
 crypto/evp/digest.c                |  84 ++++++++++++-------------
 crypto/evp/evp_enc.c               |  78 ++++++++++++------------
 crypto/evp/evp_lib.c               |  26 ++++----
 crypto/evp/evp_local.h             |  34 ++++++++---
 crypto/evp/evp_rand.c              |  38 ++++++------
 crypto/evp/evp_utils.c             |   6 +-
 crypto/evp/exchange.c              |  14 ++---
 crypto/evp/kdf_lib.c               |  24 ++++----
 crypto/evp/kdf_meth.c              |   4 +-
 crypto/evp/kem.c                   |  16 ++---
 crypto/evp/m_sigver.c              |  38 ++++++------
 crypto/evp/mac_lib.c               |  28 ++++-----
 crypto/evp/mac_meth.c              |   4 +-
 crypto/evp/pmeth_lib.c             | 122 ++++++++++++++++++-------------------
 crypto/evp/signature.c             |  26 ++++----
 include/crypto/evp.h               |  24 ++++++--
 test/drbgtest.c                    |   2 +-
 test/testutil/fake_random.c        |   4 +-
 20 files changed, 314 insertions(+), 282 deletions(-)

diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c
index 1acbe81b68..513cb7e654 100644
--- a/crypto/evp/asymcipher.c
+++ b/crypto/evp/asymcipher.c
@@ -99,8 +99,8 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
     /* No more legacy from here down to legacy: */
 
     ctx->op.ciph.cipher = cipher;
-    ctx->op.ciph.ciphprovctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
-    if (ctx->op.ciph.ciphprovctx == NULL) {
+    ctx->op.ciph.algctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
+    if (ctx->op.ciph.algctx == NULL) {
         /* The provider key can stay in the cache */
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
         goto err;
@@ -113,7 +113,7 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
             ret = -2;
             goto err;
         }
-        ret = cipher->encrypt_init(ctx->op.ciph.ciphprovctx, provkey, params);
+        ret = cipher->encrypt_init(ctx->op.ciph.algctx, provkey, params);
         break;
     case EVP_PKEY_OP_DECRYPT:
         if (cipher->decrypt_init == NULL) {
@@ -121,7 +121,7 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
             ret = -2;
             goto err;
         }
-        ret = cipher->decrypt_init(ctx->op.ciph.ciphprovctx, provkey, params);
+        ret = cipher->decrypt_init(ctx->op.ciph.algctx, provkey, params);
         break;
     default:
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -194,10 +194,10 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
         return -1;
     }
 
-    if (ctx->op.ciph.ciphprovctx == NULL)
+    if (ctx->op.ciph.algctx == NULL)
         goto legacy;
 
-    ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.ciphprovctx, out, outlen,
+    ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.algctx, out, outlen,
                                        (out == NULL ? 0 : *outlen), in, inlen);
     return ret;
 
@@ -236,10 +236,10 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
         return -1;
     }
 
-    if (ctx->op.ciph.ciphprovctx == NULL)
+    if (ctx->op.ciph.algctx == NULL)
         goto legacy;
 
-    ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.ciphprovctx, out, outlen,
+    ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.algctx, out, outlen,
                                        (out == NULL ? 0 : *outlen), in, inlen);
     return ret;
 
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index f47209ae83..216305b952 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -419,13 +419,13 @@ static int default_fixup_args(enum state state,
 
         if (translation->optype != 0) {
             if ((EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
-                 && ctx->pctx->op.sig.sigprovctx == NULL)
+                 && ctx->pctx->op.sig.algctx == NULL)
                 || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx->pctx)
-                    && ctx->pctx->op.kex.exchprovctx == NULL)
+                    && ctx->pctx->op.kex.algctx == NULL)
                 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx->pctx)
-                    && ctx->pctx->op.ciph.ciphprovctx == NULL)
+                    && ctx->pctx->op.ciph.algctx == NULL)
                 || (EVP_PKEY_CTX_IS_KEM_OP(ctx->pctx)
-                    && ctx->pctx->op.encap.kemprovctx == NULL)
+                    && ctx->pctx->op.encap.algctx == NULL)
                 /*
                  * The following may be unnecessary, but we have them
                  * for good measure...
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 25ce609854..b202d466e4 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -26,10 +26,10 @@
 
 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force)
 {
-    if (ctx->provctx != NULL) {
+    if (ctx->algctx != NULL) {
         if (ctx->digest != NULL && ctx->digest->freectx != NULL)
-            ctx->digest->freectx(ctx->provctx);
-        ctx->provctx = NULL;
+            ctx->digest->freectx(ctx->algctx);
+        ctx->algctx = NULL;
         EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
     }
 
@@ -132,7 +132,7 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
 #if !defined(FIPS_MODULE)
     if (ctx->pctx != NULL
             && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
-            && ctx->pctx->op.sig.sigprovctx != NULL) {
+            && ctx->pctx->op.sig.algctx != NULL) {
         /*
          * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx
          * previously initialised with EVP_DigestSignInit() would retain
@@ -150,14 +150,14 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
 
     EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
 
-    if (ctx->provctx != NULL) {
+    if (ctx->algctx != NULL) {
         if (!ossl_assert(ctx->digest != NULL)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
             return 0;
         }
         if (ctx->digest->freectx != NULL)
-            ctx->digest->freectx(ctx->provctx);
-        ctx->provctx = NULL;
+            ctx->digest->freectx(ctx->algctx);
+        ctx->algctx = NULL;
     }
 
     if (type != NULL) {
@@ -238,10 +238,10 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
 #endif
     }
 
-    if (ctx->provctx != NULL && ctx->digest != NULL && ctx->digest != type) {
+    if (ctx->algctx != NULL && ctx->digest != NULL && ctx->digest != type) {
         if (ctx->digest->freectx != NULL)
-            ctx->digest->freectx(ctx->provctx);
-        ctx->provctx = NULL;
+            ctx->digest->freectx(ctx->algctx);
+        ctx->algctx = NULL;
     }
     if (type->prov != NULL && ctx->fetched_digest != type) {
         if (!EVP_MD_up_ref((EVP_MD *)type)) {
@@ -252,9 +252,9 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
         ctx->fetched_digest = (EVP_MD *)type;
     }
     ctx->digest = type;
-    if (ctx->provctx == NULL) {
-        ctx->provctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
-        if (ctx->provctx == NULL) {
+    if (ctx->algctx == NULL) {
+        ctx->algctx = ctx->digest->newctx(ossl_provider_ctx(type->prov));
+        if (ctx->algctx == NULL) {
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
             return 0;
         }
@@ -265,7 +265,7 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
         return 0;
     }
 
-    return ctx->digest->dinit(ctx->provctx, params);
+    return ctx->digest->dinit(ctx->algctx, params);
 
     /* Code below to be removed when legacy support is dropped. */
  legacy:
@@ -359,7 +359,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 
     if (ctx->pctx != NULL
             && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
-            && ctx->pctx->op.sig.sigprovctx != NULL) {
+            && ctx->pctx->op.sig.algctx != NULL) {
         /*
          * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
          * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
@@ -385,7 +385,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
         return 0;
     }
-    return ctx->digest->dupdate(ctx->provctx, data, count);
+    return ctx->digest->dupdate(ctx->algctx, data, count);
 
     /* Code below to be removed when legacy support is dropped. */
  legacy:
@@ -423,7 +423,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
         return 0;
     }
 
-    ret = ctx->digest->dfinal(ctx->provctx, md, &size, mdsize);
+    ret = ctx->digest->dfinal(ctx->algctx, md, &size, mdsize);
 
     if (isize != NULL) {
         if (size <= UINT_MAX) {
@@ -473,7 +473,7 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
     params[i++] = OSSL_PARAM_construct_end();
 
     if (EVP_MD_CTX_set_params(ctx, params) > 0)
-        ret = ctx->digest->dfinal(ctx->provctx, md, &size, size);
+        ret = ctx->digest->dfinal(ctx->algctx, md, &size, size);
 
     return ret;
 
@@ -524,14 +524,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
     *out = *in;
     /* NULL out pointers in case of error */
     out->pctx = NULL;
-    out->provctx = NULL;
+    out->algctx = NULL;
 
     if (in->fetched_digest != NULL)
         EVP_MD_up_ref(in->fetched_digest);
 
-    if (in->provctx != NULL) {
-        out->provctx = in->digest->dupctx(in->provctx);
-        if (out->provctx == NULL) {
+    if (in->algctx != NULL) {
+        out->algctx = in->digest->dupctx(in->algctx);
+        if (out->algctx == NULL) {
             ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
             return 0;
         }
@@ -666,24 +666,24 @@ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
     if (pctx != NULL
             && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
                 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-            && pctx->op.sig.sigprovctx != NULL
+            && pctx->op.sig.algctx != NULL
             && pctx->op.sig.signature->set_ctx_md_params != NULL)
-        return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.sigprovctx,
+        return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.algctx,
                                                          params);
 
     if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL)
-        return ctx->digest->set_ctx_params(ctx->provctx, params);
+        return ctx->digest->set_ctx_params(ctx->algctx, params);
 
     return 0;
 }
 
 const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md)
 {
-    void *alg;
+    void *provctx;
 
     if (md != NULL && md->settable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_MD_provider(md));
-        return md->settable_ctx_params(NULL, alg);
+        provctx = ossl_provider_ctx(EVP_MD_provider(md));
+        return md->settable_ctx_params(NULL, provctx);
     }
     return NULL;
 }
@@ -701,14 +701,14 @@ const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx)
     if (pctx != NULL
             && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
                 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-            && pctx->op.sig.sigprovctx != NULL
+            && pctx->op.sig.algctx != NULL
             && pctx->op.sig.signature->settable_ctx_md_params != NULL)
         return pctx->op.sig.signature->settable_ctx_md_params(
-                   pctx->op.sig.sigprovctx);
+                   pctx->op.sig.algctx);
 
     if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) {
         alg = ossl_provider_ctx(EVP_MD_provider(ctx->digest));
-        return ctx->digest->settable_ctx_params(ctx->provctx, alg);
+        return ctx->digest->settable_ctx_params(ctx->algctx, alg);
     }
 
     return NULL;
@@ -722,24 +722,24 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
     if (pctx != NULL
             && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
                 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-            && pctx->op.sig.sigprovctx != NULL
+            && pctx->op.sig.algctx != NULL
             && pctx->op.sig.signature->get_ctx_md_params != NULL)
-        return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.sigprovctx,
+        return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx,
                                                          params);
 
     if (ctx->digest != NULL && ctx->digest->get_params != NULL)
-        return ctx->digest->get_ctx_params(ctx->provctx, params);
+        return ctx->digest->get_ctx_params(ctx->algctx, params);
 
     return 0;
 }
 
 const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
 {
-    void *alg;
+    void *provctx;
 
     if (md != NULL && md->gettable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_MD_provider(md));
-        return md->gettable_ctx_params(NULL, alg);
+        provctx = ossl_provider_ctx(EVP_MD_provider(md));
+        return md->gettable_ctx_params(NULL, provctx);
     }
     return NULL;
 }
@@ -747,7 +747,7 @@ const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md)
 const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
 {
     EVP_PKEY_CTX *pctx;
-    void *alg;
+    void *provctx;
 
     if (ctx == NULL)
         return NULL;
@@ -757,14 +757,14 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
     if (pctx != NULL
             && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
                 || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-            && pctx->op.sig.sigprovctx != NULL
+            && pctx->op.sig.algctx != NULL
             && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
         return pctx->op.sig.signature->gettable_ctx_md_params(
-                    pctx->op.sig.sigprovctx);
+                    pctx->op.sig.algctx);
 
     if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_MD_provider(ctx->digest));
-        return ctx->digest->gettable_ctx_params(ctx->provctx, alg);
+        provctx = ossl_provider_ctx(EVP_MD_provider(ctx->digest));
+        return ctx->digest->gettable_ctx_params(ctx->algctx, provctx);
     }
     return NULL;
 }
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 50e1c3452b..143ae1b076 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -33,10 +33,10 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
     if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
         goto legacy;
 
-    if (ctx->provctx != NULL) {
+    if (ctx->algctx != NULL) {
         if (ctx->cipher->freectx != NULL)
-            ctx->cipher->freectx(ctx->provctx);
-        ctx->provctx = NULL;
+            ctx->cipher->freectx(ctx->algctx);
+        ctx->algctx = NULL;
     }
     if (ctx->fetched_cipher != NULL)
         EVP_CIPHER_free(ctx->fetched_cipher);
@@ -190,9 +190,9 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
         ctx->fetched_cipher = (EVP_CIPHER *)cipher;
     }
     ctx->cipher = cipher;
-    if (ctx->provctx == NULL) {
-        ctx->provctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov));
-        if (ctx->provctx == NULL) {
+    if (ctx->algctx == NULL) {
+        ctx->algctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov));
+        if (ctx->algctx == NULL) {
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
             return 0;
         }
@@ -213,7 +213,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
             return 0;
         }
 
-        return ctx->cipher->einit(ctx->provctx,
+        return ctx->cipher->einit(ctx->algctx,
                                   key,
                                   key == NULL ? 0
                                               : EVP_CIPHER_CTX_key_length(ctx),
@@ -228,7 +228,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
         return 0;
     }
 
-    return ctx->cipher->dinit(ctx->provctx,
+    return ctx->cipher->dinit(ctx->algctx,
                               key,
                               key == NULL ? 0
                                           : EVP_CIPHER_CTX_key_length(ctx),
@@ -620,7 +620,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
         return 0;
     }
-    ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl,
+    ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
                                inl + (blocksize == 1 ? 0 : blocksize), in,
                                (size_t)inl);
 
@@ -681,7 +681,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         return 0;
     }
 
-    ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl,
+    ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
                               blocksize == 1 ? 0 : blocksize);
 
     if (ret) {
@@ -767,7 +767,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
         return 0;
     }
-    ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl,
+    ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
                                inl + (blocksize == 1 ? 0 : blocksize), in,
                                (size_t)inl);
 
@@ -903,7 +903,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         return 0;
     }
 
-    ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl,
+    ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
                               blocksize == 1 ? 0 : blocksize);
 
     if (ret) {
@@ -985,7 +985,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
             return 0;
 
         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
-        ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params);
+        ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
 
         return ok > 0 ? 1 : 0;
     }
@@ -1022,7 +1022,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
     if (ctx->cipher != NULL && ctx->cipher->prov == NULL)
         return 1;
     params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd);
-    ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+    ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
 
     return ok != 0;
 }
@@ -1115,12 +1115,12 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
         params[0] =
             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
                                               ptr, sz);
-        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             goto end;
         params[0] =
             OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz);
-        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             goto end;
         return sz;
@@ -1135,14 +1135,14 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
     case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
         params[0] = OSSL_PARAM_construct_size_t(
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz);
-        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             return 0;
 
         params[0] = OSSL_PARAM_construct_size_t(
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz);
         params[1] = OSSL_PARAM_construct_end();
-        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             return 0;
         return sz;
@@ -1157,7 +1157,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len);
         params[1] = OSSL_PARAM_construct_uint(
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
-        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             return ret;
         /* Retrieve the return values changed by the set */
@@ -1166,7 +1166,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
         params[1] = OSSL_PARAM_construct_uint(
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
         params[2] = OSSL_PARAM_construct_end();
-        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             return 0;
         return sz;
@@ -1183,13 +1183,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
                 p->len);
         params[2] = OSSL_PARAM_construct_uint(
                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
-        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             return ret;
         params[0] = OSSL_PARAM_construct_size_t(
                         OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz);
         params[1] = OSSL_PARAM_construct_end();
-        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
         if (ret <= 0)
             return 0;
         return sz;
@@ -1204,9 +1204,9 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
     }
 
     if (set_params)
-        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
     else
-        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
     goto end;
 
     /* Code below to be removed when legacy support is dropped. */
@@ -1236,14 +1236,14 @@ int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
 {
     if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL)
-        return ctx->cipher->set_ctx_params(ctx->provctx, params);
+        return ctx->cipher->set_ctx_params(ctx->algctx, params);
     return 0;
 }
 
 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
 {
     if (ctx->cipher != NULL && ctx->cipher->get_ctx_params != NULL)
-        return ctx->cipher->get_ctx_params(ctx->provctx, params);
+        return ctx->cipher->get_ctx_params(ctx->algctx, params);
     return 0;
 }
 
@@ -1257,22 +1257,22 @@ const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher)
 
 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher)
 {
-    void *alg;
+    void *provctx;
 
     if (cipher != NULL && cipher->settable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_CIPHER_provider(cipher));
-        return cipher->settable_ctx_params(NULL, alg);
+        provctx = ossl_provider_ctx(EVP_CIPHER_provider(cipher));
+        return cipher->settable_ctx_params(NULL, provctx);
     }
     return NULL;
 }
 
 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher)
 {
-    void *alg;
+    void *provctx;
 
     if (cipher != NULL && cipher->gettable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_CIPHER_provider(cipher));
-        return cipher->gettable_ctx_params(NULL, alg);
+        provctx = ossl_provider_ctx(EVP_CIPHER_provider(cipher));
+        return cipher->gettable_ctx_params(NULL, provctx);
     }
     return NULL;
 }
@@ -1283,18 +1283,18 @@ const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *cctx)
 
     if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) {
         alg = ossl_provider_ctx(EVP_CIPHER_provider(cctx->cipher));
-        return cctx->cipher->settable_ctx_params(cctx->provctx, alg);
+        return cctx->cipher->settable_ctx_params(cctx->algctx, alg);
     }
     return NULL;
 }
 
 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *cctx)
 {
-    void *alg;
+    void *provctx;
 
     if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_CIPHER_provider(cctx->cipher));
-        return cctx->cipher->gettable_ctx_params(cctx->provctx, alg);
+        provctx = ossl_provider_ctx(EVP_CIPHER_provider(cctx->cipher));
+        return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx);
     }
     return NULL;
 }
@@ -1351,15 +1351,15 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
     EVP_CIPHER_CTX_reset(out);
 
     *out = *in;
-    out->provctx = NULL;
+    out->algctx = NULL;
 
     if (in->fetched_cipher != NULL && !EVP_CIPHER_up_ref(in->fetched_cipher)) {
         out->fetched_cipher = NULL;
         return 0;
     }
 
-    out->provctx = in->cipher->dupctx(in->provctx);
-    if (out->provctx == NULL) {
+    out->algctx = in->cipher->dupctx(in->algctx);
+    if (out->algctx == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
         return 0;
     }
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 7d40113790..adae97b8f5 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -412,16 +412,16 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         size_t blocksize = EVP_CIPHER_CTX_block_size(ctx);
 
         if (ctx->cipher->ccipher != NULL)
-            ret =  ctx->cipher->ccipher(ctx->provctx, out, &outl,
+            ret =  ctx->cipher->ccipher(ctx->algctx, out, &outl,
                                         inl + (blocksize == 1 ? 0 : blocksize),
                                         in, (size_t)inl)
                 ? (int)outl : -1;
         else if (in != NULL)
-            ret = ctx->cipher->cupdate(ctx->provctx, out, &outl,
+            ret = ctx->cipher->cupdate(ctx->algctx, out, &outl,
                                        inl + (blocksize == 1 ? 0 : blocksize),
                                        in, (size_t)inl);
         else
-            ret = ctx->cipher->cfinal(ctx->provctx, out, &outl,
+            ret = ctx->cipher->cfinal(ctx->algctx, out, &outl,
                                       blocksize == 1 ? 0 : blocksize);
 
         return ret;
@@ -505,7 +505,7 @@ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
-    rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
     if (rv == EVP_CTRL_RET_UNSUPPORTED)
         goto legacy;
     return rv != 0 ? (int)v : -1;
@@ -526,7 +526,7 @@ int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, &v);
-    ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
     return ret == 1 ? (int)v : 0;
 }
 
@@ -540,7 +540,7 @@ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
     params[0] =
         OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV,
                                        (void **)&v, sizeof(ctx->oiv));
-    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
 
     return ok != 0 ? v : NULL;
 }
@@ -557,7 +557,7 @@ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
     params[0] =
         OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
                                        (void **)&v, sizeof(ctx->iv));
-    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
 
     return ok != 0 ? v : NULL;
 }
@@ -571,7 +571,7 @@ unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
     params[0] =
         OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV,
                                        (void **)&v, sizeof(ctx->iv));
-    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
 
     return ok != 0 ? v : NULL;
 }
@@ -583,7 +583,7 @@ int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
 
     params[0] =
         OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf, len);
-    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
 }
 
 int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
@@ -592,7 +592,7 @@ int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
 
     params[0] =
         OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len);
-    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
 }
 
 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
@@ -607,7 +607,7 @@ int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v);
-    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
 
     return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
@@ -619,7 +619,7 @@ int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n);
-    ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+    ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
 
     if (ok != 0)
         ctx->num = (int)n;
@@ -638,7 +638,7 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v);
-    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
 
     return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index 1490f0df4f..a0f363805c 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -7,8 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* EVP_MD_CTX related stuff */
-
 #include <openssl/core_dispatch.h>
 #include "internal/refcount.h"
 
@@ -27,8 +25,11 @@ struct evp_md_ctx_st {
     /* Update function: usually copied from EVP_MD */
     int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
 
-    /* Provider ctx */
-    void *provctx;
+    /*
+     * Opaque ctx returned from a providers digest algorithm implementation
+     * OSSL_FUNC_digest_newctx()
+     */
+    void *algctx;
     EVP_MD *fetched_digest;
 } /* EVP_MD_CTX */ ;
 
@@ -51,24 +52,39 @@ struct evp_cipher_ctx_st {
     int block_mask;
     unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
 
-    /* Provider ctx */
-    void *provctx;
+    /*
+     * Opaque ctx returned from a providers cipher algorithm implementation
+     * OSSL_FUNC_cipher_newctx()
+     */
+    void *algctx;
     EVP_CIPHER *fetched_cipher;
 } /* EVP_CIPHER_CTX */ ;
 
 struct evp_mac_ctx_st {
     EVP_MAC *meth;               /* Method structure */
-    void *data;                  /* Individual method data */
+    /*
+     * Opaque ctx returned from a providers MAC algorithm implementation
+     * OSSL_FUNC_mac_newctx()
+     */
+    void *algctx;
 } /* EVP_MAC_CTX */;
 
 struct evp_kdf_ctx_st {
     EVP_KDF *meth;              /* Method structure */
-    void *data;                 /* Algorithm-specific data */
+    /*
+     * Opaque ctx returned from a providers KDF algorithm implementation
+     * OSSL_FUNC_kdf_newctx()
+     */
+    void *algctx;
 } /* EVP_KDF_CTX */ ;
 
 struct evp_rand_ctx_st {
     EVP_RAND *meth;             /* Method structure */
-    void *data;                 /* Algorithm-specific data */
+    /*
+     * Opaque ctx returned from a providers rand algorithm implementation
+     * OSSL_FUNC_rand_newctx()
+     */
+    void *algctx;
     EVP_RAND_CTX *parent;       /* Parent EVP_RAND or NULL if none */
     CRYPTO_REF_COUNT refcnt;    /* Context reference count */
     CRYPTO_RWLOCK *refcnt_lock;
diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index 5cd6588fa8..c886d9a563 100644
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -97,7 +97,7 @@ static void *evp_rand_new(void)
 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
 {
     if (rand->meth->enable_locking != NULL)
-        return rand->meth->enable_locking(rand->data);
+        return rand->meth->enable_locking(rand->algctx);
     ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED);
     return 0;
 }
@@ -106,7 +106,7 @@ int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
 static int evp_rand_lock(EVP_RAND_CTX *rand)
 {
     if (rand->meth->lock != NULL)
-        return rand->meth->lock(rand->data);
+        return rand->meth->lock(rand->algctx);
     return 1;
 }
 
@@ -114,7 +114,7 @@ static int evp_rand_lock(EVP_RAND_CTX *rand)
 static void evp_rand_unlock(EVP_RAND_CTX *rand)
 {
     if (rand->meth->unlock != NULL)
-        rand->meth->unlock(rand->data);
+        rand->meth->unlock(rand->algctx);
 }
 
 static void *evp_rand_from_algorithm(int name_id,
@@ -356,14 +356,14 @@ EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
             OPENSSL_free(ctx);
             return NULL;
         }
-        parent_ctx = parent->data;
+        parent_ctx = parent->algctx;
         parent_dispatch = parent->meth->dispatch;
     }
-    if ((ctx->data = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
-                                  parent_dispatch)) == NULL
+    if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
+                                    parent_dispatch)) == NULL
             || !EVP_RAND_up_ref(rand)) {
         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
-        rand->freectx(ctx->data);
+        rand->freectx(ctx->algctx);
         CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
         OPENSSL_free(ctx);
         EVP_RAND_CTX_free(parent);
@@ -387,8 +387,8 @@ void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
     if (ref > 0)
         return;
     parent = ctx->parent;
-    ctx->meth->freectx(ctx->data);
-    ctx->data = NULL;
+    ctx->meth->freectx(ctx->algctx);
+    ctx->algctx = NULL;
     EVP_RAND_free(ctx->meth);
     CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
     OPENSSL_free(ctx);
@@ -403,7 +403,7 @@ EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx)
 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx,
                                           OSSL_PARAM params[])
 {
-    return ctx->meth->get_ctx_params(ctx->data, params);
+    return ctx->meth->get_ctx_params(ctx->algctx, params);
 }
 
 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
@@ -421,7 +421,7 @@ static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx,
                                           const OSSL_PARAM params[])
 {
     if (ctx->meth->set_ctx_params != NULL)
-        return ctx->meth->set_ctx_params(ctx->data, params);
+        return ctx->meth->set_ctx_params(ctx->algctx, params);
     return 1;
 }
 
@@ -470,7 +470,7 @@ const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx)
     if (ctx->meth->gettable_ctx_params == NULL)
         return NULL;
     provctx = ossl_provider_ctx(EVP_RAND_provider(ctx->meth));
-    return ctx->meth->gettable_ctx_params(ctx->data, provctx);
+    return ctx->meth->gettable_ctx_params(ctx->algctx, provctx);
 }
 
 const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx)
@@ -480,7 +480,7 @@ const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx)
     if (ctx->meth->settable_ctx_params == NULL)
         return NULL;
     provctx = ossl_provider_ctx(EVP_RAND_provider(ctx->meth));
-    return ctx->meth->settable_ctx_params(ctx->data, provctx);
+    return ctx->meth->settable_ctx_params(ctx->algctx, provctx);
 }
 
 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
@@ -506,7 +506,7 @@ static int evp_rand_instantiate_locked
     (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance,
      const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[])
 {
-    return ctx->meth->instantiate(ctx->data, strength, prediction_resistance,
+    return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance,
                                   pstr, pstr_len, params);
 }
 
@@ -527,7 +527,7 @@ int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
 
 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx)
 {
-    return ctx->meth->uninstantiate(ctx->data);
+    return ctx->meth->uninstantiate(ctx->algctx);
 }
 
 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
@@ -559,7 +559,7 @@ static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
     }
     for (; outlen > 0; outlen -= chunk, out += chunk) {
         chunk = outlen > max_request ? max_request : outlen;
-        if (!ctx->meth->generate(ctx->data, out, chunk, strength,
+        if (!ctx->meth->generate(ctx->algctx, out, chunk, strength,
                                  prediction_resistance, addin, addin_len)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR);
             return 0;
@@ -592,7 +592,7 @@ static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance,
                                   const unsigned char *addin, size_t addin_len)
 {
     if (ctx->meth->reseed != NULL)
-        return ctx->meth->reseed(ctx->data, prediction_resistance,
+        return ctx->meth->reseed(ctx->algctx, prediction_resistance,
                                  ent, ent_len, addin, addin_len);
     return 1;
 }
@@ -640,7 +640,7 @@ static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
 
     if (ctx->meth->nonce == NULL)
         return 0;
-    if (ctx->meth->nonce(ctx->data, out, str, outlen, outlen))
+    if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
         return 1;
     return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
 }
@@ -670,7 +670,7 @@ int EVP_RAND_state(EVP_RAND_CTX *ctx)
 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx)
 {
     if (ctx->meth->verify_zeroization != NULL)
-        return ctx->meth->verify_zeroization(ctx->data);
+        return ctx->meth->verify_zeroization(ctx->algctx);
     return 0;
 }
 
diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c
index ad37698657..3cc17921f8 100644
--- a/crypto/evp/evp_utils.c
+++ b/crypto/evp/evp_utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,10 +42,10 @@ int name (const type *obj, OSSL_PARAM params[])                                \
 }
 
 #define PARAM_CTX_FUNC(name, func, type, err)                                  \
-int name (const type *obj, void *provctx, OSSL_PARAM params[])                 \
+int name (const type *obj, void *algctx, OSSL_PARAM params[])                  \
 {                                                                              \
     PARAM_CHECK(obj, func, err)                                                \
-    return obj->func(provctx, params);                                         \
+    return obj->func(algctx, params);                                          \
 }
 
 #define PARAM_FUNCTIONS(type,                                                  \
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index 0ff5d8848c..fb5521681a 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -284,13 +284,13 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
     /* No more legacy from here down to legacy: */
 
     ctx->op.kex.exchange = exchange;
-    ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
-    if (ctx->op.kex.exchprovctx == NULL) {
+    ctx->op.kex.algctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
+    if (ctx->op.kex.algctx == NULL) {
         /* The provider key can stay in the cache */
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
         goto err;
     }
-    ret = exchange->init(ctx->op.kex.exchprovctx, provkey, params);
+    ret = exchange->init(ctx->op.kex.algctx, provkey, params);
 
     return ret ? 1 : 0;
  err:
@@ -335,7 +335,7 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
         return -1;
     }
 
-    if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.exchprovctx == NULL)
+    if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.algctx == NULL)
         goto legacy;
 
     if (ctx->op.kex.exchange->set_peer == NULL) {
@@ -361,7 +361,7 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
      */
     if (provkey == NULL)
         goto legacy;
-    return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey);
+    return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
 
  legacy:
 #ifdef FIPS_MODULE
@@ -447,10 +447,10 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
         return -1;
     }
 
-    if (ctx->op.kex.exchprovctx == NULL)
+    if (ctx->op.kex.algctx == NULL)
         goto legacy;
 
-    ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen,
+    ret = ctx->op.kex.exchange->derive(ctx->op.kex.algctx, key, pkeylen,
                                        key != NULL ? *pkeylen : 0);
 
     return ret;
diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index 8b2dc71996..55f5c50ab5 100644
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -32,11 +32,11 @@ EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf)
 
     ctx = OPENSSL_zalloc(sizeof(EVP_KDF_CTX));
     if (ctx == NULL
-        || (ctx->data = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL
+        || (ctx->algctx = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL
         || !EVP_KDF_up_ref(kdf)) {
         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
         if (ctx != NULL)
-            kdf->freectx(ctx->data);
+            kdf->freectx(ctx->algctx);
         OPENSSL_free(ctx);
         ctx = NULL;
     } else {
@@ -49,8 +49,8 @@ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx)
 {
     if (ctx == NULL)
         return;
-    ctx->meth->freectx(ctx->data);
-    ctx->data = NULL;
+    ctx->meth->freectx(ctx->algctx);
+    ctx->algctx = NULL;
     EVP_KDF_free(ctx->meth);
     OPENSSL_free(ctx);
 }
@@ -59,7 +59,7 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src)
 {
     EVP_KDF_CTX *dst;
 
-    if (src == NULL || src->data == NULL || src->meth->dupctx == NULL)
+    if (src == NULL || src->algctx == NULL || src->meth->dupctx == NULL)
         return NULL;
 
     dst = OPENSSL_malloc(sizeof(*dst));
@@ -75,8 +75,8 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src)
         return NULL;
     }
 
-    dst->data = src->meth->dupctx(src->data);
-    if (dst->data == NULL) {
+    dst->algctx = src->meth->dupctx(src->algctx);
+    if (dst->algctx == NULL) {
         EVP_KDF_CTX_free(dst);
         return NULL;
     }
@@ -119,7 +119,7 @@ void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx)
         return;
 
     if (ctx->meth->reset != NULL)
-        ctx->meth->reset(ctx->data);
+        ctx->meth->reset(ctx->algctx);
 }
 
 size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx)
@@ -132,7 +132,7 @@ size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx)
 
     *params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s);
     if (ctx->meth->get_ctx_params != NULL
-        && ctx->meth->get_ctx_params(ctx->data, params))
+        && ctx->meth->get_ctx_params(ctx->algctx, params))
             return s;
     if (ctx->meth->get_params != NULL
         && ctx->meth->get_params(params))
@@ -146,7 +146,7 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
     if (ctx == NULL)
         return 0;
 
-    return ctx->meth->derive(ctx->data, key, keylen, params);
+    return ctx->meth->derive(ctx->algctx, key, keylen, params);
 }
 
 /*
@@ -165,14 +165,14 @@ int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[])
 int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[])
 {
     if (ctx->meth->get_ctx_params != NULL)
-        return ctx->meth->get_ctx_params(ctx->data, params);
+        return ctx->meth->get_ctx_params(ctx->algctx, params);
     return 1;
 }
 
 int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[])
 {
     if (ctx->meth->set_ctx_params != NULL)
-        return ctx->meth->set_ctx_params(ctx->data, params);
+        return ctx->meth->set_ctx_params(ctx->algctx, params);
     return 1;
 }
 
diff --git a/crypto/evp/kdf_meth.c b/crypto/evp/kdf_meth.c
index 0c6defa0f2..9cf0ca125b 100644
--- a/crypto/evp/kdf_meth.c
+++ b/crypto/evp/kdf_meth.c
@@ -209,7 +209,7 @@ const OSSL_PARAM *EVP_KDF_CTX_gettable_params(EVP_KDF_CTX *ctx)
     if (ctx->meth->gettable_ctx_params == NULL)
         return NULL;
     alg = ossl_provider_ctx(EVP_KDF_provider(ctx->meth));
-    return ctx->meth->gettable_ctx_params(ctx->data, alg);
+    return ctx->meth->gettable_ctx_params(ctx->algctx, alg);
 }
 
 const OSSL_PARAM *EVP_KDF_CTX_settable_params(EVP_KDF_CTX *ctx)
@@ -219,7 +219,7 @@ const OSSL_PARAM *EVP_KDF_CTX_settable_params(EVP_KDF_CTX *ctx)
     if (ctx->meth->settable_ctx_params == NULL)
         return NULL;
     alg = ossl_provider_ctx(EVP_KDF_provider(ctx->meth));
-    return ctx->meth->settable_ctx_params(ctx->data, alg);
+    return ctx->meth->settable_ctx_params(ctx->algctx, alg);
 }
 
 void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx,
diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c
index 5ee9a43892..493eabf97b 100644
--- a/crypto/evp/kem.c
+++ b/crypto/evp/kem.c
@@ -67,8 +67,8 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
     }
 
     ctx->op.encap.kem = kem;
-    ctx->op.encap.kemprovctx = kem->newctx(ossl_provider_ctx(kem->prov));
-    if (ctx->op.encap.kemprovctx == NULL) {
+    ctx->op.encap.algctx = kem->newctx(ossl_provider_ctx(kem->prov));
+    if (ctx->op.encap.algctx == NULL) {
         /* The provider key can stay in the cache */
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
         goto err;
@@ -81,7 +81,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
             ret = -2;
             goto err;
         }
-        ret = kem->encapsulate_init(ctx->op.encap.kemprovctx, provkey, params);
+        ret = kem->encapsulate_init(ctx->op.encap.algctx, provkey, params);
         break;
     case EVP_PKEY_OP_DECAPSULATE:
         if (kem->decapsulate_init == NULL) {
@@ -89,7 +89,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
             ret = -2;
             goto err;
         }
-        ret = kem->decapsulate_init(ctx->op.encap.kemprovctx, provkey, params);
+        ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params);
         break;
     default:
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -123,7 +123,7 @@ int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
         return -1;
     }
 
-    if (ctx->op.encap.kemprovctx == NULL) {
+    if (ctx->op.encap.algctx == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return -2;
     }
@@ -131,7 +131,7 @@ int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
     if (out != NULL && secret == NULL)
         return 0;
 
-    return ctx->op.encap.kem->encapsulate(ctx->op.encap.kemprovctx,
+    return ctx->op.encap.kem->encapsulate(ctx->op.encap.algctx,
                                           out, outlen, secret, secretlen);
 }
 
@@ -154,11 +154,11 @@ int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
         return -1;
     }
 
-    if (ctx->op.encap.kemprovctx == NULL) {
+    if (ctx->op.encap.algctx == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return -2;
     }
-    return ctx->op.encap.kem->decapsulate(ctx->op.encap.kemprovctx,
+    return ctx->op.encap.kem->decapsulate(ctx->op.encap.algctx,
                                           secret, secretlen, in, inlen);
 }
 
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 17565554e0..296269a88e 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -51,14 +51,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     void *provkey = NULL;
     int ret;
 
-    if (ctx->provctx != NULL) {
+    if (ctx->algctx != NULL) {
         if (!ossl_assert(ctx->digest != NULL)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
             return 0;
         }
         if (ctx->digest->freectx != NULL)
-            ctx->digest->freectx(ctx->provctx);
-        ctx->provctx = NULL;
+            ctx->digest->freectx(ctx->algctx);
+        ctx->algctx = NULL;
     }
 
     if (ctx->pctx == NULL) {
@@ -147,9 +147,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     locpctx->op.sig.signature = signature;
     locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
                              : EVP_PKEY_OP_SIGNCTX;
-    locpctx->op.sig.sigprovctx
+    locpctx->op.sig.algctx
         = signature->newctx(ossl_provider_ctx(signature->prov), props);
-    if (locpctx->op.sig.sigprovctx == NULL) {
+    if (locpctx->op.sig.algctx == NULL) {
         ERR_raise(ERR_LIB_EVP,  EVP_R_INITIALIZATION_ERROR);
         goto err;
     }
@@ -203,14 +203,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
             goto err;
         }
-        ret = signature->digest_verify_init(locpctx->op.sig.sigprovctx,
+        ret = signature->digest_verify_init(locpctx->op.sig.algctx,
                                             mdname, provkey, params);
     } else {
         if (signature->digest_sign_init == NULL) {
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
             goto err;
         }
-        ret = signature->digest_sign_init(locpctx->op.sig.sigprovctx,
+        ret = signature->digest_sign_init(locpctx->op.sig.algctx,
                                           mdname, provkey, params);
     }
 
@@ -340,7 +340,7 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
 
     if (pctx == NULL
             || pctx->operation != EVP_PKEY_OP_SIGNCTX
-            || pctx->op.sig.sigprovctx == NULL
+            || pctx->op.sig.algctx == NULL
             || pctx->op.sig.signature == NULL)
         goto legacy;
 
@@ -349,7 +349,7 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
         return 0;
     }
 
-    return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.sigprovctx,
+    return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx,
                                                       data, dsize);
 
  legacy:
@@ -370,7 +370,7 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
 
     if (pctx == NULL
             || pctx->operation != EVP_PKEY_OP_VERIFYCTX
-            || pctx->op.sig.sigprovctx == NULL
+            || pctx->op.sig.algctx == NULL
             || pctx->op.sig.signature == NULL)
         goto legacy;
 
@@ -379,7 +379,7 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
         return 0;
     }
 
-    return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.sigprovctx,
+    return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx,
                                                         data, dsize);
 
  legacy:
@@ -403,11 +403,11 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
 
     if (pctx == NULL
             || pctx->operation != EVP_PKEY_OP_SIGNCTX
-            || pctx->op.sig.sigprovctx == NULL
+            || pctx->op.sig.algctx == NULL
             || pctx->op.sig.signature == NULL)
         goto legacy;
 
-    return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.sigprovctx,
+    return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
                                                      sigret, siglen, SIZE_MAX);
 
  legacy:
@@ -491,10 +491,10 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
 
     if (pctx != NULL
             && pctx->operation == EVP_PKEY_OP_SIGNCTX
-            && pctx->op.sig.sigprovctx != NULL
+            && pctx->op.sig.algctx != NULL
             && pctx->op.sig.signature != NULL) {
         if (pctx->op.sig.signature->digest_sign != NULL)
-            return pctx->op.sig.signature->digest_sign(pctx->op.sig.sigprovctx,
+            return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx,
                                                        sigret, siglen, SIZE_MAX,
                                                        tbs, tbslen);
     } else {
@@ -519,11 +519,11 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
 
     if (pctx == NULL
             || pctx->operation != EVP_PKEY_OP_VERIFYCTX
-            || pctx->op.sig.sigprovctx == NULL
+            || pctx->op.sig.algctx == NULL
             || pctx->op.sig.signature == NULL)
         goto legacy;
 
-    return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.sigprovctx,
+    return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
                                                        sig, siglen);
 
  legacy:
@@ -574,10 +574,10 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
 
     if (pctx != NULL
             && pctx->operation == EVP_PKEY_OP_VERIFYCTX
-            && pctx->op.sig.sigprovctx != NULL
+            && pctx->op.sig.algctx != NULL
             && pctx->op.sig.signature != NULL) {
         if (pctx->op.sig.signature->digest_verify != NULL)
-            return pctx->op.sig.signature->digest_verify(pctx->op.sig.sigprovctx,
+            return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx,
                                                          sigret, siglen,
                                                          tbs, tbslen);
     } else {
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 8a34df3757..eef37e882c 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -24,11 +24,11 @@ EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac)
     EVP_MAC_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_MAC_CTX));
 
     if (ctx == NULL
-        || (ctx->data = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL
+        || (ctx->algctx = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL
         || !EVP_MAC_up_ref(mac)) {
         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
         if (ctx != NULL)
-            mac->freectx(ctx->data);
+            mac->freectx(ctx->algctx);
         OPENSSL_free(ctx);
         ctx = NULL;
     } else {
@@ -41,8 +41,8 @@ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx)
 {
     if (ctx == NULL)
         return;
-    ctx->meth->freectx(ctx->data);
-    ctx->data = NULL;
+    ctx->meth->freectx(ctx->algctx);
+    ctx->algctx = NULL;
     /* refcnt-- */
     EVP_MAC_free(ctx->meth);
     OPENSSL_free(ctx);
@@ -52,7 +52,7 @@ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src)
 {
     EVP_MAC_CTX *dst;
 
-    if (src->data == NULL)
+    if (src->algctx == NULL)
         return NULL;
 
     dst = OPENSSL_malloc(sizeof(*dst));
@@ -68,8 +68,8 @@ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src)
         return NULL;
     }
 
-    dst->data = src->meth->dupctx(src->data);
-    if (dst->data == NULL) {
+    dst->algctx = src->meth->dupctx(src->algctx);
+    if (dst->algctx == NULL) {
         EVP_MAC_CTX_free(dst);
         return NULL;
     }
@@ -86,12 +86,12 @@ size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx)
 {
     size_t sz = 0;
 
-    if (ctx->data != NULL) {
+    if (ctx->algctx != NULL) {
         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
         params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &sz);
         if (ctx->meth->get_ctx_params != NULL) {
-            if (ctx->meth->get_ctx_params(ctx->data, params))
+            if (ctx->meth->get_ctx_params(ctx->algctx, params))
                 return sz;
         } else if (ctx->meth->get_params != NULL) {
             if (ctx->meth->get_params(params))
@@ -108,12 +108,12 @@ size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx)
 int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
                  const OSSL_PARAM params[])
 {
-    return ctx->meth->init(ctx->data, key, keylen, params);
+    return ctx->meth->init(ctx->algctx, key, keylen, params);
 }
 
 int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen)
 {
-    return ctx->meth->update(ctx->data, data, datalen);
+    return ctx->meth->update(ctx->algctx, data, datalen);
 }
 
 static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
@@ -149,7 +149,7 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
             return 0;
         }
     }
-    res = ctx->meth->final(ctx->data, out, &l, outsize);
+    res = ctx->meth->final(ctx->algctx, out, &l, outsize);
     if (outl != NULL)
         *outl = l;
     return res;
@@ -182,14 +182,14 @@ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[])
 int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[])
 {
     if (ctx->meth->get_ctx_params != NULL)
-        return ctx->meth->get_ctx_params(ctx->data, params);
+        return ctx->meth->get_ctx_params(ctx->algctx, params);
     return 1;
 }
 
 int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[])
 {
     if (ctx->meth->set_ctx_params != NULL)
-        return ctx->meth->set_ctx_params(ctx->data, params);
+        return ctx->meth->set_ctx_params(ctx->algctx, params);
     return 1;
 }
 
diff --git a/crypto/evp/mac_meth.c b/crypto/evp/mac_meth.c
index 342aadc996..6396eb38fd 100644
--- a/crypto/evp/mac_meth.c
+++ b/crypto/evp/mac_meth.c
@@ -214,7 +214,7 @@ const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx)
     if (ctx->meth->gettable_ctx_params == NULL)
         return NULL;
     alg = ossl_provider_ctx(EVP_MAC_provider(ctx->meth));
-    return ctx->meth->gettable_ctx_params(ctx->data, alg);
+    return ctx->meth->gettable_ctx_params(ctx->algctx, alg);
 }
 
 const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx)
@@ -224,7 +224,7 @@ const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx)
     if (ctx->meth->settable_ctx_params == NULL)
         return NULL;
     alg = ossl_provider_ctx(EVP_MAC_provider(ctx->meth));
-    return ctx->meth->settable_ctx_params(ctx->data, alg);
+    return ctx->meth->settable_ctx_params(ctx->algctx, alg);
 }
 
 void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx,
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 506e90fed8..47062c02c1 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -160,15 +160,15 @@ int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx)
         return EVP_PKEY_STATE_UNKNOWN;
 
     if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
-         && ctx->op.kex.exchprovctx != NULL)
+         && ctx->op.kex.algctx != NULL)
         || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
-            && ctx->op.sig.sigprovctx != NULL)
+            && ctx->op.sig.algctx != NULL)
         || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
-            && ctx->op.ciph.ciphprovctx != NULL)
+            && ctx->op.ciph.algctx != NULL)
         || (EVP_PKEY_CTX_IS_GEN_OP(ctx)
             && ctx->op.keymgmt.genctx != NULL)
         || (EVP_PKEY_CTX_IS_KEM_OP(ctx)
-            && ctx->op.encap.kemprovctx != NULL))
+            && ctx->op.encap.algctx != NULL))
         return EVP_PKEY_STATE_PROVIDER;
 
     return EVP_PKEY_STATE_LEGACY;
@@ -360,29 +360,29 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, EVP_PKEY *pkey,
 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
 {
     if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
-        if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL)
-            ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx);
+        if (ctx->op.sig.algctx != NULL && ctx->op.sig.signature != NULL)
+            ctx->op.sig.signature->freectx(ctx->op.sig.algctx);
         EVP_SIGNATURE_free(ctx->op.sig.signature);
-        ctx->op.sig.sigprovctx = NULL;
+        ctx->op.sig.algctx = NULL;
         ctx->op.sig.signature = NULL;
     } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
-        if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL)
-            ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx);
+        if (ctx->op.kex.algctx != NULL && ctx->op.kex.exchange != NULL)
+            ctx->op.kex.exchange->freectx(ctx->op.kex.algctx);
         EVP_KEYEXCH_free(ctx->op.kex.exchange);
-        ctx->op.kex.exchprovctx = NULL;
+        ctx->op.kex.algctx = NULL;
         ctx->op.kex.exchange = NULL;
     } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx)) {
-        if (ctx->op.encap.kemprovctx != NULL && ctx->op.encap.kem != NULL)
-            ctx->op.encap.kem->freectx(ctx->op.encap.kemprovctx);
+        if (ctx->op.encap.algctx != NULL && ctx->op.encap.kem != NULL)
+            ctx->op.encap.kem->freectx(ctx->op.encap.algctx);
         EVP_KEM_free(ctx->op.encap.kem);
-        ctx->op.encap.kemprovctx = NULL;
+        ctx->op.encap.algctx = NULL;
         ctx->op.encap.kem = NULL;
     }
     else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
-        if (ctx->op.ciph.ciphprovctx != NULL && ctx->op.ciph.cipher != NULL)
-            ctx->op.ciph.cipher->freectx(ctx->op.ciph.ciphprovctx);
+        if (ctx->op.ciph.algctx != NULL && ctx->op.ciph.cipher != NULL)
+            ctx->op.ciph.cipher->freectx(ctx->op.ciph.algctx);
         EVP_ASYM_CIPHER_free(ctx->op.ciph.cipher);
-        ctx->op.ciph.ciphprovctx = NULL;
+        ctx->op.ciph.algctx = NULL;
         ctx->op.ciph.cipher = NULL;
     } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
         if (ctx->op.keymgmt.genctx != NULL && ctx->keymgmt != NULL)
@@ -489,12 +489,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
             if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange))
                 goto err;
         }
-        if (pctx->op.kex.exchprovctx != NULL) {
+        if (pctx->op.kex.algctx != NULL) {
             if (!ossl_assert(pctx->op.kex.exchange != NULL))
                 goto err;
-            rctx->op.kex.exchprovctx
-                = pctx->op.kex.exchange->dupctx(pctx->op.kex.exchprovctx);
-            if (rctx->op.kex.exchprovctx == NULL) {
+            rctx->op.kex.algctx
+                = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
+            if (rctx->op.kex.algctx == NULL) {
                 EVP_KEYEXCH_free(rctx->op.kex.exchange);
                 goto err;
             }
@@ -506,12 +506,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
             if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature))
                 goto err;
         }
-        if (pctx->op.sig.sigprovctx != NULL) {
+        if (pctx->op.sig.algctx != NULL) {
             if (!ossl_assert(pctx->op.sig.signature != NULL))
                 goto err;
-            rctx->op.sig.sigprovctx
-                = pctx->op.sig.signature->dupctx(pctx->op.sig.sigprovctx);
-            if (rctx->op.sig.sigprovctx == NULL) {
+            rctx->op.sig.algctx
+                = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
+            if (rctx->op.sig.algctx == NULL) {
                 EVP_SIGNATURE_free(rctx->op.sig.signature);
                 goto err;
             }
@@ -523,12 +523,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
             if (!EVP_ASYM_CIPHER_up_ref(rctx->op.ciph.cipher))
                 goto err;
         }
-        if (pctx->op.ciph.ciphprovctx != NULL) {
+        if (pctx->op.ciph.algctx != NULL) {
             if (!ossl_assert(pctx->op.ciph.cipher != NULL))
                 goto err;
-            rctx->op.ciph.ciphprovctx
-                = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.ciphprovctx);
-            if (rctx->op.ciph.ciphprovctx == NULL) {
+            rctx->op.ciph.algctx
+                = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
+            if (rctx->op.ciph.algctx == NULL) {
                 EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher);
                 goto err;
             }
@@ -540,12 +540,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
             if (!EVP_KEM_up_ref(rctx->op.encap.kem))
                 goto err;
         }
-        if (pctx->op.encap.kemprovctx != NULL) {
+        if (pctx->op.encap.algctx != NULL) {
             if (!ossl_assert(pctx->op.encap.kem != NULL))
                 goto err;
-            rctx->op.encap.kemprovctx
-                = pctx->op.encap.kem->dupctx(pctx->op.encap.kemprovctx);
-            if (rctx->op.encap.kemprovctx == NULL) {
+            rctx->op.encap.algctx
+                = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
+            if (rctx->op.encap.algctx == NULL) {
                 EVP_KEM_free(rctx->op.encap.kem);
                 goto err;
             }
@@ -660,19 +660,19 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
             && ctx->op.kex.exchange != NULL
             && ctx->op.kex.exchange->set_ctx_params != NULL)
             return
-                ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.exchprovctx,
+                ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.algctx,
                                                      params);
         if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
             && ctx->op.sig.signature != NULL
             && ctx->op.sig.signature->set_ctx_params != NULL)
             return
-                ctx->op.sig.signature->set_ctx_params(ctx->op.sig.sigprovctx,
+                ctx->op.sig.signature->set_ctx_params(ctx->op.sig.algctx,
                                                       params);
         if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
             && ctx->op.ciph.cipher != NULL
             && ctx->op.ciph.cipher->set_ctx_params != NULL)
             return
-                ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.ciphprovctx,
+                ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.algctx,
                                                     params);
         if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
             && ctx->keymgmt != NULL
@@ -684,7 +684,7 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
             && ctx->op.encap.kem != NULL
             && ctx->op.encap.kem->set_ctx_params != NULL)
             return
-                ctx->op.encap.kem->set_ctx_params(ctx->op.encap.kemprovctx,
+                ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx,
                                                   params);
         break;
 #ifndef FIPS_MODULE
@@ -704,25 +704,25 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
             && ctx->op.kex.exchange != NULL
             && ctx->op.kex.exchange->get_ctx_params != NULL)
             return
-                ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.exchprovctx,
+                ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.algctx,
                                                      params);
         if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
             && ctx->op.sig.signature != NULL
             && ctx->op.sig.signature->get_ctx_params != NULL)
             return
-                ctx->op.sig.signature->get_ctx_params(ctx->op.sig.sigprovctx,
+                ctx->op.sig.signature->get_ctx_params(ctx->op.sig.algctx,
                                                       params);
         if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
             && ctx->op.ciph.cipher != NULL
             && ctx->op.ciph.cipher->get_ctx_params != NULL)
             return
-                ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.ciphprovctx,
+                ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.algctx,
                                                     params);
         if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
             && ctx->op.encap.kem != NULL
             && ctx->op.encap.kem->get_ctx_params != NULL)
             return
-                ctx->op.encap.kem->get_ctx_params(ctx->op.encap.kemprovctx,
+                ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
                                                   params);
         break;
 #ifndef FIPS_MODULE
@@ -743,7 +743,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)
             && ctx->op.kex.exchange != NULL
             && ctx->op.kex.exchange->gettable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange));
-        return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.exchprovctx,
+        return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.algctx,
                                                          provctx);
     }
     if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
@@ -751,7 +751,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)
             && ctx->op.sig.signature->gettable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
                       EVP_SIGNATURE_provider(ctx->op.sig.signature));
-        return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.sigprovctx,
+        return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.algctx,
                                                           provctx);
     }
     if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
@@ -759,14 +759,14 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)
             && ctx->op.ciph.cipher->gettable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
                       EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher));
-        return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.ciphprovctx,
+        return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.algctx,
                                                         provctx);
     }
     if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
         && ctx->op.encap.kem != NULL
         && ctx->op.encap.kem->gettable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem));
-        return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.kemprovctx,
+        return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx,
                                                       provctx);
     }
     return NULL;
@@ -780,7 +780,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx)
             && ctx->op.kex.exchange != NULL
             && ctx->op.kex.exchange->settable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange));
-        return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.exchprovctx,
+        return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.algctx,
                                                          provctx);
     }
     if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
@@ -788,7 +788,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx)
             && ctx->op.sig.signature->settable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
                       EVP_SIGNATURE_provider(ctx->op.sig.signature));
-        return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.sigprovctx,
+        return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.algctx,
                                                           provctx);
     }
     if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
@@ -796,7 +796,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx)
             && ctx->op.ciph.cipher->settable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
                       EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher));
-        return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.ciphprovctx,
+        return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.algctx,
                                                         provctx);
     }
     if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
@@ -810,7 +810,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx)
         && ctx->op.encap.kem != NULL
         && ctx->op.encap.kem->settable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem));
-        return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.kemprovctx,
+        return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.algctx,
                                                       provctx);
     }
     return NULL;
@@ -891,7 +891,7 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
         return -2;
     }
 
-    if (ctx->op.sig.sigprovctx == NULL)
+    if (ctx->op.sig.algctx == NULL)
         return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
                                  EVP_PKEY_CTRL_GET_MD, 0, (void *)(md));
 
@@ -947,14 +947,14 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
 
 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
-    return evp_pkey_ctx_set_md(ctx, md, ctx->op.sig.sigprovctx == NULL,
+    return evp_pkey_ctx_set_md(ctx, md, ctx->op.sig.algctx == NULL,
                                OSSL_SIGNATURE_PARAM_DIGEST,
                                EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD);
 }
 
 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
-    return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL,
                                OSSL_KDF_PARAM_DIGEST,
                                EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_TLS_MD);
 }
@@ -997,7 +997,7 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx,
                                       const unsigned char *sec, int seclen)
 {
-    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
                                           OSSL_KDF_PARAM_SECRET,
                                           EVP_PKEY_OP_DERIVE,
                                           EVP_PKEY_CTRL_TLS_SECRET,
@@ -1007,7 +1007,7 @@ int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx,
 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *ctx,
                                     const unsigned char *seed, int seedlen)
 {
-    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
                                           OSSL_KDF_PARAM_SEED,
                                           EVP_PKEY_OP_DERIVE,
                                           EVP_PKEY_CTRL_TLS_SEED,
@@ -1016,7 +1016,7 @@ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *ctx,
 
 int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
-    return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL,
                                OSSL_KDF_PARAM_DIGEST,
                                EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MD);
 }
@@ -1024,7 +1024,7 @@ int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
                                 const unsigned char *salt, int saltlen)
 {
-    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
                                           OSSL_KDF_PARAM_SALT,
                                           EVP_PKEY_OP_DERIVE,
                                           EVP_PKEY_CTRL_HKDF_SALT,
@@ -1034,7 +1034,7 @@ int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
 int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
                                       const unsigned char *key, int keylen)
 {
-    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
                                           OSSL_KDF_PARAM_KEY,
                                           EVP_PKEY_OP_DERIVE,
                                           EVP_PKEY_CTRL_HKDF_KEY,
@@ -1044,7 +1044,7 @@ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
                                       const unsigned char *info, int infolen)
 {
-    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
                                           OSSL_KDF_PARAM_INFO,
                                           EVP_PKEY_OP_DERIVE,
                                           EVP_PKEY_CTRL_HKDF_INFO,
@@ -1062,7 +1062,7 @@ int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode)
     }
 
     /* Code below to be removed when legacy support is dropped. */
-    if (ctx->op.kex.exchprovctx == NULL)
+    if (ctx->op.kex.algctx == NULL)
         return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE,
                                  EVP_PKEY_CTRL_HKDF_MODE, mode, NULL);
     /* end of legacy support */
@@ -1081,7 +1081,7 @@ int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode)
 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass,
                                int passlen)
 {
-    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
                                           OSSL_KDF_PARAM_PASSWORD,
                                           EVP_PKEY_OP_DERIVE,
                                           EVP_PKEY_CTRL_PASS,
@@ -1091,7 +1091,7 @@ int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass,
 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx,
                                   const unsigned char *salt, int saltlen)
 {
-    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL,
+    return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
                                           OSSL_KDF_PARAM_SALT,
                                           EVP_PKEY_OP_DERIVE,
                                           EVP_PKEY_CTRL_SCRYPT_SALT,
@@ -1110,7 +1110,7 @@ static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX *ctx, const char *param,
     }
 
     /* Code below to be removed when legacy support is dropped. */
-    if (ctx->op.kex.exchprovctx == NULL)
+    if (ctx->op.kex.algctx == NULL)
         return EVP_PKEY_CTX_ctrl_uint64(ctx, -1, op, ctrl, val);
     /* end of legacy support */
 
diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index e80d4f503d..b4e0ff2527 100644
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -459,9 +459,9 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
     /* No more legacy from here down to legacy: */
 
     ctx->op.sig.signature = signature;
-    ctx->op.sig.sigprovctx =
+    ctx->op.sig.algctx =
         signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
-    if (ctx->op.sig.sigprovctx == NULL) {
+    if (ctx->op.sig.algctx == NULL) {
         /* The provider key can stay in the cache */
         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
         goto err;
@@ -474,7 +474,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
             ret = -2;
             goto err;
         }
-        ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey, params);
+        ret = signature->sign_init(ctx->op.sig.algctx, provkey, params);
         break;
     case EVP_PKEY_OP_VERIFY:
         if (signature->verify_init == NULL) {
@@ -482,7 +482,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
             ret = -2;
             goto err;
         }
-        ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey, params);
+        ret = signature->verify_init(ctx->op.sig.algctx, provkey, params);
         break;
     case EVP_PKEY_OP_VERIFYRECOVER:
         if (signature->verify_recover_init == NULL) {
@@ -490,7 +490,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
             ret = -2;
             goto err;
         }
-        ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey,
+        ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey,
                                              params);
         break;
     default:
@@ -499,8 +499,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
     }
 
     if (ret <= 0) {
-        signature->freectx(ctx->op.sig.sigprovctx);
-        ctx->op.sig.sigprovctx = NULL;
+        signature->freectx(ctx->op.sig.algctx);
+        ctx->op.sig.algctx = NULL;
         goto err;
     }
     goto end;
@@ -583,10 +583,10 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
         return -1;
     }
 
-    if (ctx->op.sig.sigprovctx == NULL)
+    if (ctx->op.sig.algctx == NULL)
         goto legacy;
 
-    ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
+    ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
                                       SIZE_MAX, tbs, tbslen);
 
     return ret;
@@ -627,10 +627,10 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
         return -1;
     }
 
-    if (ctx->op.sig.sigprovctx == NULL)
+    if (ctx->op.sig.algctx == NULL)
         goto legacy;
 
-    ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
+    ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
                                         tbs, tbslen);
 
     return ret;
@@ -670,10 +670,10 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
         return -1;
     }
 
-    if (ctx->op.sig.sigprovctx == NULL)
+    if (ctx->op.sig.algctx == NULL)
         goto legacy;
 
-    ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
+    ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
                                                 routlen,
                                                 (rout == NULL ? 0 : *routlen),
                                                 sig, siglen);
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 92a9f0fc29..ea61b83469 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -58,21 +58,37 @@ struct evp_pkey_ctx_st {
 
         struct {
             EVP_KEYEXCH *exchange;
-            void *exchprovctx;
+            /*
+             * Opaque ctx returned from a providers exchange algorithm
+             * implementation OSSL_FUNC_keyexch_newctx()
+             */
+            void *algctx;
         } kex;
 
         struct {
             EVP_SIGNATURE *signature;
-            void *sigprovctx;
+            /*
+             * Opaque ctx returned from a providers signature algorithm
+             * implementation OSSL_FUNC_signature_newctx()
+             */
+            void *algctx;
         } sig;
 
         struct {
             EVP_ASYM_CIPHER *cipher;
-            void *ciphprovctx;
+            /*
+             * Opaque ctx returned from a providers asymmetric cipher algorithm
+             * implementation OSSL_FUNC_asym_cipher_newctx()
+             */
+            void *algctx;
         } ciph;
         struct {
             EVP_KEM *kem;
-            void *kemprovctx;
+            /*
+             * Opaque ctx returned from a providers KEM algorithm
+             * implementation OSSL_FUNC_kem_newctx()
+             */
+            void *algctx;
         } encap;
     } op;
 
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 70e062ce75..ad5266ce3e 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -104,7 +104,7 @@ DRBG_UINT(reseed_counter)
 
 static PROV_DRBG *prov_rand(EVP_RAND_CTX *drbg)
 {
-    return (PROV_DRBG *)drbg->data;
+    return (PROV_DRBG *)drbg->algctx;
 }
 
 static void set_reseed_counter(EVP_RAND_CTX *drbg, unsigned int n)
diff --git a/test/testutil/fake_random.c b/test/testutil/fake_random.c
index bdd48d394c..f2f0e2793f 100644
--- a/test/testutil/fake_random.c
+++ b/test/testutil/fake_random.c
@@ -179,7 +179,7 @@ static int check_rng(EVP_RAND_CTX *rng, const char *name)
         TEST_info("random: %s", name);
         return 0;
     }
-    f = rng->data;
+    f = rng->algctx;
     f->name = name;
     f->ctx = rng;
     return 1;
@@ -216,7 +216,7 @@ void fake_rand_set_callback(EVP_RAND_CTX *rng,
                                       const char *name, EVP_RAND_CTX *ctx))
 {
     if (rng != NULL)
-        ((FAKE_RAND *)rng->data)->cb = cb;
+        ((FAKE_RAND *)rng->algctx)->cb = cb;
 }
 
 void fake_rand_set_public_private_callbacks(OSSL_LIB_CTX *libctx,

From pauli at openssl.org  Mon May 24 01:24:31 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Mon, 24 May 2021 01:24:31 +0000
Subject: [openssl]  master update
Message-ID: <1621819471.677473.6215.nullmailer@dev.openssl.org>

The branch master has been updated
       via  d136db212ecaeb65e399de8d6b30e8b5ecc044d9 (commit)
      from  7c14d0c1c0ece97f7406b4df466df6439146d6c6 (commit)


- Log -----------------------------------------------------------------
commit d136db212ecaeb65e399de8d6b30e8b5ecc044d9
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 20 14:02:12 2021 +0100

    Remove some perl 5.14 use from rsaz-avx512.pl
    
    The non-destructive substitution syntax (s///r), was introduced in perl
    5.14. We need to support 5.10 and above.
    
    Fixes #15378
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15379)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/asm/rsaz-avx512.pl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/asm/rsaz-avx512.pl b/crypto/bn/asm/rsaz-avx512.pl
index c156de1f33..1842bec609 100644
--- a/crypto/bn/asm/rsaz-avx512.pl
+++ b/crypto/bn/asm/rsaz-avx512.pl
@@ -128,7 +128,8 @@ sub amm52x20_x1() {
 #                of data for corresponding AMM operation;
 # _b_offset    - offset in the |b| array pointing to the next qword digit;
 my ($_data_offset,$_b_offset,$_acc,$_R0,$_R0h,$_R1,$_R1h,$_R2,$_k0) = @_;
-my $_R0_xmm = $_R0 =~ s/%y/%x/r;
+my $_R0_xmm = $_R0;
+$_R0_xmm =~ s/%y/%x/;
 $code.=<<___;
     movq    $_b_offset($b_ptr), %r13             # b[i]
 
@@ -525,7 +526,8 @@ ___
 my ($out,$red_tbl,$red_tbl_idx,$tbl_idx) = @_6_args_universal_ABI;
 
 my ($t0,$t1,$t2,$t3,$t4) = map("%ymm$_", (0..4));
-my $t4xmm = $t4 =~ s/%y/%x/r;
+my $t4xmm = $t4;
+$t4xmm =~ s/%y/%x/;
 my ($tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = map("%ymm$_", (16..20));
 my ($cur_idx,$idx,$ones) = map("%ymm$_", (21..23));
 

From no-reply at appveyor.com  Mon May 24 03:02:28 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 24 May 2021 03:02:28 +0000
Subject: Build failed: openssl master.42136
Message-ID: <20210524030228.1.2D6AEEE0473A3122@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210524/6631cb58/attachment.html>

From pauli at openssl.org  Mon May 24 05:23:48 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Mon, 24 May 2021 05:23:48 +0000
Subject: [openssl]  master update
Message-ID: <1621833828.367859.17109.nullmailer@dev.openssl.org>

The branch master has been updated
       via  094287551a31ba74eb9bfdb4a808d19f4553371b (commit)
       via  8bb6fdfc9971557f3aaa4e5dfc4cab0e5e9220a6 (commit)
       via  0f183675b8ea2490ca5e0b4e66baa27a3e6478ba (commit)
      from  d136db212ecaeb65e399de8d6b30e8b5ecc044d9 (commit)


- Log -----------------------------------------------------------------
commit 094287551a31ba74eb9bfdb4a808d19f4553371b
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Wed May 19 14:52:16 2021 +1000

    Add a test for PKCS5_PBE_keyivgen()
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14326)

commit 8bb6fdfc9971557f3aaa4e5dfc4cab0e5e9220a6
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Thu May 6 15:25:29 2021 +1000

    Added PKCS5_PBE_keyivgen_ex() to allow PBKDF1 algorithms to be fetched for a specific library context
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14326)

commit 0f183675b8ea2490ca5e0b4e66baa27a3e6478ba
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Fri Feb 26 15:21:47 2021 +1000

    Add PBKDF1 to the legacy provider
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14326)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                         |  13 ++
 crypto/evp/evp_pbe.c                               |  12 +-
 crypto/evp/p5_crpt.c                               |  73 ++++---
 doc/man3/PKCS5_PBE_keyivgen.pod                    |  11 +-
 doc/man7/OSSL_PROVIDER-legacy.pod                  |   8 +
 include/openssl/core_names.h                       |   1 +
 include/openssl/evp.h                              |   4 +
 providers/common/build.info                        |   3 +
 .../implementations/include/prov/implementations.h |   1 +
 providers/implementations/kdfs/build.info          |   3 +
 providers/implementations/kdfs/pbkdf1.c            | 242 +++++++++++++++++++++
 providers/legacyprov.c                             |   7 +
 test/build.info                                    |   6 +-
 test/evp_kdf_test.c                                | 186 ++++++++++++----
 test/pbetest.c                                     | 139 ++++++++++++
 .../{04-test_encoder_decoder.t => 05-test_pbe.t}   |  13 +-
 test/recipes/30-test_evp.t                         |   1 +
 test/recipes/30-test_evp_data/evpkdf_pbkdf1.txt    | 136 ++++++++++++
 util/libcrypto.num                                 |   1 +
 19 files changed, 765 insertions(+), 95 deletions(-)
 create mode 100644 providers/implementations/kdfs/pbkdf1.c
 create mode 100644 test/pbetest.c
 copy test/recipes/{04-test_encoder_decoder.t => 05-test_pbe.t} (65%)
 create mode 100644 test/recipes/30-test_evp_data/evpkdf_pbkdf1.txt

diff --git a/CHANGES.md b/CHANGES.md
index b53216512f..82c027bc73 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -176,6 +176,19 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *Matt Caswell*
 
+ * PKCS#5 PBKDF1 key derivation has been moved from PKCS5_PBE_keyivgen() into
+   the legacy crypto provider as an EVP_KDF. Applications requiring this KDF
+   will need to load the legacy crypto provider. This includes these PBE
+   algorithms which use this KDF:
+   - NID_pbeWithMD2AndDES_CBC
+   - NID_pbeWithMD5AndDES_CBC
+   - NID_pbeWithSHA1AndRC2_CBC
+   - NID_pbeWithMD2AndRC2_CBC
+   - NID_pbeWithMD5AndRC2_CBC
+   - NID_pbeWithSHA1AndDES_CBC
+
+   *Jon Spillett*
+
  * Deprecated obsolete EVP_PKEY_CTX_get0_dh_kdf_ukm() and
    EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions.
 
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 7c73cfc501..6347a0635f 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -34,11 +34,11 @@ static STACK_OF(EVP_PBE_CTL) *pbe_algs;
 
 static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
-     NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, NULL},
+     NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
-     NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, NULL},
+     NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
-     NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, NULL},
+     NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
 
     {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
 
@@ -58,11 +58,11 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen, &PKCS5_v2_PBE_keyivgen_ex},
 
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
-     NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, NULL},
+     NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
-     NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, NULL},
+     NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
-     NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, NULL},
+     NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
 
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
     {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 4d9e894f0f..abf153cb43 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -12,6 +12,8 @@
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/kdf.h>
 
 /*
  * Doesn't do anything now: Builtin PBE algorithms in static table.
@@ -21,19 +23,23 @@ void PKCS5_PBE_add(void)
 {
 }
 
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                       const EVP_MD *md, int en_de)
+int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                          const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
+                          const char *propq)
 {
-    EVP_MD_CTX *ctx;
     unsigned char md_tmp[EVP_MAX_MD_SIZE];
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-    int i, ivl, kl;
-    PBEPARAM *pbe;
+    int ivl, kl;
+    PBEPARAM *pbe = NULL;
     int saltlen, iter;
     unsigned char *salt;
     int mdsize;
     int rv = 0;
+    EVP_KDF *kdf;
+    EVP_KDF_CTX *kctx = NULL;
+    OSSL_PARAM params[5], *p = params;
+    const char *mdname = EVP_MD_name(md);
 
     /* Extract useful info from parameter */
     if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -51,14 +57,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     ivl = EVP_CIPHER_iv_length(cipher);
     if (ivl < 0 || ivl > 16) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
-        PBEPARAM_free(pbe);
-        return 0;
+        goto err;
     }
     kl = EVP_CIPHER_key_length(cipher);
     if (kl < 0 || kl > (int)sizeof(md_tmp)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
-        PBEPARAM_free(pbe);
-        return 0;
+        goto err;
     }
 
     if (pbe->iter == NULL)
@@ -73,33 +77,25 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     else if (passlen == -1)
         passlen = strlen(pass);
 
-    ctx = EVP_MD_CTX_new();
-    if (ctx == NULL) {
-        ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+    mdsize = EVP_MD_size(md);
+    if (mdsize < 0)
         goto err;
-    }
 
-    if (!EVP_DigestInit_ex(ctx, md, NULL))
-        goto err;
-    if (!EVP_DigestUpdate(ctx, pass, passlen))
-        goto err;
-    if (!EVP_DigestUpdate(ctx, salt, saltlen))
+    kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF1, propq);
+    kctx = EVP_KDF_CTX_new(kdf);
+    EVP_KDF_free(kdf);
+    if (kctx == NULL)
         goto err;
-    PBEPARAM_free(pbe);
-    pbe = NULL;
-    if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
-        goto err;
-    mdsize = EVP_MD_size(md);
-    if (mdsize < 0)
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
+                                             (char *)pass, (size_t)passlen);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                             salt, saltlen);
+    *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                            (char *)mdname, 0);
+    *p = OSSL_PARAM_construct_end();
+    if (EVP_KDF_derive(kctx, md_tmp, mdsize, params) != 1)
         goto err;
-    for (i = 1; i < iter; i++) {
-        if (!EVP_DigestInit_ex(ctx, md, NULL))
-            goto err;
-        if (!EVP_DigestUpdate(ctx, md_tmp, mdsize))
-            goto err;
-        if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
-            goto err;
-    }
     memcpy(key, md_tmp, kl);
     memcpy(iv, md_tmp + (16 - ivl), ivl);
     if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
@@ -109,7 +105,16 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
     rv = 1;
  err:
+    EVP_KDF_CTX_free(kctx);
     PBEPARAM_free(pbe);
-    EVP_MD_CTX_free(ctx);
     return rv;
 }
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de)
+{
+    return PKCS5_PBE_keyivgen_ex(cctx, pass, passlen, param, cipher, md, en_de,
+                                 NULL, NULL);
+}
+
diff --git a/doc/man3/PKCS5_PBE_keyivgen.pod b/doc/man3/PKCS5_PBE_keyivgen.pod
index 4515346407..72de3153b9 100644
--- a/doc/man3/PKCS5_PBE_keyivgen.pod
+++ b/doc/man3/PKCS5_PBE_keyivgen.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-PKCS5_PBE_keyivgen, PKCS5_pbe2_set, PKCS5_pbe2_set_iv,
+PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex, PKCS5_pbe2_set, PKCS5_pbe2_set_iv,
 PKCS5_pbe2_set_iv_ex, PKCS5_pbe_set, PKCS5_pbe_set_ex, PKCS5_pbe2_set_scrypt,
 PKCS5_pbe_set0_algor, PKCS5_pbe_set0_algor_ex,
 PKCS5_v2_PBE_keyivgen, PKCS5_v2_PBE_keyivgen_ex,
@@ -17,6 +17,10 @@ PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex
  int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *cipher,
                         const EVP_MD *md, int en_de);
+ int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                           ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                           const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
+                           const char *propq);
  int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                            ASN1_TYPE *param, const EVP_CIPHER *cipher,
                            const EVP_MD *md, int en_de);
@@ -79,7 +83,7 @@ PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex
 
 =head2 Key Derivation
 
-PKCS5_PBE_keyivgen() takes a password I<pass> of
+PKCS5_PBE_keyivgen() and PKCS5_PBE_keyivgen_ex() take a password I<pass> of
 length I<passlen>, parameters I<param> and a message digest function I<md_type>
 and performs a key derivation according to PKCS#5 PBES1. The resulting key is
 then used to initialise the cipher context I<ctx> with a cipher I<cipher> for
@@ -158,6 +162,9 @@ PKCS5_v2_PBE_keyivgen_ex(), EVP_PBE_scrypt_ex(), PKCS5_v2_scrypt_keyivgen_ex(),
 PKCS5_pbe_set0_algor_ex(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set_iv_ex() and
 PKCS5_pbkdf2_set_ex() were added in OpenSSL 3.0.
 
+From OpenSSL 3.0 the PBKDF1 algorithm used in PKCS5_PBE_keyivgen() and
+PKCS5_PBE_keyivgen_ex() has been moved to the legacy provider as an EVP_KDF.
+
 =head1 COPYRIGHT
 
 Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod
index 1fa86ab2cd..0e2965d618 100644
--- a/doc/man7/OSSL_PROVIDER-legacy.pod
+++ b/doc/man7/OSSL_PROVIDER-legacy.pod
@@ -79,6 +79,14 @@ Disabled by default. Use I<enable-rc5> config option to enable.
 
 =back
 
+=head2 Key Derivation Function (KDF)
+
+=over 4
+
+=item PBKDF1
+
+=back
+
 =begin comment
 
 When algorithms for other operations start appearing, the
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index c01be930ab..36d9489e90 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -220,6 +220,7 @@ extern "C" {
 
 /* Known KDF names */
 #define OSSL_KDF_NAME_HKDF           "HKDF"
+#define OSSL_KDF_NAME_PBKDF1         "PBKDF1"
 #define OSSL_KDF_NAME_PBKDF2         "PBKDF2"
 #define OSSL_KDF_NAME_SCRYPT         "SCRYPT"
 #define OSSL_KDF_NAME_SSHKDF         "SSHKDF"
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 27e14d07b6..a793db6e0e 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1438,6 +1438,10 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
                        const EVP_MD *md, int en_de);
+int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                          const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
+                          const char *propq);
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                            const unsigned char *salt, int saltlen, int iter,
                            int keylen, unsigned char *out);
diff --git a/providers/common/build.info b/providers/common/build.info
index e23ff58855..a14bf09037 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -4,4 +4,7 @@ SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
 $FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\
             securitycheck.c provider_seeding.c
 SOURCE[../libdefault.a]=$FIPSCOMMON securitycheck_default.c
+IF[{- !$disabled{module} && !$disabled{shared} -}]
+  SOURCE[../liblegacy.a]=provider_util.c
+ENDIF
 SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 6afea01df0..ae09ccd506 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -249,6 +249,7 @@ extern const OSSL_DISPATCH ossl_siphash_functions[];
 extern const OSSL_DISPATCH ossl_poly1305_functions[];
 
 /* KDFs / PRFs */
+extern const OSSL_DISPATCH ossl_kdf_pbkdf1_functions[];
 extern const OSSL_DISPATCH ossl_kdf_pbkdf2_functions[];
 extern const OSSL_DISPATCH ossl_kdf_pkcs12_functions[];
 #ifndef OPENSSL_NO_SCRYPT
diff --git a/providers/implementations/kdfs/build.info b/providers/implementations/kdfs/build.info
index 1711466e3f..f4620adce2 100644
--- a/providers/implementations/kdfs/build.info
+++ b/providers/implementations/kdfs/build.info
@@ -5,6 +5,7 @@ $TLS1_PRF_GOAL=../../libdefault.a ../../libfips.a
 $HKDF_GOAL=../../libdefault.a ../../libfips.a
 $KBKDF_GOAL=../../libdefault.a ../../libfips.a
 $KRB5KDF_GOAL=../../libdefault.a
+$PBKDF1_GOAL=../../liblegacy.a
 $PBKDF2_GOAL=../../libdefault.a ../../libfips.a
 $PKCS12KDF_GOAL=../../libdefault.a
 $SSKDF_GOAL=../../libdefault.a ../../libfips.a
@@ -20,6 +21,8 @@ SOURCE[$KBKDF_GOAL]=kbkdf.c
 
 SOURCE[$KRB5KDF_GOAL]=krb5kdf.c
 
+SOURCE[$PBKDF1_GOAL]=pbkdf1.c
+
 SOURCE[$PBKDF2_GOAL]=pbkdf2.c
 # Extra code to satisfy the FIPS and non-FIPS separation.
 # When the PBKDF2 moves to legacy, this can be removed.
diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c
new file mode 100644
index 0000000000..af715efc91
--- /dev/null
+++ b/providers/implementations/kdfs/pbkdf1.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/trace.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include <openssl/core_names.h>
+#include <openssl/proverr.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include "crypto/evp.h"
+#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
+#include "prov/implementations.h"
+#include "prov/provider_util.h"
+
+static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf1_new;
+static OSSL_FUNC_kdf_freectx_fn kdf_pbkdf1_free;
+static OSSL_FUNC_kdf_reset_fn kdf_pbkdf1_reset;
+static OSSL_FUNC_kdf_derive_fn kdf_pbkdf1_derive;
+static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_pbkdf1_settable_ctx_params;
+static OSSL_FUNC_kdf_set_ctx_params_fn kdf_pbkdf1_set_ctx_params;
+static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_pbkdf1_gettable_ctx_params;
+static OSSL_FUNC_kdf_get_ctx_params_fn kdf_pbkdf1_get_ctx_params;
+
+typedef struct {
+    void *provctx;
+    PROV_DIGEST digest;
+    unsigned char *pass;
+    size_t pass_len;
+    unsigned char *salt;
+    size_t salt_len;
+    uint64_t iter;
+} KDF_PBKDF1;
+
+/*
+ * PKCS5 PBKDF1 compatible key/IV generation as specified in:
+ * https://tools.ietf.org/html/rfc8018#page-10
+ */
+
+static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen,
+                                const unsigned char *salt, size_t saltlen,
+                                uint64_t iter, const EVP_MD *md_type,
+                                unsigned char *out, size_t n)
+{
+    uint64_t i;
+    int mdsize, ret = 0;
+    unsigned char md_tmp[EVP_MAX_MD_SIZE];
+    EVP_MD_CTX *ctx = NULL;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+        || !EVP_DigestUpdate(ctx, pass, passlen)
+        || !EVP_DigestUpdate(ctx, salt, saltlen)
+        || !EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+        goto err;
+    mdsize = EVP_MD_size(md_type);
+    if (mdsize < 0)
+        goto err;
+    for (i = 1; i < iter; i++) {
+        if (!EVP_DigestInit_ex(ctx, md_type, NULL))
+            goto err;
+        if (!EVP_DigestUpdate(ctx, md_tmp, mdsize))
+            goto err;
+        if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+            goto err;
+    }
+
+    memcpy(out, md_tmp, n);
+    ret = 1;
+err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+static void *kdf_pbkdf1_new(void *provctx)
+{
+    KDF_PBKDF1 *ctx;
+
+    if (!ossl_prov_is_running())
+        return NULL;
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ctx->provctx = provctx;
+    return ctx;
+}
+
+static void kdf_pbkdf1_cleanup(KDF_PBKDF1 *ctx)
+{
+    ossl_prov_digest_reset(&ctx->digest);
+    OPENSSL_free(ctx->salt);
+    OPENSSL_clear_free(ctx->pass, ctx->pass_len);
+    memset(ctx, 0, sizeof(*ctx));
+}
+
+static void kdf_pbkdf1_free(void *vctx)
+{
+    KDF_PBKDF1 *ctx = (KDF_PBKDF1 *)vctx;
+
+    if (ctx != NULL) {
+        kdf_pbkdf1_cleanup(ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+static void kdf_pbkdf1_reset(void *vctx)
+{
+    KDF_PBKDF1 *ctx = (KDF_PBKDF1 *)vctx;
+    void *provctx = ctx->provctx;
+
+    kdf_pbkdf1_cleanup(ctx);
+    ctx->provctx = provctx;
+}
+
+static int kdf_pbkdf1_set_membuf(unsigned char **buffer, size_t *buflen,
+                             const OSSL_PARAM *p)
+{
+    OPENSSL_clear_free(*buffer, *buflen);
+    if (p->data_size == 0) {
+        if ((*buffer = OPENSSL_malloc(1)) == NULL) {
+            ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else if (p->data != NULL) {
+        *buffer = NULL;
+        if (!OSSL_PARAM_get_octet_string(p, (void **)buffer, 0, buflen))
+            return 0;
+    }
+    return 1;
+}
+
+static int kdf_pbkdf1_derive(void *vctx, unsigned char *key, size_t keylen,
+                             const OSSL_PARAM params[])
+{
+    KDF_PBKDF1 *ctx = (KDF_PBKDF1 *)vctx;
+    const EVP_MD *md;
+
+    if (!ossl_prov_is_running() || !kdf_pbkdf1_set_ctx_params(ctx, params))
+        return 0;
+
+    if (ctx->pass == NULL) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS);
+        return 0;
+    }
+
+    if (ctx->salt == NULL) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SALT);
+        return 0;
+    }
+
+    md = ossl_prov_digest_md(&ctx->digest);
+    return kdf_pbkdf1_do_derive(ctx->pass, ctx->pass_len, ctx->salt, ctx->salt_len,
+                                ctx->iter, md, key, keylen);
+}
+
+static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    const OSSL_PARAM *p;
+    KDF_PBKDF1 *ctx = vctx;
+    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+
+    if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
+        return 0;
+
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
+        if (!kdf_pbkdf1_set_membuf(&ctx->pass, &ctx->pass_len, p))
+            return 0;
+
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL)
+        if (!kdf_pbkdf1_set_membuf(&ctx->salt, &ctx->salt_len,p))
+            return 0;
+
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ITER)) != NULL)
+        if (!OSSL_PARAM_get_uint64(p, &ctx->iter))
+            return 0;
+    return 1;
+}
+
+static const OSSL_PARAM *kdf_pbkdf1_settable_ctx_params(ossl_unused void *ctx,
+                                                        ossl_unused void *p_ctx)
+{
+    static const OSSL_PARAM known_settable_ctx_params[] = {
+        OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0),
+        OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD, NULL, 0),
+        OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0),
+        OSSL_PARAM_uint64(OSSL_KDF_PARAM_ITER, NULL),
+        OSSL_PARAM_END
+    };
+    return known_settable_ctx_params;
+}
+
+static int kdf_pbkdf1_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+    OSSL_PARAM *p;
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
+        return OSSL_PARAM_set_size_t(p, SIZE_MAX);
+    return -2;
+}
+
+static const OSSL_PARAM *kdf_pbkdf1_gettable_ctx_params(ossl_unused void *ctx,
+                                                        ossl_unused void *p_ctx)
+{
+    static const OSSL_PARAM known_gettable_ctx_params[] = {
+        OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+        OSSL_PARAM_END
+    };
+    return known_gettable_ctx_params;
+}
+
+const OSSL_DISPATCH ossl_kdf_pbkdf1_functions[] = {
+    { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_pbkdf1_new },
+    { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_pbkdf1_free },
+    { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_pbkdf1_reset },
+    { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_pbkdf1_derive },
+    { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS,
+      (void(*)(void))kdf_pbkdf1_settable_ctx_params },
+    { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_pbkdf1_set_ctx_params },
+    { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
+      (void(*)(void))kdf_pbkdf1_gettable_ctx_params },
+    { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_pbkdf1_get_ctx_params },
+    { 0, NULL }
+};
diff --git a/providers/legacyprov.c b/providers/legacyprov.c
index 1f137a721f..b5fc5f523f 100644
--- a/providers/legacyprov.c
+++ b/providers/legacyprov.c
@@ -143,6 +143,11 @@ static const OSSL_ALGORITHM legacy_ciphers[] = {
     { NULL, NULL, NULL }
 };
 
+static const OSSL_ALGORITHM legacy_kdfs[] = {
+    ALG("PBKDF1", ossl_kdf_pbkdf1_functions),
+    { NULL, NULL, NULL }
+};
+
 static const OSSL_ALGORITHM *legacy_query(void *provctx, int operation_id,
                                           int *no_cache)
 {
@@ -152,6 +157,8 @@ static const OSSL_ALGORITHM *legacy_query(void *provctx, int operation_id,
         return legacy_digests;
     case OSSL_OP_CIPHER:
         return legacy_ciphers;
+    case OSSL_OP_KDF:
+        return legacy_kdfs;
     }
     return NULL;
 }
diff --git a/test/build.info b/test/build.info
index 183c972602..f91f7a49f5 100644
--- a/test/build.info
+++ b/test/build.info
@@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}]
           sanitytest rsa_complex exdatatest bntest \
           ecstresstest gmdifftest pbelutest \
           destest mdc2test \
-          exptest \
+          exptest pbetest \
           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
           evp_fetch_prov_test evp_libctx_test ossl_store_test \
           v3nametest v3ext \
@@ -121,6 +121,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[exptest]=../include ../apps/include
   DEPEND[exptest]=../libcrypto libtestutil.a
 
+  SOURCE[pbetest]=pbetest.c
+  INCLUDE[pbetest]=../include ../apps/include
+  DEPEND[pbetest]=../libcrypto libtestutil.a
+
   SOURCE[fatalerrtest]=fatalerrtest.c helpers/ssltestlib.c
   INCLUDE[fatalerrtest]=../include ../apps/include
   DEPEND[fatalerrtest]=../libcrypto ../libssl libtestutil.a
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index 1bed159227..1dea980f00 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -34,6 +34,9 @@ static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *sec
     OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
     OSSL_PARAM *p = params;
 
+    if (params == NULL)
+        return NULL;
+
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                             (char *)digest, 0);
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
@@ -60,8 +63,8 @@ static int test_kdf_tls1_prf(void)
 
     params = construct_tls1_prf_params("sha256", "secret", "seed");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
@@ -78,8 +81,8 @@ static int test_kdf_tls1_prf_invalid_digest(void)
 
     params = construct_tls1_prf_params("blah", "secret", "seed");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
         && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
 
     EVP_KDF_CTX_free(kctx);
@@ -97,8 +100,8 @@ static int test_kdf_tls1_prf_zero_output_size(void)
     params = construct_tls1_prf_params("sha256", "secret", "seed");
 
     /* Negative test - derive should fail */
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
         && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
 
@@ -116,8 +119,8 @@ static int test_kdf_tls1_prf_empty_secret(void)
 
     params = construct_tls1_prf_params("sha256", "", "seed");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
 
     EVP_KDF_CTX_free(kctx);
@@ -134,8 +137,8 @@ static int test_kdf_tls1_prf_1byte_secret(void)
 
     params = construct_tls1_prf_params("sha256", "1", "seed");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
 
     EVP_KDF_CTX_free(kctx);
@@ -153,8 +156,8 @@ static int test_kdf_tls1_prf_empty_seed(void)
     params = construct_tls1_prf_params("sha256", "secret", "");
 
     /* Negative test - derive should fail */
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
         && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
 
@@ -172,8 +175,8 @@ static int test_kdf_tls1_prf_1byte_seed(void)
 
     params = construct_tls1_prf_params("sha256", "secret", "1");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
 
     EVP_KDF_CTX_free(kctx);
@@ -187,6 +190,9 @@ static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
     OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
     OSSL_PARAM *p = params;
 
+    if (params == NULL)
+        return NULL;
+
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                             digest, 0);
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
@@ -203,7 +209,7 @@ static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
 static int test_kdf_hkdf(void)
 {
     int ret;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[10];
     OSSL_PARAM *params;
     static const unsigned char expected[sizeof(out)] = {
@@ -212,8 +218,8 @@ static int test_kdf_hkdf(void)
 
     params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
@@ -225,13 +231,13 @@ static int test_kdf_hkdf(void)
 static int test_kdf_hkdf_invalid_digest(void)
 {
     int ret;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     OSSL_PARAM *params;
 
     params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
         && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
 
     EVP_KDF_CTX_free(kctx);
@@ -242,15 +248,15 @@ static int test_kdf_hkdf_invalid_digest(void)
 static int test_kdf_hkdf_zero_output_size(void)
 {
     int ret;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[10];
     OSSL_PARAM *params;
 
     params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
 
     /* Negative test - derive should fail */
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
         && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
 
@@ -262,14 +268,14 @@ static int test_kdf_hkdf_zero_output_size(void)
 static int test_kdf_hkdf_empty_key(void)
 {
     int ret;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[10];
     OSSL_PARAM *params;
 
     params = construct_hkdf_params("sha256", "", 0, "salt", "label");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
 
     EVP_KDF_CTX_free(kctx);
@@ -280,14 +286,14 @@ static int test_kdf_hkdf_empty_key(void)
 static int test_kdf_hkdf_1byte_key(void)
 {
     int ret;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[10];
     OSSL_PARAM *params;
 
     params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
 
     EVP_KDF_CTX_free(kctx);
@@ -298,14 +304,14 @@ static int test_kdf_hkdf_1byte_key(void)
 static int test_kdf_hkdf_empty_salt(void)
 {
     int ret;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[10];
     OSSL_PARAM *params;
 
     params = construct_hkdf_params("sha256", "secret", 6, "", "label");
 
-    ret =
-        TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
+    ret = TEST_ptr(params)
+        && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
 
     EVP_KDF_CTX_free(kctx);
@@ -313,12 +319,74 @@ static int test_kdf_hkdf_empty_salt(void)
     return ret;
 }
 
+static OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt,
+    unsigned int *iter)
+{
+    OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
+    OSSL_PARAM *p = params;
+
+    if (params == NULL)
+        return NULL;
+
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
+                                             (unsigned char *)pass, strlen(pass));
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                             (unsigned char *)salt, strlen(salt));
+    *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                             digest, 0);
+    *p = OSSL_PARAM_construct_end();
+
+    return params;
+}
+
+static int test_kdf_pbkdf1(void)
+{
+    int ret = 0;
+    EVP_KDF_CTX *kctx = NULL;
+    unsigned char out[25];
+    unsigned int iterations = 4096;
+    OSSL_PARAM *params;
+    OSSL_PROVIDER *prov = NULL;
+    const unsigned char expected[sizeof(out)] = {
+        0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
+        0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
+        0xcc
+    };
+
+    /* PBKDF1 only available in the legacy provider */
+    prov = OSSL_PROVIDER_load(NULL, "legacy");
+    if (prov == NULL)
+        return TEST_skip("PBKDF1 only available in legacy provider");
+
+    params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
+                                     "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+                                     &iterations);
+
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF1))
+        || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
+        || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
+        || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
+        goto err;
+
+    ret = 1;
+err:
+    EVP_KDF_CTX_free(kctx);
+    OPENSSL_free(params);
+    OSSL_PROVIDER_unload(prov);
+    return ret;
+}
+
 static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
     unsigned int *iter, int *mode)
 {
     OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
     OSSL_PARAM *p = params;
 
+    if (params == NULL)
+        return NULL;
+
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
                                              (unsigned char *)pass, strlen(pass));
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
@@ -335,7 +403,7 @@ static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
 static int test_kdf_pbkdf2(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[25];
     unsigned int iterations = 4096;
     int mode = 0;
@@ -351,7 +419,8 @@ static int test_kdf_pbkdf2(void)
                                      "saltSALTsaltSALTsaltSALTsaltSALTsalt",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
         || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
         goto err;
@@ -366,7 +435,7 @@ err:
 static int test_kdf_pbkdf2_small_output(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[25];
     unsigned int iterations = 4096;
     int mode = 0;
@@ -376,7 +445,8 @@ static int test_kdf_pbkdf2_small_output(void)
                                      "saltSALTsaltSALTsaltSALTsaltSALTsalt",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         /* A key length that is too small should fail */
         || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
@@ -392,7 +462,7 @@ err:
 static int test_kdf_pbkdf2_large_output(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[25];
     size_t len = 0;
     unsigned int iterations = 4096;
@@ -406,7 +476,8 @@ static int test_kdf_pbkdf2_large_output(void)
                                      "saltSALTsaltSALTsaltSALTsaltSALTsalt",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         /* A key length that is too large should fail */
         || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
@@ -422,7 +493,7 @@ err:
 static int test_kdf_pbkdf2_small_salt(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned int iterations = 4096;
     int mode = 0;
     OSSL_PARAM *params;
@@ -431,7 +502,8 @@ static int test_kdf_pbkdf2_small_salt(void)
                                      "saltSALT",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         /* A salt that is too small should fail */
         || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
         goto err;
@@ -446,7 +518,7 @@ err:
 static int test_kdf_pbkdf2_small_iterations(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned int iterations = 1;
     int mode = 0;
     OSSL_PARAM *params;
@@ -455,7 +527,8 @@ static int test_kdf_pbkdf2_small_iterations(void)
                                      "saltSALTsaltSALTsaltSALTsaltSALTsalt",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         /* An iteration count that is too small should fail */
         || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
         goto err;
@@ -470,7 +543,7 @@ err:
 static int test_kdf_pbkdf2_small_salt_pkcs5(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[25];
     unsigned int iterations = 4096;
     int mode = 1;
@@ -481,7 +554,8 @@ static int test_kdf_pbkdf2_small_salt_pkcs5(void)
                                      "saltSALT",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         /* A salt that is too small should pass in pkcs5 mode */
         || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
@@ -506,7 +580,7 @@ err:
 static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned char out[25];
     unsigned int iterations = 1;
     int mode = 1;
@@ -517,7 +591,8 @@ static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
                                      "saltSALTsaltSALTsaltSALTsaltSALTsalt",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         /* An iteration count that is too small will pass in pkcs5 mode */
         || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
@@ -542,7 +617,7 @@ err:
 static int test_kdf_pbkdf2_invalid_digest(void)
 {
     int ret = 0;
-    EVP_KDF_CTX *kctx;
+    EVP_KDF_CTX *kctx = NULL;
     unsigned int iterations = 4096;
     int mode = 0;
     OSSL_PARAM *params;
@@ -551,7 +626,8 @@ static int test_kdf_pbkdf2_invalid_digest(void)
                                      "saltSALTsaltSALTsaltSALTsaltSALTsalt",
                                      &iterations, &mode);
 
-    if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
+    if (!TEST_ptr(params)
+        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
         /* Unknown digest should fail */
         || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
         goto err;
@@ -831,6 +907,9 @@ static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char
     OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
     OSSL_PARAM *p = params;
 
+    if (params == NULL)
+        return NULL;
+
     *p++ = OSSL_PARAM_construct_utf8_string(
         OSSL_KDF_PARAM_DIGEST, digest, 0);
     *p++ = OSSL_PARAM_construct_utf8_string(
@@ -857,6 +936,8 @@ static int test_kdf_kbkdf_invalid_digest(void)
     static unsigned char key[] = {0x01};
 
     params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
+    if (!TEST_ptr(params))
+        return 0;
 
     /* Negative test case - set_params should fail */
     kctx = get_kdfbyname("KBKDF");
@@ -877,6 +958,8 @@ static int test_kdf_kbkdf_invalid_mac(void)
     static unsigned char key[] = {0x01};
 
     params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
+    if (!TEST_ptr(params))
+        return 0;
 
     /* Negative test case - set_params should fail */
     kctx = get_kdfbyname("KBKDF");
@@ -898,6 +981,8 @@ static int test_kdf_kbkdf_empty_key(void)
     unsigned char result[32] = { 0 };
 
     params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
+    if (!TEST_ptr(params))
+        return 0;
 
     /* Negative test case - derive should fail */
     kctx = get_kdfbyname("KBKDF");
@@ -920,6 +1005,8 @@ static int test_kdf_kbkdf_1byte_key(void)
     unsigned char result[32] = { 0 };
 
     params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
+    if (!TEST_ptr(params))
+        return 0;
 
     kctx = get_kdfbyname("KBKDF");
     ret = TEST_ptr(kctx)
@@ -940,6 +1027,8 @@ static int test_kdf_kbkdf_zero_output_size(void)
     unsigned char result[32] = { 0 };
 
     params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
+    if (!TEST_ptr(params))
+        return 0;
 
     /* Negative test case - derive should fail */
     kctx = get_kdfbyname("KBKDF");
@@ -1394,6 +1483,7 @@ int setup_tests(void)
     ADD_TEST(test_kdf_hkdf_empty_key);
     ADD_TEST(test_kdf_hkdf_1byte_key);
     ADD_TEST(test_kdf_hkdf_empty_salt);
+    ADD_TEST(test_kdf_pbkdf1);
     ADD_TEST(test_kdf_pbkdf2);
     ADD_TEST(test_kdf_pbkdf2_small_output);
     ADD_TEST(test_kdf_pbkdf2_large_output);
diff --git a/test/pbetest.c b/test/pbetest.c
new file mode 100644
index 0000000000..81dbfc1388
--- /dev/null
+++ b/test/pbetest.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "testutil.h"
+
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rc4.h>
+#include <openssl/md5.h>
+
+#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
+# if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
+
+static const char pbe_password[] = "MyVoiceIsMyPassport";
+
+static unsigned char pbe_salt[] = {
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+};
+
+static const int pbe_iter = 1000;
+
+static unsigned char pbe_plaintext[] = {
+    0x57, 0x65, 0x20, 0x61, 0x72, 0x65, 0x20, 0x61,
+    0x6c, 0x6c, 0x20, 0x6d, 0x61, 0x64, 0x65, 0x20,
+    0x6f, 0x66, 0x20, 0x73, 0x74, 0x61, 0x72, 0x73,
+};
+# endif
+#endif
+
+/* Expected output generated using OpenSSL 1.1.1 */
+
+#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
+static const unsigned char pbe_ciphertext_rc4_md5[] = {
+    0x21, 0x90, 0xfa, 0xee, 0x95, 0x66, 0x59, 0x45,
+    0xfa, 0x1e, 0x9f, 0xe2, 0x25, 0xd2, 0xf9, 0x71,
+    0x94, 0xe4, 0x3d, 0xc9, 0x7c, 0xb0, 0x07, 0x23,
+};
+#endif
+
+#if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
+static const unsigned char pbe_ciphertext_des_sha1[] = {
+    0xce, 0x4b, 0xb0, 0x0a, 0x7b, 0x48, 0xd7, 0xe3,
+    0x9a, 0x9f, 0x46, 0xd6, 0x41, 0x42, 0x4b, 0x44,
+    0x36, 0x45, 0x5f, 0x60, 0x8f, 0x3c, 0xd0, 0x55,
+    0xd0, 0x8d, 0xa9, 0xab, 0x78, 0x5b, 0x63, 0xaf,
+};
+#endif
+
+#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
+# if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
+static int test_pkcs5_pbe(const EVP_CIPHER *cipher, const EVP_MD *md,
+                          const unsigned char *exp, const int exp_len)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx;
+    X509_ALGOR *algor = NULL;
+    int i, outlen;
+    unsigned char out[32];
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (!TEST_ptr(ctx))
+        goto err;
+
+    algor = X509_ALGOR_new();
+    if (!TEST_ptr(algor))
+        goto err;
+
+    if (!TEST_true(PKCS5_pbe_set0_algor(algor, EVP_CIPHER_nid(cipher), pbe_iter,
+                                        pbe_salt, sizeof(pbe_salt)))
+        || !TEST_true(PKCS5_PBE_keyivgen(ctx, pbe_password, strlen(pbe_password),
+                                          algor->parameter, cipher, md, 1))
+        || !TEST_true(EVP_CipherUpdate(ctx, out, &i, pbe_plaintext,
+                                       sizeof(pbe_plaintext))))
+        goto err;
+    outlen = i;
+
+    if (!TEST_true(EVP_CipherFinal_ex(ctx, out + i, &i)))
+        goto err;
+    outlen += i;
+
+    if (!TEST_mem_eq(out, outlen, exp, exp_len))
+        goto err;
+
+    /* Decrypt */
+
+    if (!TEST_true(PKCS5_PBE_keyivgen(ctx, pbe_password, strlen(pbe_password),
+                                          algor->parameter, cipher, md, 0))
+        || !TEST_true(EVP_CipherUpdate(ctx, out, &i, exp, exp_len)))
+        goto err;
+
+    outlen = i;
+    if (!TEST_true(EVP_CipherFinal_ex(ctx, out + i, &i)))
+        goto err;
+
+    if (!TEST_mem_eq(out, outlen, pbe_plaintext, sizeof(pbe_plaintext)))
+        goto err;
+
+    ret = 1;
+err:
+    EVP_CIPHER_CTX_free(ctx);
+    X509_ALGOR_free(algor);
+    return ret;
+}
+# endif
+#endif
+
+#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
+static int test_pkcs5_pbe_rc4_md5(void)
+{
+    return test_pkcs5_pbe(EVP_rc4(), EVP_md5(), pbe_ciphertext_rc4_md5, sizeof(pbe_ciphertext_rc4_md5));
+}
+#endif
+
+#if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
+static int test_pkcs5_pbe_des_sha1(void)
+{
+    return test_pkcs5_pbe(EVP_des_cbc(), EVP_sha1(), pbe_ciphertext_des_sha1, sizeof(pbe_ciphertext_des_sha1));
+}
+#endif
+
+int setup_tests(void)
+{
+#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
+    ADD_TEST(test_pkcs5_pbe_rc4_md5);
+#endif
+#if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
+    ADD_TEST(test_pkcs5_pbe_des_sha1);
+#endif
+
+    return 1;
+}
diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/05-test_pbe.t
similarity index 65%
copy from test/recipes/04-test_encoder_decoder.t
copy to test/recipes/05-test_pbe.t
index 2041eb1fb9..76319f1151 100644
--- a/test/recipes/04-test_encoder_decoder.t
+++ b/test/recipes/05-test_pbe.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -10,14 +10,19 @@ use strict;
 use warnings;
 
 use OpenSSL::Test::Simple;
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
 use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
 use Cwd qw(abs_path);
 
-setup("test_encoder_decoder");
+setup("test_pbe");
+
+plan skip_all => "PKCS5 PBE only available in legacy provider"
+    if disabled("legacy");
 
 plan tests => 1;
 
-$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
 
-ok(run(test(["endecode_test"])));
+ok(run(test((["pbetest"])), "Running PBE test"));
+
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 8a5c26629c..73077142cd 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -44,6 +44,7 @@ my @files = qw(
                 evpciph_aes_wrap.txt
                 evpciph_des3_common.txt
                 evpkdf_hkdf.txt
+                evpkdf_pbkdf1.txt
                 evpkdf_pbkdf2.txt
                 evpkdf_ss.txt
                 evpkdf_ssh.txt
diff --git a/test/recipes/30-test_evp_data/evpkdf_pbkdf1.txt b/test/recipes/30-test_evp_data/evpkdf_pbkdf1.txt
new file mode 100644
index 0000000000..1e362fdeb9
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evpkdf_pbkdf1.txt
@@ -0,0 +1,136 @@
+#
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Tests start with one of these keywords
+#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
+#       PrivPubKeyPair Sign Verify VerifyRecover
+# and continue until a blank line. Lines starting with a pound sign are ignored.
+
+Title = PBKDF1 tests
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:1
+Ctrl.digest = digest:md2
+Output = 2C5DAEBD49984F34642ACC09BAD696D7
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:1
+Ctrl.digest = digest:md5
+Output = FDBDF3419FFF98BDB0241390F62A9DB3
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:1
+Ctrl.digest = digest:sha1
+Output = CAB86DD6261710891E8CB56EE3625691
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:2
+Ctrl.digest = digest:md2
+Output = FD7999A1AB54B01B4FC39389A5FE820D
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:2
+Ctrl.digest = digest:md5
+Output = 3D4A8D4FB4C6E8686B21D36142902966
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:2
+Ctrl.digest = digest:sha1
+Output = E3A8DFCF2EEA6DC81D2AD154274FAAE9
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:4096
+Ctrl.digest = digest:md2
+Output = 94E4671F438BD6C441C5B120C6CC79CA
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:4096
+Ctrl.digest = digest:md5
+Output = 3283ED8F8D037045157DA055BFF84A02
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:password
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:4096
+Ctrl.digest = digest:sha1
+Output = 3CB0C21E81127F5BFF2EEA2B5DC3F31D
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:passwordPASSWORDpassword
+Ctrl.salt = salt:saltSALT
+Ctrl.iter = iter:65537
+Ctrl.digest = digest:md2
+Output = 36DAA8DEB8B471B26AA8CE064A81E54F
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:passwordPASSWORDpassword
+Ctrl.salt = salt:saltSALT
+Ctrl.iter = iter:65537
+Ctrl.digest = digest:md5
+Output = 763F3BA457E3F9ED088B04B5361D7CCA
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:passwordPASSWORDpassword
+Ctrl.salt = salt:saltSALT
+Ctrl.iter = iter:65537
+Ctrl.digest = digest:sha1
+Output = B2B4635718AAAD9FEF23FE328EB83ECF
+
+Title = PBKDF1 tests for empty inputs
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:1
+Ctrl.digest = digest:md2
+Output = 8ECD1C4C1D57C415295784CCD4686905
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:1
+Ctrl.digest = digest:md5
+Output = F3D07DE5EFB5E2C3EAFC16B0CF7E07FA
+
+Availablein = legacy
+KDF = PBKDF1
+Ctrl.pass = pass:
+Ctrl.salt = salt:saltsalt
+Ctrl.iter = iter:1
+Ctrl.digest = digest:sha1
+Output = 2C2ABACE4BD8BB19F67113DA146DBB8C
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c0c9ee7024..0ac771216c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5413,3 +5413,4 @@ BIO_get_line                            5540	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_from_dispatch          5541	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_child                  5542	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get0_dispatch             5543	3_0_0	EXIST::FUNCTION:
+PKCS5_PBE_keyivgen_ex                   5544	3_0_0	EXIST::FUNCTION:

From no-reply at appveyor.com  Mon May 24 06:29:29 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 24 May 2021 06:29:29 +0000
Subject: Build failed: openssl master.42137
Message-ID: <20210524062929.1.D8083067003D8F60@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210524/3146fb82/attachment.html>

From tomas at openssl.org  Mon May 24 07:47:21 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Mon, 24 May 2021 07:47:21 +0000
Subject: [openssl]  master update
Message-ID: <1621842441.013570.3117.nullmailer@dev.openssl.org>

The branch master has been updated
       via  69d8cf70ef6496e0bc8fc5a27b068b4b4488d4a8 (commit)
       via  d7c18395bfc17d00e490472cbc3fd40dff0d02b7 (commit)
      from  094287551a31ba74eb9bfdb4a808d19f4553371b (commit)


- Log -----------------------------------------------------------------
commit 69d8cf70ef6496e0bc8fc5a27b068b4b4488d4a8
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri May 21 10:56:00 2021 +0200

    Windows CI: use nasm on 32bit and 64bit shared builds
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15349)

commit d7c18395bfc17d00e490472cbc3fd40dff0d02b7
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 19 14:18:04 2021 +0200

    Add some basic Windows builds to the Windows CI workflow
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15349)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/windows.yml | 48 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 57962eef55..56489408b5 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -3,6 +3,54 @@ name: Windows GitHub CI
 on: [pull_request, push]
 
 jobs:
+  shared:
+    runs-on: windows-latest
+    # Run a job for each of the specified target architectures:
+    strategy:
+      matrix:
+        arch:
+          - win64
+          - win32
+    steps:
+    - uses: actions/checkout at v2
+    - uses: ilammy/msvc-dev-cmd at v1
+      with:
+        arch: ${{ matrix.arch }}
+    - uses: ilammy/setup-nasm at v1
+      with:
+        platform: ${{ matrix.arch }}
+    - name: prepare the build directory
+      run: mkdir _build
+    - name: config
+      working-directory: _build
+      run: |
+        if ( "${{ matrix.arch }}" -eq "win32" ) { $target = "VC-WIN32" } else { $target = "VC-WIN64A" }
+        perl ..\Configure --banner=Configured no-makedepend no-fips $target
+        perl configdata.pm --dump
+    - name: build
+      working-directory: _build
+      run: nmake
+    - name: test
+      working-directory: _build
+      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz
+  plain:
+    runs-on: windows-latest
+    steps:
+    - uses: actions/checkout at v2
+    - uses: ilammy/msvc-dev-cmd at v1
+    - name: prepare the build directory
+      run: mkdir _build
+    - name: config
+      working-directory: _build
+      run: |
+        perl ..\Configure --banner=Configured no-makedepend no-shared no-fips VC-WIN64A-masm
+        perl configdata.pm --dump
+    - name: build
+      working-directory: _build
+      run: nmake
+    - name: test
+      working-directory: _build
+      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz
   minimal:
     runs-on: windows-latest
     steps:

From matt at openssl.org  Mon May 24 08:54:21 2021
From: matt at openssl.org (Matt Caswell)
Date: Mon, 24 May 2021 08:54:21 +0000
Subject: [openssl]  master update
Message-ID: <1621846461.909408.15552.nullmailer@dev.openssl.org>

The branch master has been updated
       via  669967fdd8e2174ed2b812df8488715c82f21360 (commit)
      from  69d8cf70ef6496e0bc8fc5a27b068b4b4488d4a8 (commit)


- Log -----------------------------------------------------------------
commit 669967fdd8e2174ed2b812df8488715c82f21360
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 21 12:21:32 2021 +0100

    Don't try the same decoder multiple times
    
    The function collect_decoder decides whether a given decoder should be
    tried or not. It loops through all the names for matching keymgmts to
    see if any are a match or not. If there is a match then the decoder gets
    added. However, each keymgmt may have multiple aliases and a decoder was
    being added for each one. For example DHX has 4 alias names, and therefore
    4 instances of the DHX decoder were added and being tried.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15404)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/decoder_pkey.c | 68 +++++++++++++++++++++++--------------
 1 file changed, 42 insertions(+), 26 deletions(-)

diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index 08deb2d088..fb8f0d219b 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -232,41 +232,57 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg)
     if (data->error_occurred)
         return;
 
-    data->error_occurred = 1;         /* Assume the worst */
-    if (data->names == NULL)
+    if (data->names == NULL) {
+        data->error_occurred = 1;
+        return;
+    }
+
+    /*
+     * Either the caller didn't give a selection, or if they did,
+     * the decoder must tell us if it supports that selection to
+     * be accepted.  If the decoder doesn't have |does_selection|,
+     * it's seen as taking anything.
+     */
+    if (decoder->does_selection != NULL
+            && !decoder->does_selection(provctx, data->ctx->selection))
         return;
 
     end_i = sk_OPENSSL_CSTRING_num(data->names);
     for (i = 0; i < end_i; i++) {
         const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
-        void *decoderctx = NULL;
-        OSSL_DECODER_INSTANCE *di = NULL;
 
-        if (OSSL_DECODER_is_a(decoder, name)
-            /*
-             * Either the caller didn't give a selection, or if they did,
-             * the decoder must tell us if it supports that selection to
-             * be accepted.  If the decoder doesn't have |does_selection|,
-             * it's seen as taking anything.
-             */
-            && (decoder->does_selection == NULL
-                || decoder->does_selection(provctx, data->ctx->selection))
-            && (decoderctx = decoder->newctx(provctx)) != NULL
-            && (di = ossl_decoder_instance_new(decoder, decoderctx)) != NULL) {
-            /* If successful so far, don't free these directly */
-            decoderctx = NULL;
-
-            if (decoder_check_input_structure(data->ctx, di)
-                && ossl_decoder_ctx_add_decoder_inst(data->ctx, di))
-                di = NULL;      /* If successfully added, don't free it */
-        }
+        if (OSSL_DECODER_is_a(decoder, name)) {
+            void *decoderctx = NULL;
+            OSSL_DECODER_INSTANCE *di = NULL;
 
-        /* Free what can be freed */
-        ossl_decoder_instance_free(di);
-        decoder->freectx(decoderctx);
+            if ((decoderctx = decoder->newctx(provctx)) == NULL) {
+                data->error_occurred = 1;
+                return;
+            }
+            if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) {
+                decoder->freectx(decoderctx);
+                data->error_occurred = 1;
+                return;
+            }
+
+            if (!decoder_check_input_structure(data->ctx, di)) {
+                ossl_decoder_instance_free(di);
+                /* Not a fatal error. Just return */
+                return;
+            }
+            if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) {
+                ossl_decoder_instance_free(di);
+                data->error_occurred = 1;
+                return;
+            }
+
+            /* Success */
+            return;
+        }
     }
 
-    data->error_occurred = 0;         /* All is good now */
+    /* Decoder not suitable - but not a fatal error */
+    data->error_occurred = 0;
 }
 
 int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,

From no-reply at appveyor.com  Mon May 24 09:56:14 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 24 May 2021 09:56:14 +0000
Subject: Build failed: openssl master.42138
Message-ID: <20210524095614.1.8B4703913AC9E70C@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210524/33c6ef5f/attachment.html>

From tomas at openssl.org  Mon May 24 12:37:35 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Mon, 24 May 2021 12:37:35 +0000
Subject: [openssl]  master update
Message-ID: <1621859855.838656.14470.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e16d9afe4106503ba6c4b22c9b7c5bd367e3b565 (commit)
       via  2c6e33d86362e1b1201edef62205237f1c8e3724 (commit)
       via  ca29cc1453945fe92c86a312c0f94a8976a46856 (commit)
      from  669967fdd8e2174ed2b812df8488715c82f21360 (commit)


- Log -----------------------------------------------------------------
commit e16d9afe4106503ba6c4b22c9b7c5bd367e3b565
Author: Florian Mickler <florian at mickler.org>
Date:   Mon Jan 13 02:06:49 2020 +0100

    openssl srp: make index.txt parsing error more verbose
    
    If index.txt exists but has some problems (like for example
    consisting of a single \n character or number of fields wrong in one of the lines)
    then openssl will just exit. This fixes it by printing an error when
    load_index returns null.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15360)

commit 2c6e33d86362e1b1201edef62205237f1c8e3724
Author: Florian Mickler <florian at mickler.org>
Date:   Mon Jan 13 02:05:22 2020 +0100

    openssl ocsp: make index.txt parsing error more verbose
    
    If index.txt exists but has some problems (like for example consisting of a single \n character in it,
    or some field-number error in one of the lines) openssl will just exit without any error message.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15360)

commit ca29cc1453945fe92c86a312c0f94a8976a46856
Author: Florian Mickler <florian at mickler.org>
Date:   Mon Jan 13 01:44:24 2020 +0100

    openssl ca: make index.txt parsing error more verbose
    
    If index.txt exists but has some problems (like for example a single \n character in it) openssl will just exit without any error message.
    
    Bug at least expirienced twice: https://superuser.com/questions/1327848/openssl-ca-fails-after-password-without-error-message
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15360)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c   | 8 ++++++--
 apps/ocsp.c | 3 +++
 apps/srp.c  | 4 +++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 923ede4cde..32abc021a6 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -556,8 +556,10 @@ end_of_options:
             goto end;
 
         db = load_index(dbfile, &db_attr);
-        if (db == NULL)
+        if (db == NULL) {
+            BIO_printf(bio_err, "Problem with index file: %s (could not load/parse file)\n", dbfile);
             goto end;
+        }
 
         if (index_index(db) <= 0)
             goto end;
@@ -684,8 +686,10 @@ end_of_options:
         goto end;
 
     db = load_index(dbfile, &db_attr);
-    if (db == NULL)
+    if (db == NULL) {
+        BIO_printf(bio_err, "Problem with index file: %s (could not load/parse file)\n", dbfile);
         goto end;
+    }
 
     /* Lets check some fields */
     for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
diff --git a/apps/ocsp.c b/apps/ocsp.c
index c7cee0faf0..cf4f629db1 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -620,6 +620,9 @@ int ocsp_main(int argc, char **argv)
     if (ridx_filename != NULL) {
         rdb = load_index(ridx_filename, NULL);
         if (rdb == NULL || index_index(rdb) <= 0) {
+            BIO_printf(bio_err,
+                "Problem with index file: %s (could not load/parse file)\n",
+                ridx_filename);
             ret = 1;
             goto end;
         }
diff --git a/apps/srp.c b/apps/srp.c
index 48b99da2af..a9466f8302 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -379,8 +379,10 @@ int srp_main(int argc, char **argv)
                    srpvfile);
 
     db = load_index(srpvfile, NULL);
-    if (db == NULL)
+    if (db == NULL) {
+        BIO_printf(bio_err, "Problem with index file: %s (could not load/parse file)\n", srpvfile);
         goto end;
+    }
 
     /* Lets check some fields */
     for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {

From levitte at openssl.org  Mon May 24 12:38:45 2021
From: levitte at openssl.org (Richard Levitte)
Date: Mon, 24 May 2021 12:38:45 +0000
Subject: [openssl]  master update
Message-ID: <1621859925.369771.16153.nullmailer@dev.openssl.org>

The branch master has been updated
       via  733094ec6b718ebced449b275a780ec3d0a361a5 (commit)
      from  e16d9afe4106503ba6c4b22c9b7c5bd367e3b565 (commit)


- Log -----------------------------------------------------------------
commit 733094ec6b718ebced449b275a780ec3d0a361a5
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 21 06:07:25 2021 +0200

    TEST: Avoid using just 'example.com'  - test_cmp_http
    
    We have reports that some are using example.com in their /etc/hosts
    for testing purposes, so we can't necessarily assume that those will
    fail.
    
    We fix it by using "random" hosts in that domain.
    
    Fixes #15395
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15398)

-----------------------------------------------------------------------

Summary of changes:
 test/recipes/80-test_cmp_http_data/Mock/test.cnf       | 6 +++---
 test/recipes/80-test_cmp_http_data/test_connection.csv | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
index 503ded18e3..8c8913b3c9 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
@@ -135,6 +135,6 @@ subjectAltName = @alt_names_3
 
 [alt_names_3]
 DNS.0 = localhost
-DNS.1 = example.com
-DNS.2 = example2.com
-DNS__3 = example3.com
+DNS.1 = xn--rksmrgs-5wao1o.example.com
+DNS.2 = xn--rkmacka-5wa.example.com
+DNS__3 = xn--rksallad-0za.example.com
diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv
index 55670cf446..33a572a29d 100644
--- a/test/recipes/80-test_cmp_http_data/test_connection.csv
+++ b/test/recipes/80-test_cmp_http_data/test_connection.csv
@@ -5,7 +5,7 @@ expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls
 TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,,,,,,,,,,,,
 TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
 ,,,,,,,,,,,,,,,,,,,
-0,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
+0,wrong server, -section,, -server,xn--rksmrgs-5wao1o.example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
 0,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
 0,server default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
 0,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,

From tomas at openssl.org  Mon May 24 12:39:21 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Mon, 24 May 2021 12:39:21 +0000
Subject: [openssl]  master update
Message-ID: <1621859961.394868.17506.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7217decc7c454eec4a6d4ce163ac44b4558fe03b (commit)
      from  733094ec6b718ebced449b275a780ec3d0a361a5 (commit)


- Log -----------------------------------------------------------------
commit 7217decc7c454eec4a6d4ce163ac44b4558fe03b
Author: Juergen Christ <jchrist at linux.ibm.com>
Date:   Thu May 20 13:27:43 2021 +0200

    Fix warning in gf_serialize
    
    Compiling under -Werror fails in gf_serialize:
    
    crypto/ec/curve448/f_generic.c:21:27: error: argument 1 of type 'uint8_t[56]' {aka 'unsigned char[56]'} with mismatched bound [-Werror=array-parameter=]
       21 | void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
          |                   ~~~~~~~~^~~~~~~~~~~~~~~~~
    In file included from crypto/ec/curve448/f_generic.c:12:
    crypto/ec/curve448/field.h:65:28: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
    void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
                      ~~~~~~~~~^~~~~~
    Changed parameter to pointer to fix this warning.
    
    Signed-off-by: Juergen Christ <jchrist at linux.ibm.com>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15376)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/curve448/f_generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ec/curve448/f_generic.c b/crypto/ec/curve448/f_generic.c
index 7e63998a21..3f4d7c7a9e 100644
--- a/crypto/ec/curve448/f_generic.c
+++ b/crypto/ec/curve448/f_generic.c
@@ -18,7 +18,7 @@ static const gf MODULUS = {
 };
 
 /* Serialize to wire format. */
-void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
+void gf_serialize(uint8_t *serial, const gf x, int with_hibit)
 {
     unsigned int j = 0, fill = 0;
     dword_t buffer = 0;

From no-reply at appveyor.com  Mon May 24 13:19:07 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 24 May 2021 13:19:07 +0000
Subject: Build failed: openssl master.42139
Message-ID: <20210524131907.1.02786FB58125B8C8@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210524/1e06d326/attachment.html>

From no-reply at appveyor.com  Mon May 24 16:52:59 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 24 May 2021 16:52:59 +0000
Subject: Build failed: openssl master.42140
Message-ID: <20210524165259.1.CA91313B2A658664@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210524/6e2f41fb/attachment.html>

From no-reply at appveyor.com  Mon May 24 20:25:57 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 24 May 2021 20:25:57 +0000
Subject: Build failed: openssl master.42141
Message-ID: <20210524202557.1.9F60A343D666A4E2@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210524/c625a453/attachment.html>

From no-reply at appveyor.com  Mon May 24 23:47:31 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 24 May 2021 23:47:31 +0000
Subject: Build failed: openssl master.42142
Message-ID: <20210524234731.1.3CBD09D0CE1C3D58@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210524/cf5eeb22/attachment.html>

From pauli at openssl.org  Tue May 25 00:25:34 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 25 May 2021 00:25:34 +0000
Subject: [openssl]  master update
Message-ID: <1621902334.842516.2941.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3c9f992aa03aa8d75a1815a72d58dceeeb71e2a2 (commit)
      from  7217decc7c454eec4a6d4ce163ac44b4558fe03b (commit)


- Log -----------------------------------------------------------------
commit 3c9f992aa03aa8d75a1815a72d58dceeeb71e2a2
Author: Richard Levitte <levitte at openssl.org>
Date:   Sun May 23 08:53:34 2021 +0200

    DOCS: Don't mention internal functions in public documentation
    
    This time noticed in OSSL_trace_set_channel.pod, and it turned out to
    be easy to mention the public functions affected instead.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15422)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/OSSL_trace_set_channel.pod | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod
index 84dcfb5157..7564c60842 100644
--- a/doc/man3/OSSL_trace_set_channel.pod
+++ b/doc/man3/OSSL_trace_set_channel.pod
@@ -140,9 +140,10 @@ Traces the ciphers used by the TLS/SSL protocol.
 
 Traces the ENGINE algorithm table selection.
 
-More precisely, engine_table_select(), the function that is used by
-RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
-functional references (etc), will generate trace summaries.
+More precisely, functions like ENGINE_get_pkey_asn1_meth_engine(),
+ENGINE_get_pkey_meth_engine(), ENGINE_get_cipher_engine(),
+ENGINE_get_digest_engine(), will generate trace summaries of the
+handling of internal tables.
 
 =item B<OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT>
 

From pauli at openssl.org  Tue May 25 00:27:21 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 25 May 2021 00:27:21 +0000
Subject: [openssl]  master update
Message-ID: <1621902441.633813.6265.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a861711bcded8e259156342be697d72ec65f0aa2 (commit)
      from  3c9f992aa03aa8d75a1815a72d58dceeeb71e2a2 (commit)


- Log -----------------------------------------------------------------
commit a861711bcded8e259156342be697d72ec65f0aa2
Author: Rich Salz <rsalz at akamai.com>
Date:   Sat May 22 15:57:07 2021 -0400

    Remove engine_table_select_int
    
    Add missing file/line args and call it engine_table_select
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15419)

-----------------------------------------------------------------------

Summary of changes:
 crypto/engine/eng_local.h | 6 ++----
 crypto/engine/eng_table.c | 4 ++--
 crypto/engine/tb_asnmth.c | 3 ++-
 crypto/engine/tb_cipher.c | 3 ++-
 crypto/engine/tb_dh.c     | 3 ++-
 crypto/engine/tb_digest.c | 3 ++-
 crypto/engine/tb_dsa.c    | 3 ++-
 crypto/engine/tb_eckey.c  | 3 ++-
 crypto/engine/tb_pkmeth.c | 3 ++-
 crypto/engine/tb_rand.c   | 3 ++-
 crypto/engine/tb_rsa.c    | 3 ++-
 11 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h
index 1862920157..ef96a5769f 100644
--- a/crypto/engine/eng_local.h
+++ b/crypto/engine/eng_local.h
@@ -62,10 +62,8 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                           int setdefault);
 void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
 void engine_table_cleanup(ENGINE_TABLE **table);
-ENGINE *engine_table_select_int(ENGINE_TABLE **table, int nid, const char *f,
-                                int l);
-# define engine_table_select(t,n)                               \
-    engine_table_select_int(t,n,OPENSSL_FILE,OPENSSL_LINE)
+ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
+                                 const char *f, int l);
 typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
                                       ENGINE *def, void *arg);
 void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
index 63d32e524d..a8209d9e71 100644
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@@ -194,8 +194,8 @@ void engine_table_cleanup(ENGINE_TABLE **table)
 }
 
 /* return a functional reference for a given 'nid' */
-ENGINE *engine_table_select_int(ENGINE_TABLE **table, int nid, const char *f,
-                                int l)
+ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
+                                 const char *f, int l)
 {
     ENGINE *ret = NULL;
     ENGINE_PILE tmplate, *fnd = NULL;
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
index 5212ec39b7..fffd4888f9 100644
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -76,7 +76,8 @@ int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
  */
 ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
 {
-    return engine_table_select(&pkey_asn1_meth_table, nid);
+    return ossl_engine_table_select(&pkey_asn1_meth_table, nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /*
diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c
index cb17508ac8..5938b4e292 100644
--- a/crypto/engine/tb_cipher.c
+++ b/crypto/engine/tb_cipher.c
@@ -65,7 +65,8 @@ int ENGINE_set_default_ciphers(ENGINE *e)
  */
 ENGINE *ENGINE_get_cipher_engine(int nid)
 {
-    return engine_table_select(&cipher_table, nid);
+    return ossl_engine_table_select(&cipher_table, nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains a cipher implementation from an ENGINE functional reference */
diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c
index 6ba2c0a859..1da3b60587 100644
--- a/crypto/engine/tb_dh.c
+++ b/crypto/engine/tb_dh.c
@@ -58,7 +58,8 @@ int ENGINE_set_default_DH(ENGINE *e)
  */
 ENGINE *ENGINE_get_default_DH(void)
 {
-    return engine_table_select(&dh_table, dummy_nid);
+    return ossl_engine_table_select(&dh_table, dummy_nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains an DH implementation from an ENGINE functional reference */
diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c
index 6b1cc05ab4..a7c78d3d7c 100644
--- a/crypto/engine/tb_digest.c
+++ b/crypto/engine/tb_digest.c
@@ -65,7 +65,8 @@ int ENGINE_set_default_digests(ENGINE *e)
  */
 ENGINE *ENGINE_get_digest_engine(int nid)
 {
-    return engine_table_select(&digest_table, nid);
+    return ossl_engine_table_select(&digest_table, nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains a digest implementation from an ENGINE functional reference */
diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c
index f3b1b6820c..acbaf877ac 100644
--- a/crypto/engine/tb_dsa.c
+++ b/crypto/engine/tb_dsa.c
@@ -58,7 +58,8 @@ int ENGINE_set_default_DSA(ENGINE *e)
  */
 ENGINE *ENGINE_get_default_DSA(void)
 {
-    return engine_table_select(&dsa_table, dummy_nid);
+    return ossl_engine_table_select(&dsa_table, dummy_nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains an DSA implementation from an ENGINE functional reference */
diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c
index c58037ea89..3e7c7eed89 100644
--- a/crypto/engine/tb_eckey.c
+++ b/crypto/engine/tb_eckey.c
@@ -58,7 +58,8 @@ int ENGINE_set_default_EC(ENGINE *e)
  */
 ENGINE *ENGINE_get_default_EC(void)
 {
-    return engine_table_select(&dh_table, dummy_nid);
+    return ossl_engine_table_select(&dh_table, dummy_nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains an EC_KEY implementation from an ENGINE functional reference */
diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c
index ad7f2d764f..a19784d049 100644
--- a/crypto/engine/tb_pkmeth.c
+++ b/crypto/engine/tb_pkmeth.c
@@ -66,7 +66,8 @@ int ENGINE_set_default_pkey_meths(ENGINE *e)
  */
 ENGINE *ENGINE_get_pkey_meth_engine(int nid)
 {
-    return engine_table_select(&pkey_meth_table, nid);
+    return ossl_engine_table_select(&pkey_meth_table, nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains a pkey_meth implementation from an ENGINE functional reference */
diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c
index c7fdf8b268..173fe4efb1 100644
--- a/crypto/engine/tb_rand.c
+++ b/crypto/engine/tb_rand.c
@@ -58,7 +58,8 @@ int ENGINE_set_default_RAND(ENGINE *e)
  */
 ENGINE *ENGINE_get_default_RAND(void)
 {
-    return engine_table_select(&rand_table, dummy_nid);
+    return ossl_engine_table_select(&rand_table, dummy_nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains an RAND implementation from an ENGINE functional reference */
diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c
index 9b1329a2e0..41c002ba93 100644
--- a/crypto/engine/tb_rsa.c
+++ b/crypto/engine/tb_rsa.c
@@ -58,7 +58,8 @@ int ENGINE_set_default_RSA(ENGINE *e)
  */
 ENGINE *ENGINE_get_default_RSA(void)
 {
-    return engine_table_select(&rsa_table, dummy_nid);
+    return ossl_engine_table_select(&rsa_table, dummy_nid,
+                                    OPENSSL_FILE, OPENSSL_LINE);
 }
 
 /* Obtains an RSA implementation from an ENGINE functional reference */

From no-reply at appveyor.com  Tue May 25 03:14:16 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 25 May 2021 03:14:16 +0000
Subject: Build failed: openssl master.42143
Message-ID: <20210525031416.1.8F54C13011DBA8E3@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210525/9cc7f9c9/attachment.html>

From shane.lontis at oracle.com  Tue May 25 05:01:41 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Tue, 25 May 2021 05:01:41 +0000
Subject: [openssl]  master update
Message-ID: <1621918901.186581.1693.nullmailer@dev.openssl.org>

The branch master has been updated
       via  2abffec0f02ef400ca434890f5baf08fc24dd7ca (commit)
      from  a861711bcded8e259156342be697d72ec65f0aa2 (commit)


- Log -----------------------------------------------------------------
commit 2abffec0f02ef400ca434890f5baf08fc24dd7ca
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Wed May 5 10:36:41 2021 +1000

    Add fipsinstall option to run self test KATS on module load
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15149)

-----------------------------------------------------------------------

Summary of changes:
 apps/fipsinstall.c                  | 64 ++++++++++++++++++++++---------------
 doc/man1/openssl-fipsinstall.pod.in | 13 +++++++-
 doc/man5/fips_config.pod            |  3 +-
 providers/fips/self_test.c          |  6 +++-
 test/recipes/03-test_fipsinstall.t  | 17 +++++++++-
 5 files changed, 73 insertions(+), 30 deletions(-)

diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 6a104e60aa..4defa0ab81 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -38,7 +38,8 @@ typedef enum OPTION_choice {
     OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY,
     OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG,
     OPT_NO_CONDITIONAL_ERRORS,
-    OPT_NO_SECURITY_CHECKS
+    OPT_NO_SECURITY_CHECKS,
+    OPT_SELF_TEST_ONLOAD
 } OPTION_CHOICE;
 
 const OPTIONS fipsinstall_options[] = {
@@ -55,6 +56,8 @@ const OPTIONS fipsinstall_options[] = {
       " any conditional self tests fail"},
     {"no_security_checks", OPT_NO_SECURITY_CHECKS, '-',
      "Disable the run-time FIPS security checks in the module"},
+    {"self_test_onload", OPT_SELF_TEST_ONLOAD, '-',
+     "Forces self tests to always run on module load"},
     OPT_SECTION("Input"),
     {"in", OPT_IN, '<', "Input config file, used when verifying"},
 
@@ -163,7 +166,7 @@ static int write_config_fips_section(BIO *out, const char *section,
                       module_mac_len))
         goto end;
 
-    if (install_mac != NULL) {
+    if (install_mac != NULL && install_mac_len > 0) {
         if (!print_mac(out, OSSL_PROV_FIPS_PARAM_INSTALL_MAC, install_mac,
                        install_mac_len)
             || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
@@ -247,11 +250,6 @@ static int verify_config(const char *infile, const char *section,
         BIO_printf(bio_err, "version not found\n");
         goto end;
     }
-    s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_STATUS);
-    if (s == NULL || strcmp(s, INSTALL_STATUS_VAL) != 0) {
-        BIO_printf(bio_err, "install status not found\n");
-        goto end;
-    }
     s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_MODULE_MAC);
     if (s == NULL) {
         BIO_printf(bio_err, "Module integrity MAC not found\n");
@@ -264,17 +262,24 @@ static int verify_config(const char *infile, const char *section,
         BIO_printf(bio_err, "Module integrity mismatch\n");
         goto end;
     }
-    s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_MAC);
-    if (s == NULL) {
-        BIO_printf(bio_err, "Install indicator MAC not found\n");
-        goto end;
-    }
-    buf2 = OPENSSL_hexstr2buf(s, &len);
-    if (buf2 == NULL
-            || (size_t)len != install_mac_len
-            || memcmp(install_mac, buf2, install_mac_len) != 0) {
-        BIO_printf(bio_err, "Install indicator status mismatch\n");
-        goto end;
+    if (install_mac != NULL && install_mac_len > 0) {
+        s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_STATUS);
+        if (s == NULL || strcmp(s, INSTALL_STATUS_VAL) != 0) {
+            BIO_printf(bio_err, "install status not found\n");
+            goto end;
+        }
+        s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_MAC);
+        if (s == NULL) {
+            BIO_printf(bio_err, "Install indicator MAC not found\n");
+            goto end;
+        }
+        buf2 = OPENSSL_hexstr2buf(s, &len);
+        if (buf2 == NULL
+                || (size_t)len != install_mac_len
+                || memcmp(install_mac, buf2, install_mac_len) != 0) {
+            BIO_printf(bio_err, "Install indicator status mismatch\n");
+            goto end;
+        }
     }
     ret = 1;
 end:
@@ -286,7 +291,7 @@ end:
 
 int fipsinstall_main(int argc, char **argv)
 {
-    int ret = 1, verify = 0, gotkey = 0, gotdigest = 0;
+    int ret = 1, verify = 0, gotkey = 0, gotdigest = 0, self_test_onload = 0;
     int enable_conditional_errors = 1, enable_security_checks = 1;
     const char *section_name = "fips_sect";
     const char *mac_name = "HMAC";
@@ -371,6 +376,9 @@ opthelp:
         case OPT_VERIFY:
             verify = 1;
             break;
+        case OPT_SELF_TEST_ONLOAD:
+            self_test_onload = 1;
+            break;
         }
     }
 
@@ -462,14 +470,18 @@ opthelp:
     if (!do_mac(ctx, read_buffer, module_bio, module_mac, &module_mac_len))
         goto end;
 
-    mem_bio = BIO_new_mem_buf((const void *)INSTALL_STATUS_VAL,
-                              strlen(INSTALL_STATUS_VAL));
-    if (mem_bio == NULL) {
-        BIO_printf(bio_err, "Unable to create memory BIO\n");
-        goto end;
+    if (self_test_onload == 0) {
+        mem_bio = BIO_new_mem_buf((const void *)INSTALL_STATUS_VAL,
+                                  strlen(INSTALL_STATUS_VAL));
+        if (mem_bio == NULL) {
+            BIO_printf(bio_err, "Unable to create memory BIO\n");
+            goto end;
+        }
+        if (!do_mac(ctx2, read_buffer, mem_bio, install_mac, &install_mac_len))
+            goto end;
+    } else {
+        install_mac_len = 0;
     }
-    if (!do_mac(ctx2, read_buffer, mem_bio, install_mac, &install_mac_len))
-        goto end;
 
     if (verify) {
         if (!verify_config(in_fname, section_name, module_mac, module_mac_len,
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index 89e908c887..d79e237dba 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -21,6 +21,7 @@ B<openssl fipsinstall>
 [B<-quiet>]
 [B<-no_conditional_errors>]
 [B<-no_security_checks>]
+[B<-self_test_onload>]
 [B<-corrupt_desc> I<selftest_description>]
 [B<-corrupt_type> I<selftest_type>]
 [B<-config> I<parent_config>]
@@ -30,7 +31,7 @@ B<openssl fipsinstall>
 This command is used to generate a FIPS module configuration file.
 This configuration file can be used each time a FIPS module is loaded
 in order to pass data to the FIPS module self tests. The FIPS module always
-verifies its MAC, but only needs to run the KAT's once,
+verifies its MAC, but optionally only needs to run the KAT's once,
 at installation.
 
 The generated configuration file consists of:
@@ -163,6 +164,16 @@ fails as described above.
 
 Configure the module to not perform run-time security checks as described above.
 
+=item B<-self_test_onload>
+
+Do not write the two fields related to the "test status indicator" and
+"MAC status indicator" to the output configuration file. Without these fields
+the self tests KATS will run each time the module is loaded. This option could be
+used for cross compiling, since the self tests need to run at least once on each
+target machine. Once the self tests have run on the target machine the user
+could possibly then add the 2 fields into the configuration using some other
+mechanism.
+
 =item B<-quiet>
 
 Do not output pass/fail messages. Implies B<-noout>.
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 728386544a..fe0e08ab9e 100644
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -16,7 +16,8 @@ purposes:
 
 =item - Run the startup FIPS self-test known answer tests (KATS).
 
-This is done once, at installation time.
+This is normally done once, at installation time, but may also be set up to
+run each time the module is used.
 
 =item - Verify the module's checksum.
 
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 34dbf6cb85..2b3b30de27 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -331,7 +331,11 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
         }
     }
 
-    /* Only runs the KAT's during installation OR on_demand() */
+    /*
+     * Only runs the KAT's during installation OR on_demand().
+     * NOTE: If the installation option 'self_test_onload' is chosen then this
+     * path will always be run, since kats_already_passed will always be 0.
+     */
     if (on_demand_test || kats_already_passed == 0) {
         if (!SELF_TEST_kats(ev, st->libctx)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index bc0c94cc97..c243b3b3af 100644
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -24,7 +24,7 @@ use platform;
 
 plan skip_all => "Test only supported in a fips build" if disabled("fips");
 
-plan tests => 26;
+plan tests => 29;
 
 my $infile = bldtop_file('providers', platform->dso('fips'));
 my $fipskey = $ENV{FIPSKEY} // '00';
@@ -286,3 +286,18 @@ ok(replace_parent_line_file('fips_bad_module_mac.cnf',
    && !run(app(['openssl', 'fipsinstall',
                 '-config', 'fips_parent_bad_module_mac.cnf'])),
    "verify load config fail bad module mac");
+
+
+my $stconf = "fipsmodule_selftest.cnf";
+
+ok(run(app(['openssl', 'fipsinstall', '-out', $stconf,
+            '-module', $infile, '-self_test_onload'])),
+       "fipsinstall config saved without self test indicator");
+
+ok(!run(app(['openssl', 'fipsinstall', '-in', $stconf,
+             '-module', $infile, '-verify'])),
+        "fipsinstall config verify fails without self test indicator");
+
+ok(run(app(['openssl', 'fipsinstall', '-in', $stconf,
+            '-module', $infile, '-self_test_onload', '-verify'])),
+       "fipsinstall config verify passes when self test indicator is not present");

From no-reply at appveyor.com  Tue May 25 06:36:04 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 25 May 2021 06:36:04 +0000
Subject: Build failed: openssl master.42144
Message-ID: <20210525063604.1.16F2FFD1B10B7DA5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210525/7d2a19af/attachment.html>

From pauli at openssl.org  Tue May 25 07:25:01 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 25 May 2021 07:25:01 +0000
Subject: [openssl]  master update
Message-ID: <1621927501.317872.8229.nullmailer@dev.openssl.org>

The branch master has been updated
       via  eb1b66f00ca4e1fb6f9e815e8686768b6d81722d (commit)
       via  36b6db08fe3dbb58ba2a45a6170f21b5149dfe26 (commit)
       via  edc9ce8ef42308c316452875a17578744ed94556 (commit)
      from  2abffec0f02ef400ca434890f5baf08fc24dd7ca (commit)


- Log -----------------------------------------------------------------
commit eb1b66f00ca4e1fb6f9e815e8686768b6d81722d
Author: Pauli <pauli at openssl.org>
Date:   Mon May 24 14:22:17 2021 +1000

    mac: add a getter for the MAC block size.
    
    Fixes #12342
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15427)

commit 36b6db08fe3dbb58ba2a45a6170f21b5149dfe26
Author: Pauli <pauli at openssl.org>
Date:   Mon May 24 14:16:44 2021 +1000

    test: add evp_tests for the MAC size and block size
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15427)

commit edc9ce8ef42308c316452875a17578744ed94556
Author: Pauli <pauli at openssl.org>
Date:   Mon May 24 14:15:41 2021 +1000

    doc: document the MAC block size getter
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15427)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/mac_lib.c                             | 14 ++++++--
 doc/man3/EVP_MAC.pod                             | 13 +++++--
 doc/man7/EVP_MAC-BLAKE2.pod                      |  7 ++++
 doc/man7/EVP_MAC-CMAC.pod                        | 13 +++++--
 doc/man7/EVP_MAC-HMAC.pod                        | 13 +++++--
 doc/man7/EVP_MAC-KMAC.pod                        |  8 +++++
 doc/man7/provider-mac.pod                        |  8 +++++
 include/openssl/core_names.h                     |  1 +
 include/openssl/evp.h                            |  1 +
 providers/implementations/macs/blake2_mac_impl.c | 10 ++++--
 providers/implementations/macs/blake2b_mac.c     |  1 +
 providers/implementations/macs/blake2s_mac.c     |  1 +
 providers/implementations/macs/cmac_prov.c       | 10 ++++--
 providers/implementations/macs/hmac_prov.c       | 24 ++++++++++---
 providers/implementations/macs/kmac_prov.c       | 21 ++++++-----
 test/evp_test.c                                  | 44 ++++++++++++++++++++++--
 test/recipes/30-test_evp_data/evpmac_blake.txt   |  8 +++++
 test/recipes/30-test_evp_data/evpmac_common.txt  | 28 +++++++++++++++
 util/libcrypto.num                               |  1 +
 19 files changed, 197 insertions(+), 29 deletions(-)

diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index eef37e882c..9356595efd 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -82,14 +82,14 @@ EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx)
     return ctx->meth;
 }
 
-size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx)
+static size_t get_size_t_ctx_param(EVP_MAC_CTX *ctx, const char *name)
 {
     size_t sz = 0;
 
     if (ctx->algctx != NULL) {
         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-        params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &sz);
+        params[0] = OSSL_PARAM_construct_size_t(name, &sz);
         if (ctx->meth->get_ctx_params != NULL) {
             if (ctx->meth->get_ctx_params(ctx->algctx, params))
                 return sz;
@@ -105,6 +105,16 @@ size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx)
     return 0;
 }
 
+size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx)
+{
+    return get_size_t_ctx_param(ctx, OSSL_MAC_PARAM_SIZE);
+}
+
+size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx)
+{
+    return get_size_t_ctx_param(ctx, OSSL_MAC_PARAM_BLOCK_SIZE);
+}
+
 int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
                  const OSSL_PARAM params[])
 {
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index d053375dcf..0fc34009ec 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -7,7 +7,7 @@ EVP_MAC_number, EVP_MAC_name, EVP_MAC_names_do_all, EVP_MAC_description,
 EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params,
 EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
 EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
-EVP_MAC_CTX_get_mac_size, EVP_Q_mac,
+EVP_MAC_CTX_get_mac_size, EVP_MAC_CTX_get_block_size, EVP_Q_mac,
 EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF,
 EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
 EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params,
@@ -42,6 +42,7 @@ EVP_MAC_do_all_provided - EVP MAC routines
  int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
 
  size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx);
+ size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx);
  unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
                           const char *subalg, const OSSL_PARAM *params,
                           const void *key, size_t keylen,
@@ -212,6 +213,9 @@ for the use of B<OSSL_PARAM> as a parameter descriptor.
 
 EVP_MAC_CTX_get_mac_size() returns the MAC output size for the given context.
 
+EVP_MAC_CTX_get_block_size() returns the MAC block size for the given context.
+Not all MAC algorithms support this.
+
 EVP_MAC_is_a() checks if the given I<mac> is an implementation of an
 algorithm that's identifiable with I<name>.
 
@@ -378,8 +382,11 @@ EVP_Q_mac() returns a pointer to the computed MAC value, or NULL on error.
 EVP_MAC_init(), EVP_MAC_update(), EVP_MAC_final(), and EVP_MAC_finalXOF()
 return 1 on success, 0 on error.
 
-EVP_MAC_CTX_get_mac_size() returns the expected output size, or 0 if it isn't set.
-If it isn't set, a call to EVP_MAC_init() should get it set.
+EVP_MAC_CTX_get_mac_size() returns the expected output size, or 0 if it isn't
+set.  If it isn't set, a call to EVP_MAC_init() will set it.
+
+EVP_MAC_CTX_get_block_size() returns the block size, or 0 if it isn't set.
+If it isn't set, a call to EVP_MAC_init() will set it.
 
 EVP_MAC_do_all_provided() returns nothing at all.
 
diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod
index 809a29a0fe..5557e15353 100644
--- a/doc/man7/EVP_MAC-BLAKE2.pod
+++ b/doc/man7/EVP_MAC-BLAKE2.pod
@@ -31,6 +31,8 @@ All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
 EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_mac_size().
 The length of the "size" parameter should not exceed that of a B<size_t>.
+Likewise, the "block-size" parameter can be retrieved with
+EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_block_size().
 
 =over 4
 
@@ -60,6 +62,11 @@ It can be any number between 1 and 32 for EVP_MAC_BLAKE2S or between 1
 and 64 for EVP_MAC_BLAKE2B.
 It is 32 and 64 respectively by default.
 
+=item "block-size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
+
+Gets the MAC block size.
+By default, it is 64 for EVP_MAC_BLAKE2S and 128 for EVP_MAC_BLAKE2B.
+
 =back
 
 =head1 SEE ALSO
diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod
index 4beac89d9c..cf80586f02 100644
--- a/doc/man7/EVP_MAC-CMAC.pod
+++ b/doc/man7/EVP_MAC-CMAC.pod
@@ -55,11 +55,20 @@ EVP_MAC_CTX_get_params():
 
 =item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
 
-=back
-
 The "size" parameter can also be retrieved with with EVP_MAC_CTX_get_mac_size().
 The length of the "size" parameter is equal to that of an B<unsigned int>.
 
+=back
+
+=over 4
+
+=item "block-size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
+
+Gets the MAC block size.  The "block-size" parameter can also be retrieved with
+EVP_MAC_CTX_get_block_size().
+
+=back
+
 =head1 SEE ALSO
 
 L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod
index 790f01f094..ea2eda9ec8 100644
--- a/doc/man7/EVP_MAC-HMAC.pod
+++ b/doc/man7/EVP_MAC-HMAC.pod
@@ -69,11 +69,20 @@ The following parameter can be retrieved with EVP_MAC_CTX_get_params():
 
 =item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
 
-=back
-
 The "size" parameter can also be retrieved with EVP_MAC_CTX_get_mac_size().
 The length of the "size" parameter is equal to that of an B<unsigned int>.
 
+=back
+
+=over 4
+
+=item "block-size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
+
+Gets the MAC block size.  The "block-size" parameter can also be retrieved with
+EVP_MAC_CTX_get_block_size().
+
+=back
+
 =head1 SEE ALSO
 
 L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod
index 85986d5449..0197a4b3c1 100644
--- a/doc/man7/EVP_MAC-KMAC.pod
+++ b/doc/man7/EVP_MAC-KMAC.pod
@@ -31,6 +31,9 @@ All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
 EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_mac_size().
 The length of the "size" parameter should not exceed that of a B<size_t>.
+Likewise, the "block-size" parameter can be retrieved with
+EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_block_size().
+
 
 =over 4
 
@@ -49,6 +52,11 @@ It is an optional value of at most 256 bytes, and is empty by default.
 Sets the MAC size.
 By default, it is 16 for C<KMAC-128> and 32 for C<KMAC-256>.
 
+=item "block-size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
+
+Gets the MAC block size.
+By default, it is 168 for C<KMAC-128> and 136 for C<KMAC-256>.
+
 =item "xof" (B<OSSL_MAC_PARAM_XOF>) <integer>
 
 The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF mode.
diff --git a/doc/man7/provider-mac.pod b/doc/man7/provider-mac.pod
index 3d49e4f412..7ebe72f07d 100644
--- a/doc/man7/provider-mac.pod
+++ b/doc/man7/provider-mac.pod
@@ -183,6 +183,14 @@ should have as well, see the documentation of the implementation.
 
 =back
 
+=over 4
+
+=item "size" (B<OSSL_MAC_PARAM_BLOCK_SIZE>) <integer>
+
+Can be used to get the MAC block size (if supported by the algorithm).
+
+=back
+
 =back
 
 =head1 NOTES
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 36d9489e90..003c5c6bb0 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -169,6 +169,7 @@ extern "C" {
 #define OSSL_MAC_PARAM_DIGEST           OSSL_ALG_PARAM_DIGEST     /* utf8 string */
 #define OSSL_MAC_PARAM_PROPERTIES       OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
 #define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
+#define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
 #define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
 
 /* Known MAC names */
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index a793db6e0e..ee918104a8 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1179,6 +1179,7 @@ int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
 int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
 
 size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx);
+size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx);
 unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq,
                          const char *subalg, const OSSL_PARAM *params,
                          const void *key, size_t keylen,
diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c
index e1ffa04bfd..3c6b0c2c0c 100644
--- a/providers/implementations/macs/blake2_mac_impl.c
+++ b/providers/implementations/macs/blake2_mac_impl.c
@@ -146,6 +146,7 @@ static int blake2_mac_final(void *vmacctx,
 
 static const OSSL_PARAM known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
+    OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
     OSSL_PARAM_END
 };
 static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx,
@@ -158,8 +159,13 @@ static int blake2_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
 {
     OSSL_PARAM *p;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL)
-        return OSSL_PARAM_set_size_t(p, blake2_mac_size(vmacctx));
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
+            && !OSSL_PARAM_set_size_t(p, blake2_mac_size(vmacctx)))
+        return 0;
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL
+            && !OSSL_PARAM_set_size_t(p, BLAKE2_BLOCKBYTES))
+        return 0;
 
     return 1;
 }
diff --git a/providers/implementations/macs/blake2b_mac.c b/providers/implementations/macs/blake2b_mac.c
index 0bc5b1c275..b445cbd578 100644
--- a/providers/implementations/macs/blake2b_mac.c
+++ b/providers/implementations/macs/blake2b_mac.c
@@ -14,6 +14,7 @@
 #define BLAKE2_OUTBYTES BLAKE2B_OUTBYTES
 #define BLAKE2_PERSONALBYTES BLAKE2B_PERSONALBYTES
 #define BLAKE2_SALTBYTES BLAKE2B_SALTBYTES
+#define BLAKE2_BLOCKBYTES BLAKE2B_BLOCKBYTES
 
 /* Function names */
 #define BLAKE2_PARAM_INIT ossl_blake2b_param_init
diff --git a/providers/implementations/macs/blake2s_mac.c b/providers/implementations/macs/blake2s_mac.c
index cb500e29ab..6b3fa28bd3 100644
--- a/providers/implementations/macs/blake2s_mac.c
+++ b/providers/implementations/macs/blake2s_mac.c
@@ -14,6 +14,7 @@
 #define BLAKE2_OUTBYTES BLAKE2S_OUTBYTES
 #define BLAKE2_PERSONALBYTES BLAKE2S_PERSONALBYTES
 #define BLAKE2_SALTBYTES BLAKE2S_SALTBYTES
+#define BLAKE2_BLOCKBYTES BLAKE2S_BLOCKBYTES
 
 /* Function names */
 #define BLAKE2_PARAM_INIT ossl_blake2s_param_init
diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c
index 0795c245a7..85625c8681 100644
--- a/providers/implementations/macs/cmac_prov.c
+++ b/providers/implementations/macs/cmac_prov.c
@@ -145,6 +145,7 @@ static int cmac_final(void *vmacctx, unsigned char *out, size_t *outl,
 
 static const OSSL_PARAM known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
+    OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
     OSSL_PARAM_END
 };
 static const OSSL_PARAM *cmac_gettable_ctx_params(ossl_unused void *ctx,
@@ -157,8 +158,13 @@ static int cmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
 {
     OSSL_PARAM *p;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL)
-        return OSSL_PARAM_set_size_t(p, cmac_size(vmacctx));
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
+            && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx)))
+        return 0;
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL
+            && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx)))
+        return 0;
 
     return 1;
 }
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index f291e574ca..3a0679ce8f 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -134,13 +134,20 @@ static void *hmac_dup(void *vsrc)
     return dst;
 }
 
-static size_t hmac_size(void *vmacctx)
+static size_t hmac_size(struct hmac_data_st *macctx)
 {
-    struct hmac_data_st *macctx = vmacctx;
-
     return HMAC_size(macctx->ctx);
 }
 
+static int hmac_block_size(struct hmac_data_st *macctx)
+{
+    const EVP_MD *md = ossl_prov_digest_md(&macctx->digest);
+
+    if (md == NULL)
+        return 0;
+    return EVP_MD_block_size(md);
+}
+
 static int hmac_setkey(struct hmac_data_st *macctx,
                        const unsigned char *key, size_t keylen)
 {
@@ -234,6 +241,7 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
 
 static const OSSL_PARAM known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
+    OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
     OSSL_PARAM_END
 };
 static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
@@ -244,10 +252,16 @@ static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
 
 static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
 {
+    struct hmac_data_st *macctx = vmacctx;
     OSSL_PARAM *p;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL)
-        return OSSL_PARAM_set_size_t(p, hmac_size(vmacctx));
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
+            && !OSSL_PARAM_set_size_t(p, hmac_size(macctx)))
+        return 0;
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL
+            && !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
+        return 0;
 
     return 1;
 }
diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index c95cf57ffb..4ee57ca1c2 100644
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -239,13 +239,6 @@ static void *kmac_dup(void *vsrc)
     return dst;
 }
 
-static size_t kmac_size(void *vmacctx)
-{
-    struct kmac_data_st *kctx = vmacctx;
-
-    return kctx->out_len;
-}
-
 static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
                        size_t keylen)
 {
@@ -361,6 +354,7 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl,
 
 static const OSSL_PARAM known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
+    OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
     OSSL_PARAM_END
 };
 static const OSSL_PARAM *kmac_gettable_ctx_params(ossl_unused void *ctx,
@@ -371,10 +365,19 @@ static const OSSL_PARAM *kmac_gettable_ctx_params(ossl_unused void *ctx,
 
 static int kmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
 {
+    struct kmac_data_st *kctx = vmacctx;
     OSSL_PARAM *p;
+    int sz;
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
+            && !OSSL_PARAM_set_size_t(p, kctx->out_len))
+        return 0;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL)
-        return OSSL_PARAM_set_size_t(p, kmac_size(vmacctx));
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL) {
+        sz = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest));
+        if (!OSSL_PARAM_set_int(p, sz))
+            return 0;
+    }
 
     return 1;
 }
diff --git a/test/evp_test.c b/test/evp_test.c
index abb0485459..bf4777eb56 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1033,6 +1033,10 @@ typedef struct mac_data_st {
     int xof;
     /* Collection of controls */
     STACK_OF(OPENSSL_STRING) *controls;
+    /* Output size */
+    int output_size;
+    /* Block size */
+    int block_size;
 } MAC_DATA;
 
 static int mac_test_init(EVP_TEST *t, const char *alg)
@@ -1076,6 +1080,7 @@ static int mac_test_init(EVP_TEST *t, const char *alg)
     mdat->mac_name = OPENSSL_strdup(alg);
     mdat->mac = mac;
     mdat->controls = sk_OPENSSL_STRING_new_null();
+    mdat->output_size = mdat->block_size = -1;
     t->data = mdat;
     return 1;
 }
@@ -1130,6 +1135,18 @@ static int mac_test_parse(EVP_TEST *t,
     if (strcmp(keyword, "Ctrl") == 0)
         return sk_OPENSSL_STRING_push(mdata->controls,
                                       OPENSSL_strdup(value)) != 0;
+    if (strcmp(keyword, "OutputSize") == 0) {
+        mdata->output_size = atoi(value);
+        if (mdata->output_size < 0)
+            return -1;
+        return 1;
+    }
+    if (strcmp(keyword, "BlockSize") == 0) {
+        mdata->block_size = atoi(value);
+        if (mdata->block_size < 0)
+            return -1;
+        return 1;
+    }
     return 0;
 }
 
@@ -1271,8 +1288,8 @@ static int mac_test_run_mac(EVP_TEST *t)
     EVP_MAC_CTX *ctx = NULL;
     unsigned char *got = NULL;
     size_t got_len;
-    int i;
-    OSSL_PARAM params[21];
+    int i, block_size = -1, output_size = -1;
+    OSSL_PARAM params[21], sizes[3], *psizes = sizes;
     size_t params_n = 0;
     size_t params_n_allocstart = 0;
     const OSSL_PARAM *defined_params =
@@ -1364,6 +1381,29 @@ static int mac_test_run_mac(EVP_TEST *t)
         t->err = "MAC_INIT_ERROR";
         goto err;
     }
+    if (expected->output_size >= 0)
+        *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
+                                             &output_size);
+    if (expected->block_size >= 0)
+        *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_BLOCK_SIZE,
+                                             &block_size);
+    if (psizes != sizes) {
+        *psizes = OSSL_PARAM_construct_end();
+        if (!TEST_true(EVP_MAC_CTX_get_params(ctx, sizes))) {
+            t->err = "INTERNAL_ERROR";
+            goto err;
+        }
+        if (expected->output_size >= 0
+                && !TEST_int_eq(output_size, expected->output_size)) {
+            t->err = "TEST_FAILURE";
+            goto err;
+        }
+        if (expected->block_size >= 0
+                && !TEST_int_eq(block_size, expected->block_size)) {
+            t->err = "TEST_FAILURE";
+            goto err;
+        }
+    }
     if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
         t->err = "MAC_UPDATE_ERROR";
         goto err;
diff --git a/test/recipes/30-test_evp_data/evpmac_blake.txt b/test/recipes/30-test_evp_data/evpmac_blake.txt
index cd9a75e82e..13cb22fff3 100644
--- a/test/recipes/30-test_evp_data/evpmac_blake.txt
+++ b/test/recipes/30-test_evp_data/evpmac_blake.txt
@@ -17,16 +17,20 @@ MAC = BLAKE2BMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
 Input =
 Output = 10ebb67700b1868efb4417987acf4690ae9d972fb7a590c2f02871799aaa4786b5e996e8f0f4eb981fc214b005f42d2ff4233499391653df7aefcbc13fc51568
+OutputSize = 64
+BlockSize = 128
 
 MAC = BLAKE2BMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
 Input = 00
 Output = 961f6dd1e4dd30f63901690c512e78e4b45e4742ed197c3c5e45c549fd25f2e4187b0bc9fe30492b16b0d0bc4ef9b0f34c7003fac09a5ef1532e69430234cebd
+BlockSize = 128
 
 MAC = BLAKE2BMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
 Input = 0001
 Output = da2cfbe2d8409a0f38026113884f84b50156371ae304c4430173d08a99d9fb1b983164a3770706d537f49e0c916d9f32b95cc37a95b99d857436f0232c88a965
+OutputSize = 64
 
 MAC = BLAKE2BMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
@@ -77,16 +81,20 @@ MAC = BLAKE2SMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
 Input =
 Output = 48a8997da407876b3d79c0d92325ad3b89cbb754d86ab71aee047ad345fd2c49
+OutputSize = 32
+BlockSize = 64
 
 MAC = BLAKE2SMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
 Input = 00
 Output = 40d15fee7c328830166ac3f918650f807e7e01e177258cdc0a39b11f598066f1
+BlockSize = 64
 
 MAC = BLAKE2SMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
 Input = 0001
 Output = 6bb71300644cd3991b26ccd4d274acd1adeab8b1d7914546c1198bbe9fc9d803
+OutputSize = 32
 
 MAC = BLAKE2SMAC
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
index 0229659807..e2fbfac414 100644
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -20,6 +20,8 @@ Algorithm = MD5
 Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Input = "Hi There"
 Output = 9294727a3638bb1c13f48ef8158bfc9d
+OutputSize = 16
+BlockSize = 64
 
 Availablein = default
 MAC = HMAC
@@ -27,6 +29,7 @@ Algorithm = MD5
 Key = "Jefe"
 Input = "what do ya want for nothing?"
 Output = 750c783e6ab0b503eaa86e310a5db738
+OutputSize = 16
 
 Availablein = default
 MAC = HMAC
@@ -34,6 +37,7 @@ Algorithm = MD5
 Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
 Output = 56be34521d144c88dbb8c733f0e8b3f6
+BlockSize = 64
 
 Title = SHA1
 
@@ -44,18 +48,22 @@ Algorithm = SHA1
 Input = "Sample message for keylen=blocklen"
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
 Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29
+OutputSize = 20
+BlockSize = 64
 
 MAC = HMAC
 Algorithm = SHA1
 Input = "Sample message for keylen<blocklen"
 Key = 000102030405060708090A0B0C0D0E0F10111213
 Output = 4C99FF0CB1B31BD33F8431DBAF4D17FCD356A807
+OutputSize = 20
 
 MAC = HMAC
 Algorithm = SHA1
 Input = "Sample message for keylen=blocklen"
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
 Output = 2D51B2F7750E410584662E38F133435F4C4FD42A
+BlockSize = 64
 
 Title = SHA2
 
@@ -64,6 +72,8 @@ Algorithm = SHA224
 Input = "Sample message for keylen=blocklen"
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
 Output = C7405E3AE058E8CD30B08B4140248581ED174CB34E1224BCC1EFC81B
+OutputSize = 28
+BlockSize = 64
 
 MAC = HMAC
 Algorithm = SHA224
@@ -82,6 +92,8 @@ Algorithm = SHA256
 Input = "Sample message for keylen=blocklen"
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
 Output = 8BB9A1DB9806F20DF7F77B82138C7914D174D59E13DC4D0169C9057B133E1D62
+OutputSize = 32
+BlockSize = 64
 
 MAC = HMAC
 Algorithm = SHA256
@@ -100,6 +112,8 @@ Algorithm = SHA384
 Input = "Sample message for keylen=blocklen"
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
 Output = 63C5DAA5E651847CA897C95814AB830BEDEDC7D25E83EEF9195CD45857A37F448947858F5AF50CC2B1B730DDF29671A9
+OutputSize = 48
+BlockSize = 128
 
 MAC = HMAC
 Algorithm = SHA384
@@ -118,6 +132,8 @@ Algorithm = SHA512
 Input = "Sample message for keylen=blocklen"
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
 Output = FC25E240658CA785B7A811A8D3F7B4CA48CFA26A8A366BF2CD1F836B05FCB024BD36853081811D6CEA4216EBAD79DA1CFCB95EA4586B8A0CE356596A55FB1347
+OutputSize = 64
+BlockSize = 128
 
 MAC = HMAC
 Algorithm = SHA512
@@ -140,6 +156,8 @@ Algorithm = SHA3-224
 Input = "Sample message for keylen<blocklen"
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b
 Output = 332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04
+OutputSize = 28
+BlockSize = 144
 
 MAC = HMAC
 Algorithm = SHA3-224
@@ -158,6 +176,8 @@ Algorithm = SHA3-256
 Input = "Sample message for keylen<blocklen"
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
 Output = 4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205
+OutputSize = 32
+BlockSize = 136
 
 MAC = HMAC
 Algorithm = SHA3-256
@@ -176,6 +196,8 @@ Algorithm = SHA3-384
 Input = "Sample message for keylen<blocklen"
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
 Output = d588a3c51f3f2d906e8298c1199aa8ff6296218127f6b38a90b6afe2c5617725bc99987f79b22a557b6520db710b7f42
+OutputSize = 48
+BlockSize = 104
 
 MAC = HMAC
 Algorithm = SHA3-384
@@ -194,6 +216,8 @@ Algorithm = SHA3-512
 Input = "Sample message for keylen<blocklen"
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
 Output = 4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196
+OutputSize = 64
+BlockSize = 72
 
 MAC = HMAC
 Algorithm = SHA3-512
@@ -311,6 +335,8 @@ Input = 00010203
 Custom = ""
 Output = E5780B0D3EA6F7D3A429C5706AA43A00FADBD7D49628839E3187243F456EE14E
 Ctrl = xof:0
+OutputSize = 32
+BlockSize = 168
 
 MAC = KMAC128
 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
@@ -330,6 +356,8 @@ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
 Input = 00010203
 Custom = "My Tagged Application"
 Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC3DE9D104A351689F27CF6F5951F0103F33F4F24871024D9C27773A8DD
+OutputSize = 64
+BlockSize = 136
 
 MAC = KMAC256
 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 0ac771216c..b20c18d782 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5414,3 +5414,4 @@ OSSL_LIB_CTX_new_from_dispatch          5541	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_child                  5542	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get0_dispatch             5543	3_0_0	EXIST::FUNCTION:
 PKCS5_PBE_keyivgen_ex                   5544	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_get_block_size              5545	3_0_0	EXIST::FUNCTION:

From levitte at openssl.org  Tue May 25 09:22:01 2021
From: levitte at openssl.org (Richard Levitte)
Date: Tue, 25 May 2021 09:22:01 +0000
Subject: [openssl]  master update
Message-ID: <1621934521.599071.29482.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f0fa37a4a7f43c68770ccb0b3ce286cfe6e3254a (commit)
      from  eb1b66f00ca4e1fb6f9e815e8686768b6d81722d (commit)


- Log -----------------------------------------------------------------
commit f0fa37a4a7f43c68770ccb0b3ce286cfe6e3254a
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 21 08:26:46 2021 +0200

    Fix 'openssl req' to be able to use provided keytypes
    
    'openssl req' was still using old APIs that could only deal with
    EVP_PKEY_ASN1_METHOD based EVP_PKEYs.  Now modified to use more
    generic functions that can handle all forms of EVP_PKEY, this app
    should be ready for the future.
    
    Fixes #15388
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15400)

-----------------------------------------------------------------------

Summary of changes:
 apps/req.c | 163 ++++++++++++++++++++++++++++++-------------------------------
 1 file changed, 80 insertions(+), 83 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index d41b992e6d..11222cb397 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -14,6 +14,7 @@
 #include <ctype.h>
 #include "apps.h"
 #include "progs.h"
+#include <openssl/core_names.h>
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/conf.h>
@@ -70,8 +71,8 @@ static int check_end(const char *str, const char *end);
 static int join(char buf[], size_t buf_size, const char *name,
                 const char *tail, const char *desc);
 static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
-                                    int *pkey_type, long *pkeylen,
-                                    char **palgnam, ENGINE *keygen_engine);
+                                    char **pkeytype, long *pkeylen,
+                                    ENGINE *keygen_engine);
 
 static const char *section = "req";
 static CONF *req_conf = NULL;
@@ -255,7 +256,6 @@ int req_main(int argc, char **argv)
     OPTION_CHOICE o;
     int days = UNSET_DAYS;
     int ret = 1, gen_x509 = 0, i = 0, newreq = 0, verbose = 0;
-    int pkey_type = -1;
     int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyform = FORMAT_UNDEF;
     int modulus = 0, multirdn = 1, verify = 0, noout = 0, text = 0;
     int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
@@ -631,30 +631,30 @@ int req_main(int argc, char **argv)
             newkey_len = DEFAULT_KEY_LENGTH;
         }
 
-        if (keyalg != NULL) {
-            genctx = set_keygen_ctx(keyalg, &pkey_type, &newkey_len,
-                                    &keyalgstr, gen_eng);
-            if (genctx == NULL)
-                goto end;
-        }
+        genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len, gen_eng);
+        if (genctx == NULL)
+            goto end;
 
         if (newkey_len < MIN_KEY_LENGTH
-            && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
+            && (EVP_PKEY_CTX_is_a(genctx, "RSA")
+                || EVP_PKEY_CTX_is_a(genctx, "RSA-PSS")
+                || EVP_PKEY_CTX_is_a(genctx, "DSA"))) {
             BIO_printf(bio_err, "Private key length is too short,\n");
             BIO_printf(bio_err, "it needs to be at least %d bits, not %ld.\n",
                        MIN_KEY_LENGTH, newkey_len);
             goto end;
         }
 
-        if (pkey_type == EVP_PKEY_RSA
-                && newkey_len > OPENSSL_RSA_MAX_MODULUS_BITS)
+        if (newkey_len > OPENSSL_RSA_MAX_MODULUS_BITS
+            && (EVP_PKEY_CTX_is_a(genctx, "RSA")
+                || EVP_PKEY_CTX_is_a(genctx, "RSA-PSS")))
             BIO_printf(bio_err,
                        "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
                        "         Your key size is %ld! Larger key size may behave not as expected.\n",
                        OPENSSL_RSA_MAX_MODULUS_BITS, newkey_len);
 
 #ifndef OPENSSL_NO_DSA
-        if (pkey_type == EVP_PKEY_DSA
+        if (EVP_PKEY_CTX_is_a(genctx, "DSA")
                 && newkey_len > OPENSSL_DSA_MAX_MODULUS_BITS)
             BIO_printf(bio_err,
                        "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
@@ -662,13 +662,6 @@ int req_main(int argc, char **argv)
                        OPENSSL_DSA_MAX_MODULUS_BITS, newkey_len);
 #endif
 
-        if (genctx == NULL) {
-            genctx = set_keygen_ctx(NULL, &pkey_type, &newkey_len,
-                                    &keyalgstr, gen_eng);
-            if (genctx == NULL)
-                goto end;
-        }
-
         if (pkeyopts != NULL) {
             char *genopt;
             for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) {
@@ -680,11 +673,7 @@ int req_main(int argc, char **argv)
             }
         }
 
-        if (pkey_type == EVP_PKEY_EC) {
-            BIO_printf(bio_err, "Generating an EC private key\n");
-        } else {
-            BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
-        }
+        BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
 
         EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
         EVP_PKEY_CTX_set_app_data(genctx, bio_err);
@@ -1507,60 +1496,59 @@ static int join(char buf[], size_t buf_size, const char *name,
 }
 
 static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
-                                    int *pkey_type, long *pkeylen,
-                                    char **palgnam, ENGINE *keygen_engine)
+                                    char **pkeytype, long *pkeylen,
+                                    ENGINE *keygen_engine)
 {
     EVP_PKEY_CTX *gctx = NULL;
     EVP_PKEY *param = NULL;
     long keylen = -1;
     BIO *pbio = NULL;
+    const char *keytype = NULL;
+    size_t keytypelen = 0;
+    int expect_paramfile = 0;
     const char *paramfile = NULL;
 
+    /* Treat the first part of gstr, and only that */
     if (gstr == NULL) {
-        *pkey_type = EVP_PKEY_RSA;
+        /*
+         * Special case: when no string given, default to RSA and the
+         * key length given by |*pkeylen|.
+         */
+        keytype = "RSA";
         keylen = *pkeylen;
     } else if (gstr[0] >= '0' && gstr[0] <= '9') {
-        *pkey_type = EVP_PKEY_RSA;
-        keylen = atol(gstr);
-        *pkeylen = keylen;
-    } else if (strncmp(gstr, "param:", 6) == 0) {
-        paramfile = gstr + 6;
+        /* Special case: only keylength given from string, so default to RSA */
+        keytype = "RSA";
+        /* The second part treatment will do the rest */
     } else {
         const char *p = strchr(gstr, ':');
         int len;
-        ENGINE *tmpeng;
-        const EVP_PKEY_ASN1_METHOD *ameth;
 
         if (p != NULL)
             len = p - gstr;
         else
             len = strlen(gstr);
-        /*
-         * The lookup of a the string will cover all engines so keep a note
-         * of the implementation.
-         */
-
-        ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
 
-        if (ameth == NULL) {
-            BIO_printf(bio_err, "Unknown algorithm %.*s\n", len, gstr);
-            return NULL;
+        if (strncmp(gstr, "param", len) == 0) {
+            expect_paramfile = 1;
+        } else {
+            keytype = gstr;
+            keytypelen = len;
         }
 
-        EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, ameth);
-#ifndef OPENSSL_NO_ENGINE
-        finish_engine(tmpeng);
-#endif
-        if (*pkey_type == EVP_PKEY_RSA) {
-            if (p != NULL) {
-                keylen = atol(p + 1);
-                *pkeylen = keylen;
-            } else {
-                keylen = *pkeylen;
-            }
-        } else if (p != NULL) {
-            paramfile = p + 1;
-        }
+        if (p != NULL)
+            gstr = gstr + len + 1;
+        else
+            gstr = NULL;
+    }
+
+    /* Treat the second part of gstr, if there is one */
+    if (gstr != NULL) {
+        /* If the second part starts with a digit, we assume it's a size */
+        if (!expect_paramfile && gstr[0] >= '0' && gstr[0] <= '9')
+            keylen = atol(gstr);
+        else
+            paramfile = gstr;
     }
 
     if (paramfile != NULL) {
@@ -1588,38 +1576,42 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
             BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile);
             return NULL;
         }
-        if (*pkey_type == -1) {
-            *pkey_type = EVP_PKEY_id(param);
-        } else if (*pkey_type != EVP_PKEY_base_id(param)) {
-            BIO_printf(bio_err, "Key type does not match parameters\n");
-            EVP_PKEY_free(param);
-            return NULL;
+        if (keytype == NULL) {
+            keytype = EVP_PKEY_get0_type_name(param);
         }
     }
 
-    if (palgnam != NULL) {
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE *tmpeng;
-        const char *anam;
+    if (keytypelen > 0)
+        *pkeytype = OPENSSL_strndup(keytype, keytypelen);
+    else
+        *pkeytype = OPENSSL_strdup(keytype);
+    *pkeylen = keylen;
 
-        ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
-        if (ameth == NULL) {
-            BIO_puts(bio_err, "Internal error: can't find key algorithm\n");
+    if (param != NULL) {
+        if (!EVP_PKEY_is_a(param, *pkeytype)) {
+            BIO_printf(bio_err, "Key type does not match parameters\n");
+            EVP_PKEY_free(param);
             return NULL;
         }
-        EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
-        *palgnam = OPENSSL_strdup(anam);
-#ifndef OPENSSL_NO_ENGINE
-        finish_engine(tmpeng);
-#endif
-    }
 
-    if (param != NULL) {
-        gctx = EVP_PKEY_CTX_new(param, keygen_engine);
+        if (keygen_engine != NULL)
+            gctx = EVP_PKEY_CTX_new(param, keygen_engine);
+        else
+            gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
+                                              param, app_get0_propq());
         *pkeylen = EVP_PKEY_bits(param);
         EVP_PKEY_free(param);
     } else {
-        gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
+        if (keygen_engine != NULL) {
+            int pkey_id = get_legacy_pkey_id(app_get0_libctx(), keytype,
+                                             keygen_engine);
+
+            if (pkey_id != NID_undef)
+                gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine);
+        } else {
+            gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
+                                              keytype, app_get0_propq());
+        }
     }
 
     if (gctx == NULL) {
@@ -1632,9 +1624,14 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         EVP_PKEY_CTX_free(gctx);
         return NULL;
     }
-    if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
-        if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
-            BIO_puts(bio_err, "Error setting RSA keysize\n");
+    if (keylen != -1) {
+        OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+        size_t bits = keylen;
+
+        params[0] =
+            OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_BITS, &bits);
+        if (EVP_PKEY_CTX_set_params(gctx, params) <= 0) {
+            BIO_puts(bio_err, "Error setting keysize\n");
             EVP_PKEY_CTX_free(gctx);
             return NULL;
         }

From pauli at openssl.org  Tue May 25 09:37:04 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Tue, 25 May 2021 09:37:04 +0000
Subject: [openssl]  master update
Message-ID: <1621935424.349502.2273.nullmailer@dev.openssl.org>

The branch master has been updated
       via  4f7fc52979ab3a5ff28defd0972b70bbae72a1f7 (commit)
       via  969fdad7507c58438947c17750cc019339a03d25 (commit)
      from  f0fa37a4a7f43c68770ccb0b3ce286cfe6e3254a (commit)


- Log -----------------------------------------------------------------
commit 4f7fc52979ab3a5ff28defd0972b70bbae72a1f7
Author: Pauli <pauli at openssl.org>
Date:   Sat May 22 15:58:16 2021 +1000

    regenerate FIPS checksums
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15365)

commit 969fdad7507c58438947c17750cc019339a03d25
Author: Pauli <pauli at openssl.org>
Date:   Thu May 20 13:48:15 2021 +1000

    checksum: include header files in the checksumming output
    
    Fixes #15133
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15365)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl |  36 ++++--
 providers/fips-sources.checksums  | 228 +++++++++++++++++++++++++++++++++++++-
 providers/fips.checksum           |   2 +-
 providers/fips.module.sources     | 219 +++++++++++++++++++++++++++++++++++-
 util/fips-checksums.sh            |   2 +-
 5 files changed, 475 insertions(+), 12 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 6fdd761bce..c428b5f85a 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1234,24 +1234,46 @@ providers/fips.module.sources.new: \
 	( \
 	  srcdir=`cd $(SRCDIR); pwd`; \
 	  cd sources-tmp \
-	  && $$srcdir/Configure --banner=Configured enable-fips \
+	  && $$srcdir/Configure --banner=Configured enable-fips -O0 \
 	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \
-	  && $$srcdir/Configure --banner=Configured enable-fips no-asm \
+	  && $(MAKE) -sj 4 \
+	  && find .. -name '*.d' | xargs cat > dep1 \
+          && $(MAKE) distclean \
+	  && $$srcdir/Configure --banner=Configured enable-fips no-asm -O0 \
 	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \
+	  && $(MAKE) -sj 4 \
+	  && find .. -name '*.d' | xargs cat > dep2 \
+	  && cat sources1 sources2 \
+	     | grep -v ' : \\$$' | grep -v util/providers.num \
+	     | sed -E -e 's:^ *([.][.]/)*$(SRCDIR)::' -e 's: \\::' \
+	     | sort | uniq > sources \
+	  && cat dep1 dep2 | grep -v providers/common/include/prov/der_ >deps \
 	)
 	( \
-	  srcdir2=`if [ "$(SRCDIR)" = "." ]; then echo ".."; elif echo "$(SRCDIR)" | grep '^/' > /dev/null; then echo "$(SRCDIR)"; else echo "../$(SRCDIR)"; fi`; \
-	  cat sources-tmp/sources1 sources-tmp/sources2 \
-	  | grep -v ' : \\$$' | sed -e 's| \\$$||' -e "s|^  $$srcdir2/||"; \
+	  perl -p -e 's/\\\n//' sources-tmp/deps \
+	     | sed -e 's/^.*: *//' -e 's/  */ /g' \
+	     | fgrep -f sources-tmp/sources | tr ' ' '\n' \
+	     | sed -E -e '/^include/s:$$:.in:' -e 's:^ *([.][.]/)*$(SRCDIR)::' -e 's:^/::' ; \
+	  for x in providers/common/include/prov/*.h; do \
+	    echo providers/common/der/`basename "$$x"`.in; \
+	  done ; \
+	  for x in providers/common/der/*.c; do \
+	    echo "$$x".in; \
+	  done ; \
+	  for x in `cat sources-tmp/sources`; do \
+	    if [ -f "$(SRCDIR)$$x" ]; then echo $$x | sed 's:^/::' ; fi ; \
+	  done ; \
 	  cd $(SRCDIR); \
 	  for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \
 		   crypto/aes/asm/*.pl crypto/aes/asm/*.S \
 		   crypto/ec/asm/*.pl \
 		   crypto/modes/asm/*.pl \
-		   crypto/sha/asm/*.pl; do \
+		   crypto/sha/asm/*.pl \
+		   crypto/x86_64cpuid.pl; do \
 	    echo "$$x"; \
 	  done \
-	) | sort | uniq > providers/fips.module.sources.new
+	) | sed -e 's:/[^/]*/[^/]*/[.][.]/[.][.]/:/:g' -e 's:/[^/]*/[.][.]/:/:g' \
+	  | sort | uniq > providers/fips.module.sources.new
 	rm -rf sources-tmp
 
 # Set to -force to force a rebuild
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index a2cf99cae0..22d9c6ebd0 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -1,6 +1,7 @@
 0e22ea0cf34ef3871e30df0bc302dc29352d38001d1622ddb78a27a374b6aee8  crypto/aes/aes_cbc.c
 6028cd3c2e466625cc0b8b9b6a12278e5935aec3bff1eab006c6f13a1e248260  crypto/aes/aes_core.c
 3fac41ce96acb9189eac2d5571425c3ff33a34c884ae7e275e1fd3068b5fc662  crypto/aes/aes_ecb.c
+d42d44734e2bf91335835f15ea3cf449a5af7395bc7af46c8484b3f3d3785a50  crypto/aes/aes_local.h
 a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd  crypto/aes/aes_misc.c
 6979c133f76f4623e62e6e970deae70fa025e713a72b71aead5a048d49e47f6f  crypto/aes/asm/aes-586.pl
 92be9ff608331a432e95247a8f4fb9e46897d0cb76f2b6db809b61d44287964a  crypto/aes/asm/aes-armv4.pl
@@ -79,12 +80,14 @@ ad162484e30b1961f8326ee1cb2c71b77ea55e8383c609d7d3ee210c01a3fbd8  crypto/bn/bn_g
 a4087c6c57d38fa7db0c6f4e203a4c21af836cfb6cac10b4841ef3bbd724f67d  crypto/bn/bn_intern.c
 dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d  crypto/bn/bn_kron.c
 805da9886392dde1419c0a2e2cf202a10c21dcdca2d9b7a38ac3d47036dc0b36  crypto/bn/bn_lib.c
+51eb42088f8a79eaa351528d3c0fad0676e5ded392dc18f0d5d9c92f07370a11  crypto/bn/bn_local.h
 07247dc2ccc55f3be525baed92fd20031bbaa80fd0bc56155e80ee0da3fc943d  crypto/bn/bn_mod.c
 80fb6afcf66958883d8ea06e63645c2b3eab0b8626a39fd7ea64d1c1768867c8  crypto/bn/bn_mont.c
 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60  crypto/bn/bn_mpi.c
 02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e  crypto/bn/bn_mul.c
 0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1  crypto/bn/bn_nist.c
 2567f88812ba315eca454659a9d2eaeacc8d1753c9c19866ff00d2beed707636  crypto/bn/bn_prime.c
+c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3  crypto/bn/bn_prime.h
 cb27f0d2cc9d2d5f82b40378517e26fe2d9a5092f50fd26cdf648ae954190f2b  crypto/bn/bn_rand.c
 2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa  crypto/bn/bn_recp.c
 4e3d0ebda2d250887634ab491b398a71778431b3db4bc1eb329542f4bd0798cc  crypto/bn/bn_rsa_fips186_4.c
@@ -93,6 +96,7 @@ da5479cd30898cf455f2844478f2bf3993a5bfb612937a437976d7987867ee6f  crypto/bn/bn_s
 8815f85240c3af08ef421f83569c70ba68cdc7ad2ea5e6ab8079b40cdc2e1357  crypto/bn/bn_sqrt.c
 0618c7368688ca73ffac5baecac36192c428c0fda4d1d473ef65ce64a0ffb75b  crypto/bn/bn_word.c
 ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05  crypto/bn/rsaz_exp.c
+583ad3da782e26c09c0b916407252a8768208258e267506bb8f7a0530a82f747  crypto/bn/rsaz_exp.h
 135b85278d00b241eb2fc6714b3418e071618ec9dbbd2a6658a6291d71e7f393  crypto/bn/rsaz_exp_x2.c
 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea  crypto/bsearch.c
 c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
@@ -106,9 +110,12 @@ b352903e60908dc7287051983e2068508715b4d9f3f46575540295010908bfa0  crypto/context
 53529f4e0575dd83b45a53e852fcec512ada53dd6979268e473885f139b8e0b9  crypto/ctype.c
 8e61d79299003917ac409d129d291f0a63e4ed417811a8b21169b2b918355335  crypto/der_writer.c
 b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1  crypto/des/des_enc.c
+4971cdc016ee262d81e31f96c1617a33a63c0d90139e440c2ff32a368ee07bbd  crypto/des/des_local.h
 eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81  crypto/des/ecb3_enc.c
 cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69  crypto/des/fcrypt_b.c
+499513b3ad386fe694c4e04b3c8a9fd4c4e18fc44bb6c4f94d6bf2d9362a3a5a  crypto/des/ncbc_enc.c
 5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1  crypto/des/set_key.c
+8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d  crypto/des/spr.h
 25a73e1a14ffb43b39c6829aa51a22a43322fc5d9ec0fa47996ab85323fb074c  crypto/dh/dh_backend.c
 62f6652a60a8e20fc10a67cdcfd0de1c18f2ba7ad7ab4b2fb1c11b059755704c  crypto/dh/dh_check.c
 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120  crypto/dh/dh_gen.c
@@ -116,11 +123,13 @@ ffe31cb7c0cd887d051867dfc37cce18a406c78c446f2a186d1f20247a5c914d  crypto/dh/dh_g
 c36310300c969a5096a67b5845f91b10acf1717cc2a192deaa8a2ff686796080  crypto/dh/dh_kdf.c
 959aef279023358d5bd4661f132ad809c7f62e4f7bea3d1f25006ff15e75e92b  crypto/dh/dh_key.c
 60c95e4ee43229d900317727df644347f41a065dd95e899d52696080bd6a988f  crypto/dh/dh_lib.c
+5f0e7b65b3ca9e13f8b874ea74e78d285cc7382d2956e52833c20f09284eb426  crypto/dh/dh_local.h
 27d0ea795bb7f571ba37b7460eee63608b9089a95337491c0980b91135563e15  crypto/dsa/dsa_backend.c
 b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7  crypto/dsa/dsa_check.c
 ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58  crypto/dsa/dsa_gen.c
 48e489ffbd49633a879554c895f57083b48cd8704b21cd6af8ed1e2417ba57ca  crypto/dsa/dsa_key.c
 c6b05c784a18e7b9f2d8dfcca8e93eb445b02c9e9eaa64087e00fb44f233962e  crypto/dsa/dsa_lib.c
+57de14ab077f573f9f1a44bd1aac25bdf06f8da802b3c1e8040e3256ecbec58c  crypto/dsa/dsa_local.h
 f79b00636aeb1dbfa67f0d6fab3835b576f59957f476467cbfb8ead2469f6514  crypto/dsa/dsa_ossl.c
 b57b648524bc7dd98f8e2737f4e87b5578c7921df59b1df4a03a34e23e977e8a  crypto/dsa/dsa_sign.c
 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1  crypto/dsa/dsa_vrf.c
@@ -134,12 +143,20 @@ cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368  crypto/ec/asm/
 ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732  crypto/ec/asm/x25519-x86_64.pl
 a33b6a29af8d9fcde009c17d0c2172a1212b111d7ad57def9ef23ab9c462072d  crypto/ec/curve25519.c
 2ab01341b36aecfd639d78609069229e51d3ebb1c678e8e9871b351d494bab8c  crypto/ec/curve448/arch_32/f_impl32.c
+063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1  crypto/ec/curve448/arch_64/arch_intrinsics.h
+43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4  crypto/ec/curve448/arch_64/f_impl.h
 f9ff1d9c68fee883fbb42978302d51404c2b5874cf3ba06b3e95cadd4b3e6bf5  crypto/ec/curve448/arch_64/f_impl64.c
 eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51  crypto/ec/curve448/curve448.c
+3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780  crypto/ec/curve448/curve448_local.h
 178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306  crypto/ec/curve448/curve448_tables.c
+c21cda9f8a98cc70cab9031073e76baee9b2c1ec736c45d7e36ef3a7d6c15ab9  crypto/ec/curve448/curve448utils.h
+4a45e7828831fbe9f282f933cda54b12cd393ec9bffe5c0ace8e4d1c4d5d6358  crypto/ec/curve448/ed448.h
 a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f  crypto/ec/curve448/eddsa.c
 d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curve448/f_generic.c
+f6447921a0031fa5beddedd298e82096fb3fdb189b712fab328b61f6beae0c23  crypto/ec/curve448/field.h
+2ad8331e893b5db33198e27603891587686c0dfdab29706dc52a7097c5d6f219  crypto/ec/curve448/point_448.h
 7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93  crypto/ec/curve448/scalar.c
+3052a044afae2e91b677542fc8b34b3ec9d033e0c6562b0d43098cfb34ab3c9d  crypto/ec/curve448/word.h
 ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d  crypto/ec/ec2_oct.c
 7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
@@ -150,6 +167,7 @@ ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d  crypto/ec/ec2_
 5485a66d4251bc2f044e4d91f6a6b5068957c3b685237bf96a4b45e9c737420c  crypto/ec/ec_key.c
 7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68  crypto/ec/ec_kmeth.c
 90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908  crypto/ec/ec_lib.c
+2d7af485efcfd7b40abb56ab2ff34289504e28d9673655b8b8745bff19426bca  crypto/ec/ec_local.h
 58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0  crypto/ec/ec_mult.c
 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166  crypto/ec/ec_oct.c
 4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73  crypto/ec/ecdh_kdf.c
@@ -163,6 +181,7 @@ f679269eec6f67ab7f859eca39cad7cc5ff2ba70e2f884eed9eadc9057c01272  crypto/ec/ecp_
 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a  crypto/ec/ecp_oct.c
 fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_smpl.c
 4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d  crypto/ec/ecx_backend.c
+5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3  crypto/ec/ecx_backend.h
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
@@ -171,6 +190,7 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_
 c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
 7c654083c116f3e47d6fc7902bc0332643c4662cf2222d66ea66c90ca313de2f  crypto/evp/evp_fetch.c
 1a168c88f1ee61d0f0c94ea72e220f913526a09fc09b8ba1706eb126e948699c  crypto/evp/evp_lib.c
+69ecc84021430ac9568bb5f1e1ed12abcf6a1252a55b306ff21ffbfb1d3fd259  crypto/evp/evp_local.h
 af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
 c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
 896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a  crypto/evp/exchange.c
@@ -196,8 +216,10 @@ ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc
 4c614d354252e2cfdfa2fcb7d2abba0456fcdee3e5ffdcf4d7cec1d6c8c9d1d8  crypto/ffc/ffc_params_generate.c
 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
 31b822540566ab2a51b50dae884f4b3d5ef1403c7c50fce4e1cc76b2885726a5  crypto/hmac/hmac.c
+0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f  crypto/hmac/hmac_local.h
 271083f71a1ce24988a0932f73c0221260591823afd495bf2ae8d11e8469b659  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
+2a3ab2dd023df8bcd507e3ebfa5495e9ab51a109f6f568aff813011a0feab5f2  crypto/lhash/lhash_local.h
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d  crypto/modes/asm/aes-gcm-armv8_64.pl
 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0  crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -230,17 +252,21 @@ d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3  crypto/property/defn_cache.c
 e7ee9ae467238875a413c44552af3937942b4e61a8aa3af6bee81a456d9daad1  crypto/property/property.c
-e65f06611db56dff6159a394958cba6ade6ebe98578c9912338bdd27b6f079ac  crypto/property/property_parse.c
+d2ea0144cf661fe3369b2f1cae22409e2155313eaeed8eb8497aa2ab7a88e1ac  crypto/property/property_local.h
+6e7f3a8d15edb506dead2bba7c1ec6d1dbbe0c28846cce799c9273996b6cbfd5  crypto/property/property_parse.c
 9d5fad386cfb0b6ace3005c7def05edff3017436a4e7dc367a16c53acbbf0ff6  crypto/property/property_string.c
 e09600d89d160b02bcc3ccdc2943ce08848266ab533341de81d72be5b0fc3689  crypto/provider_core.c
+77068908daa856823e606702f938e033fb9d8941ee960fa47fba8985af18a514  crypto/provider_local.h
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
 14341361b4308fe1528b11a9f88edff037b10b51e9e7aa29b70b43a4e3be3d59  crypto/rand/rand_lib.c
+d86ad8b6885b557f60d7c1710b2d13ecc987fae26c38d487fd3cdd3a5a59c293  crypto/rand/rand_local.h
 f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde  crypto/rand/rand_meth.c
 a6841319cb6e9970a3c3f8adb619086310e4b56d1f52448ef2e2caaeface4146  crypto/rsa/rsa_backend.c
 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e  crypto/rsa/rsa_chk.c
 e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce  crypto/rsa/rsa_crpt.c
 f8d4b3f44e556eae4d1ec75c5cfd8442e8a509aafdd9fc2c8aea266a5391afba  crypto/rsa/rsa_gen.c
 bb2dc750739c26e0458f50544efc3c11a4e66b3f9d3002fa4a9515881b88781d  crypto/rsa/rsa_lib.c
+a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b  crypto/rsa/rsa_local.h
 cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00  crypto/rsa/rsa_mp_names.c
 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5  crypto/rsa/rsa_none.c
 b27d572bde071d09ca58b31bab6a2635552d4464d44aa99cbc73b56fdc3f4399  crypto/rsa/rsa_oaep.c
@@ -300,6 +326,7 @@ f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699  crypto/sha/asm
 4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b  crypto/sha/sha256.c
 01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07  crypto/sha/sha3.c
 65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96  crypto/sha/sha512.c
+6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea  crypto/sha/sha_local.h
 86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7  crypto/sparse_array.c
 32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df  crypto/stack/stack.c
 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8  crypto/threads_lib.c
@@ -307,43 +334,226 @@ a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c  crypto/threads
 5f5737f17902bf5b2ad0ebe22fec2831e4dbb61df1632d27c6360dccf330335b  crypto/threads_pthread.c
 60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a  crypto/threads_win.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
+26aaa5cc181b4cfb9d1930b8a2def0aa5f772fc49b5890b747df9dbbf7a7b958  e_os.h
+377ede25d45496d81843396b4cc51db2ec3c67ff3ce2395a382042596bfea9e6  include/crypto/aes_platform.h
+0282be3a62884ecb54c3beba9b9c47a2d5689a34ace50dbd4a2ecf7755b93d06  include/crypto/asn1.h
+8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee  include/crypto/asn1_dsa.h
+8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d  include/crypto/bn.h
+1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df  include/crypto/bn_conf.h.in
+7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6  include/crypto/bn_dh.h
+f33a097a5d98bfd8df6694f5b2a7e58284caf0c91fc3231a9f2d0f68e1682d39  include/crypto/cryptlib.h
+5ee1ea30382bef9869f29b6610665ca304f3b9cf3653746a2d02c64b1a24f103  include/crypto/ctype.h
+3036fb7a2e1f32e3e53e2bd1cf24acbf18705d75f9ce9de6d2945a6e7c3fb4e0  include/crypto/des_platform.h
+c7bef6ee3e29950650275470be540d182e1c6b9ccb30b45d97b3ad2911d14fca  include/crypto/dh.h
+c6d99cc3f9ce38c44220576835e18fbce854769c06bb4a8eaa47167e67e7b244  include/crypto/dsa.h
+103c6aa07939d6d62a878d074d5593b0268ece7bb5ff9236d0df455f9abec3a4  include/crypto/ec.h
+33a436599b6ac6b30fce96f312054a2453b582c5a897b6d66cfcf0d83955c3fd  include/crypto/ecx.h
+32fa498a3d3ae0eb7e83326d72939ededaa78f33cbf1320f32b2215ca1f69961  include/crypto/evp.h
+bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6  include/crypto/lhash.h
+41b5fe04624e4b6ba2b12caddbf2d1ff1728b0826073eda68e709e8a90189ced  include/crypto/md32_common.h
+d680560931ced45a5d215b3fc43d1cbaf2f3316f51bc24800182962ca34ca61f  include/crypto/modes.h
+763ec96091c828c16278873eb32665bfc70624dbd3809cb8043d19dc16e84d22  include/crypto/rand.h
+a79916de6fe7e06d15be4e10e9f3b2cce33236d3c99ee88dff74d47119dba8ba  include/crypto/rand_pool.h
+ff3313bfb4c6d5a41c2d229ca3f3b096c28cde9863904e6cf69468ce83d18807  include/crypto/rsa.h
+32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401  include/crypto/security_bits.h
+0f743762f646656b5480648c05632575fe8acc7506460c63e0fcdf42cf20c08a  include/crypto/sha.h
+af37cd4120756cbe24a206a3fa98de11c4da8464aae541ecd2b6de2f402a0094  include/crypto/sm2.h
+7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad  include/crypto/sparse_array.h
+5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37  include/crypto/types.h
+fc41057613482f5698e5fedca482512999e1e8d7b20d35e285e5ad14d72c8ace  include/crypto/x509.h
+a1778b610a244f49317a09e1e6c78b5fb68bc6d003ffdea0f6eefe5733ee5b5f  include/internal/bio.h
+92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131  include/internal/constant_time.h
+1a8e8ab7245d82fdb14c5f4a654634616e0b07b4137f60a7e3e3aef15a6247f7  include/internal/core.h
+f6ad40990f40445f5e098956ee42141eb098649aaf99b54922990f8bb747054e  include/internal/cryptlib.h
+9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63  include/internal/deprecated.h
+8a2371f964cbb7fc3916583d2a4cee5c56f98595dfa30bd60c71637811a6d9da  include/internal/der.h
+fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b  include/internal/dso.h
+a831a5d136a3d00f13e174af556c5b00ccbec6d88736a63abfaa8f034f1436de  include/internal/dsoerr.h
+70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef  include/internal/endian.h
+4a012af32c3cb5e2163d706ce9cc37b09d854cb96dbf90cf9cd4de085fb5912f  include/internal/ffc.h
+100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99  include/internal/namemap.h
+b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d  include/internal/nelem.h
+5df7377027b7c0640417441dea147eb0d95a0bd6b7a1a7e7f2a49cf4107faf87  include/internal/numbers.h
+ea1bec4f1fff37aef8d4a62745bb451baa3e3ad20ba1bc68920a24f5cbb2f0a7  include/internal/packet.h
+dd7ddecf30bef3002313e6b776ce34d660931e783b2f6edacf64c7c6e729e688  include/internal/param_build_set.h
+794504486afe80618bab452c5caa3837ccc4dc771c4934837f1a420d81d87547  include/internal/passphrase.h
+6d08ed9c307c5d85dce8baf7ee3fc358bfc53b9026760884b2d7e4a051c5a2bd  include/internal/property.h
+7479f972d1050d7f5ea0e7942175000a4b5cd89bbdcea2251907a7de6e17bb0f  include/internal/propertyerr.h
+f214a3d1ebe1109b739f0846e26ba2cd644759e8546a218b202886450018d34e  include/internal/provider.h
+754547e8937b46ead3d6188e20faf45ba4855eb345fb40339f11c2f587bfd22a  include/internal/refcount.h
+47e315163f1d2fb0ddc4e6c450deafd338bcbee66753a715c54ff2dd0cfacb11  include/internal/sha3.h
+494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1  include/internal/sizes.h
+79cd03ebe2ba199178350ceed0aed54b6714d68a16c381631fec819ef25079fa  include/internal/symhacks.h
+640cc6a2aae208073a7f495c08b4c5006a69e8ac1c2d9aaaafd56b0e74d5f859  include/internal/thread_once.h
+415b725d7f949a6191ab7bb30b48931bafc01c7aa93607e529fabbc853a4ddc5  include/internal/tlsgroups.h
+b24938409313384024524cbde837690d83119bcb70fb289b38cb7efa8e082852  include/internal/tsan_assist.h
+2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73  include/openssl/aes.h
+444e0754b9e9e8f272f43eb8356eac687dacb4eb615c3c27504542a5e251b75d  include/openssl/asn1.h.in
+d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429  include/openssl/asn1err.h
+f9f6b49f94e33171cb086774e307500f4a6d13a35af858b8da8fbed85815a045  include/openssl/asn1t.h.in
+cf4be859dba94326ba7d9e305fd7e7275bd11e534118c7b140a3a1c8dac01b76  include/openssl/async.h
+8ed44307406db3a25abebe94b792175f99ceb04ede8fdc5c84446c9622729a0a  include/openssl/asyncerr.h
+91ff638d1fb43cd9717ef6940668ee6b3ed98d22c8f09cd8216238e2244bc570  include/openssl/bio.h.in
+0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0  include/openssl/bioerr.h
+f39fc6139aad9be8d21347f5097fec42d7875375b119ebf1cb89bd8292804869  include/openssl/bn.h
+ea344bb0b690d4e47c99e83f6692b970c9b54a4520296bb2d3ddbcbdf0d51653  include/openssl/bnerr.h
+83b4510a377fcdaa2fff7ee09a37faebd7ea8e86885bc3704273c6144f0bdbb2  include/openssl/buffer.h
+9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac  include/openssl/buffererr.h
+8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5  include/openssl/cmac.h
+1eae6c12c4298d236b1ccefe3ebc28093fd8157214be16f8d34234b376002800  include/openssl/comp.h
+2c7c73adb2fa1da9d453d3776ce83f74e7fc354e268a92cb973abddfe14b7db5  include/openssl/comperr.h
+13a2107bcc030aa78356505dc4b0a18e3b567e7ac882a1dd381d7a038f30c1fa  include/openssl/conf.h.in
+f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3  include/openssl/conferr.h
+02a1baff7b71a298419c6c5dcb43eaa9cc13e9beeb88c03fb14854b4e84e8862  include/openssl/configuration.h.in
+84cd7cd3842c7e70d601acdb6a4a41de3c9fcce552add92425ab33a239d23c97  include/openssl/core.h
+b0bee179f08f605a22ad7c62ec96dae59c3dcabd9f357c64eb8a7f56164b97c6  include/openssl/core_dispatch.h
+c272a96db5e5487904e2405ee5886ea5e2a4d46c3f966a4df4ea1069ef530d37  include/openssl/core_names.h
+d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49  include/openssl/crypto.h.in
+06e9f521a6e98e104cdf37260ce967d928e25d424e0013f1feb3ff4da18eaec0  include/openssl/cryptoerr.h
+bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6  include/openssl/cryptoerr_legacy.h
+24f276f5e1292fededcc70b02c002cf5ea3e747d403582f30d2e085e65a9813e  include/openssl/ct.h.in
+b0f19457b19e0341d13c33863695723272ec6534c708914b4ec75891589565fc  include/openssl/cterr.h
+fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d  include/openssl/des.h
+3a57eceec58ab781d79cb0458c2251a233f45ba0ef8f414d148c55ac2dff1bc8  include/openssl/dh.h
+836130f5a32bbdce51b97b34758ed1b03a9d06065c187418eaf323dca6adfc6d  include/openssl/dherr.h
+92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6  include/openssl/dsa.h
+335eb40a33cd1e95e7783bda2d031ec2bcf02cff8aa804ba3484d1354452b7ea  include/openssl/dsaerr.h
+e067fc6ddda9827d7c4f0675acd0cad2dc427d7d3559749cff3086fcaa34d959  include/openssl/dtls1.h
+fca40ea61d8939485e9ca2b5f433195dd93e7112fa40c7c101b43fa1425c5d70  include/openssl/e_os2.h
+bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9  include/openssl/ebcdic.h
+8e301f2f8cfacda5d7de4f53e5592b523454cb93ba3c8029b628a6abf0ddb833  include/openssl/ec.h
+2a6cd2da2740c589bafaf7bb8533d890cefef98d6a6548e4aef90ac3bbd608d2  include/openssl/ecerr.h
+f2ba09838c280c874db66c5e3b040a684518ad94b671b2e8e6eab11860fe0c47  include/openssl/encoder.h
+69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc  include/openssl/encodererr.h
+f4a13ac910add061f69dfcd33fa71ad192db82ae7fc4238952cf6f50047cfdf0  include/openssl/engine.h
+fb510978001ebea15eee4c4c6cbeebb126a66e11117e6f6d9b9fb4be5057b92c  include/openssl/engineerr.h
+bfc224df9ef6ea16d0112dd8b1b1d9a09b8484a5a26f3f0c85041d7d5e83cf3b  include/openssl/err.h.in
+e650ad0eb7c29dc754f92115a2bea65b38d17a03ed0b67dcc603635da34539d5  include/openssl/evp.h
+5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a  include/openssl/evperr.h
+5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820  include/openssl/fips_names.h
+b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783  include/openssl/fipskey.h.in
+47a088c98ad536ea99f2c6a9333e372507cb61b9bdffb930c586ed52f8f261eb  include/openssl/hmac.h
+0658a7b34390faae0d2a8dbd1fa07453c91f54847d9cd5d705760be72e18b37f  include/openssl/http.h
+5a8fc8d457adc81a2db6ba070185fc61217f07cb6bd737efa52c09ac55448b71  include/openssl/kdf.h
+c6db6926e90c9efd530a7bdb018be8c62f2c2b3c2f7b90228e9f73b8437dd785  include/openssl/lhash.h.in
+fd5c049ac6c3498750fa8f8dcbf88b2a31c02fa62dfe43a33d7b490fb86f61c8  include/openssl/macros.h
+4ec92db58402e93d967bf7f69616e7d9b169aa337bfeb266b5f748ca6c9fb639  include/openssl/md4.h
+6e73e6ead21c841f2af694a4363680afb58b20fc51dd457964c2040b4d8b8816  include/openssl/md5.h
+bb1f2272e984100231add6a62a9a01126eecb447a2293b103b4a7f6bcd714789  include/openssl/mdc2.h
+9184207c562fd1fa7bd3a4f1fadcb984130561279818f0cdfcf3e9c55be8a7d1  include/openssl/modes.h
+7c71200e35f4cc1b4011a4bc14e521e4dc037b9b2d640a74bc30ef334b813de3  include/openssl/obj_mac.h
+157797b450215f973eb10be96a04e58048ab9c131ad29427e80d0e37e230ed98  include/openssl/objects.h
+d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad  include/openssl/objectserr.h
+b2bc74cbd9a589ea770409d3916117aead67a3bab166e419640822ee73bfc0a8  include/openssl/ocsp.h.in
+d77660e0b2d89c4a2359a81c4a04066719420eb4295d8acf679501cd13bf0b1d  include/openssl/ocsperr.h
+fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970  include/openssl/opensslconf.h
+1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0  include/openssl/opensslv.h.in
+767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20  include/openssl/param_build.h
+30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984  include/openssl/params.h
+c05703cea3bd3a447f600dafca7c7fac1d4f4202750ad366aa070ff2b8025828  include/openssl/pem.h
+fb453de1abc5ec8410586593921a66757441ecbfc4273349ddc6257c503a2000  include/openssl/pemerr.h
+749149c1958284291da5bf144eeeca0d3d8618f3eb2395b75e91ef84e569a543  include/openssl/pkcs7.h.in
+8394828da6fd7a794777320c955d27069bfef694356c25c62b7a9eb47cd55832  include/openssl/pkcs7err.h
+90fb37a1a564b989afca658dae8c78b0ba72ac1f4d1ffc0c52eb93e74e144603  include/openssl/proverr.h
+183c205ca22a1fa1f8754db71703098d8457a18888d94a55282c4e426605246c  include/openssl/provider.h
+39f158bae31d336bfb36dba8e1f0627a29f20de3995b157bb816a3bb3cfd0803  include/openssl/rand.h
+e3545298f0cdf598a3419416ce20acd0119c0e88557a13d52c5b1a0117ee643e  include/openssl/randerr.h
+44246a82a6515c932a6ba834fbab8ee2a82b91db977367e8de07a8f529d2f045  include/openssl/ripemd.h
+c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323  include/openssl/rsa.h
+de7e0326d37b1a5aa8b526ffe20d1f2dd76bde76cec102869938539acac20b59  include/openssl/rsaerr.h
+6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2  include/openssl/safestack.h.in
+8578f881906486eb4d5c8f1631a469d3fc6b350e1ff8dc103db40391234ceb47  include/openssl/self_test.h
+d8da6697ce0f23b40c9a557940f030008bf1a53eff2739974f7bdb6b12b93b44  include/openssl/sha.h
+1d0b2696819d7eda4210fcf6f16f30540f536c5433b4ef48e68fb54e95d03d1b  include/openssl/srtp.h
+a59992f46c7b98e3c9738c7f00648d8e3b84b4a19e09cf87709042c0b9798108  include/openssl/ssl.h.in
+9c6d59db5867965f0fc281836f55c4cfb300e43b81c0a1d10ae57184b82e00ba  include/openssl/ssl2.h
+a7593d089430355601f02df740f407ea26e25a643815cb3ded336f9ee3ab6e44  include/openssl/ssl3.h
+28586b305c6b96889daedaf0e7ddb946c42089a0fdb57ee4e5e9b2382629473a  include/openssl/sslerr.h
+cd7bbe3d9bdaea20969cf9a388570ade19201f48f44b4bb860499d49590f9bfb  include/openssl/sslerr_legacy.h
+c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70  include/openssl/stack.h
+22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6  include/openssl/symhacks.h
+b220280d27e4f30ea9605902b316d20953d1d4931c3d199321b9f46d9366d60d  include/openssl/tls1.h
+ae698984da38dfde4c9e09f6565a711b6e426a1a536217ea1a81bc3f42e84fa5  include/openssl/trace.h
+ffd0b00e9fdb307c6f4369fa52005033ff4746cf49dd82bb9dfae1a83532e6e0  include/openssl/types.h
+e2dc5cba3370613db267bea7229949596aec4b925ddb3047c7fb3b679adebc17  include/openssl/ui.h.in
+558433ae747ebf3d9a71d583b7a7ee8c5476f3bef38d97a1f88bdcace4c2f311  include/openssl/uierr.h
+eba1f6ff9d98e843cde6fa92997b5722ec4b7dcb5318db5689874ebd7d9ec51a  include/openssl/x509.h.in
+7aea205aa1cc5472f7ec5e02c23435a4520af3883eff43ce2341a88abb5dcd4c  include/openssl/x509_vfy.h.in
+9e6409eddfa13a469c1da6c5b562825381da2eb4da3c08546aa1182a4ec54726  include/openssl/x509err.h
+31a4ef4e9468ec4af5fa55eb1209ee3af53ef1f4a3b85b01dab879fc63028e8b  include/openssl/x509v3.h.in
+f78e901b2260416773c6d7933de8771a03bbb2cc3073809f3c1715d4276789ff  include/openssl/x509v3err.h
 c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13  providers/common/bio_prov.c
 9cf5f2b733755c0476141ccda0729e8c5e15fa7445d5168939b70867eac4482b  providers/common/capabilities.c
+18ce379903b078446945da9116026da8639b4b0d81d357f86f9674a2a5cb94ef  providers/common/der/der_digests.h.in
+f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8  providers/common/der/der_digests_gen.c.in
+c0a020765feb7ededc7e6f20b2b140dca09f347cc72404a5c7971df82b2f9ad0  providers/common/der/der_dsa.h.in
+424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e  providers/common/der/der_dsa_gen.c.in
 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae  providers/common/der/der_dsa_key.c
 2529d253b3e45c33249461fdedb2c32b3c16a7a305fe4920f2a79e7b3f16ed3f  providers/common/der/der_dsa_sig.c
+6024645ac9e165685b0a44a20feb342355eb06c07b7c7954508a125348570aea  providers/common/der/der_ec.h.in
+a81d36446eb8afa5c2318e24b86b52647059b4721ee52309b741e4ee78af29dd  providers/common/der/der_ec_gen.c.in
 b8f2f94daeaf20c636c90e386284c246cfded0c8275411fa02fe68b534520b95  providers/common/der/der_ec_key.c
 9104cd39dddd6e1a6e8f267656482131f4d0765e96fdced1f7344817a1c8ed7e  providers/common/der/der_ec_sig.c
+5b6b7d8d12011c48195b7db8f65bc4bc4a48fb753763a3ce5006dc227b5139d7  providers/common/der/der_ecx.h.in
+03a5620654438c58a8f971398e68922a3f33a519e2c92edb141d13ef4cbc4651  providers/common/der/der_ecx_gen.c.in
 f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1  providers/common/der/der_ecx_key.c
+ce605f32413b09d33ce5795de9498a08183895c3347f33344f9ae5d31c29ccac  providers/common/der/der_rsa.h.in
+5b3b0ae8da0fad1f7ba8b5fba2206210884728bf69a8aa00644036eb51953467  providers/common/der/der_rsa_gen.c.in
 3ba47f32b30f5540a34b3a8df7a4fd966aab9abcbb2b643af75a83a9ccda1df0  providers/common/der/der_rsa_key.c
 7e8d579986f53eaf1875d677e5cf4adfd4ccf79db0275368f6cac580ab6007ca  providers/common/der/der_rsa_sig.c
+531e3a319d9261a601e50e8661c6cdfb5f977a5b4cff80aa97f4ab2d704c4a32  providers/common/der/der_sm2.h.in
+ac9fa33898d5abe28fd10f115e4bdc636416bbf61ad8025250982621ffc76e31  providers/common/der/der_sm2_gen.c.in
+6c1fa3f229c6f049c3ac152c4c265f3eb056d94221b82df95a15400649690e93  providers/common/der/der_wrap.h.in
+0b18bc007f296e16f6210956f5b6ab612b77d8a95170f12ae32764125901db6d  providers/common/der/der_wrap_gen.c.in
 d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/common/digest_to_nid.c
+440c8ce0a4ca9f63157202bbfa26e12fec25847215fbae3416274124604ada6e  providers/common/include/prov/bio.h
+22cf0bb105a0a2cd817e28c53aa8a96040f4794108826082e957fe23749afd7b  providers/common/include/prov/proverr.h
+6cbc8930e4658b5b03fc52b230db1332ffd9a18e97121e14dd9078066aacb0b4  providers/common/include/prov/provider_ctx.h
+08b35879ae018aec67e21b725ae6bcb061e267f1aadafa869690374807e51a87  providers/common/include/prov/provider_util.h
+e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc  providers/common/include/prov/providercommon.h
+73d0e15963759fcb7c5c434bb214b50bc32f6066e90ac07fb53dad11c2fd1939  providers/common/include/prov/securitycheck.h
 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143  providers/common/provider_ctx.c
 71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0  providers/common/provider_err.c
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e  providers/common/securitycheck.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
-ff2d14b053ecad3a2bc42e2b4a54fe2bbb62fd6068d090dde4d68ae0e14a1a1d  providers/fips/fipsprov.c
+abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101  providers/fips/fips_entry.c
+0097ee47ca140cd4bafe7f12ce43263c08e3461e0005dcec4b2feed5b538d0c8  providers/fips/fipsprov.c
 c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
+4f10af8dd196a78b01494d6a02255b62c570133673549f1800e2fa323dd27170  providers/fips/self_test.h
+652bcbdd15619591466ad1f04240e7a3827f7241aa06410a363ef6cb7d97fea6  providers/fips/self_test_data.inc
 fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
 08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a  providers/implementations/ciphers/cipher_aes.c
+9cdde931c725abe78b304e47029034dee2abf08cc36d4055a4d0212e38631788  providers/implementations/ciphers/cipher_aes.h
 5b7d6a1d0df42c082c3731a3d2a0fe2d0034874e0fbb2f4916efb72da4fe6b66  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+f449c722118408e564746cd2d2d7df4c37f2c2b262e4e52012e4c70f01d10fd9  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
 10f5bee481daad40609b04743de5ea364f4a2d25bba6d901213294dd966ae786  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
 b9026b88005f2719f1836877b2baddadec97cb1d8e20eeaf012abffb6dfc004e  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
 6d6bf36329af3b77f457898294be05fea3940a61cdaf0ed60cfb8d091a94186e  providers/implementations/ciphers/cipher_aes_ccm.c
+13d82a9325b9cf989e632d08fffb960ceaa509efdee0c29d447c151463db2f64  providers/implementations/ciphers/cipher_aes_ccm.h
 6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7  providers/implementations/ciphers/cipher_aes_ccm_hw.c
+302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55  providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
 e63b682f97b424167e4feb28e0103ad3c2859c57056284de2999236d07663eed  providers/implementations/ciphers/cipher_aes_cts.c
+2e72401dbc4f64f0e263660bc7b5192dc5e0e8cc955661aca6a7e3e3359c97cf  providers/implementations/ciphers/cipher_aes_cts.h
+2ec666b6b7fdaa7ffb0f083a3358904c8c3159699540d270c7ddb46a8d96647b  providers/implementations/ciphers/cipher_aes_cts.inc
 e540092e34896a0f75622365a8d97473dfc7c3036ef6ef6f8ce343922ac03f56  providers/implementations/ciphers/cipher_aes_gcm.c
+582dcf5782f2766cb1369fd652985466df2bb8d41bb9791c263fc289df52b726  providers/implementations/ciphers/cipher_aes_gcm.h
 9f2303e103b4eb8244bdf97a2bb71d8a76c9e9adf09195acc2e42af72fab3250  providers/implementations/ciphers/cipher_aes_gcm_hw.c
+8ed4a100e4756c31c56147b4b0fab76a4c6e5292aa2f079045f37b5502fd41b9  providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
 33144c78ad050b2f9976946c67cbc593442d9a215c5f3d678ac56b504169fe18  providers/implementations/ciphers/cipher_aes_hw.c
+89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68  providers/implementations/ciphers/cipher_aes_hw_aesni.inc
 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573  providers/implementations/ciphers/cipher_aes_ocb.c
+1e9c92098be7cc1c8765a4384d6d3b29a51717993c28f6502594cc62e0ba33dc  providers/implementations/ciphers/cipher_aes_ocb.h
 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70  providers/implementations/ciphers/cipher_aes_ocb_hw.c
 d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2  providers/implementations/ciphers/cipher_aes_wrp.c
 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931  providers/implementations/ciphers/cipher_aes_xts.c
+51faef25d9275061868bdcd7e60d2885353123fb4941b6b9feacfcbc63003ef9  providers/implementations/ciphers/cipher_aes_xts.h
 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da  providers/implementations/ciphers/cipher_aes_xts_fips.c
 f12bf83d8fffa833fed6d82d74709c7a0563ea0fe291988149d7c85bda8366e7  providers/implementations/ciphers/cipher_aes_xts_hw.c
 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5  providers/implementations/ciphers/cipher_tdes.c
+240075072fa0e1e47a256b0b3aa8e13e067b2e7f972d20d717d3c65e990405cf  providers/implementations/ciphers/cipher_tdes.h
 7b7172e7e5d646e07c1ac07036716c67d9a821de7c0dfd41f8243610215a61c4  providers/implementations/ciphers/cipher_tdes_common.c
 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25  providers/implementations/ciphers/cipher_tdes_hw.c
 db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/implementations/ciphers/ciphercommon.c
@@ -353,6 +563,7 @@ db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/impl
 1a6377698528eb24943c7616b55e43305a98569497279df8c6e6e411ed009424  providers/implementations/ciphers/ciphercommon_gcm.c
 bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/implementations/ciphers/ciphercommon_gcm_hw.c
 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693  providers/implementations/ciphers/ciphercommon_hw.c
+c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666  providers/implementations/ciphers/ciphercommon_local.h
 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057  providers/implementations/digests/sha2_prov.c
 de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/implementations/digests/sha3_prov.c
@@ -360,9 +571,20 @@ de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/impl
 427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6  providers/implementations/exchange/ecdh_exch.c
 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969  providers/implementations/exchange/ecx_exch.c
 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513  providers/implementations/exchange/kdf_exch.c
+45bed8c4d9f6b9d46d0ea870384424db36b403ff65259c3e12c6d0d631087a89  providers/implementations/include/prov/ciphercommon.h
+6dc876a1a785420e84210f085be6e4c7aca407ffb5433dbca4cd3f1c11bb7f06  providers/implementations/include/prov/ciphercommon_aead.h
+6748aed583c016ad57d443f8087c40e8da2f3598143e7d7832c982664e28c833  providers/implementations/include/prov/ciphercommon_ccm.h
+1738aa29c74e61d6aab6909c02f6e2857bf7b5183be532f2a7e999d6557fb1d2  providers/implementations/include/prov/ciphercommon_gcm.h
+79a5ed6e4a97431233c56eede9d9c9eec27598fff53590c627ea40bd5b871fd5  providers/implementations/include/prov/digestcommon.h
+f40451c176eeaeb035a8ef2d47bd31fea15e60634d1f8a92da372ed2245f4b2b  providers/implementations/include/prov/implementations.h
+5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8  providers/implementations/include/prov/kdfexchange.h
+c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af  providers/implementations/include/prov/macsignature.h
+cc30d303dd0ebc1a3828c3fe231a9dd6472dcec01415941b6cbd210d32862193  providers/implementations/include/prov/names.h
+2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda  providers/implementations/include/prov/seeding.h
 9b9e7937be361de8e3c3fa9a2ef17edde8a0a4391bf55c72ff9785c1e4ee7dfc  providers/implementations/kdfs/hkdf.c
 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
 f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
+c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c  providers/implementations/kdfs/pbkdf2.h
 abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/implementations/kdfs/pbkdf2_fips.c
 6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1  providers/implementations/kdfs/sshkdf.c
 eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/implementations/kdfs/sskdf.c
@@ -372,6 +594,7 @@ eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/impl
 6b60edb1ff512cb20d5727aa765efaaba54a151b9cefb819092da347e0d3d3f6  providers/implementations/keymgmt/dh_kmgmt.c
 6224f55f19d7f2794326357799cd61182a0b3ca6a9b29ced720ecb463d7469b3  providers/implementations/keymgmt/dsa_kmgmt.c
 20d650c547a138d86593bd56bcc91aa59bd89e869cef2fc91f40c6184f2f690b  providers/implementations/keymgmt/ec_kmgmt.c
+258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251  providers/implementations/keymgmt/ec_kmgmt_imexport.inc
 1a6b7e37229e81eae3981ab2e0b7669eb24aaa6487738c4b44a970da212560b6  providers/implementations/keymgmt/ecx_kmgmt.c
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 21b259d6a9eb5e319106012179e04963fb9659ed85af37f5c9c8752ec2385dae  providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -385,6 +608,7 @@ bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c  providers/impl
 3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed  providers/implementations/rands/drbg_ctr.c
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
+29ae5c4e280734514b35870c773e685b60f4c95ed06612c529fc50ea1891f8bc  providers/implementations/rands/drbg_local.h
 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16  providers/implementations/rands/test_rng.c
 3a9dfbf5dcb9e1955f12f71f1ca086dded771b262d6d61bab2874f48260f702a  providers/implementations/signature/dsa_sig.c
 0ff792c30ba26f2d8f4d1c14b999f7183dcd928537f950a23573f0b65359b2f4  providers/implementations/signature/ecdsa_sig.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 9b3a615682..04fcc9deba 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-04f48687924f20e0ea20b0e6283dbbe7ddd18d6836382f3d8ae3709fe3aac0ad  providers/fips-sources.checksums
+7a5559836cd09a35e480ba70e1bbdeb26a4899a789e9fc92d11bf5c697eea466  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 8ea9df0973..7dc0061919 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -1,6 +1,7 @@
 crypto/aes/aes_cbc.c
 crypto/aes/aes_core.c
 crypto/aes/aes_ecb.c
+crypto/aes/aes_local.h
 crypto/aes/aes_misc.c
 crypto/aes/asm/aes-586.pl
 crypto/aes/asm/aes-armv4.pl
@@ -79,12 +80,14 @@ crypto/bn/bn_gf2m.c
 crypto/bn/bn_intern.c
 crypto/bn/bn_kron.c
 crypto/bn/bn_lib.c
+crypto/bn/bn_local.h
 crypto/bn/bn_mod.c
 crypto/bn/bn_mont.c
 crypto/bn/bn_mpi.c
 crypto/bn/bn_mul.c
 crypto/bn/bn_nist.c
 crypto/bn/bn_prime.c
+crypto/bn/bn_prime.h
 crypto/bn/bn_rand.c
 crypto/bn/bn_recp.c
 crypto/bn/bn_rsa_fips186_4.c
@@ -93,6 +96,7 @@ crypto/bn/bn_sqr.c
 crypto/bn/bn_sqrt.c
 crypto/bn/bn_word.c
 crypto/bn/rsaz_exp.c
+crypto/bn/rsaz_exp.h
 crypto/bn/rsaz_exp_x2.c
 crypto/bsearch.c
 crypto/buffer/buffer.c
@@ -106,9 +110,12 @@ crypto/cryptlib.c
 crypto/ctype.c
 crypto/der_writer.c
 crypto/des/des_enc.c
+crypto/des/des_local.h
 crypto/des/ecb3_enc.c
 crypto/des/fcrypt_b.c
+crypto/des/ncbc_enc.c
 crypto/des/set_key.c
+crypto/des/spr.h
 crypto/dh/dh_backend.c
 crypto/dh/dh_check.c
 crypto/dh/dh_gen.c
@@ -116,11 +123,13 @@ crypto/dh/dh_group_params.c
 crypto/dh/dh_kdf.c
 crypto/dh/dh_key.c
 crypto/dh/dh_lib.c
+crypto/dh/dh_local.h
 crypto/dsa/dsa_backend.c
 crypto/dsa/dsa_check.c
 crypto/dsa/dsa_gen.c
 crypto/dsa/dsa_key.c
 crypto/dsa/dsa_lib.c
+crypto/dsa/dsa_local.h
 crypto/dsa/dsa_ossl.c
 crypto/dsa/dsa_sign.c
 crypto/dsa/dsa_vrf.c
@@ -134,12 +143,20 @@ crypto/ec/asm/x25519-ppc64.pl
 crypto/ec/asm/x25519-x86_64.pl
 crypto/ec/curve25519.c
 crypto/ec/curve448/arch_32/f_impl32.c
+crypto/ec/curve448/arch_64/arch_intrinsics.h
+crypto/ec/curve448/arch_64/f_impl.h
 crypto/ec/curve448/arch_64/f_impl64.c
 crypto/ec/curve448/curve448.c
+crypto/ec/curve448/curve448_local.h
 crypto/ec/curve448/curve448_tables.c
+crypto/ec/curve448/curve448utils.h
+crypto/ec/curve448/ed448.h
 crypto/ec/curve448/eddsa.c
 crypto/ec/curve448/f_generic.c
+crypto/ec/curve448/field.h
+crypto/ec/curve448/point_448.h
 crypto/ec/curve448/scalar.c
+crypto/ec/curve448/word.h
 crypto/ec/ec2_oct.c
 crypto/ec/ec2_smpl.c
 crypto/ec/ec_asn1.c
@@ -150,6 +167,7 @@ crypto/ec/ec_cvt.c
 crypto/ec/ec_key.c
 crypto/ec/ec_kmeth.c
 crypto/ec/ec_lib.c
+crypto/ec/ec_local.h
 crypto/ec/ec_mult.c
 crypto/ec/ec_oct.c
 crypto/ec/ecdh_kdf.c
@@ -163,6 +181,7 @@ crypto/ec/ecp_nistz256.c
 crypto/ec/ecp_oct.c
 crypto/ec/ecp_smpl.c
 crypto/ec/ecx_backend.c
+crypto/ec/ecx_backend.h
 crypto/ec/ecx_key.c
 crypto/evp/asymcipher.c
 crypto/evp/dh_support.c
@@ -171,6 +190,7 @@ crypto/evp/ec_support.c
 crypto/evp/evp_enc.c
 crypto/evp/evp_fetch.c
 crypto/evp/evp_lib.c
+crypto/evp/evp_local.h
 crypto/evp/evp_rand.c
 crypto/evp/evp_utils.c
 crypto/evp/exchange.c
@@ -196,8 +216,10 @@ crypto/ffc/ffc_params.c
 crypto/ffc/ffc_params_generate.c
 crypto/ffc/ffc_params_validate.c
 crypto/hmac/hmac.c
+crypto/hmac/hmac_local.h
 crypto/initthread.c
 crypto/lhash/lhash.c
+crypto/lhash/lhash_local.h
 crypto/mem_clr.c
 crypto/modes/asm/aes-gcm-armv8_64.pl
 crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -230,17 +252,21 @@ crypto/params_from_text.c
 crypto/passphrase.c
 crypto/property/defn_cache.c
 crypto/property/property.c
+crypto/property/property_local.h
 crypto/property/property_parse.c
 crypto/property/property_string.c
 crypto/provider_core.c
+crypto/provider_local.h
 crypto/provider_predefined.c
 crypto/rand/rand_lib.c
+crypto/rand/rand_local.h
 crypto/rand/rand_meth.c
 crypto/rsa/rsa_backend.c
 crypto/rsa/rsa_chk.c
 crypto/rsa/rsa_crpt.c
 crypto/rsa/rsa_gen.c
 crypto/rsa/rsa_lib.c
+crypto/rsa/rsa_local.h
 crypto/rsa/rsa_mp_names.c
 crypto/rsa/rsa_none.c
 crypto/rsa/rsa_oaep.c
@@ -300,6 +326,7 @@ crypto/sha/sha1dgst.c
 crypto/sha/sha256.c
 crypto/sha/sha3.c
 crypto/sha/sha512.c
+crypto/sha/sha_local.h
 crypto/sparse_array.c
 crypto/stack/stack.c
 crypto/threads_lib.c
@@ -307,49 +334,226 @@ crypto/threads_none.c
 crypto/threads_pthread.c
 crypto/threads_win.c
 crypto/x86_64cpuid.pl
+e_os.h
+include/crypto/aes_platform.h
+include/crypto/asn1.h
+include/crypto/asn1_dsa.h
+include/crypto/bn.h
+include/crypto/bn_conf.h.in
+include/crypto/bn_dh.h
+include/crypto/cryptlib.h
+include/crypto/ctype.h
+include/crypto/des_platform.h
+include/crypto/dh.h
+include/crypto/dsa.h
+include/crypto/ec.h
+include/crypto/ecx.h
+include/crypto/evp.h
+include/crypto/lhash.h
+include/crypto/md32_common.h
+include/crypto/modes.h
+include/crypto/rand.h
+include/crypto/rand_pool.h
+include/crypto/rsa.h
+include/crypto/security_bits.h
+include/crypto/sha.h
+include/crypto/sm2.h
+include/crypto/sparse_array.h
+include/crypto/types.h
+include/crypto/x509.h
+include/internal/bio.h
+include/internal/constant_time.h
+include/internal/core.h
+include/internal/cryptlib.h
+include/internal/deprecated.h
+include/internal/der.h
+include/internal/dso.h
+include/internal/dsoerr.h
+include/internal/endian.h
+include/internal/ffc.h
+include/internal/namemap.h
+include/internal/nelem.h
+include/internal/numbers.h
+include/internal/packet.h
+include/internal/param_build_set.h
+include/internal/passphrase.h
+include/internal/property.h
+include/internal/propertyerr.h
+include/internal/provider.h
+include/internal/refcount.h
+include/internal/sha3.h
+include/internal/sizes.h
+include/internal/symhacks.h
+include/internal/thread_once.h
+include/internal/tlsgroups.h
+include/internal/tsan_assist.h
+include/openssl/aes.h
+include/openssl/asn1.h.in
+include/openssl/asn1err.h
+include/openssl/asn1t.h.in
+include/openssl/async.h
+include/openssl/asyncerr.h
+include/openssl/bio.h.in
+include/openssl/bioerr.h
+include/openssl/bn.h
+include/openssl/bnerr.h
+include/openssl/buffer.h
+include/openssl/buffererr.h
+include/openssl/cmac.h
+include/openssl/comp.h
+include/openssl/comperr.h
+include/openssl/conf.h.in
+include/openssl/conferr.h
+include/openssl/configuration.h.in
+include/openssl/core.h
+include/openssl/core_dispatch.h
+include/openssl/core_names.h
+include/openssl/crypto.h.in
+include/openssl/cryptoerr.h
+include/openssl/cryptoerr_legacy.h
+include/openssl/ct.h.in
+include/openssl/cterr.h
+include/openssl/des.h
+include/openssl/dh.h
+include/openssl/dherr.h
+include/openssl/dsa.h
+include/openssl/dsaerr.h
+include/openssl/dtls1.h
+include/openssl/e_os2.h
+include/openssl/ebcdic.h
+include/openssl/ec.h
+include/openssl/ecerr.h
+include/openssl/encoder.h
+include/openssl/encodererr.h
+include/openssl/engine.h
+include/openssl/engineerr.h
+include/openssl/err.h.in
+include/openssl/evp.h
+include/openssl/evperr.h
+include/openssl/fips_names.h
+include/openssl/fipskey.h.in
+include/openssl/hmac.h
+include/openssl/http.h
+include/openssl/kdf.h
+include/openssl/lhash.h.in
+include/openssl/macros.h
+include/openssl/md4.h
+include/openssl/md5.h
+include/openssl/mdc2.h
+include/openssl/modes.h
+include/openssl/obj_mac.h
+include/openssl/objects.h
+include/openssl/objectserr.h
+include/openssl/ocsp.h.in
+include/openssl/ocsperr.h
+include/openssl/opensslconf.h
+include/openssl/opensslv.h.in
+include/openssl/param_build.h
+include/openssl/params.h
+include/openssl/pem.h
+include/openssl/pemerr.h
+include/openssl/pkcs7.h.in
+include/openssl/pkcs7err.h
+include/openssl/proverr.h
+include/openssl/provider.h
+include/openssl/rand.h
+include/openssl/randerr.h
+include/openssl/ripemd.h
+include/openssl/rsa.h
+include/openssl/rsaerr.h
+include/openssl/safestack.h.in
+include/openssl/self_test.h
+include/openssl/sha.h
+include/openssl/srtp.h
+include/openssl/ssl.h.in
+include/openssl/ssl2.h
+include/openssl/ssl3.h
+include/openssl/sslerr.h
+include/openssl/sslerr_legacy.h
+include/openssl/stack.h
+include/openssl/symhacks.h
+include/openssl/tls1.h
+include/openssl/trace.h
+include/openssl/types.h
+include/openssl/ui.h.in
+include/openssl/uierr.h
+include/openssl/x509.h.in
+include/openssl/x509_vfy.h.in
+include/openssl/x509err.h
+include/openssl/x509v3.h.in
+include/openssl/x509v3err.h
 providers/common/bio_prov.c
 providers/common/capabilities.c
+providers/common/der/der_digests.h.in
 providers/common/der/der_digests_gen.c.in
+providers/common/der/der_dsa.h.in
 providers/common/der/der_dsa_gen.c.in
 providers/common/der/der_dsa_key.c
 providers/common/der/der_dsa_sig.c
+providers/common/der/der_ec.h.in
 providers/common/der/der_ec_gen.c.in
 providers/common/der/der_ec_key.c
 providers/common/der/der_ec_sig.c
+providers/common/der/der_ecx.h.in
 providers/common/der/der_ecx_gen.c.in
 providers/common/der/der_ecx_key.c
+providers/common/der/der_rsa.h.in
 providers/common/der/der_rsa_gen.c.in
 providers/common/der/der_rsa_key.c
 providers/common/der/der_rsa_sig.c
+providers/common/der/der_sm2.h.in
+providers/common/der/der_sm2_gen.c.in
+providers/common/der/der_wrap.h.in
 providers/common/der/der_wrap_gen.c.in
 providers/common/digest_to_nid.c
+providers/common/include/prov/bio.h
+providers/common/include/prov/proverr.h
+providers/common/include/prov/provider_ctx.h
+providers/common/include/prov/provider_util.h
+providers/common/include/prov/providercommon.h
+providers/common/include/prov/securitycheck.h
 providers/common/provider_ctx.c
 providers/common/provider_err.c
 providers/common/provider_seeding.c
 providers/common/provider_util.c
 providers/common/securitycheck.c
 providers/common/securitycheck_fips.c
+providers/fips/fips_entry.c
 providers/fips/fipsprov.c
 providers/fips/self_test.c
+providers/fips/self_test.h
+providers/fips/self_test_data.inc
 providers/fips/self_test_kats.c
 providers/implementations/asymciphers/rsa_enc.c
 providers/implementations/ciphers/cipher_aes.c
+providers/implementations/ciphers/cipher_aes.h
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
 providers/implementations/ciphers/cipher_aes_ccm.c
+providers/implementations/ciphers/cipher_aes_ccm.h
 providers/implementations/ciphers/cipher_aes_ccm_hw.c
+providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_cts.c
+providers/implementations/ciphers/cipher_aes_cts.h
+providers/implementations/ciphers/cipher_aes_cts.inc
 providers/implementations/ciphers/cipher_aes_gcm.c
+providers/implementations/ciphers/cipher_aes_gcm.h
 providers/implementations/ciphers/cipher_aes_gcm_hw.c
+providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_hw.c
+providers/implementations/ciphers/cipher_aes_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_ocb.c
+providers/implementations/ciphers/cipher_aes_ocb.h
 providers/implementations/ciphers/cipher_aes_ocb_hw.c
 providers/implementations/ciphers/cipher_aes_wrp.c
 providers/implementations/ciphers/cipher_aes_xts.c
+providers/implementations/ciphers/cipher_aes_xts.h
 providers/implementations/ciphers/cipher_aes_xts_fips.c
 providers/implementations/ciphers/cipher_aes_xts_hw.c
 providers/implementations/ciphers/cipher_tdes.c
+providers/implementations/ciphers/cipher_tdes.h
 providers/implementations/ciphers/cipher_tdes_common.c
 providers/implementations/ciphers/cipher_tdes_hw.c
 providers/implementations/ciphers/ciphercommon.c
@@ -359,6 +563,7 @@ providers/implementations/ciphers/ciphercommon_ccm_hw.c
 providers/implementations/ciphers/ciphercommon_gcm.c
 providers/implementations/ciphers/ciphercommon_gcm_hw.c
 providers/implementations/ciphers/ciphercommon_hw.c
+providers/implementations/ciphers/ciphercommon_local.h
 providers/implementations/digests/digestcommon.c
 providers/implementations/digests/sha2_prov.c
 providers/implementations/digests/sha3_prov.c
@@ -366,9 +571,20 @@ providers/implementations/exchange/dh_exch.c
 providers/implementations/exchange/ecdh_exch.c
 providers/implementations/exchange/ecx_exch.c
 providers/implementations/exchange/kdf_exch.c
+providers/implementations/include/prov/ciphercommon.h
+providers/implementations/include/prov/ciphercommon_aead.h
+providers/implementations/include/prov/ciphercommon_ccm.h
+providers/implementations/include/prov/ciphercommon_gcm.h
+providers/implementations/include/prov/digestcommon.h
+providers/implementations/include/prov/implementations.h
+providers/implementations/include/prov/kdfexchange.h
+providers/implementations/include/prov/macsignature.h
+providers/implementations/include/prov/names.h
+providers/implementations/include/prov/seeding.h
 providers/implementations/kdfs/hkdf.c
 providers/implementations/kdfs/kbkdf.c
 providers/implementations/kdfs/pbkdf2.c
+providers/implementations/kdfs/pbkdf2.h
 providers/implementations/kdfs/pbkdf2_fips.c
 providers/implementations/kdfs/sshkdf.c
 providers/implementations/kdfs/sskdf.c
@@ -378,6 +594,7 @@ providers/implementations/kem/rsa_kem.c
 providers/implementations/keymgmt/dh_kmgmt.c
 providers/implementations/keymgmt/dsa_kmgmt.c
 providers/implementations/keymgmt/ec_kmgmt.c
+providers/implementations/keymgmt/ec_kmgmt_imexport.inc
 providers/implementations/keymgmt/ecx_kmgmt.c
 providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -391,6 +608,7 @@ providers/implementations/rands/drbg.c
 providers/implementations/rands/drbg_ctr.c
 providers/implementations/rands/drbg_hash.c
 providers/implementations/rands/drbg_hmac.c
+providers/implementations/rands/drbg_local.h
 providers/implementations/rands/test_rng.c
 providers/implementations/signature/dsa_sig.c
 providers/implementations/signature/ecdsa_sig.c
@@ -399,4 +617,3 @@ providers/implementations/signature/mac_legacy_sig.c
 providers/implementations/signature/rsa_sig.c
 ssl/record/tls_pad.c
 ssl/s3_cbc.c
-util/providers.num
diff --git a/util/fips-checksums.sh b/util/fips-checksums.sh
index 36e59bb708..aff8d0ccce 100755
--- a/util/fips-checksums.sh
+++ b/util/fips-checksums.sh
@@ -8,7 +8,7 @@ for f in "$@"; do
     # the '*stdin' marker to the filename preceded by a space.  See the
     # sha1sum manual for a specification of the format.
     case "$f" in
-        *.c | *.h )
+        *.c | *.c.in | *.h | *.h.in | *.inc)
             cat "$f" \
                 | $HERE/lang-compress.pl 'C' \
                 | unifdef -DFIPS_MODULE=1 \

From tomas at openssl.org  Tue May 25 09:54:13 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 25 May 2021 09:54:13 +0000
Subject: [openssl]  master update
Message-ID: <1621936453.883291.6691.nullmailer@dev.openssl.org>

The branch master has been updated
       via  817d408dd9a8d31866351e4676d232dce93ebbcf (commit)
       via  349fd92429145a5821e96dabae1c82eab93caa80 (commit)
       via  057fc59a894a5e52cee73f56aec8f14bb56efcfc (commit)
       via  3113192705b27958609f525725f830d046f0ded7 (commit)
      from  4f7fc52979ab3a5ff28defd0972b70bbae72a1f7 (commit)


- Log -----------------------------------------------------------------
commit 817d408dd9a8d31866351e4676d232dce93ebbcf
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 24 19:57:28 2021 +0200

    Do not try to install image directories with no images
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15433)

commit 349fd92429145a5821e96dabae1c82eab93caa80
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 24 19:46:34 2021 +0200

    FIPS checksums CI: use merge checkout to compute the new checksums
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15433)

commit 057fc59a894a5e52cee73f56aec8f14bb56efcfc
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 24 15:47:26 2021 +0200

    Windows CI: properly drop test_fuzz* tests to speed up things
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15433)

commit 3113192705b27958609f525725f830d046f0ded7
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 24 12:16:00 2021 +0200

    Windows CI: Add make install step on the shared 64 bit build
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15433)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/fips-checksums.yml |  1 -
 .github/workflows/windows.yml        | 13 ++++++++---
 Configurations/unix-Makefile.tmpl    | 42 ------------------------------------
 Configurations/windows-makefile.tmpl |  9 --------
 4 files changed, 10 insertions(+), 55 deletions(-)

diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml
index 17d8b4073d..12953a38fb 100644
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@@ -28,7 +28,6 @@ jobs:
         working-directory: ./build-pristine
       - uses: actions/checkout at v2
         with:
-          ref: ${{ github.event.pull_request.head.sha }}
           clean: false
       - name: config
         run: ../config enable-fips && perl configdata.pm --dump
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index 56489408b5..0d0b594808 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -32,7 +32,14 @@ jobs:
       run: nmake
     - name: test
       working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz
+      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz*
+    - name: install
+      # Run on 64 bit only as 32 bit is slow enough already
+      if: $${{ matrix.arch == 'win64' }}
+      run: |
+        mkdir _dest
+        nmake install DESTDIR=_dest
+      working-directory: _build
   plain:
     runs-on: windows-latest
     steps:
@@ -50,7 +57,7 @@ jobs:
       run: nmake
     - name: test
       working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz
+      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz*
   minimal:
     runs-on: windows-latest
     steps:
@@ -68,4 +75,4 @@ jobs:
       run: nmake
     - name: test
       working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz
+      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz*
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index c428b5f85a..5a5d44ce15 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1078,31 +1078,7 @@ uninstall_html_docs: uninstall_image_docs
 	done
 
 install_image_docs:
-	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1/img
-	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3/img
-	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5/img
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img
-	@set -e; for x in dummy $(IMAGEDOCS1); do \
-		if [ "$$x" = "dummy" ]; then continue; fi; \
-		fn=`basename $$x`; \
-		$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/img/$$fn"; \
-		cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man1/img/$$fn; \
-		chmod 644 $(DESTDIR)$(HTMLDIR)/man1/img/$$fn; \
-	done
-	@set -e; for x in dummy $(IMAGEDOCS3); do \
-		if [ "$$x" = "dummy" ]; then continue; fi; \
-		fn=`basename $$x`; \
-		$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/img/$$fn"; \
-		cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man3/img/$$fn; \
-		chmod 644 $(DESTDIR)$(HTMLDIR)/man3/img/$$fn; \
-	done
-	@set -e; for x in dummy $(IMAGEDOCS5); do \
-		if [ "$$x" = "dummy" ]; then continue; fi; \
-		fn=`basename $$x`; \
-		$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/img/$$fn"; \
-		cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man5/img/$$fn; \
-		chmod 644 $(DESTDIR)$(HTMLDIR)/man5/img/$$fn; \
-	done
 	@set -e; for x in dummy $(IMAGEDOCS7); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
 		fn=`basename $$x`; \
@@ -1112,24 +1088,6 @@ install_image_docs:
 	done
 
 uninstall_image_docs:
-	@set -e; for x in dummy $(IMAGEDOCS1); do \
-		if [ "$$x" = "dummy" ]; then continue; fi; \
-		fn=`basename $$x`; \
-		$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/img/$$fn"; \
-		$(RM) $(DESTDIR)$(HTMLDIR)/man1/img/$$fn; \
-	done
-	@set -e; for x in dummy $(IMAGEDOCS3); do \
-		if [ "$$x" = "dummy" ]; then continue; fi; \
-		fn=`basename $$x`; \
-		$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/img/$$fn"; \
-		$(RM) $(DESTDIR)$(HTMLDIR)/man3/img/$$fn; \
-	done
-	@set -e; for x in dummy $(IMAGEDOCS5); do \
-		if [ "$$x" = "dummy" ]; then continue; fi; \
-		fn=`basename $$x`; \
-		$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/img/$$fn"; \
-		$(RM) $(DESTDIR)$(HTMLDIR)/man5/img/$$fn; \
-	done
 	@set -e; for x in dummy $(IMAGEDOCS7); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
 		fn=`basename $$x`; \
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 632e5ce4b5..b36592d383 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -624,16 +624,7 @@ uninstall_html_docs: uninstall_image_docs
 install_image_docs:
 	@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
 	@echo *** Installing HTML images
-	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man1\img"
-	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man3\img"
-	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man5\img"
 	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man7\img"
-	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man1\img\*.png \
-                                        "$(INSTALLTOP)\html\man1\img"
-	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man3\img\*.png \
-                                        "$(INSTALLTOP)\html\man3\img"
-	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man5\img\*.png \
-                                        "$(INSTALLTOP)\html\man5\img"
 	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man7\img\*.png \
                                         "$(INSTALLTOP)\html\man7\img"
 

From levitte at openssl.org  Tue May 25 09:54:56 2021
From: levitte at openssl.org (Richard Levitte)
Date: Tue, 25 May 2021 09:54:56 +0000
Subject: [openssl]  master update
Message-ID: <1621936496.653782.7961.nullmailer@dev.openssl.org>

The branch master has been updated
       via  8d67621de16990132c13f6a11bcc18ce8e9cdd47 (commit)
      from  817d408dd9a8d31866351e4676d232dce93ebbcf (commit)


- Log -----------------------------------------------------------------
commit 8d67621de16990132c13f6a11bcc18ce8e9cdd47
Author: Jan Lana <lana.jan at gmail.com>
Date:   Mon May 24 17:08:09 2021 +0200

    fix Solaris OS detection in config.pm
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15439)

-----------------------------------------------------------------------

Summary of changes:
 util/perl/OpenSSL/config.pm | 40 +++++++++++++++++-----------------------
 1 file changed, 17 insertions(+), 23 deletions(-)

diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm
index 79e8c29d71..58feba952b 100755
--- a/util/perl/OpenSSL/config.pm
+++ b/util/perl/OpenSSL/config.pm
@@ -197,13 +197,15 @@ sub is_sco_uname {
 
     open UNAME, "uname -X 2>/dev/null|" or return '';
     my $line = "";
+    my $os = "";
     while ( <UNAME> ) {
         chop;
         $line = $_ if m@^Release@;
+        $os = $_ if m@^System@;
     }
     close UNAME;
 
-    return undef if $line eq '';
+    return undef if $line eq '' or $os eq 'System = SunOS';
 
     my @fields = split(/\s+/, $line);
     return $fields[2];
@@ -238,7 +240,7 @@ sub get_sco_type {
 sub guess_system {
     ($SYSTEM, undef, $RELEASE, $VERSION, $MACHINE) = POSIX::uname();
     my $sys = "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}";
-
+    
     # Special-cases for ISC, SCO, Unixware
     my $REL = is_sco_uname();
     if ( defined $REL ) {
@@ -360,29 +362,20 @@ sub determine_compiler_settings {
         }
 
         if ( $SYSTEM eq "SunOS" ) {
-            # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+            # check for Oracle Developer Studio, expected output is "cc: blah-blah C x.x blah-blah"
             my $v = `(cc -V 2>&1) 2>/dev/null | egrep -e '^cc: .* C [0-9]\.[0-9]'`;
-            chomp $v;
-            $v =~ s/.* C \([0-9]\)\.\([0-9]\).*/$1.$2/;
-            my @numbers = split /\./, $v;
+            my @numbers = 
+                    ( $v =~ m/^.* C ([0-9]+)\.([0-9]+) .*/ );
             my @factors = (100, 1);
             $v = 0;
             while (@numbers && @factors) {
                 $v += shift(@numbers) * shift(@factors)
             }
 
-            if ( $v > 40000 &&  $MACHINE ne 'i86pc' ) {
+            if ($v > 500) {
                 $CC = 'cc';
-                $CCVENDOR = ''; # Determine later
+                $CCVENDOR = 'sun';
                 $CCVER = $v;
-
-                if ( $CCVER == 50000 ) {
-                    print <<'EOF';
-WARNING! Found WorkShop C 5.0.
-         Make sure you have patch #107357-01 or later applied.
-EOF
-                    maybe_abort();
-                }
             }
         }
     }
@@ -685,11 +678,12 @@ EOF
         sub {
             my $KERNEL_BITS = $ENV{KERNEL_BITS};
             my $ISA64 = `isainfo 2>/dev/null | grep sparcv9`;
-            if ( $ISA64 ne "" && $KERNEL_BITS eq '' ) {
+            my $KB = $KERNEL_BITS // '64';
+            if ( $ISA64 ne "" && $KB eq '64' ) {
                 if ( $CCVENDOR eq "sun" && $CCVER >= 500 ) {
                     print <<EOF;
-WARNING! To build 64-bit package, do this:
-         $WHERE/Configure solaris64-sparcv9-cc
+WARNING! To build 32-bit package, do this:
+         $WHERE/Configure solaris-sparcv9-cc
 EOF
                     maybe_abort();
                 } elsif ( $CCVENDOR eq "gnu" && $GCC_ARCH eq "-m64" ) {
@@ -702,7 +696,7 @@ WARNING! To build 32-bit package, do this:
          $WHERE/Configure solaris-sparcv9-gcc
 EOF
                     maybe_abort();
-                    return { target => "solaris64-sparcv9" };
+                    return { target => "solaris64-sparcv9-gcc" };
                 } elsif ( $GCC_ARCH eq "-m32" ) {
                     print <<EOF;
 NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI and you wish
@@ -712,9 +706,9 @@ EOF
                     maybe_abort();
                 }
             }
-            return { target => "solaris64-sparcv9" }
-                if $ISA64 ne "" && $KERNEL_BITS eq '64';
-            return { target => "solaris-sparcv9" };
+            return { target => "solaris64-sparcv9-cc" }
+                if $ISA64 ne "" && $KB eq '64';
+            return { target => "solaris-sparcv9-cc" };
         }
       ],
       [ 'sun4m-.*-solaris2',      { target => "solaris-sparcv8" } ],

From no-reply at appveyor.com  Tue May 25 10:06:04 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 25 May 2021 10:06:04 +0000
Subject: Build failed: openssl master.42145
Message-ID: <20210525100604.1.75A490CE6F803BF3@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210525/85d8859b/attachment.html>

From dev at ddvo.net  Tue May 25 13:29:00 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 25 May 2021 13:29:00 +0000
Subject: [openssl]  master update
Message-ID: <1621949340.885459.16975.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a7e4ca5b4e1932cb91ea21047403c87a033e524a (commit)
      from  8d67621de16990132c13f6a11bcc18ce8e9cdd47 (commit)


- Log -----------------------------------------------------------------
commit a7e4ca5b4e1932cb91ea21047403c87a033e524a
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Jun 9 10:21:58 2020 +0200

    Add warning to key/param generating apps on potential delay due to missing entropy
    
    This also introduces app_keygen() and app_paramgen() and cleans up err reporting.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12095)

-----------------------------------------------------------------------

Summary of changes:
 apps/dgst.c         | 105 +++++++++++++++++++++-------------------------------
 apps/dhparam.c      |   6 +--
 apps/dsaparam.c     |  11 ++----
 apps/gendsa.c       |   7 +---
 apps/genpkey.c      |  19 ++--------
 apps/genrsa.c       |   8 +---
 apps/include/apps.h |   3 ++
 apps/lib/apps.c     |  36 +++++++++++++++++-
 apps/req.c          |  29 ++++-----------
 9 files changed, 99 insertions(+), 125 deletions(-)

diff --git a/apps/dgst.c b/apps/dgst.c
index 7ac1013303..0fa668511a 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -106,7 +106,7 @@ int dgst_main(int argc, char **argv)
     const char *md_name = NULL;
     OPTION_CHOICE o;
     int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
-    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
+    int i, ret = EXIT_FAILURE, out_bin = -1, want_pub = 0, do_verify = 0;
     int xoflen = 0;
     unsigned char *buf = NULL, *sigbuf = NULL;
     int engine_impl = 0;
@@ -125,7 +125,7 @@ int dgst_main(int argc, char **argv)
             goto end;
         case OPT_HELP:
             opt_help(dgst_options);
-            ret = 0;
+            ret = EXIT_SUCCESS;
             goto end;
         case OPT_LIST:
             BIO_printf(bio_out, "Supported digests:\n");
@@ -134,7 +134,7 @@ int dgst_main(int argc, char **argv)
             OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
                                    show_digests, &dec);
             BIO_printf(bio_out, "\n");
-            ret = 0;
+            ret = EXIT_SUCCESS;
             goto end;
         case OPT_C:
             separator = 1;
@@ -244,10 +244,8 @@ int dgst_main(int argc, char **argv)
 
     in = BIO_new(BIO_s_file());
     bmd = BIO_new(BIO_f_md());
-    if ((in == NULL) || (bmd == NULL)) {
-        ERR_print_errors(bio_err);
+    if (in == NULL || bmd == NULL)
         goto end;
-    }
 
     if (debug) {
         BIO_set_callback(in, BIO_debug_callback);
@@ -272,7 +270,7 @@ int dgst_main(int argc, char **argv)
         goto end;
 
     if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
-        BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
+        BIO_printf(bio_err, "MAC and signing key cannot both be specified\n");
         goto end;
     }
 
@@ -302,31 +300,24 @@ int dgst_main(int argc, char **argv)
 
     if (mac_name != NULL) {
         EVP_PKEY_CTX *mac_ctx = NULL;
-        int r = 0;
+
         if (!init_gen_str(&mac_ctx, mac_name, impl, 0, NULL, NULL))
-            goto mac_end;
+            goto end;
         if (macopts != NULL) {
-            char *macopt;
             for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
-                macopt = sk_OPENSSL_STRING_value(macopts, i);
+                char *macopt = sk_OPENSSL_STRING_value(macopts, i);
+
                 if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
-                    BIO_printf(bio_err,
-                               "MAC parameter error \"%s\"\n", macopt);
-                    ERR_print_errors(bio_err);
-                    goto mac_end;
+                    EVP_PKEY_CTX_free(mac_ctx);
+                    BIO_printf(bio_err, "MAC parameter error \"%s\"\n", macopt);
+                    goto end;
                 }
             }
         }
-        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
-            BIO_puts(bio_err, "Error generating key\n");
-            ERR_print_errors(bio_err);
-            goto mac_end;
-        }
-        r = 1;
- mac_end:
+
+        sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
+        /* Verbose output would make external-tests gost-engine fail */
         EVP_PKEY_CTX_free(mac_ctx);
-        if (r == 0)
-            goto end;
     }
 
     if (hmac_key != NULL) {
@@ -342,28 +333,27 @@ int dgst_main(int argc, char **argv)
     if (sigkey != NULL) {
         EVP_MD_CTX *mctx = NULL;
         EVP_PKEY_CTX *pctx = NULL;
-        int r;
+        int res;
+
         if (!BIO_get_md_ctx(bmd, &mctx)) {
             BIO_printf(bio_err, "Error getting context\n");
-            ERR_print_errors(bio_err);
             goto end;
         }
         if (do_verify)
-            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+            res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
         else
-            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
-        if (!r) {
+            res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+        if (res == 0) {
             BIO_printf(bio_err, "Error setting context\n");
-            ERR_print_errors(bio_err);
             goto end;
         }
         if (sigopts != NULL) {
-            char *sigopt;
             for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
-                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+                char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+
                 if (pkey_ctrl_string(pctx, sigopt) <= 0) {
-                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
-                    ERR_print_errors(bio_err);
+                    BIO_printf(bio_err, "Signature parameter error \"%s\"\n",
+                               sigopt);
                     goto end;
                 }
             }
@@ -374,23 +364,21 @@ int dgst_main(int argc, char **argv)
         EVP_MD_CTX *mctx = NULL;
         if (!BIO_get_md_ctx(bmd, &mctx)) {
             BIO_printf(bio_err, "Error getting context\n");
-            ERR_print_errors(bio_err);
             goto end;
         }
         if (md == NULL)
             md = (EVP_MD *)EVP_sha256();
         if (!EVP_DigestInit_ex(mctx, md, impl)) {
             BIO_printf(bio_err, "Error setting digest\n");
-            ERR_print_errors(bio_err);
             goto end;
         }
     }
 
     if (sigfile != NULL && sigkey != NULL) {
         BIO *sigbio = BIO_new_file(sigfile, "rb");
+
         if (sigbio == NULL) {
             BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
-            ERR_print_errors(bio_err);
             goto end;
         }
         siglen = EVP_PKEY_size(sigkey);
@@ -399,7 +387,6 @@ int dgst_main(int argc, char **argv)
         BIO_free(sigbio);
         if (siglen <= 0) {
             BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
-            ERR_print_errors(bio_err);
             goto end;
         }
     }
@@ -431,27 +418,28 @@ int dgst_main(int argc, char **argv)
                     siglen, NULL, md_name, "stdin");
     } else {
         const char *sig_name = NULL;
-        if (!out_bin) {
+
+        if (out_bin == 0) {
             if (sigkey != NULL)
                 sig_name = EVP_PKEY_get0_type_name(sigkey);
         }
-        ret = 0;
+        ret = EXIT_SUCCESS;
         for (i = 0; i < argc; i++) {
-            int r;
             if (BIO_read_filename(in, argv[i]) <= 0) {
                 perror(argv[i]);
-                ret++;
+                ret = EXIT_FAILURE;
                 continue;
             } else {
-                r = do_fp(out, buf, inp, separator, out_bin, xoflen,
-                          sigkey, sigbuf, siglen, sig_name, md_name, argv[i]);
+                if (do_fp(out, buf, inp, separator, out_bin, xoflen,
+                          sigkey, sigbuf, siglen, sig_name, md_name, argv[i]))
+                    ret = EXIT_FAILURE;
             }
-            if (r)
-                ret = r;
             (void)BIO_reset(bmd);
         }
     }
  end:
+    if (ret != EXIT_SUCCESS)
+        ERR_print_errors(bio_err);
     OPENSSL_clear_free(buf, BUFSIZE);
     BIO_free(in);
     OPENSSL_free(passin);
@@ -537,14 +525,13 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen
           const char *file)
 {
     size_t len = BUFSIZE;
-    int i, backslash = 0, ret = 1;
+    int i, backslash = 0, ret = EXIT_FAILURE;
     unsigned char *allocated_buf = NULL;
 
     while (BIO_pending(bp) || !BIO_eof(bp)) {
         i = BIO_read(bp, (char *)buf, BUFSIZE);
         if (i < 0) {
-            BIO_printf(bio_err, "Read Error in %s\n", file);
-            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Read error in %s\n", file);
             goto end;
         }
         if (i == 0)
@@ -557,14 +544,13 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen
         if (i > 0) {
             BIO_printf(out, "Verified OK\n");
         } else if (i == 0) {
-            BIO_printf(out, "Verification Failure\n");
+            BIO_printf(out, "Verification failure\n");
             goto end;
         } else {
-            BIO_printf(bio_err, "Error Verifying Data\n");
-            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Error verifying data\n");
             goto end;
         }
-        ret = 0;
+        ret = EXIT_SUCCESS;
         goto end;
     }
     if (key != NULL) {
@@ -573,8 +559,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen
 
         BIO_get_md_ctx(bp, &ctx);
         if (!EVP_DigestSignFinal(ctx, NULL, &tmplen)) {
-            BIO_printf(bio_err, "Error Signing Data\n");
-            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Error getting maximum length of signed data\n");
             goto end;
         }
         if (tmplen > BUFSIZE) {
@@ -583,8 +568,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen
             buf = allocated_buf;
         }
         if (!EVP_DigestSignFinal(ctx, buf, &len)) {
-            BIO_printf(bio_err, "Error Signing Data\n");
-            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Error signing data\n");
             goto end;
         }
     } else if (xoflen > 0) {
@@ -600,15 +584,12 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen
 
         if (!EVP_DigestFinalXOF(ctx, buf, len)) {
             BIO_printf(bio_err, "Error Digesting Data\n");
-            ERR_print_errors(bio_err);
             goto end;
         }
     } else {
         len = BIO_gets(bp, (char *)buf, BUFSIZE);
-        if ((int)len < 0) {
-            ERR_print_errors(bio_err);
+        if ((int)len < 0)
             goto end;
-        }
     }
 
     if (binout) {
@@ -643,7 +624,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen
         BIO_printf(out, "\n");
     }
 
-    ret = 0;
+    ret = EXIT_SUCCESS;
  end:
     if (allocated_buf != NULL)
         OPENSSL_clear_free(allocated_buf, len);
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 5bb4b7f04a..ba3119b2ce 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -217,11 +217,7 @@ int dhparam_main(int argc, char **argv)
             }
         }
 
-        if (!EVP_PKEY_paramgen(ctx, &tmppkey)) {
-            BIO_printf(bio_err, "Error, %s generation failed\n", alg);
-            goto end;
-        }
-
+        tmppkey = app_paramgen(ctx, alg);
         EVP_PKEY_CTX_free(ctx);
         ctx = NULL;
         if (dsaparam) {
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index d7fb736b98..df98532459 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -11,6 +11,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include "apps.h"
 #include <time.h>
 #include <string.h>
 #include "apps.h"
@@ -176,10 +177,7 @@ int dsaparam_main(int argc, char **argv)
                        "Error, DSA key generation setting bit length failed\n");
             goto end;
         }
-        if (EVP_PKEY_paramgen(ctx, &params) <= 0) {
-            BIO_printf(bio_err, "Error, DSA key generation failed\n");
-            goto end;
-        }
+        params = app_paramgen(ctx, "DSA");
     } else {
         params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters");
     }
@@ -218,10 +216,7 @@ int dsaparam_main(int argc, char **argv)
                        "Error, unable to initialise for key generation\n");
             goto end;
         }
-        if (!EVP_PKEY_keygen(ctx, &pkey)) {
-            BIO_printf(bio_err, "Error, unable to generate key\n");
-            goto end;
-        }
+        pkey = app_keygen(ctx, "DSA", numbits, verbose);
         assert(private);
         if (outformat == FORMAT_ASN1)
             i = i2d_PrivateKey_bio(out, pkey);
diff --git a/apps/gendsa.c b/apps/gendsa.c
index f4bd0fe09e..a7857c478c 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -145,12 +145,7 @@ int gendsa_main(int argc, char **argv)
         BIO_printf(bio_err, "unable to set up for key generation\n");
         goto end;
     }
-    if (verbose)
-        BIO_printf(bio_err, "Generating DSA key, %d bits\n", nbits);
-    if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
-        BIO_printf(bio_err, "unable to generate key\n");
-        goto end;
-    }
+    pkey = app_keygen(ctx, "DSA", nbits, verbose);
 
     assert(private);
     if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) {
diff --git a/apps/genpkey.c b/apps/genpkey.c
index c187cc2a70..38b1100658 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -188,19 +188,8 @@ int genpkey_main(int argc, char **argv)
     EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
     EVP_PKEY_CTX_set_app_data(ctx, bio_err);
 
-    if (do_param) {
-        if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
-            BIO_puts(bio_err, "Error generating parameters\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    } else {
-        if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
-            BIO_puts(bio_err, "Error generating key\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
+    pkey = do_param ? app_paramgen(ctx, algname)
+                    : app_keygen(ctx, algname, 0, 0 /* not verbose */);
 
     if (do_param) {
         rv = PEM_write_bio_Parameters(out, pkey);
@@ -219,7 +208,6 @@ int genpkey_main(int argc, char **argv)
 
     if (rv <= 0) {
         BIO_puts(bio_err, "Error writing key\n");
-        ERR_print_errors(bio_err);
         ret = 1;
     }
 
@@ -231,13 +219,14 @@ int genpkey_main(int argc, char **argv)
 
         if (rv <= 0) {
             BIO_puts(bio_err, "Error printing key\n");
-            ERR_print_errors(bio_err);
             ret = 1;
         }
     }
 
  end:
     sk_OPENSSL_STRING_free(keyopt);
+    if (ret != 0)
+        ERR_print_errors(bio_err);
     EVP_PKEY_free(pkey);
     EVP_PKEY_CTX_free(ctx);
     EVP_CIPHER_free(cipher);
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 0e84687b32..e709ea38ce 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -201,13 +201,7 @@ opthelp:
         BIO_printf(bio_err, "Error setting number of primes\n");
         goto end;
     }
-    if (verbose)
-        BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
-                   num, primes);
-    if (!EVP_PKEY_keygen(ctx, &pkey)) {
-        BIO_printf(bio_err, "Error generating RSA key\n");
-        goto end;
-    }
+    pkey = app_keygen(ctx, "RSA", num, verbose);
 
     if (verbose) {
         BIGNUM *e = NULL;
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 829c49e34e..47a5f7f6f4 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -334,6 +334,9 @@ void app_params_free(OSSL_PARAM *params);
 int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name);
 void app_providers_cleanup(void);
 
+EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose);
+EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg);
+
 OSSL_LIB_CTX *app_get0_libctx(void);
 int app_set_propq(const char *arg);
 const char *app_get0_propq(void);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index fa63410359..12a17fceed 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -35,6 +35,7 @@
 #include <openssl/ui.h>
 #include <openssl/safestack.h>
 #include <openssl/rsa.h>
+#include <openssl/rand.h>
 #include <openssl/bn.h>
 #include <openssl/ssl.h>
 #include <openssl/store.h>
@@ -629,7 +630,7 @@ void app_bail_out(char *fmt, ...)
     BIO_vprintf(bio_err, fmt, args);
     va_end(args);
     ERR_print_errors(bio_err);
-    exit(1);
+    exit(EXIT_FAILURE);
 }
 
 void *app_malloc(size_t sz, const char *what)
@@ -3258,3 +3259,36 @@ void app_params_free(OSSL_PARAM *params)
         OPENSSL_free(params);
     }
 }
+
+EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
+{
+    EVP_PKEY *res = NULL;
+
+    if (verbose && alg != NULL) {
+        BIO_printf(bio_err, "Generating %s key", alg);
+        if (bits > 0)
+            BIO_printf(bio_err, " with %d bits\n", bits);
+        else
+            BIO_printf(bio_err, "\n");
+    }
+    if (!RAND_status())
+        BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
+                   "if the system has a poor entropy source\n");
+    if (EVP_PKEY_keygen(ctx, &res) <= 0)
+        app_bail_out("%s: Error generating %s key\n", opt_getprog(),
+                     alg != NULL ? alg : "asymmetric");
+    return res;
+}
+
+EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
+{
+    EVP_PKEY *res = NULL;
+
+    if (!RAND_status())
+        BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
+                   "if the system has a poor entropy source\n");
+    if (EVP_PKEY_paramgen(ctx, &res) <= 0)
+        app_bail_out("%s: Generating %s key parameters failed\n",
+                     opt_getprog(), alg != NULL ? alg : "asymmetric");
+    return res;
+}
diff --git a/apps/req.c b/apps/req.c
index 11222cb397..67cefa7e87 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -511,15 +511,12 @@ int req_main(int argc, char **argv)
         if (p == NULL)
             ERR_clear_error();
         if (p != NULL) {
-            BIO *oid_bio;
+            BIO *oid_bio = BIO_new_file(p, "r");
 
-            oid_bio = BIO_new_file(p, "r");
             if (oid_bio == NULL) {
-                if (verbose) {
+                if (verbose)
                     BIO_printf(bio_err,
                                "Problems opening '%s' for extra OIDs\n", p);
-                    ERR_print_errors(bio_err);
-                }
             } else {
                 OBJ_create_objects(oid_bio);
                 BIO_free(oid_bio);
@@ -627,9 +624,8 @@ int req_main(int argc, char **argv)
     if (newreq && pkey == NULL) {
         app_RAND_load_conf(req_conf, section);
 
-        if (!NCONF_get_number(req_conf, section, BITS, &newkey_len)) {
+        if (!NCONF_get_number(req_conf, section, BITS, &newkey_len))
             newkey_len = DEFAULT_KEY_LENGTH;
-        }
 
         genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len, gen_eng);
         if (genctx == NULL)
@@ -639,8 +635,7 @@ int req_main(int argc, char **argv)
             && (EVP_PKEY_CTX_is_a(genctx, "RSA")
                 || EVP_PKEY_CTX_is_a(genctx, "RSA-PSS")
                 || EVP_PKEY_CTX_is_a(genctx, "DSA"))) {
-            BIO_printf(bio_err, "Private key length is too short,\n");
-            BIO_printf(bio_err, "it needs to be at least %d bits, not %ld.\n",
+            BIO_printf(bio_err, "Private key length too short, needs to be at least %d bits, not %ld.\n",
                        MIN_KEY_LENGTH, newkey_len);
             goto end;
         }
@@ -673,15 +668,10 @@ int req_main(int argc, char **argv)
             }
         }
 
-        BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
-
         EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
         EVP_PKEY_CTX_set_app_data(genctx, bio_err);
 
-        if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
-            BIO_puts(bio_err, "Error generating key\n");
-            goto end;
-        }
+        pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose);
 
         EVP_PKEY_CTX_free(genctx);
         genctx = NULL;
@@ -927,14 +917,12 @@ int req_main(int argc, char **argv)
 
         i = do_X509_REQ_verify(req, tpubkey, vfyopts);
 
-        if (i < 0) {
+        if (i < 0)
             goto end;
-        } else if (i == 0) {
+        if (i == 0)
             BIO_printf(bio_err, "Certificate request self-signature verify failure\n");
-            ERR_print_errors(bio_err);
-        } else { /* i > 0 */
+        else /* i > 0 */
             BIO_printf(bio_err, "Certificate request self-signature verify OK\n");
-        }
     }
 
     if (noout && !text && !modulus && !subject && !pubkey) {
@@ -1389,7 +1377,6 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
     if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
                                    (unsigned char *)buf, -1)) {
         BIO_printf(bio_err, "Error adding attribute\n");
-        ERR_print_errors(bio_err);
         ret = 0;
     }
 

From no-reply at appveyor.com  Tue May 25 13:48:58 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 25 May 2021 13:48:58 +0000
Subject: Build failed: openssl master.42152
Message-ID: <20210525134858.1.CE0752DF88CFB2A7@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210525/013163f8/attachment.html>

From tomas at openssl.org  Tue May 25 15:14:28 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Tue, 25 May 2021 15:14:28 +0000
Subject: [openssl]  master update
Message-ID: <1621955668.760361.4986.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6fc4d876d460a7ad30b57e94feda3cbd01a43f92 (commit)
      from  a7e4ca5b4e1932cb91ea21047403c87a033e524a (commit)


- Log -----------------------------------------------------------------
commit 6fc4d876d460a7ad30b57e94feda3cbd01a43f92
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 24 15:09:50 2021 +0200

    write-man-symlinks: Write relative symlinks not absolute
    
    Fixes #15424
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15437)

-----------------------------------------------------------------------

Summary of changes:
 util/write-man-symlinks | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/write-man-symlinks b/util/write-man-symlinks
index 97b72a3840..7db7d2cbe2 100755
--- a/util/write-man-symlinks
+++ b/util/write-man-symlinks
@@ -41,7 +41,7 @@ my %podinfo = extract_pod_info($podfile);
 for my $name (@{$podinfo{names}}) {
     next if $name eq $mainf;
     if ($action eq "install") {
-        symlink "$targetdir/$manname", "$targetdir/$name.$section";
+        symlink "$manname", "$targetdir/$name.$section";
     } else {
         unlink "$targetdir/$name.$section";
     }

From no-reply at appveyor.com  Tue May 25 17:16:54 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 25 May 2021 17:16:54 +0000
Subject: Build failed: openssl master.42153
Message-ID: <20210525171654.1.5ED9F2A712C036CE@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210525/1f447df2/attachment.html>

From no-reply at appveyor.com  Tue May 25 20:49:16 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Tue, 25 May 2021 20:49:16 +0000
Subject: Build failed: openssl master.42154
Message-ID: <20210525204916.1.97E147B376F354D4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210525/8488448b/attachment.html>

From dev at ddvo.net  Tue May 25 21:08:06 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Tue, 25 May 2021 21:08:06 +0000
Subject: [openssl]  master update
Message-ID: <1621976886.694847.2402.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e6e618bf22ead6af2d7e5a5a540a39e5073296bb (commit)
      from  6fc4d876d460a7ad30b57e94feda3cbd01a43f92 (commit)


- Log -----------------------------------------------------------------
commit e6e618bf22ead6af2d7e5a5a540a39e5073296bb
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 24 15:53:04 2021 +0200

    Remove tmp file smcont.signed_ that was used for debuggin PR #15347
    
    This file made it into the master branch by mistake.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15438)

-----------------------------------------------------------------------

Summary of changes:
 smcont.signed_ | Bin 10486 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 smcont.signed_

diff --git a/smcont.signed_ b/smcont.signed_
deleted file mode 100644
index 59701f31d4..0000000000
Binary files a/smcont.signed_ and /dev/null differ

From kaduk at mit.edu  Tue May 25 21:26:13 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Tue, 25 May 2021 21:26:13 +0000
Subject: [openssl]  master update
Message-ID: <1621977974.001196.5996.nullmailer@dev.openssl.org>

The branch master has been updated
       via  1376708c1cfee91a891057db132aa45aa2a81a98 (commit)
      from  e6e618bf22ead6af2d7e5a5a540a39e5073296bb (commit)


- Log -----------------------------------------------------------------
commit 1376708c1cfee91a891057db132aa45aa2a81a98
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Fri May 21 10:25:00 2021 -0700

    Allow TLS13_AD_MISSING_EXTENSION for older versions
    
    Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in
    ssl3_alert_code() and tls1_alert_code(), so that the call to
    SSLfatal() in final_psk() will always actually generate an alert,
    even for non-TLS1.3 protocol versions.
    
    Fixes #15375
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15412)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_enc.c | 2 ++
 ssl/t1_enc.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index cf4d5fe4e7..88ac6e4205 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case TLS13_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5e9c3a0ee5..886709bf4a 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -848,6 +848,8 @@ int tls1_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case TLS13_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }

From shane.lontis at oracle.com  Tue May 25 21:30:57 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Tue, 25 May 2021 21:30:57 +0000
Subject: [openssl]  master update
Message-ID: <1621978257.656193.7849.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b8c09a893c00588ea4e5ea615b9b0d117e952144 (commit)
       via  2710ddef6fdee65f0fc89c1e8698736f9317ed14 (commit)
      from  1376708c1cfee91a891057db132aa45aa2a81a98 (commit)


- Log -----------------------------------------------------------------
commit b8c09a893c00588ea4e5ea615b9b0d117e952144
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Fri May 14 14:46:25 2021 +1000

    Add special case to skip RC4 reinit
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15276)

commit 2710ddef6fdee65f0fc89c1e8698736f9317ed14
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Fri May 14 11:15:25 2021 +1000

    Add an evp_libctx_test test run for legacy provider
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15276)

-----------------------------------------------------------------------

Summary of changes:
 test/evp_libctx_test.c            | 17 +++++++++++++----
 test/recipes/30-test_evp_libctx.t | 14 ++++++++++----
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index cb8b3b7fb4..1fcfdadeef 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -314,7 +314,7 @@ err:
 
 static int test_cipher_reinit(int test_id)
 {
-    int ret = 0, diff, ccm, siv;
+    int ret = 0, diff, ccm, siv, no_null_key;
     int out1_len = 0, out2_len = 0, out3_len = 0;
     EVP_CIPHER *cipher = NULL;
     EVP_CIPHER_CTX *ctx = NULL;
@@ -354,6 +354,14 @@ static int test_cipher_reinit(int test_id)
     /* siv cannot be called with NULL key as the iv is irrelevant */
     siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
 
+    /*
+     * Skip init call with a null key for RC4 as the stream cipher does not
+     * handle reinit (1.1.1 behaviour).
+     */
+    no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
+                  || EVP_CIPHER_is_a(cipher, "RC4-40")
+                  || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
+
     /* DES3-WRAP uses random every update - so it will give a different value */
     diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
 
@@ -362,9 +370,10 @@ static int test_cipher_reinit(int test_id)
         || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
                         ccm ? 0 : 1)
-        || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
+        || (!no_null_key
+        && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
         || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
-                        ccm || siv ? 0 : 1))
+                        ccm || siv ? 0 : 1))))
         goto err;
 
     if (ccm == 0) {
@@ -375,7 +384,7 @@ static int test_cipher_reinit(int test_id)
                 goto err;
         } else {
             if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
-                || (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
+                || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
                 goto err;
         }
     }
diff --git a/test/recipes/30-test_evp_libctx.t b/test/recipes/30-test_evp_libctx.t
index 81abbdb3bf..0086cf22c9 100644
--- a/test/recipes/30-test_evp_libctx.t
+++ b/test/recipes/30-test_evp_libctx.t
@@ -16,6 +16,7 @@ BEGIN {
     setup("test_evp_libctx");
 }
 
+my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 use lib srctop_dir('Configurations');
@@ -24,9 +25,7 @@ use lib bldtop_dir('.');
 # If no fips then run the test with no extra arguments.
 my @test_args = ( );
 
-plan tests =>
-    ($no_fips ? 0 : 1)          # FIPS install test
-    + 1;
+plan tests => ($no_fips ? 0 : 1) + ($no_legacy ? 0 : 1) + 1;
 
 unless ($no_fips) {
     @test_args = ("-config", srctop_file("test","fips-and-base.cnf"),
@@ -37,4 +36,11 @@ unless ($no_fips) {
 
 ok(run(test(["evp_libctx_test",
              "-config", srctop_file("test","default.cnf"),])),
-   "running default-and-legacy evp_libctx_test");
+   "running default evp_libctx_test");
+
+unless ($no_legacy) {
+    ok(run(test(["evp_libctx_test",
+                 "-config", srctop_file("test","default-and-legacy.cnf"),])),
+       "running default-and-legacy evp_libctx_test");
+}
+

From no-reply at appveyor.com  Wed May 26 00:14:02 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 26 May 2021 00:14:02 +0000
Subject: Build failed: openssl master.42155
Message-ID: <20210526001402.1.37B684F15D06EBFD@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210526/64555968/attachment.html>

From pauli at openssl.org  Wed May 26 00:20:53 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 00:20:53 +0000
Subject: [openssl]  master update
Message-ID: <1621988453.934959.9688.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9080ed2175532df8ecee4a2de9979037133d2601 (commit)
      from  b8c09a893c00588ea4e5ea615b9b0d117e952144 (commit)


- Log -----------------------------------------------------------------
commit 9080ed2175532df8ecee4a2de9979037133d2601
Author: Petr Gotthard <petr.gotthard at centrum.cz>
Date:   Mon May 24 11:40:15 2021 +0200

    Fix building of test/pbetest.c
    
    The test_pkcs5_pbe() function is required twice:
    once `if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5`
    and once `if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1`
    
    Hence there should be `||` between those. Currently the build fails
    if the first condition is false, while the second is true.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15432)

-----------------------------------------------------------------------

Summary of changes:
 test/pbetest.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/test/pbetest.c b/test/pbetest.c
index 81dbfc1388..33d23d4b71 100644
--- a/test/pbetest.c
+++ b/test/pbetest.c
@@ -16,9 +16,8 @@
 #include <openssl/rc4.h>
 #include <openssl/md5.h>
 
-#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
-# if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
-
+#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 \
+    || !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
 static const char pbe_password[] = "MyVoiceIsMyPassport";
 
 static unsigned char pbe_salt[] = {
@@ -32,7 +31,6 @@ static unsigned char pbe_plaintext[] = {
     0x6c, 0x6c, 0x20, 0x6d, 0x61, 0x64, 0x65, 0x20,
     0x6f, 0x66, 0x20, 0x73, 0x74, 0x61, 0x72, 0x73,
 };
-# endif
 #endif
 
 /* Expected output generated using OpenSSL 1.1.1 */
@@ -54,8 +52,8 @@ static const unsigned char pbe_ciphertext_des_sha1[] = {
 };
 #endif
 
-#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
-# if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
+#if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 \
+    || !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
 static int test_pkcs5_pbe(const EVP_CIPHER *cipher, const EVP_MD *md,
                           const unsigned char *exp, const int exp_len)
 {
@@ -109,7 +107,6 @@ err:
     X509_ALGOR_free(algor);
     return ret;
 }
-# endif
 #endif
 
 #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5

From pauli at openssl.org  Wed May 26 03:02:17 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 03:02:17 +0000
Subject: [openssl]  master update
Message-ID: <1621998137.877058.3424.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b93f6c2db94f736b497ff31a793c1e6766eaf209 (commit)
      from  9080ed2175532df8ecee4a2de9979037133d2601 (commit)


- Log -----------------------------------------------------------------
commit b93f6c2db94f736b497ff31a793c1e6766eaf209
Author: Pauli <pauli at openssl.org>
Date:   Tue May 25 12:04:22 2021 +1000

    err: rename err_load_xxx_strings_int functions
    
    The new names are ossl_err_load_xxx_strings.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15446)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/asn1_err.c                  |  2 +-
 crypto/async/async_err.c                |  2 +-
 crypto/bio/bio_err.c                    |  2 +-
 crypto/bn/bn_err.c                      |  2 +-
 crypto/buffer/buf_err.c                 |  2 +-
 crypto/cmp/cmp_err.c                    |  2 +-
 crypto/cms/cms_err.c                    |  2 +-
 crypto/comp/comp_err.c                  |  2 +-
 crypto/conf/conf_err.c                  |  2 +-
 crypto/cpt_err.c                        |  2 +-
 crypto/crmf/crmf_err.c                  |  2 +-
 crypto/ct/ct_err.c                      |  2 +-
 crypto/dh/dh_err.c                      |  2 +-
 crypto/dsa/dsa_err.c                    |  2 +-
 crypto/dso/dso_err.c                    |  2 +-
 crypto/ec/ec_err.c                      |  2 +-
 crypto/encode_decode/decoder_err.c      |  2 +-
 crypto/encode_decode/encoder_err.c      |  2 +-
 crypto/engine/eng_err.c                 |  2 +-
 crypto/err/err.c                        |  6 +--
 crypto/err/err_all.c                    | 74 ++++++++++++++++-----------------
 crypto/err/err_all_legacy.c             |  6 +--
 crypto/ess/ess_err.c                    |  2 +-
 crypto/evp/evp_err.c                    |  2 +-
 crypto/http/http_err.c                  |  2 +-
 crypto/init.c                           |  4 +-
 crypto/objects/obj_err.c                |  2 +-
 crypto/ocsp/ocsp_err.c                  |  2 +-
 crypto/pem/pem_err.c                    |  2 +-
 crypto/pkcs12/pk12err.c                 |  2 +-
 crypto/pkcs7/pkcs7err.c                 |  2 +-
 crypto/property/property_err.c          |  2 +-
 crypto/rand/rand_err.c                  |  2 +-
 crypto/rsa/rsa_err.c                    |  2 +-
 crypto/sm2/sm2_err.c                    |  2 +-
 crypto/store/store_err.c                |  2 +-
 crypto/ts/ts_err.c                      |  2 +-
 crypto/ui/ui_err.c                      |  2 +-
 crypto/x509/v3err.c                     |  2 +-
 crypto/x509/x509_err.c                  |  2 +-
 include/crypto/asn1err.h                |  2 +-
 include/crypto/asyncerr.h               |  2 +-
 include/crypto/bioerr.h                 |  2 +-
 include/crypto/bnerr.h                  |  2 +-
 include/crypto/buffererr.h              |  2 +-
 include/crypto/cmperr.h                 |  2 +-
 include/crypto/cmserr.h                 |  2 +-
 include/crypto/comperr.h                |  2 +-
 include/crypto/conferr.h                |  2 +-
 include/crypto/crmferr.h                |  2 +-
 include/crypto/cryptoerr.h              |  2 +-
 include/crypto/cterr.h                  |  2 +-
 include/crypto/decodererr.h             |  2 +-
 include/crypto/dherr.h                  |  2 +-
 include/crypto/dsaerr.h                 |  2 +-
 include/crypto/ecerr.h                  |  2 +-
 include/crypto/encodererr.h             |  2 +-
 include/crypto/engineerr.h              |  2 +-
 include/crypto/err.h                    |  4 +-
 include/crypto/esserr.h                 |  2 +-
 include/crypto/evperr.h                 |  2 +-
 include/crypto/httperr.h                |  2 +-
 include/crypto/objectserr.h             |  2 +-
 include/crypto/ocsperr.h                |  2 +-
 include/crypto/pemerr.h                 |  2 +-
 include/crypto/pkcs12err.h              |  2 +-
 include/crypto/pkcs7err.h               |  2 +-
 include/crypto/randerr.h                |  2 +-
 include/crypto/rsaerr.h                 |  2 +-
 include/crypto/sm2err.h                 |  2 +-
 include/crypto/storeerr.h               |  2 +-
 include/crypto/tserr.h                  |  2 +-
 include/crypto/uierr.h                  |  2 +-
 include/crypto/x509err.h                |  2 +-
 include/crypto/x509v3err.h              |  2 +-
 include/internal/dsoerr.h               |  2 +-
 include/internal/propertyerr.h          |  2 +-
 providers/common/include/prov/proverr.h |  2 +-
 providers/common/provider_err.c         |  2 +-
 ssl/ssl_err.c                           |  2 +-
 ssl/ssl_err_legacy.c                    |  2 +-
 ssl/ssl_init.c                          |  4 +-
 ssl/sslerr.h                            |  2 +-
 util/mkerr.pl                           |  4 +-
 84 files changed, 128 insertions(+), 128 deletions(-)

diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index af706e638e..a7b32e3a6e 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -202,7 +202,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = {
 
 #endif
 
-int err_load_ASN1_strings_int(void)
+int ossl_err_load_ASN1_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(ASN1_str_reasons[0].error) == NULL)
diff --git a/crypto/async/async_err.c b/crypto/async/async_err.c
index 285a0f2290..925d1eb534 100644
--- a/crypto/async/async_err.c
+++ b/crypto/async/async_err.c
@@ -27,7 +27,7 @@ static const ERR_STRING_DATA ASYNC_str_reasons[] = {
 
 #endif
 
-int err_load_ASYNC_strings_int(void)
+int ossl_err_load_ASYNC_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(ASYNC_str_reasons[0].error) == NULL)
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
index d70bb08436..7a36c61148 100644
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -76,7 +76,7 @@ static const ERR_STRING_DATA BIO_str_reasons[] = {
 
 #endif
 
-int err_load_BIO_strings_int(void)
+int ossl_err_load_BIO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(BIO_str_reasons[0].error) == NULL)
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index e4ac23e1b6..6b25d1b503 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -45,7 +45,7 @@ static const ERR_STRING_DATA BN_str_reasons[] = {
 
 #endif
 
-int err_load_BN_strings_int(void)
+int ossl_err_load_BN_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(BN_str_reasons[0].error) == NULL)
diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
index 7eee54f321..ffe6f7b854 100644
--- a/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
@@ -20,7 +20,7 @@ static const ERR_STRING_DATA BUF_str_reasons[] = {
 
 #endif
 
-int err_load_BUF_strings_int(void)
+int ossl_err_load_BUF_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(BUF_str_reasons[0].error) == NULL)
diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c
index 93aed38f9a..09acdee986 100644
--- a/crypto/cmp/cmp_err.c
+++ b/crypto/cmp/cmp_err.c
@@ -160,7 +160,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
 
 # endif
 
-int err_load_CMP_strings_int(void)
+int ossl_err_load_CMP_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(CMP_str_reasons[0].error) == NULL)
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
index 33186a5ca9..1fba9d8502 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -163,7 +163,7 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
 
 # endif
 
-int err_load_CMS_strings_int(void)
+int ossl_err_load_CMS_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(CMS_str_reasons[0].error) == NULL)
diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c
index 972e75cdaf..c0bfeb865b 100644
--- a/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
@@ -28,7 +28,7 @@ static const ERR_STRING_DATA COMP_str_reasons[] = {
 
 # endif
 
-int err_load_COMP_strings_int(void)
+int ossl_err_load_COMP_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(COMP_str_reasons[0].error) == NULL)
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
index a06f55b104..68ee90b970 100644
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -62,7 +62,7 @@ static const ERR_STRING_DATA CONF_str_reasons[] = {
 
 #endif
 
-int err_load_CONF_strings_int(void)
+int ossl_err_load_CONF_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(CONF_str_reasons[0].error) == NULL)
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index a56cb2c804..79c1a90595 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -58,7 +58,7 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
 
 #endif
 
-int err_load_CRYPTO_strings_int(void)
+int ossl_err_load_CRYPTO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(CRYPTO_str_reasons[0].error) == NULL)
diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c
index bc7e8558f9..8cb3682c44 100644
--- a/crypto/crmf/crmf_err.c
+++ b/crypto/crmf/crmf_err.c
@@ -61,7 +61,7 @@ static const ERR_STRING_DATA CRMF_str_reasons[] = {
 
 # endif
 
-int err_load_CRMF_strings_int(void)
+int ossl_err_load_CRMF_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(CRMF_str_reasons[0].error) == NULL)
diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c
index d067b713c1..810b3f5070 100644
--- a/crypto/ct/ct_err.c
+++ b/crypto/ct/ct_err.c
@@ -48,7 +48,7 @@ static const ERR_STRING_DATA CT_str_reasons[] = {
 
 # endif
 
-int err_load_CT_strings_int(void)
+int ossl_err_load_CT_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(CT_str_reasons[0].error) == NULL)
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index 3652e89b3d..4152397426 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -62,7 +62,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
 
 # endif
 
-int err_load_DH_strings_int(void)
+int ossl_err_load_DH_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(DH_str_reasons[0].error) == NULL)
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 888c043d89..5685d5e83e 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -41,7 +41,7 @@ static const ERR_STRING_DATA DSA_str_reasons[] = {
 
 # endif
 
-int err_load_DSA_strings_int(void)
+int ossl_err_load_DSA_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(DSA_str_reasons[0].error) == NULL)
diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c
index c018a16464..f3f5002b77 100644
--- a/crypto/dso/dso_err.c
+++ b/crypto/dso/dso_err.c
@@ -46,7 +46,7 @@ static const ERR_STRING_DATA DSO_str_reasons[] = {
 
 #endif
 
-int err_load_DSO_strings_int(void)
+int ossl_err_load_DSO_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(DSO_str_reasons[0].error) == NULL)
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 108df5695b..9e21968499 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -119,7 +119,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
 
 # endif
 
-int err_load_EC_strings_int(void)
+int ossl_err_load_EC_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(EC_str_reasons[0].error) == NULL)
diff --git a/crypto/encode_decode/decoder_err.c b/crypto/encode_decode/decoder_err.c
index c948d82698..88324a1d50 100644
--- a/crypto/encode_decode/decoder_err.c
+++ b/crypto/encode_decode/decoder_err.c
@@ -26,7 +26,7 @@ static const ERR_STRING_DATA OSSL_DECODER_str_reasons[] = {
 
 #endif
 
-int err_load_OSSL_DECODER_strings_int(void)
+int ossl_err_load_OSSL_DECODER_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(OSSL_DECODER_str_reasons[0].error) == NULL)
diff --git a/crypto/encode_decode/encoder_err.c b/crypto/encode_decode/encoder_err.c
index 0b5028769d..7f5f2b3a9a 100644
--- a/crypto/encode_decode/encoder_err.c
+++ b/crypto/encode_decode/encoder_err.c
@@ -26,7 +26,7 @@ static const ERR_STRING_DATA OSSL_ENCODER_str_reasons[] = {
 
 #endif
 
-int err_load_OSSL_ENCODER_strings_int(void)
+int ossl_err_load_OSSL_ENCODER_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(OSSL_ENCODER_str_reasons[0].error) == NULL)
diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
index 1cea06be08..917ecb5ae4 100644
--- a/crypto/engine/eng_err.c
+++ b/crypto/engine/eng_err.c
@@ -81,7 +81,7 @@ static const ERR_STRING_DATA ENGINE_str_reasons[] = {
 
 # endif
 
-int err_load_ENGINE_strings_int(void)
+int ossl_err_load_ENGINE_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(ENGINE_str_reasons[0].error) == NULL)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 046bfcfe16..c77c1920a2 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -248,7 +248,7 @@ static int err_load_strings(const ERR_STRING_DATA *str)
     return 1;
 }
 
-int err_load_ERR_strings_int(void)
+int ossl_err_load_ERR_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (!RUN_ONCE(&err_string_init, do_err_strings_init))
@@ -262,7 +262,7 @@ int err_load_ERR_strings_int(void)
 
 int ERR_load_strings(int lib, ERR_STRING_DATA *str)
 {
-    if (err_load_ERR_strings_int() == 0)
+    if (ossl_err_load_ERR_strings() == 0)
         return 0;
 
     err_patch(lib, str);
@@ -272,7 +272,7 @@ int ERR_load_strings(int lib, ERR_STRING_DATA *str)
 
 int ERR_load_strings_const(const ERR_STRING_DATA *str)
 {
-    if (err_load_ERR_strings_int() == 0)
+    if (ossl_err_load_ERR_strings() == 0)
         return 0;
     err_load_strings(str);
     return 1;
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index d5b3b5dbc6..55aa2b8dbd 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -45,66 +45,66 @@
 #include "internal/propertyerr.h"
 #include "prov/proverr.h"
 
-int err_load_crypto_strings_int(void)
+int ossl_err_load_crypto_strings(void)
 {
     if (0
 #ifndef OPENSSL_NO_ERR
-        || err_load_ERR_strings_int() == 0 /* include error strings for SYSerr */
-        || err_load_BN_strings_int() == 0
-        || err_load_RSA_strings_int() == 0
+        || ossl_err_load_ERR_strings() == 0 /* include error strings for SYSerr */
+        || ossl_err_load_BN_strings() == 0
+        || ossl_err_load_RSA_strings() == 0
 # ifndef OPENSSL_NO_DH
-        || err_load_DH_strings_int() == 0
+        || ossl_err_load_DH_strings() == 0
 # endif
-        || err_load_EVP_strings_int() == 0
-        || err_load_BUF_strings_int() == 0
-        || err_load_OBJ_strings_int() == 0
-        || err_load_PEM_strings_int() == 0
+        || ossl_err_load_EVP_strings() == 0
+        || ossl_err_load_BUF_strings() == 0
+        || ossl_err_load_OBJ_strings() == 0
+        || ossl_err_load_PEM_strings() == 0
 # ifndef OPENSSL_NO_DSA
-        || err_load_DSA_strings_int() == 0
+        || ossl_err_load_DSA_strings() == 0
 # endif
-        || err_load_X509_strings_int() == 0
-        || err_load_ASN1_strings_int() == 0
-        || err_load_CONF_strings_int() == 0
-        || err_load_CRYPTO_strings_int() == 0
+        || ossl_err_load_X509_strings() == 0
+        || ossl_err_load_ASN1_strings() == 0
+        || ossl_err_load_CONF_strings() == 0
+        || ossl_err_load_CRYPTO_strings() == 0
 # ifndef OPENSSL_NO_COMP
-        || err_load_COMP_strings_int() == 0
+        || ossl_err_load_COMP_strings() == 0
 # endif
 # ifndef OPENSSL_NO_EC
-        || err_load_EC_strings_int() == 0
+        || ossl_err_load_EC_strings() == 0
 # endif
-        /* skip err_load_SSL_strings_int() because it is not in this library */
-        || err_load_BIO_strings_int() == 0
-        || err_load_PKCS7_strings_int() == 0
-        || err_load_X509V3_strings_int() == 0
-        || err_load_PKCS12_strings_int() == 0
-        || err_load_RAND_strings_int() == 0
-        || err_load_DSO_strings_int() == 0
+        /* skip ossl_err_load_SSL_strings() because it is not in this library */
+        || ossl_err_load_BIO_strings() == 0
+        || ossl_err_load_PKCS7_strings() == 0
+        || ossl_err_load_X509V3_strings() == 0
+        || ossl_err_load_PKCS12_strings() == 0
+        || ossl_err_load_RAND_strings() == 0
+        || ossl_err_load_DSO_strings() == 0
 # ifndef OPENSSL_NO_TS
-        || err_load_TS_strings_int() == 0
+        || ossl_err_load_TS_strings() == 0
 # endif
 # ifndef OPENSSL_NO_ENGINE
-        || err_load_ENGINE_strings_int() == 0
+        || ossl_err_load_ENGINE_strings() == 0
 # endif
-        || err_load_HTTP_strings_int() == 0
+        || ossl_err_load_HTTP_strings() == 0
 # ifndef OPENSSL_NO_OCSP
-        || err_load_OCSP_strings_int() == 0
+        || ossl_err_load_OCSP_strings() == 0
 # endif
-        || err_load_UI_strings_int() == 0
+        || ossl_err_load_UI_strings() == 0
 # ifndef OPENSSL_NO_CMS
-        || err_load_CMS_strings_int() == 0
+        || ossl_err_load_CMS_strings() == 0
 # endif
 # ifndef OPENSSL_NO_CRMF
-        || err_load_CRMF_strings_int() == 0
-        || err_load_CMP_strings_int() == 0
+        || ossl_err_load_CRMF_strings() == 0
+        || ossl_err_load_CMP_strings() == 0
 # endif
 # ifndef OPENSSL_NO_CT
-        || err_load_CT_strings_int() == 0
+        || ossl_err_load_CT_strings() == 0
 # endif
-        || err_load_ESS_strings_int() == 0
-        || err_load_ASYNC_strings_int() == 0
-        || err_load_OSSL_STORE_strings_int() == 0
-        || err_load_PROP_strings_int() == 0
-        || err_load_PROV_strings_int() == 0
+        || ossl_err_load_ESS_strings() == 0
+        || ossl_err_load_ASYNC_strings() == 0
+        || ossl_err_load_OSSL_STORE_strings() == 0
+        || ossl_err_load_PROP_strings() == 0
+        || ossl_err_load_PROV_strings() == 0
 #endif
         )
         return 0;
diff --git a/crypto/err/err_all_legacy.c b/crypto/err/err_all_legacy.c
index e6cb882b3f..970fd5c500 100644
--- a/crypto/err/err_all_legacy.c
+++ b/crypto/err/err_all_legacy.c
@@ -44,16 +44,16 @@
 # include "crypto/x509v3err.h"
 
 # ifdef OPENSSL_NO_ERR
-#  define IMPLEMENT_LEGACY_ERR_LOAD(lib)         \
+#  define IMPLEMENT_LEGACY_ERR_LOAD(lib)        \
     int ERR_load_##lib##_strings(void)          \
     {                                           \
         return 1;                               \
     }
 # else
-#  define IMPLEMENT_LEGACY_ERR_LOAD(lib)         \
+#  define IMPLEMENT_LEGACY_ERR_LOAD(lib)        \
     int ERR_load_##lib##_strings(void)          \
     {                                           \
-        return err_load_##lib##_strings_int();  \
+        return ossl_err_load_##lib##_strings(); \
     }
 # endif
 
diff --git a/crypto/ess/ess_err.c b/crypto/ess/ess_err.c
index 2ece3443bd..eb76dfe7cc 100644
--- a/crypto/ess/ess_err.c
+++ b/crypto/ess/ess_err.c
@@ -38,7 +38,7 @@ static const ERR_STRING_DATA ESS_str_reasons[] = {
 
 #endif
 
-int err_load_ESS_strings_int(void)
+int ossl_err_load_ESS_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(ESS_str_reasons[0].error) == NULL)
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index cd36b09fb5..c0d9232103 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -198,7 +198,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
 
 #endif
 
-int err_load_EVP_strings_int(void)
+int ossl_err_load_EVP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(EVP_str_reasons[0].error) == NULL)
diff --git a/crypto/http/http_err.c b/crypto/http/http_err.c
index 4ac639197e..b2f2cfb187 100644
--- a/crypto/http/http_err.c
+++ b/crypto/http/http_err.c
@@ -71,7 +71,7 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
 
 #endif
 
-int err_load_HTTP_strings_int(void)
+int ossl_err_load_HTTP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(HTTP_str_reasons[0].error) == NULL)
diff --git a/crypto/init.c b/crypto/init.c
index 3170c60ac2..49d817c089 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -174,8 +174,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
      * pulling in all the error strings during static linking
      */
 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
-    OSSL_TRACE(INIT, "err_load_crypto_strings_int()\n");
-    ret = err_load_crypto_strings_int();
+    OSSL_TRACE(INIT, "ossl_err_load_crypto_strings()\n");
+    ret = ossl_err_load_crypto_strings();
     load_crypto_strings_inited = 1;
 #endif
     return ret;
diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
index ebc46cb44c..2c487433bf 100644
--- a/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
@@ -24,7 +24,7 @@ static const ERR_STRING_DATA OBJ_str_reasons[] = {
 
 #endif
 
-int err_load_OBJ_strings_int(void)
+int ossl_err_load_OBJ_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(OBJ_str_reasons[0].error) == NULL)
diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
index fd0643c715..f0d4d2601d 100644
--- a/crypto/ocsp/ocsp_err.c
+++ b/crypto/ocsp/ocsp_err.c
@@ -62,7 +62,7 @@ static const ERR_STRING_DATA OCSP_str_reasons[] = {
 
 # endif
 
-int err_load_OCSP_strings_int(void)
+int ossl_err_load_OCSP_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(OCSP_str_reasons[0].error) == NULL)
diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
index 50f9c2b925..5fa9fc09be 100644
--- a/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
@@ -64,7 +64,7 @@ static const ERR_STRING_DATA PEM_str_reasons[] = {
 
 #endif
 
-int err_load_PEM_strings_int(void)
+int ossl_err_load_PEM_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(PEM_str_reasons[0].error) == NULL)
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index 9899e272c1..bcd950626d 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -51,7 +51,7 @@ static const ERR_STRING_DATA PKCS12_str_reasons[] = {
 
 #endif
 
-int err_load_PKCS12_strings_int(void)
+int ossl_err_load_PKCS12_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(PKCS12_str_reasons[0].error) == NULL)
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
index c2c40b48af..e30df047a4 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -88,7 +88,7 @@ static const ERR_STRING_DATA PKCS7_str_reasons[] = {
 
 #endif
 
-int err_load_PKCS7_strings_int(void)
+int ossl_err_load_PKCS7_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(PKCS7_str_reasons[0].error) == NULL)
diff --git a/crypto/property/property_err.c b/crypto/property/property_err.c
index a7c722feb5..d70e458c47 100644
--- a/crypto/property/property_err.c
+++ b/crypto/property/property_err.c
@@ -36,7 +36,7 @@ static const ERR_STRING_DATA PROP_str_reasons[] = {
 
 #endif
 
-int err_load_PROP_strings_int(void)
+int ossl_err_load_PROP_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(PROP_str_reasons[0].error) == NULL)
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index 32c4c6cbcb..694b120b78 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -99,7 +99,7 @@ static const ERR_STRING_DATA RAND_str_reasons[] = {
 
 #endif
 
-int err_load_RAND_strings_int(void)
+int ossl_err_load_RAND_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(RAND_str_reasons[0].error) == NULL)
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 8008092b13..1e3c81ff5e 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -153,7 +153,7 @@ static const ERR_STRING_DATA RSA_str_reasons[] = {
 
 #endif
 
-int err_load_RSA_strings_int(void)
+int ossl_err_load_RSA_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(RSA_str_reasons[0].error) == NULL)
diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c
index f548aba539..d420d4e597 100644
--- a/crypto/sm2/sm2_err.c
+++ b/crypto/sm2/sm2_err.c
@@ -37,7 +37,7 @@ static const ERR_STRING_DATA SM2_str_reasons[] = {
 
 # endif
 
-int err_load_SM2_strings_int(void)
+int ossl_err_load_SM2_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(SM2_str_reasons[0].error) == NULL)
diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c
index 8aa3444693..ec62b358c5 100644
--- a/crypto/store/store_err.c
+++ b/crypto/store/store_err.c
@@ -65,7 +65,7 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
 
 #endif
 
-int err_load_OSSL_STORE_strings_int(void)
+int ossl_err_load_OSSL_STORE_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(OSSL_STORE_str_reasons[0].error) == NULL)
diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
index 3a682c694f..9027ef1939 100644
--- a/crypto/ts/ts_err.c
+++ b/crypto/ts/ts_err.c
@@ -78,7 +78,7 @@ static const ERR_STRING_DATA TS_str_reasons[] = {
 
 # endif
 
-int err_load_TS_strings_int(void)
+int ossl_err_load_TS_strings(void)
 {
 # ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(TS_str_reasons[0].error) == NULL)
diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c
index 83ea371997..6ba4857a3b 100644
--- a/crypto/ui/ui_err.c
+++ b/crypto/ui/ui_err.c
@@ -37,7 +37,7 @@ static const ERR_STRING_DATA UI_str_reasons[] = {
 
 #endif
 
-int err_load_UI_strings_int(void)
+int ossl_err_load_UI_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(UI_str_reasons[0].error) == NULL)
diff --git a/crypto/x509/v3err.c b/crypto/x509/v3err.c
index 18eb9917cb..985d7be7dc 100644
--- a/crypto/x509/v3err.c
+++ b/crypto/x509/v3err.c
@@ -137,7 +137,7 @@ static const ERR_STRING_DATA X509V3_str_reasons[] = {
 
 #endif
 
-int err_load_X509V3_strings_int(void)
+int ossl_err_load_X509V3_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(X509V3_str_reasons[0].error) == NULL)
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 76d57e869c..c2f3ae0f5f 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -84,7 +84,7 @@ static const ERR_STRING_DATA X509_str_reasons[] = {
 
 #endif
 
-int err_load_X509_strings_int(void)
+int ossl_err_load_X509_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(X509_str_reasons[0].error) == NULL)
diff --git a/include/crypto/asn1err.h b/include/crypto/asn1err.h
index 9b623555f8..6441386bbc 100644
--- a/include/crypto/asn1err.h
+++ b/include/crypto/asn1err.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_ASN1_strings_int(void);
+int ossl_err_load_ASN1_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/asyncerr.h b/include/crypto/asyncerr.h
index f597e1b41e..b1f9137065 100644
--- a/include/crypto/asyncerr.h
+++ b/include/crypto/asyncerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_ASYNC_strings_int(void);
+int ossl_err_load_ASYNC_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/bioerr.h b/include/crypto/bioerr.h
index 1a2398f5da..ba47066536 100644
--- a/include/crypto/bioerr.h
+++ b/include/crypto/bioerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_BIO_strings_int(void);
+int ossl_err_load_BIO_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/bnerr.h b/include/crypto/bnerr.h
index ee490aee96..e2e7f45eb4 100644
--- a/include/crypto/bnerr.h
+++ b/include/crypto/bnerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_BN_strings_int(void);
+int ossl_err_load_BN_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/buffererr.h b/include/crypto/buffererr.h
index 87e13a89b3..0da96695f0 100644
--- a/include/crypto/buffererr.h
+++ b/include/crypto/buffererr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_BUF_strings_int(void);
+int ossl_err_load_BUF_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/cmperr.h b/include/crypto/cmperr.h
index 5db81abf26..894d3393db 100644
--- a/include/crypto/cmperr.h
+++ b/include/crypto/cmperr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_CMP
 
-int err_load_CMP_strings_int(void);
+int ossl_err_load_CMP_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/cmserr.h b/include/crypto/cmserr.h
index 86c9eb0a00..39b2c7ca7c 100644
--- a/include/crypto/cmserr.h
+++ b/include/crypto/cmserr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_CMS
 
-int err_load_CMS_strings_int(void);
+int ossl_err_load_CMS_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/comperr.h b/include/crypto/comperr.h
index e3dbffed26..9f157623c7 100644
--- a/include/crypto/comperr.h
+++ b/include/crypto/comperr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_COMP
 
-int err_load_COMP_strings_int(void);
+int ossl_err_load_COMP_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/conferr.h b/include/crypto/conferr.h
index 0e7a02a1e0..cb367e4f32 100644
--- a/include/crypto/conferr.h
+++ b/include/crypto/conferr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_CONF_strings_int(void);
+int ossl_err_load_CONF_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/crmferr.h b/include/crypto/crmferr.h
index 6c190a75a3..8eb98d69ce 100644
--- a/include/crypto/crmferr.h
+++ b/include/crypto/crmferr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_CRMF
 
-int err_load_CRMF_strings_int(void);
+int ossl_err_load_CRMF_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/cryptoerr.h b/include/crypto/cryptoerr.h
index 419ca1aac1..9c0380b5ac 100644
--- a/include/crypto/cryptoerr.h
+++ b/include/crypto/cryptoerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_CRYPTO_strings_int(void);
+int ossl_err_load_CRYPTO_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/cterr.h b/include/crypto/cterr.h
index f16f47692d..19bcaa054f 100644
--- a/include/crypto/cterr.h
+++ b/include/crypto/cterr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_CT
 
-int err_load_CT_strings_int(void);
+int ossl_err_load_CT_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/decodererr.h b/include/crypto/decodererr.h
index edf826798d..d7badc4379 100644
--- a/include/crypto/decodererr.h
+++ b/include/crypto/decodererr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_OSSL_DECODER_strings_int(void);
+int ossl_err_load_OSSL_DECODER_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h
index 351d7da01b..bb24d131eb 100644
--- a/include/crypto/dherr.h
+++ b/include/crypto/dherr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_DH
 
-int err_load_DH_strings_int(void);
+int ossl_err_load_DH_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/dsaerr.h b/include/crypto/dsaerr.h
index 2cb75bb1cb..ed4b4fec6c 100644
--- a/include/crypto/dsaerr.h
+++ b/include/crypto/dsaerr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_DSA
 
-int err_load_DSA_strings_int(void);
+int ossl_err_load_DSA_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
index 9110797b4b..e08a4dba97 100644
--- a/include/crypto/ecerr.h
+++ b/include/crypto/ecerr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_EC
 
-int err_load_EC_strings_int(void);
+int ossl_err_load_EC_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/encodererr.h b/include/crypto/encodererr.h
index 836094b3cb..ce5879d8b7 100644
--- a/include/crypto/encodererr.h
+++ b/include/crypto/encodererr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_OSSL_ENCODER_strings_int(void);
+int ossl_err_load_OSSL_ENCODER_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/engineerr.h b/include/crypto/engineerr.h
index 16780166c8..d7d148f3db 100644
--- a/include/crypto/engineerr.h
+++ b/include/crypto/engineerr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_ENGINE
 
-int err_load_ENGINE_strings_int(void);
+int ossl_err_load_ENGINE_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/err.h b/include/crypto/err.h
index 7110276097..15ec6fd039 100644
--- a/include/crypto/err.h
+++ b/include/crypto/err.h
@@ -11,8 +11,8 @@
 # define OSSL_CRYPTO_ERR_H
 # pragma once
 
-int err_load_ERR_strings_int(void);
-int err_load_crypto_strings_int(void);
+int ossl_err_load_ERR_strings(void);
+int ossl_err_load_crypto_strings(void);
 void err_cleanup(void);
 int err_shelve_state(void **);
 void err_unshelve_state(void *);
diff --git a/include/crypto/esserr.h b/include/crypto/esserr.h
index a87d4fabce..8df2df11ed 100644
--- a/include/crypto/esserr.h
+++ b/include/crypto/esserr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_ESS_strings_int(void);
+int ossl_err_load_ESS_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/evperr.h b/include/crypto/evperr.h
index 9af2e903f3..d90ba83f8b 100644
--- a/include/crypto/evperr.h
+++ b/include/crypto/evperr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_EVP_strings_int(void);
+int ossl_err_load_EVP_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/httperr.h b/include/crypto/httperr.h
index c68ca3b0c4..969df17b83 100644
--- a/include/crypto/httperr.h
+++ b/include/crypto/httperr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_HTTP_strings_int(void);
+int ossl_err_load_HTTP_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/objectserr.h b/include/crypto/objectserr.h
index 98b3d74599..a55c80c979 100644
--- a/include/crypto/objectserr.h
+++ b/include/crypto/objectserr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_OBJ_strings_int(void);
+int ossl_err_load_OBJ_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/ocsperr.h b/include/crypto/ocsperr.h
index 15a9ccb983..51eb347b84 100644
--- a/include/crypto/ocsperr.h
+++ b/include/crypto/ocsperr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_OCSP
 
-int err_load_OCSP_strings_int(void);
+int ossl_err_load_OCSP_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/pemerr.h b/include/crypto/pemerr.h
index 24c4d0c585..b255ff5c64 100644
--- a/include/crypto/pemerr.h
+++ b/include/crypto/pemerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_PEM_strings_int(void);
+int ossl_err_load_PEM_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/pkcs12err.h b/include/crypto/pkcs12err.h
index e3bf35cf68..b258905ed8 100644
--- a/include/crypto/pkcs12err.h
+++ b/include/crypto/pkcs12err.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_PKCS12_strings_int(void);
+int ossl_err_load_PKCS12_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/pkcs7err.h b/include/crypto/pkcs7err.h
index 4cbe074b3e..39eb5b0494 100644
--- a/include/crypto/pkcs7err.h
+++ b/include/crypto/pkcs7err.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_PKCS7_strings_int(void);
+int ossl_err_load_PKCS7_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/randerr.h b/include/crypto/randerr.h
index ce2b4d5175..ff11d21878 100644
--- a/include/crypto/randerr.h
+++ b/include/crypto/randerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_RAND_strings_int(void);
+int ossl_err_load_RAND_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/rsaerr.h b/include/crypto/rsaerr.h
index 63435822d6..43541b7faf 100644
--- a/include/crypto/rsaerr.h
+++ b/include/crypto/rsaerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_RSA_strings_int(void);
+int ossl_err_load_RSA_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/sm2err.h b/include/crypto/sm2err.h
index d24ff32a7e..706f4d69de 100644
--- a/include/crypto/sm2err.h
+++ b/include/crypto/sm2err.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_SM2
 
-int err_load_SM2_strings_int(void);
+int ossl_err_load_SM2_strings(void);
 
 /*
  * SM2 reason codes.
diff --git a/include/crypto/storeerr.h b/include/crypto/storeerr.h
index ed4a219509..c46d845f8e 100644
--- a/include/crypto/storeerr.h
+++ b/include/crypto/storeerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_OSSL_STORE_strings_int(void);
+int ossl_err_load_OSSL_STORE_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/tserr.h b/include/crypto/tserr.h
index 802430c412..43c7696150 100644
--- a/include/crypto/tserr.h
+++ b/include/crypto/tserr.h
@@ -21,7 +21,7 @@ extern "C" {
 
 # ifndef OPENSSL_NO_TS
 
-int err_load_TS_strings_int(void);
+int ossl_err_load_TS_strings(void);
 # endif
 
 # ifdef  __cplusplus
diff --git a/include/crypto/uierr.h b/include/crypto/uierr.h
index 83a6df1a26..07744f9c32 100644
--- a/include/crypto/uierr.h
+++ b/include/crypto/uierr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_UI_strings_int(void);
+int ossl_err_load_UI_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/x509err.h b/include/crypto/x509err.h
index 9b267ed5f7..4c5f3d6c3e 100644
--- a/include/crypto/x509err.h
+++ b/include/crypto/x509err.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_X509_strings_int(void);
+int ossl_err_load_X509_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/x509v3err.h b/include/crypto/x509v3err.h
index bf81433912..653ca6c631 100644
--- a/include/crypto/x509v3err.h
+++ b/include/crypto/x509v3err.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_X509V3_strings_int(void);
+int ossl_err_load_X509V3_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h
index 43f83d9ad8..b1719e8377 100644
--- a/include/internal/dsoerr.h
+++ b/include/internal/dsoerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_DSO_strings_int(void);
+int ossl_err_load_DSO_strings(void);
 
 /*
  * DSO reason codes.
diff --git a/include/internal/propertyerr.h b/include/internal/propertyerr.h
index d73532ed6a..fbee53f11e 100644
--- a/include/internal/propertyerr.h
+++ b/include/internal/propertyerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_PROP_strings_int(void);
+int ossl_err_load_PROP_strings(void);
 
 /*
  * PROP reason codes.
diff --git a/providers/common/include/prov/proverr.h b/providers/common/include/prov/proverr.h
index d9744d06b8..5084af201e 100644
--- a/providers/common/include/prov/proverr.h
+++ b/providers/common/include/prov/proverr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_PROV_strings_int(void);
+int ossl_err_load_PROV_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index eff523b579..d08192e64b 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -217,7 +217,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
 
 #endif
 
-int err_load_PROV_strings_int(void)
+int ossl_err_load_PROV_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(PROV_str_reasons[0].error) == NULL)
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 595e9f5ed0..014eda06b1 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -559,7 +559,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
 
 #endif
 
-int err_load_SSL_strings_int(void)
+int ossl_err_load_SSL_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(SSL_str_reasons[0].error) == NULL)
diff --git a/ssl/ssl_err_legacy.c b/ssl/ssl_err_legacy.c
index d1f27c964e..747e47afb4 100644
--- a/ssl/ssl_err_legacy.c
+++ b/ssl/ssl_err_legacy.c
@@ -14,7 +14,7 @@
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 int ERR_load_SSL_strings(void)
 {
-    return err_load_SSL_strings_int();
+    return ossl_err_load_SSL_strings();
 }
 #else
 NON_EMPTY_TRANSLATION_UNIT
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 772dc2b474..989a732a36 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -54,8 +54,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
      * pulling in all the error strings during static linking
      */
 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
-    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: err_load_SSL_strings_int()\n");
-    err_load_SSL_strings_int();
+    OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ossl_err_load_SSL_strings()\n");
+    ossl_err_load_SSL_strings();
     ssl_strings_inited = 1;
 #endif
     return 1;
diff --git a/ssl/sslerr.h b/ssl/sslerr.h
index 3ad54e4dcc..5c5b760e38 100644
--- a/ssl/sslerr.h
+++ b/ssl/sslerr.h
@@ -19,7 +19,7 @@
 extern "C" {
 # endif
 
-int err_load_SSL_strings_int(void);
+int ossl_err_load_SSL_strings(void);
 
 # ifdef  __cplusplus
 }
diff --git a/util/mkerr.pl b/util/mkerr.pl
index e297797b6a..ab25b8fc96 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -358,7 +358,7 @@ EOF
             $indent = "  ";
         }
         print OUT <<"EOF";
-int err_load_${lib}_strings_int(void);
+int ossl_err_load_${lib}_strings(void);
 EOF
 
         # If this library doesn't have a public header file, we write all
@@ -581,7 +581,7 @@ EOF
         if ( $internal ) {
             print OUT <<"EOF";
 
-int err_load_${lib}_strings_int(void)
+int ossl_err_load_${lib}_strings(void)
 {
 #${indent}ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(${lib}_str_reasons[0].error) == NULL)

From no-reply at appveyor.com  Wed May 26 03:37:28 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 26 May 2021 03:37:28 +0000
Subject: Build failed: openssl master.42156
Message-ID: <20210526033728.1.72FCFE1407EFA281@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210526/1892f443/attachment.html>

From no-reply at appveyor.com  Wed May 26 07:03:20 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 26 May 2021 07:03:20 +0000
Subject: Build failed: openssl master.42157
Message-ID: <20210526070320.1.10675647D9148BD5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210526/ebaa7cb6/attachment.html>

From pauli at openssl.org  Wed May 26 07:34:33 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 07:34:33 +0000
Subject: [openssl]  master update
Message-ID: <1622014473.158485.20996.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0221b080cefa7358c0a0737d089caeec2979f930 (commit)
      from  b93f6c2db94f736b497ff31a793c1e6766eaf209 (commit)


- Log -----------------------------------------------------------------
commit 0221b080cefa7358c0a0737d089caeec2979f930
Author: Tom Cosgrove <tom.cosgrove at arm.com>
Date:   Mon May 17 09:59:57 2021 +0100

    Fix -static builds on master
    
    Pull in Todd Short's fix cfd7225fbb from 1.1.1, which moves the disabling
    of pic, threads and statics to before they are checked.
    
    Signed-off-by: Tom Cosgrove <tom.cosgrove at arm.com>
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15214)

-----------------------------------------------------------------------

Summary of changes:
 Configure | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Configure b/Configure
index a6fb8324a0..92f7526bfa 100755
--- a/Configure
+++ b/Configure
@@ -1380,6 +1380,10 @@ foreach (keys %useradd) {
 # At this point, we can forget everything about %user and %useradd,
 # because it's now all been merged into the corresponding $config entry
 
+if (grep { $_ =~ /(?:^|\s)-static(?:\s|$)/ } @{$config{LDFLAGS}}) {
+    disable('static', 'pic', 'threads');
+}
+
 # Allow overriding the build file name
 $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
 
@@ -1668,10 +1672,6 @@ if ($strict_warnings)
                 }
         }
 
-if (grep { $_ =~ /(?:^|\s)-static(?:\s|$)/ } @{$config{LDFLAGS}}) {
-    disable('static', 'pic', 'threads');
-}
-
 $config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
                               ? @strict_warnings_collection
                               : ( $_ ) }

From pauli at openssl.org  Wed May 26 07:58:05 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 07:58:05 +0000
Subject: [openssl]  master update
Message-ID: <1622015885.762461.29046.nullmailer@dev.openssl.org>

The branch master has been updated
       via  1ee04b791b396385cce2a0c46c112158b2005293 (commit)
      from  0221b080cefa7358c0a0737d089caeec2979f930 (commit)


- Log -----------------------------------------------------------------
commit 1ee04b791b396385cce2a0c46c112158b2005293
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue May 25 13:31:44 2021 +1000

    Fix buffer overflow when generating large RSA keys in FIPS mode.
    
    A pairwise test runs only in FIPS mode.
    An assumption about the size of the 'to' buffer passed to
    RSA_private_decrypt() was incorrect. It needs to be up to RSA_size()
    bytes long - so a fixed buffer of 256 bytes was not large enough.
    An exiting malloc has increased in size to allocate buffer space for
    both the encrypt and decrypt buffer.
    
    The existing test used 2080 bits which was not quite large enough to
    trigger the issue. A test using 3072 bits has been added.
    
    Reported by Mark Powers from Acumen.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15447)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_gen.c          | 9 +++++++--
 test/recipes/15-test_genrsa.t | 8 +++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 07a3a7800e..ac64483e6a 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -479,7 +479,7 @@ static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
     unsigned int ciphertxt_len;
     unsigned char *ciphertxt = NULL;
     const unsigned char plaintxt[16] = {0};
-    unsigned char decoded[256];
+    unsigned char *decoded = NULL;
     unsigned int decoded_len;
     unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len);
     int padding = RSA_PKCS1_PADDING;
@@ -492,9 +492,14 @@ static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
                            OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1);
 
     ciphertxt_len = RSA_size(rsa);
-    ciphertxt = OPENSSL_zalloc(ciphertxt_len);
+    /*
+     * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to'
+     * parameter to be a maximum of RSA_size() - allocate space for both.
+     */
+    ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2);
     if (ciphertxt == NULL)
         goto err;
+    decoded = ciphertxt + ciphertxt_len;
 
     ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa,
                                        padding);
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index 95390c5ff4..501d3a100f 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
-    ($no_fips ? 0 : 1)          # Extra FIPS related test
+    ($no_fips ? 0 : 2)          # Extra FIPS related test
     + 13;
 
 # We want to know that an absurdly small number of bits isn't support
@@ -131,4 +131,10 @@ unless ($no_fips) {
                '-pkeyopt', 'bits:2080',
                '-out', 'genrsatest2080.pem'])),
        "Generating RSA key with > 2048 bits and < 3072 bits");
+    ok(run(app(['openssl', 'genpkey',
+                @prov,
+               '-algorithm', 'RSA',
+               '-pkeyopt', 'bits:3072',
+               '-out', 'genrsatest3072.pem'])),
+       "Generating RSA key with 3072 bits");
 }

From no-reply at appveyor.com  Wed May 26 10:25:54 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 26 May 2021 10:25:54 +0000
Subject: Build failed: openssl master.42158
Message-ID: <20210526102554.1.7A0EA1298E8AEF2F@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210526/25248b6f/attachment.html>

From pauli at openssl.org  Wed May 26 10:39:46 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 10:39:46 +0000
Subject: [openssl]  master update
Message-ID: <1622025586.790400.17288.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b59b2f93a165f9e4ad6ed15ca8b22ff29296297f (commit)
       via  1cf520e9d045c1d97c740367b1b94db88e90d9db (commit)
      from  1ee04b791b396385cce2a0c46c112158b2005293 (commit)


- Log -----------------------------------------------------------------
commit b59b2f93a165f9e4ad6ed15ca8b22ff29296297f
Author: Pauli <pauli at openssl.org>
Date:   Tue May 25 11:26:15 2021 +1000

    test: update RSA test with current bit strengths
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    (Merged from https://github.com/openssl/openssl/pull/15428)

commit 1cf520e9d045c1d97c740367b1b94db88e90d9db
Author: Pauli <pauli at openssl.org>
Date:   Sun May 23 15:28:30 2021 +1000

    rsa: special case the strengths of RSA with 7680 and 15360 bits
    
    Also cap the strengths for values under these two because the formula
    overestimates around them.
    
    The formula NIST gives doesn't match the table also presented in IG 7.5
    
    Partial fix for #15421
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    (Merged from https://github.com/openssl/openssl/pull/15428)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_lib.c | 40 ++++++++++++++++++++++++++++++++--------
 test/rsa_test.c      | 12 +++++++++---
 2 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index c70b622bae..bbcfbdde3d 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -312,21 +312,30 @@ uint16_t ossl_ifc_ffc_compute_security_bits(int n)
 {
     uint64_t x;
     uint32_t lx;
-    uint16_t y;
+    uint16_t y, cap;
 
-    /* Look for common values as listed in SP 800-56B rev 2 Appendix D */
+    /*
+     * Look for common values as listed in standards.
+     * These values are not exactly equal to the results from the foruml? in
+     * the standards but are defined to be canonical.
+     */
     switch (n) {
-    case 2048:
+    case 2048:      /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */
         return 112;
-    case 3072:
+    case 3072:      /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */
         return 128;
-    case 4096:
+    case 4096:      /* SP 800-56B rev 2 Appendix D */
         return 152;
-    case 6144:
+    case 6144:      /* SP 800-56B rev 2 Appendix D */
         return 176;
-    case 8192:
+    case 7680:      /* FIPS 140-2 IG 7.5 */
+        return 192;
+    case 8192:      /* SP 800-56B rev 2 Appendix D */
         return 200;
+    case 15360:     /* FIPS 140-2 IG 7.5 */
+        return 256;
     }
+
     /*
      * The first incorrect result (i.e. not accurate or off by one low) occurs
      * for n = 699668.  The true value here is 1200.  Instead of using this n
@@ -338,11 +347,26 @@ uint16_t ossl_ifc_ffc_compute_security_bits(int n)
     if (n < 8)
         return 0;
 
+    /*
+     * To ensure that the output is non-decreasing with respect to n,
+     * a cap needs to be applied to the two values where the function over
+     * estimates the strength (according to the above fast path).
+     */
+    if (n <= 7680)
+        cap = 192;
+    else if (n <= 15360)
+        cap = 256;
+    else
+        cap = 1200;
+
     x = n * (uint64_t)log_2;
     lx = ilog_e(x);
     y = (uint16_t)((mul2(c1_923, icbrt64(mul2(mul2(x, lx), lx))) - c4_690)
                    / log_2);
-    return (y + 4) & ~7;
+    y = (y + 4) & ~7;
+    if (y > cap)
+        y = cap;
+    return y;
 }
 
 
diff --git a/test/rsa_test.c b/test/rsa_test.c
index c2c8b6ef5e..5ddc3b6c6e 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -337,16 +337,22 @@ static const struct {
     { 4096,     152 },
     { 6144,     176 },
     { 8192,     200 },
+    /* NIST FIPS 140-2 IG 7.5 */
+    { 7680,     192 },
+    { 15360,    256 },
     /* Older values */
     { 256,      40  },
     { 512,      56  },
     { 1024,     80  },
-    /* Slightly different value to the 256 that NIST lists in their tables */
-    { 15360,    264 },
     /* Some other values */
     { 8888,     208 },
     { 2468,     120 },
-    { 13456,    248 }
+    { 13456,    248 },
+    /* Edge points */
+    { 15359,    256 },
+    { 15361,    264 },
+    { 7679,     192 },
+    { 7681,     200 },
 };
 
 static int test_rsa_security_bit(int n)

From tomas at openssl.org  Wed May 26 11:05:10 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 26 May 2021 11:05:10 +0000
Subject: [openssl]  master update
Message-ID: <1622027110.021801.27312.nullmailer@dev.openssl.org>

The branch master has been updated
       via  4d2d4b4bc1a8515fa5c17906393458a7beef5422 (commit)
       via  05814be8d647ec3056866c13e68c4b48c788ec23 (commit)
       via  07f65429c34cb581484371f7d45cb83815f95484 (commit)
      from  b59b2f93a165f9e4ad6ed15ca8b22ff29296297f (commit)


- Log -----------------------------------------------------------------
commit 4d2d4b4bc1a8515fa5c17906393458a7beef5422
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 25 09:59:06 2021 +0200

    OSSL_DECODER_from_bio: Report an unsupported error when there is none
    
    When nothing was decoded and there is no error on the stack report
    something.
    
    Fixes #15442
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15441)

commit 05814be8d647ec3056866c13e68c4b48c788ec23
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 25 09:58:35 2021 +0200

    Add negative test cases for PEM_read_bio_PrivateKey
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15441)

commit 07f65429c34cb581484371f7d45cb83815f95484
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 24 18:47:45 2021 +0200

    Fix possible infinite loop in pem_read_bio_key_decoder()
    
    There could be an infinite loop if no read happened.
    
    Fixes #15426
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15441)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/decoder_lib.c |  5 +++--
 crypto/pem/pem_pkey.c              |  9 ++++++++-
 test/evp_extra_test2.c             | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index c7eac0eddd..022c1d56e2 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -87,9 +87,10 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
         const char *input_structure
             = ctx->input_structure != NULL ? ctx->input_structure : "";
 
-        if (BIO_eof(in) == 0 /* Prevent spurious decoding error */)
+        if (BIO_eof(in) == 0 || ERR_peek_error() == 0)
+            /* Prevent spurious decoding error */
             ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED,
-                           "Not supported for the data to decode.%s%s%s%s%s%s",
+                           "No supported data to decode. %s%s%s%s%s%s",
                            spaces, input_type_label, input_type, comma,
                            input_structure_label, input_structure);
         ok = 0;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index adbf8bcfe7..becf7e277c 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -36,6 +36,11 @@ static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x,
 {
     EVP_PKEY *pkey = NULL;
     OSSL_DECODER_CTX *dctx = NULL;
+    int pos, newpos;
+
+    if ((pos = BIO_tell(bp)) < 0)
+        /* We can depend on BIO_tell() thanks to the BIO_f_readbuffer() */
+        return NULL;
 
     dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL,
                                          selection, libctx, propq);
@@ -50,8 +55,10 @@ static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x,
         goto err;
 
     while (!OSSL_DECODER_from_bio(dctx, bp) || pkey == NULL)
-        if (BIO_eof(bp) != 0)
+        if (BIO_eof(bp) != 0 || (newpos = BIO_tell(bp)) < 0 || newpos <= pos)
             goto err;
+        else
+            pos = newpos;
 
     if (!evp_keymgmt_util_has(pkey, selection)) {
         EVP_PKEY_free(pkey);
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 3f7edac278..e480ae9555 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -414,6 +414,41 @@ static int test_d2i_PrivateKey_ex(int testid)
     return ok;
 }
 
+static int test_PEM_read_bio_negative(int testid)
+{
+    int ok = 0;
+    OSSL_PROVIDER *provider = NULL;
+    BIO *key_bio = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (!TEST_ptr(key_bio = BIO_new_mem_buf(keydata[testid].kder, keydata[testid].size)))
+        goto err;
+    ERR_clear_error();
+    if (!TEST_ptr_null(pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL)))
+        goto err;
+    if (!TEST_int_ne(ERR_peek_error(), 0))
+        goto err;
+    if (!TEST_ptr(provider = OSSL_PROVIDER_load(NULL, "default")))
+        goto err;
+    if (!TEST_int_ge(BIO_seek(key_bio, 0), 0))
+        goto err;
+    ERR_clear_error();
+    if (!TEST_ptr_null(pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL)))
+        goto err;
+    if (!TEST_int_ne(ERR_peek_error(), 0))
+        goto err;
+
+    ok = 1;
+
+ err:
+    test_openssl_errors();
+    EVP_PKEY_free(pkey);
+    BIO_free(key_bio);
+    OSSL_PROVIDER_unload(provider);
+
+    return ok;
+}
+
 static int do_fromdata_key_is_equal(const OSSL_PARAM params[],
                                     const EVP_PKEY *expected, const char *type)
 {
@@ -807,6 +842,7 @@ int setup_tests(void)
 #ifndef OPENSSL_NO_DES
     ADD_TEST(test_pkcs8key_nid_bio);
 #endif
+    ADD_ALL_TESTS(test_PEM_read_bio_negative, OSSL_NELEM(keydata));
     return 1;
 }
 

From pauli at openssl.org  Wed May 26 12:08:32 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 12:08:32 +0000
Subject: [openssl]  master update
Message-ID: <1622030912.728191.19047.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bfd6b619b6ccba8aee6b1d9ea1af21f0e03567dc (commit)
      from  4d2d4b4bc1a8515fa5c17906393458a7beef5422 (commit)


- Log -----------------------------------------------------------------
commit bfd6b619b6ccba8aee6b1d9ea1af21f0e03567dc
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 25 12:02:07 2021 +0100

    Ignore the threadstest_fips executable
    
    Add a new executable that isn't caught by existing .gitignore rules
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15453)

-----------------------------------------------------------------------

Summary of changes:
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 038ccb9773..fa989a8029 100644
--- a/.gitignore
+++ b/.gitignore
@@ -100,6 +100,7 @@ providers/common/include/prov/der_sm2.h
 /test/confdump
 /test/bio_prefix_text
 /test/evp_extra_test2
+/test/threadstest_fips
 
 # Certain files that get created by tests on the fly
 /test-runs

From levitte at openssl.org  Wed May 26 13:11:57 2021
From: levitte at openssl.org (Richard Levitte)
Date: Wed, 26 May 2021 13:11:57 +0000
Subject: [openssl]  master update
Message-ID: <1622034717.398670.7546.nullmailer@dev.openssl.org>

The branch master has been updated
       via  7c499c7da93561fd620338cc4f8691c1dbc9ee36 (commit)
       via  f5657ce8e664cbb1e3314f54385b9a4d653e6bae (commit)
       via  6dd07a9328950ff8bf3f95ad35caf3a4e1e33a15 (commit)
       via  a2405c5f2019707d1a4306f152faa9ccda5f4cd5 (commit)
      from  bfd6b619b6ccba8aee6b1d9ea1af21f0e03567dc (commit)


- Log -----------------------------------------------------------------
commit 7c499c7da93561fd620338cc4f8691c1dbc9ee36
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 24 14:25:28 2021 +0200

    TEST: Add test specific fipsmodule.cnf, and use it
    
    We add the concept of preparation recipes, which are performed
    unconditionally.  They are all expected to match the pattern
    test/recipes/00-prep_*.t.
    
    We add one such preparation recipe, test/recipes/00-prep_fipsmodule_cnf.t,
    which helps us generate a test specific fipsmodule.cnf, to be used by
    all other tests.
    
    Fixes #15166
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15436)

commit f5657ce8e664cbb1e3314f54385b9a4d653e6bae
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 24 14:24:32 2021 +0200

    Build file templates: rework FIPS module installation
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15436)

commit 6dd07a9328950ff8bf3f95ad35caf3a4e1e33a15
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 24 14:19:38 2021 +0200

    Build file templates: rework how general dependencies are computed
    
    For some types of targets, we pretty much know what kinds of files all
    the dependencies are.  For some, however, we can't assume anything,
    and are faced with dependencies in platform agnostic form.  We need to
    find those in diverse places in %unified_info, and deduce from there
    how they should be converted to a platform specific form.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15436)

commit a2405c5f2019707d1a4306f152faa9ccda5f4cd5
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 24 14:06:00 2021 +0200

    Rework how providers/fipsmodule.cnf is produced
    
    First of all, we have concluded that we can calculate the integrity
    checksum with a simple perl script.
    
    Second, having the production of providers/fipsmodule.cnf as a
    dependency for run_tests wasn't quite right.  What we really want is
    to generate it as soon as a new providers/fips.so is produced.  That
    required a small bit of fiddling with how diverse dependencies are
    made.
    
    Fixes #15166
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15436)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/descrip.mms.tmpl                    |  99 +++++++++++---------
 Configurations/unix-Makefile.tmpl                  |  97 ++++++++++----------
 Configurations/windows-makefile.tmpl               | 101 +++++++++++----------
 providers/build.info                               |  15 +--
 ...t_fipsmodule_cnf.t => 00-prep_fipsmodule_cnf.t} |  19 ++--
 test/recipes/01-test_fipsmodule_cnf.t              |   2 +-
 test/recipes/90-test_threads.t                     |   2 +-
 test/run_tests.pl                                  |  11 ++-
 util/mk-fipsmodule-cnf.pl                          |  44 +++++++++
 9 files changed, 225 insertions(+), 165 deletions(-)
 copy test/recipes/{01-test_fipsmodule_cnf.t => 00-prep_fipsmodule_cnf.t} (66%)
 create mode 100644 util/mk-fipsmodule-cnf.pl

diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index 4188e29020..3430f7258d 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -62,7 +62,12 @@
       @{$unified_info{modules}};
   our @install_modules =
       grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-             && !$unified_info{attributes}->{modules}->{$_}->{engine} }
+             && !$unified_info{attributes}->{modules}->{$_}->{engine}
+             && !$unified_info{attributes}->{modules}->{$_}->{fips} }
+      @{$unified_info{modules}};
+  our @install_fipsmodules =
+      grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+             && $unified_info{attributes}->{modules}->{$_}->{fips} }
       @{$unified_info{modules}};
   our @install_programs =
       grep { !$unified_info{attributes}->{programs}->{$_}->{noinst} }
@@ -269,15 +274,23 @@ SHLIB_TARGET={- $target{shared_target} -}
 
 LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -}
 SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
-FIPSMODULENAME={- # We do some extra checking here, as there should be only one
-                  use File::Basename;
-                  my @fipsmodules =
-                      grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                             && $unified_info{attributes}->{modules}->{$_}->{fips} }
-                      @{$unified_info{modules}};
-                  die "More that one FIPS module" if scalar @fipsmodules > 1;
+MODULES={- join(", ", map { "-\n\t".$_.".EXE" }
+                      # Drop all modules that are dependencies, they will
+                      # be processed through their dependents
+                      grep { my $x = $_;
+                             !grep { grep { $_ eq $x } @$_ }
+                                   values %{$unified_info{depends}} }
+                      @{$unified_info{modules}}) -}
+FIPSMODULE={- # We do some extra checking here, as there should be only one
+              use File::Basename;
+              our @fipsmodules =
+                  grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+                         && $unified_info{attributes}->{modules}->{$_}->{fips} }
+                  @{$unified_info{modules}};
+              die "More that one FIPS module" if scalar @fipsmodules > 1;
+              join(" ", map { platform->dso($_) } @fipsmodules) -}
+FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1;
                   join(", ", map { basename(platform->dso($_)) } @fipsmodules) -}
-MODULES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{modules}}) -}
 PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
 SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
 {- output_off() if $disabled{makedepend}; "" -}
@@ -307,6 +320,8 @@ INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @install_libs) -}
 INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -}
 INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @install_engines) -}
 INSTALL_MODULES={- join(", ", map { "-\n\t".$_.".EXE" } @install_modules) -}
+INSTALL_FIPSMODULE={- join(", ", map { "-\n\t".$_.".EXE" } @install_fipsmodules) -}
+INSTALL_FIPSMODULECONF=[.providers]fipsmodule.cnf
 INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @install_programs) -}
 BIN_SCRIPTS={- join(", ", @install_bin_scripts) -}
 MISC_SCRIPTS={- join(", ", @install_misc_scripts) -}
@@ -549,17 +564,20 @@ install_docs : install_html_docs
 
 uninstall_docs : uninstall_html_docs
 
-install_fips : install_sw
+{- output_off() if $disabled{fips}; "" -}
+install_fips : install_sw $(INSTALL_FIPSMODULECONF)
+	@ WRITE SYS$OUTPUT "*** Installing FIPS module"
+	COPY/PROT=W:RE $(INSTALL_FIPSMODULES) -
+                ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME)
 	@ WRITE SYS$OUTPUT "*** Installing FIPS module configuration"
-	@ WRITE SYS$OUTPUT "fipsinstall $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).cnf"
-	openssl fipsinstall -
-		-module ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME) -
-		-out ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf -
-		-macopt "hexkey:$(FIPSKEY)"
+	COPY/PROT=W:RE $(INSTALL_FIPSMODULESCONF) OSSL_DATAROOT:[000000]
 
 uninstall_fips : uninstall_sw
 	@ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration"
-	DELETE ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME).cnf;*
+	DELETE OSSL_DATAROOT:[000000]fipsmodule.cnf;*
+	@ WRITE SYS$OUTPUT "*** Uninstalling FIPS module"
+	DELETE ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME);*
+{- output_on() if $disabled{fips}; "" -}
 
 install_ssldirs : check_INSTALLTOP
         - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
@@ -754,6 +772,17 @@ reconfigure reconf :
   use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
   use File::Spec::Unix;
 
+  # Helper function to convert dependencies in platform agnostic form to
+  # dependencies in platform form.
+  sub compute_platform_depends {
+      map { my $x = $_;
+
+            grep { $x eq $_ } @{$unified_info{programs}} and platform->bin($x)
+            or grep { $x eq $_ } @{$unified_info{modules}} and platform->dso($x)
+            or grep { $x eq $_ } @{$unified_info{libraries}} and platform->lib($x)
+            or platform->convertext($x); } @_;
+  }
+
   # Helper function to figure out dependencies on libraries
   # It takes a list of library names and outputs a list of dependencies
   sub compute_lib_depends {
@@ -844,7 +873,7 @@ EOF
 
   sub generatetarget {
       my %args = @_;
-      my $deps = join(" ", @{$args{deps}});
+      my $deps = join(" ", compute_platform_depends(@{$args{deps}}));
       return <<"EOF";
 $args{target} : $deps
 EOF
@@ -856,7 +885,9 @@ EOF
       my $gen_args = join('', map { " $_" }
                               @{$args{generator}}[1..$#{$args{generator}}]);
       my $gen_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}});
-      my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}});
+      my $deps = join(", -\n\t\t",
+                      compute_platform_depends(@{$args{generator_deps}},
+                                               @{$args{deps}}));
 
       if ($args{src} =~ /\.html$/) {
           #
@@ -949,38 +980,22 @@ EOF
           my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
                                                "util", "dofile.pl")),
                                rel2abs($config{builddir}));
-          my @modules = ( 'configdata.pm',
-                          grep { $_ =~ m|\.pm$| } @{$args{deps}} );
-          my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules;
-          $deps = join(' ', $deps, @modules);
-          @modules = map { '"-M'.basename($_, '.pm').'"' } @modules;
-          my $modules = join(' ', '', sort keys %moduleincs, @modules);
+          my @perlmodules = ( 'configdata.pm',
+                              grep { $_ =~ m|\.pm$| } @{$args{deps}} );
+          my %perlmoduleincs = map { '"-I'.dirname($_).'"' => 1 } @perlmodules;
+          $deps = join(' ', $deps, compute_platform_depends(@perlmodules));
+          @perlmodules = map { '"-M'.basename($_, '.pm').'"' } @perlmodules;
+          my $perlmodules = join(' ', '', sort keys %perlmoduleincs, @perlmodules);
           return <<"EOF";
 $args{src} : $gen0 $deps
-	\$(PERL)$modules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@
+	\$(PERL)$perlmodules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@
 EOF
       } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) {
           #
           # Generic generator using OpenSSL programs
           #
 
-          # Redo $deps, because programs aren't expected to have deps of their
-          # own.  This is a little more tricky, though, because running programs
-          # may have dependencies on all sorts of files, so we search through
-          # our database of programs and modules to see if our dependencies
-          # are one of those.
-          $deps = join(' ', map { my $x = $_;
-                                  if (grep { $x eq $_ }
-                                          @{$unified_info{programs}}) {
-                                      platform->bin($x);
-                                  } elsif (grep { $x eq $_ }
-                                          @{$unified_info{modules}}) {
-                                      platform->dso($x);
-                                  } else {
-                                      $x;
-                                  }
-                                } @{$args{deps}});
-          # Also redo $gen0, to ensure that we have the proper extension
+          # Redo $gen0, to ensure that we have the proper extension
           $gen0 = platform->bin($gen0);
           return <<"EOF";
 $args{src} : $gen0 $deps
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 5a5d44ce15..78db83a377 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -90,14 +90,21 @@ SHLIB_INFO={- join(" \\\n" . ' ' x 11,
 MODULES={- join(" \\\n" . ' ' x 8,
                 fill_lines(" ", $COLUMNS - 8,
                            map { platform->dso($_) }
+                           # Drop all modules that are dependencies, they will
+                           # be processed through their dependents
+                           grep { my $x = $_;
+                                  !grep { grep { $_ eq $x } @$_ }
+                                        values %{$unified_info{depends}} }
                            @{$unified_info{modules}})) -}
-FIPSMODULENAME={- # We do some extra checking here, as there should be only one
-                  use File::Basename;
-                  my @fipsmodules =
-                      grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                             && $unified_info{attributes}->{modules}->{$_}->{fips} }
-                      @{$unified_info{modules}};
-                  die "More that one FIPS module" if scalar @fipsmodules > 1;
+FIPSMODULE={- # We do some extra checking here, as there should be only one
+              use File::Basename;
+              our @fipsmodules =
+                  grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+                         && $unified_info{attributes}->{modules}->{$_}->{fips} }
+                  @{$unified_info{modules}};
+              die "More that one FIPS module" if scalar @fipsmodules > 1;
+              join(" ", map { platform->dso($_) } @fipsmodules) -}
+FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1;
                   join(" ", map { basename(platform->dso($_)) } @fipsmodules) -}
 
 PROGRAMS={- join(" \\\n" . ' ' x 9,
@@ -166,23 +173,24 @@ INSTALL_ENGINES={-
                                && $unified_info{attributes}->{modules}->{$_}->{engine} }
                         @{$unified_info{modules}}))
 -}
-INSTALL_FIPS={-
+INSTALL_MODULES={-
         join(" \\\n" . ' ' x 16,
              fill_lines(" ", $COLUMNS - 16,
                         map { platform->dso($_) }
                         grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                               && $unified_info{attributes}->{modules}->{$_}->{fips} }
+                               && !$unified_info{attributes}->{modules}->{$_}->{engine}
+                               && !$unified_info{attributes}->{modules}->{$_}->{fips} }
                         @{$unified_info{modules}}))
 -}
-INSTALL_MODULES={-
+INSTALL_FIPSMODULE={-
         join(" \\\n" . ' ' x 16,
              fill_lines(" ", $COLUMNS - 16,
                         map { platform->dso($_) }
                         grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                               && !$unified_info{attributes}->{modules}->{$_}->{engine}
-                               && !$unified_info{attributes}->{modules}->{$_}->{fips} }
+                               && $unified_info{attributes}->{modules}->{$_}->{fips} }
                         @{$unified_info{modules}}))
 -}
+INSTALL_FIPSMODULECONF=providers/fipsmodule.cnf
 INSTALL_PROGRAMS={-
         join(" \\\n" . ' ' x 16,
              fill_lines(" ", $COLUMNS - 16, map { platform->bin($_) }
@@ -614,18 +622,18 @@ uninstall_docs: uninstall_man_docs uninstall_html_docs
 	$(RM) -r $(DESTDIR)$(DOCDIR)
 
 {- output_off() if $disabled{fips}; "" -}
-install_fips: build_sw providers/fipsmodule.cnf
+install_fips: build_sw $(INSTALL_FIPSMODULECONF)
 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)
 	@$(ECHO) "*** Installing FIPS module"
-	@$(ECHO) "install $(INSTALL_FIPS) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
-	@cp "$(INSTALL_FIPS)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
+	@$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
+	@cp "$(INSTALL_FIPSMODULE)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
 	@chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
 	@mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \
 	       $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)
 	@$(ECHO) "*** Installing FIPS module configuration"
-	@$(ECHO) "install providers/fipsmodule.cnf -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
-	@cp providers/fipsmodule.cnf $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
+	@$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
+	@cp $(INSTALL_FIPSMODULECONF) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
 
 uninstall_fips:
 	@$(ECHO) "*** Uninstalling FIPS module configuration"
@@ -1450,6 +1458,17 @@ reconfigure reconf:
   use File::Basename;
   use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
 
+  # Helper function to convert dependencies in platform agnostic form to
+  # dependencies in platform form.
+  sub compute_platform_depends {
+      map { my $x = $_;
+
+            grep { $x eq $_ } @{$unified_info{programs}} and platform->bin($x)
+            or grep { $x eq $_ } @{$unified_info{modules}} and platform->dso($x)
+            or grep { $x eq $_ } @{$unified_info{libraries}} and platform->lib($x)
+            or platform->convertext($x); } @_;
+  }
+
   # Helper function to figure out dependencies on libraries
   # It takes a list of library names and outputs a list of dependencies
   sub compute_lib_depends {
@@ -1464,7 +1483,7 @@ reconfigure reconf:
 
   sub generatetarget {
       my %args = @_;
-      my $deps = join(" ", @{$args{deps}});
+      my $deps = join(" ", compute_platform_depends(@{$args{deps}}));
       return <<"EOF";
 $args{target}: $deps
 EOF
@@ -1478,7 +1497,8 @@ EOF
       my $gen_incs = join("", map { " -I".$_ } @{$args{generator_incs}});
       my $incs = join("", map { " -I".$_ } @{$args{incs}});
       my $defs = join("", map { " -D".$_ } @{$args{defs}});
-      my $deps = join(" ", @{$args{generator_deps}}, @{$args{deps}});
+      my $deps = join(" ", compute_platform_depends(@{$args{generator_deps}},
+                                                    @{$args{deps}}));
 
       if ($args{src} =~ /\.html$/) {
           #
@@ -1555,38 +1575,22 @@ EOF
           my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
                                                "util", "dofile.pl")),
                                rel2abs($config{builddir}));
-          my @modules = ( 'configdata.pm',
-                          grep { $_ =~ m|\.pm$| } @{$args{deps}} );
-          my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules;
-          $deps = join(' ', $deps, @modules);
-          @modules = map { "-M".basename($_, '.pm') } @modules;
-          my $modules = join(' ', '', sort keys %moduleincs, @modules);
+          my @perlmodules = ( 'configdata.pm',
+                              grep { $_ =~ m|\.pm$| } @{$args{deps}} );
+          my %perlmoduleincs = map { '"-I'.dirname($_).'"' => 1 } @perlmodules;
+          $deps = join(' ', $deps, compute_platform_depends(@perlmodules));
+          @perlmodules = map { "-M".basename($_, '.pm') } @perlmodules;
+          my $perlmodules = join(' ', '', sort keys %perlmoduleincs, @perlmodules);
           return <<"EOF";
 $args{src}: $gen0 $deps
-	\$(PERL)$modules "$dofile" "-o$target{build_file}" $gen0$gen_args > \$@
+	\$(PERL)$perlmodules "$dofile" "-o$target{build_file}" $gen0$gen_args > \$@
 EOF
       } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) {
           #
           # Generic generator using OpenSSL programs
           #
 
-          # Redo $deps, because programs aren't expected to have deps of their
-          # own.  This is a little more tricky, though, because running programs
-          # may have dependencies on all sorts of files, so we search through
-          # our database of programs and modules to see if our dependencies
-          # are one of those.
-          $deps = join(' ', map { my $x = $_;
-                                  if (grep { $x eq $_ }
-                                          @{$unified_info{programs}}) {
-                                      platform->bin($x);
-                                  } elsif (grep { $x eq $_ }
-                                          @{$unified_info{modules}}) {
-                                      platform->dso($x);
-                                  } else {
-                                      $x;
-                                  }
-                                } @{$args{deps}});
-          # Also redo $gen0, to ensure that we have the proper extension where
+          # Redo $gen0, to ensure that we have the proper extension where
           # necessary.
           $gen0 = platform->bin($gen0);
           # Use $(PERL) to execute wrap.pl directly to avoid calling env
@@ -1933,11 +1937,8 @@ EOF
   sub generatedir {
       my %args = @_;
       my $dir = $args{dir};
-      my @deps = map { platform->convertext($_) } @{$args{deps}};
+      my @deps = compute_platform_depends(@{$args{deps}});
       my @comments = ();
-      my %extinfo = ( dso => platform->dsoext(),
-                      lib => platform->libext(),
-                      bin => platform->binext() );
 
       # We already have a 'test' target, and the top directory is just plain
       # silly
@@ -1952,7 +1953,7 @@ EOF
           if ($type ne "lib") {
               foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
                   if (dirname($prod) eq $dir) {
-                      push @deps, $prod.$extinfo{$type};
+                      push @deps, compute_platform_depends($prod);
                   } else {
                       push @comments, "# No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
                   }
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index b36592d383..af8a81c8b2 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -49,17 +49,25 @@ SHLIB_VERSION_NUMBER={- $config{shlib_version} -}
 LIBS={- join(" ", map { ( platform->sharedlib_import($_), platform->staticlib($_) ) } @{$unified_info{libraries}}) -}
 SHLIBS={- join(" ", map { platform->sharedlib($_) // () } @{$unified_info{libraries}}) -}
 SHLIBPDBS={- join(" ", map { platform->sharedlibpdb($_) // () } @{$unified_info{libraries}}) -}
-MODULES={- our @MODULES = map { platform->dso($_) } @{$unified_info{modules}};
+MODULES={- our @MODULES = map { platform->dso($_) }
+                          # Drop all modules that are dependencies, they will
+                          # be processed through their dependents
+                          grep { my $x = $_;
+                                 !grep { grep { $_ eq $x } @$_ }
+                                       values %{$unified_info{depends}} }
+                          @{$unified_info{modules}};
            join(" ", @MODULES) -}
 MODULEPDBS={- join(" ", map { platform->dsopdb($_) } @{$unified_info{modules}}) -}
-FIPSMODULENAME={- # We do some extra checking here, as there should be only one
-                  use File::Basename;
-                  my @fipsmodules =
-                      grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                             && $unified_info{attributes}->{modules}->{$_}->{fips} }
-                      @{$unified_info{modules}};
-                  die "More that one FIPS module" if scalar @fipsmodules > 1;
-                  join(" ", map { basename(platform->dso($_)) } @fipsmodules) -}
+FIPSMODULE={- # We do some extra checking here, as there should be only one
+              use File::Basename;
+              our @fipsmodules =
+                  grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+                         && $unified_info{attributes}->{modules}->{$_}->{fips} }
+                  @{$unified_info{modules}};
+              die "More that one FIPS module" if scalar @fipsmodules > 1;
+              join(" ", map { basename(platform->dso($_)) } @fipsmodules) -}
+FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1;
+                  join(", ", map { basename(platform->dso($_)) } @fipsmodules) -}
 PROGRAMS={- our @PROGRAMS = map { platform->bin($_) } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
 PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
 SCRIPTS={- our @SCRIPTS = @{$unified_info{scripts}}; join(" ", @SCRIPTS) -}
@@ -104,12 +112,6 @@ INSTALL_ENGINEPDBS={-
                          && $unified_info{attributes}->{modules}->{$_}->{engine} }
                   @{$unified_info{modules}})
 -}
-INSTALL_FIPS={-
-        join(" ", map { quotify1(platform->dso($_)) }
-                  grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
-                          && $unified_info{attributes}->{modules}->{$_}->{fips} }
-                  @{$unified_info{modules}})
--}
 INSTALL_MODULES={-
         join(" ", map { quotify1(platform->dso($_)) }
                   grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
@@ -123,6 +125,13 @@ INSTALL_MODULEPDBS={-
                          && !$unified_info{attributes}->{modules}->{$_}->{engine} }
                   @{$unified_info{modules}})
 -}
+INSTALL_FIPSMODULE={-
+        join(" ", map { quotify1(platform->dso($_)) }
+                  grep { !$unified_info{attributes}->{modules}->{$_}->{noinst}
+                          && $unified_info{attributes}->{modules}->{$_}->{fips} }
+                  @{$unified_info{modules}})
+-}
+INSTALL_FIPSMODULECONF=providers\fipsmodule.cnf
 INSTALL_PROGRAMS={-
         join(" ", map { quotify1(platform->bin($_)) }
                   grep { !$unified_info{attributes}->{programs}->{$_}->{noinst} }
@@ -491,13 +500,13 @@ install_fips: build_sw providers\fipsmodule.cnf
 #	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
 	@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR)
 	@$(ECHO) "*** Installing FIPS module"
-	@$(ECHO) "install $(INSTALL_FIPS) -> $(MODULESDIR)\$(FIPSMODULENAME)"
-	@copy "$(INSTALL_FIPS)" $(MODULESDIR)\$(FIPSMODULENAME).new
+	@$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)"
+	@copy "$(INSTALL_FIPSMODULE)" $(MODULESDIR)\$(FIPSMODULENAME).new
 	@move /Y $(MODULESDIR)\$(FIPSMODULENAME).new \
 	       $(MODULESDIR)\$(FIPSMODULENAME)
 	@$(ECHO) "*** Installing FIPS module configuration"
-	@$(ECHO) "install providers\fipsmodule.cnf -> $(OPENSSLDIR)\fipsmodule.cnf"
-    @copy providers\fipsmodule.cnf "$(OPENSSLDIR)\fipsmodule.cnf"
+	@$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(OPENSSLDIR)\fipsmodule.cnf"
+	@copy $(INSTALL_FIPSMODULECONF) "$(OPENSSLDIR)\fipsmodule.cnf"
 
 uninstall_fips:
 	@$(ECHO) "*** Uninstalling FIPS module configuration"
@@ -661,6 +670,17 @@ reconfigure reconf:
  use File::Basename;
  use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs file_name_is_absolute/;
 
+  # Helper function to convert dependencies in platform agnostic form to
+  # dependencies in platform form.
+  sub compute_platform_depends {
+      map { my $x = $_;
+
+            grep { $x eq $_ } @{$unified_info{programs}} and platform->bin($x)
+            or grep { $x eq $_ } @{$unified_info{modules}} and platform->dso($x)
+            or grep { $x eq $_ } @{$unified_info{libraries}} and platform->lib($x)
+            or platform->convertext($x); } @_;
+  }
+
  # Helper function to figure out dependencies on libraries
  # It takes a list of library names and outputs a list of dependencies
  sub compute_lib_depends {
@@ -672,7 +692,7 @@ reconfigure reconf:
 
   sub generatetarget {
       my %args = @_;
-      my $deps = join(" ", @{$args{deps}});
+      my $deps = join(" ", compute_platform_depends(@{$args{deps}}));
       return <<"EOF";
 $args{target}: $deps
 EOF
@@ -690,11 +710,10 @@ EOF
       my $gen_incs = join("", map { " -I\"$_\"" } @{$args{generator_incs}});
       my $incs = join("", map { " -I\"$_\"" } @{$args{incs}});
       my $defs = join("", map { " -D".$_ } @{$args{defs}});
-      my $deps = @{$args{deps}} ?
-          join(' ',
-               map { file_name_is_absolute($_) || ($_ =~ m|^../|) ? "\"$_\"" : $_ }
-               (@{$args{generator_deps}}, @{$args{deps}}))
-          : '';
+      my $deps = join(' ',
+                      map { file_name_is_absolute($_) || ($_ =~ m|^../|) ? "\"$_\"" : $_ }
+                      compute_platform_depends(@{$args{generator_deps}},
+                                               @{$args{deps}}));
 
       if ($args{src} =~ /\.html$/) {
           #
@@ -773,38 +792,22 @@ EOF
           my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
                                                "util", "dofile.pl")),
                                rel2abs($config{builddir}));
-          my @modules = ( 'configdata.pm',
-                          grep { $_ =~ m|\.pm$| } @{$args{deps}} );
-          my %moduleincs = map { '"-I'.dirname($_).'"' => 1 } @modules;
-          $deps = join(' ', $deps, @modules);
-          @modules = map { "-M".basename($_, '.pm') } @modules;
-          my $modules = join(' ', '', sort keys %moduleincs, @modules);
+          my @perlmodules = ( 'configdata.pm',
+                              grep { $_ =~ m|\.pm$| } @{$args{deps}} );
+          my %perlmoduleincs = map { '"-I'.dirname($_).'"' => 1 } @perlmodules;
+          $deps = join(' ', $deps, compute_platform_depends(@perlmodules));
+          @perlmodules = map { "-M".basename($_, '.pm') } @perlmodules;
+          my $perlmodules = join(' ', '', sort keys %perlmoduleincs, @perlmodules);
           return <<"EOF";
 $args{src}: "$gen0" $deps
-	"\$(PERL)"$modules "$dofile" "-o$target{build_file}" "$gen0"$gen_args > \$@
+	"\$(PERL)"$perlmodules "$dofile" "-o$target{build_file}" "$gen0"$gen_args > \$@
 EOF
       } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) {
           #
           # Generic generator using OpenSSL programs
           #
 
-          # Redo $deps, because programs aren't expected to have deps of their
-          # own.  This is a little more tricky, though, because running programs
-          # may have dependencies on all sorts of files, so we search through
-          # our database of programs and modules to see if our dependencies
-          # are one of those.
-          $deps = join(' ', map { my $x = $_;
-                                  if (grep { $x eq $_ }
-                                          @{$unified_info{programs}}) {
-                                      platform->bin($x);
-                                  } elsif (grep { $x eq $_ }
-                                          @{$unified_info{modules}}) {
-                                      platform->dso($x);
-                                  } else {
-                                      $x;
-                                  }
-                                } @{$args{deps}});
-          # Also redo $gen0, to ensure that we have the proper extension.
+          # Redo $gen0, to ensure that we have the proper extension.
           $gen0 = platform->bin($gen0);
           return <<"EOF";
 $args{src}: $gen0 $deps "\$(BLDDIR)\\util\\wrap.pl"
diff --git a/providers/build.info b/providers/build.info
index e9ec4cf646..3f55f3aa44 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -114,17 +114,10 @@ IF[{- !$disabled{fips} -}]
     GENERATE[fips.ld]=../util/providers.num
   ENDIF
 
-  # For tests that try to use the FIPS module, we need to make a local fips
-  # module installation.  We have the output go to standard output, because
-  # the generated commands in build templates are expected to catch that,
-  # and thereby keep control over the exact output file location.
-  IF[{- !$disabled{tests} -}]
-    DEPEND[|run_tests|]=fipsmodule.cnf
-    GENERATE[fipsmodule.cnf]=../apps/openssl fipsinstall \
-          -module providers/$(FIPSMODULENAME) -provider_name fips \
-          -mac_name HMAC -section_name fips_sect
-    DEPEND[fipsmodule.cnf]=$FIPSGOAL
-  ENDIF
+  DEPEND[|build_modules_nodep|]=fipsmodule.cnf
+  GENERATE[fipsmodule.cnf]=../util/mk-fipsmodule-cnf.pl \
+          -module $(FIPSMODULE) -section_name fips_sect -key $(FIPSKEY)
+  DEPEND[fipsmodule.cnf]=$FIPSGOAL
 ENDIF
 
 #
diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t
similarity index 66%
copy from test/recipes/01-test_fipsmodule_cnf.t
copy to test/recipes/00-prep_fipsmodule_cnf.t
index 16a89faa58..8d53e8a40f 100644
--- a/test/recipes/01-test_fipsmodule_cnf.t
+++ b/test/recipes/00-prep_fipsmodule_cnf.t
@@ -6,9 +6,6 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
-# This is a sanity checker to see that the fipsmodule.cnf that's been
-# generated for testing is valid.
-
 use strict;
 use warnings;
 
@@ -16,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file srctop_file data
 use OpenSSL::Test::Utils;
 
 BEGIN {
-    setup("test_fipsmodule");
+    setup("prep_fipsmodule");
 }
 
 use lib srctop_dir('Configurations');
@@ -24,14 +21,16 @@ use lib bldtop_dir('.');
 use platform;
 
 my $no_check = disabled("fips");
-plan skip_all => "Test only supported in a fips build"
+plan skip_all => "FIPS module config file only supported in a fips build"
     if $no_check;
-plan tests => 1;
 
 my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
-my $fipsmoduleconf = bldtop_file('providers', 'fipsmodule.cnf');
+my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
+
+plan tests => 1;
 
-# verify the $fipsconf file
+# Create the $fipsmoduleconf file
 ok(run(app(['openssl', 'fipsinstall',
-            '-in',  $fipsmoduleconf, '-module', $fipsmodule, '-verify'])),
-   "fipsinstall verify");
+            '-module', $fipsmodule, '-provider_name', 'fips',
+            '-section_name', 'fips_sect', '-out', $fipsmoduleconf])),
+   "fips install");
diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t
index 16a89faa58..ce594817d5 100644
--- a/test/recipes/01-test_fipsmodule_cnf.t
+++ b/test/recipes/01-test_fipsmodule_cnf.t
@@ -29,7 +29,7 @@ plan skip_all => "Test only supported in a fips build"
 plan tests => 1;
 
 my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
-my $fipsmoduleconf = bldtop_file('providers', 'fipsmodule.cnf');
+my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
 
 # verify the $fipsconf file
 ok(run(app(['openssl', 'fipsinstall',
diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t
index 651fa805d5..d373fcbd16 100644
--- a/test/recipes/90-test_threads.t
+++ b/test/recipes/90-test_threads.t
@@ -38,7 +38,7 @@ if ($no_fips) {
 # status is required.
 
 open CFGBASE, '<', $config_path;
-open CFGINC, '<', bldtop_file('/providers/fipsmodule.cnf');
+open CFGINC, '<', bldtop_file('/test/fipsmodule.cnf');
 open CFGOUT, '>', 'thread.cnf';
 
 while (<CFGBASE>) {
diff --git a/test/run_tests.pl b/test/run_tests.pl
index 3d72a218bf..9f34ab9e7e 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -34,7 +34,7 @@ my $libdir = rel2abs(catdir($srctop, "util", "perl"));
 my $jobs = $ENV{HARNESS_JOBS} // 1;
 
 $ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf"));
-$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers"));
+$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test"));
 $ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers"));
 $ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines"));
 $ENV{CTLOG_FILE} = rel2abs(catdir($srctop, "test", "ct", "log_list.cnf"));
@@ -134,10 +134,15 @@ foreach my $arg (@ARGV ? @ARGV : ('alltests')) {
 sub find_matching_tests {
     my ($glob) = @_;
 
+    # prep recipes are mandatory
+    my @recipes = glob(catfile($recipesdir,"00-prep_*.t"));
+
     if ($glob =~ m|^[\d\[\]\?\-]+$|) {
-        return glob(catfile($recipesdir,"$glob-*.t"));
+        push @recipes, glob(catfile($recipesdir,"$glob-*.t"));
+    } else {
+        push @recipes, glob(catfile($recipesdir,"*-$glob.t"));
     }
-    return glob(catfile($recipesdir,"*-$glob.t"));
+    return @recipes;
 }
 
 # The following is quite a bit of hackery to adapt to both TAP::Harness
diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl
new file mode 100644
index 0000000000..6a86e06b8b
--- /dev/null
+++ b/util/mk-fipsmodule-cnf.pl
@@ -0,0 +1,44 @@
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use Getopt::Long;
+
+my $activate = 1;
+my $conditional_errors = 1;
+my $security_checks = 1;
+my $mac_key;
+my $module_name;
+my $section_name = "fips_sect";
+
+GetOptions("key=s"              => \$mac_key,
+           "module=s"           => \$module_name,
+           "section_name=s"     => \$section_name)
+    or die "Error when getting command line arguments";
+
+my $mac_keylen = length($mac_key);
+
+use Digest::SHA qw(hmac_sha256_hex);
+my $module_size = [ stat($module_name) ]->[7];
+
+open my $fh, "<:raw", $module_name or die "Trying to open $module_name: $!";
+read $fh, my $data, $module_size or die "Trying to read $module_name: $!";
+close $fh;
+
+# Calculate HMAC-SHA256 in hex, and split it into a list of two character
+# chunks, and join the chunks with colons.
+my @module_mac
+    = ( uc(hmac_sha256_hex($data, pack("H$mac_keylen", $mac_key))) =~ m/../g );
+my $module_mac = join(':', @module_mac);
+
+print <<_____;
+[$section_name]
+activate = $activate
+conditional-errors = $conditional_errors
+security-checks = $security_checks
+module-mac = $module_mac
+_____

From levitte at openssl.org  Wed May 26 13:16:01 2021
From: levitte at openssl.org (Richard Levitte)
Date: Wed, 26 May 2021 13:16:01 +0000
Subject: [openssl]  master update
Message-ID: <1622034961.509354.10412.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0e7e3b9b9d2d0a49097b4e224098036d3e6b8087 (commit)
      from  7c499c7da93561fd620338cc4f8691c1dbc9ee36 (commit)


- Log -----------------------------------------------------------------
commit 0e7e3b9b9d2d0a49097b4e224098036d3e6b8087
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue May 25 10:29:24 2021 +0200

    util/fix-doc-nits: Fix link detection in collectnames() to be kinder
    
    The way the links were parsed out of the contents caused a regexp
    recursion.  The easiest way to deal with it is to find all markup
    using $markup_re, and then parsing out the L markups and add them to
    the links array.
    
    Fixes #15449
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15450)

-----------------------------------------------------------------------

Summary of changes:
 util/find-doc-nits | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/util/find-doc-nits b/util/find-doc-nits
index c62307a9ce..7498ac6865 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -1000,16 +1000,27 @@ sub collectnames {
         }
     }
 
-    my @links =
-        $podinfo{contents} =~ /L<
-                              # if the link is of the form L<something|name(s)>,
-                              # then remove 'something'.  Note that 'something'
-                              # may contain POD codes as well...
-                              (?:(?:[^\|]|<[^>]*>)*\|)?
-                              # we're only interested in references that have
-                              # a one digit section number
-                              ([^\/>\(]+\(\d\))
-                             /gx;
+    my @links = ();
+    # Don't use this regexp directly on $podinfo{contents}, as it causes
+    # a regexp recursion, which fails on really big PODs.  Instead, use
+    # $markup_re to pick up general markup, and use this regexp to check
+    # that the markup that was found is indeed a link.
+    my $linkre = qr/L<
+                    # if the link is of the form L<something|name(s)>,
+                    # then remove 'something'.  Note that 'something'
+                    # may contain POD codes as well...
+                    (?:(?:[^\|]|<[^>]*>)*\|)?
+                    # we're only interested in references that have
+                    # a one digit section number
+                    ([^\/>\(]+\(\d\))
+                   /x;
+    while ( $podinfo{contents} =~ /$markup_re/msg ) {
+        my $x = $1;
+
+        if ($x =~ $linkre) {
+            push @links, $1;
+        }
+    }
     $link_map{$filename} = [ @links ];
 }
 

From no-reply at appveyor.com  Wed May 26 13:59:31 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 26 May 2021 13:59:31 +0000
Subject: Build failed: openssl master.42159
Message-ID: <20210526135931.1.5B26E4E6774E9C60@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210526/4aaa849b/attachment.html>

From tomas at openssl.org  Wed May 26 14:58:04 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 26 May 2021 14:58:04 +0000
Subject: [openssl]  master update
Message-ID: <1622041084.347995.21191.nullmailer@dev.openssl.org>

The branch master has been updated
       via  022411112dd19420f0df51818322a216d914a0fb (commit)
      from  0e7e3b9b9d2d0a49097b4e224098036d3e6b8087 (commit)


- Log -----------------------------------------------------------------
commit 022411112dd19420f0df51818322a216d914a0fb
Author: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
Date:   Tue May 25 16:52:20 2021 +0800

    apps: Fix the mismatch of SM2 keys keymgmt
    
    The SM2 key has a separate keymgmt, which is independent of the
    EC. The key generated by the subcommand ecparam is wrong. Using
    'openssl ec -in sm2.key -noout -text' will also encounter some
    errors.
    
    When using the ecparam subcommand to generate the SM2 key, use
    the correct keymgmt to solve this problem.
    
    Signed-off-by: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15454)

-----------------------------------------------------------------------

Summary of changes:
 apps/ecparam.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apps/ecparam.c b/apps/ecparam.c
index c3dbd75365..12eed703de 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -228,7 +228,11 @@ int ecparam_main(int argc, char **argv)
                        OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
                        point_format, 0);
         *p = OSSL_PARAM_construct_end();
-        gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);
+
+        if (strcasecmp(curve_name, "SM2") == 0)
+            gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL);
+        else
+            gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);
         if (gctx_params == NULL
             || EVP_PKEY_keygen_init(gctx_params) <= 0
             || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0

From tomas at openssl.org  Wed May 26 15:18:44 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Wed, 26 May 2021 15:18:44 +0000
Subject: [openssl]  master update
Message-ID: <1622042324.917439.32048.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0800318a0c1f80ed838838951b0478cb977d40a6 (commit)
      from  022411112dd19420f0df51818322a216d914a0fb (commit)


- Log -----------------------------------------------------------------
commit 0800318a0c1f80ed838838951b0478cb977d40a6
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon May 24 18:15:57 2021 +0200

    Deprecate old style BIO callback calls
    
    New style BIO_debug_callback_ex() function added to provide
    replacement for BIO_debug_callback().
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15440)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                    |   5 ++
 apps/dgst.c                   |   2 +-
 apps/enc.c                    |  10 +--
 apps/include/s_apps.h         |   4 +-
 apps/lib/s_cb.c               |  27 ++++---
 apps/s_client.c               |   2 +-
 apps/s_server.c               |   6 +-
 crypto/bio/bio_cb.c           |  70 +++++++++-------
 crypto/bio/bio_lib.c          |  44 ++++++----
 crypto/bio/bio_local.h        |   2 +
 crypto/bio/bss_acpt.c         |   6 +-
 crypto/evp/bio_enc.c          |  31 +++++--
 doc/man3/BIO_set_callback.pod |  32 ++++++--
 doc/man7/migration_guide.pod  |   6 ++
 include/openssl/bio.h.in      |  16 ++--
 test/bio_callback_test.c      | 182 ++++++++++++++++++++++++++++++++++++++++++
 util/libcrypto.num            |   7 +-
 17 files changed, 365 insertions(+), 87 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 82c027bc73..65f3c88ece 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -189,6 +189,11 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *Jon Spillett*
 
+ * Deprecated obsolete BIO_set_callback(), BIO_get_callback(), and
+   BIO_debug_callback() functions.
+
+   *Tom?? Mr?z*
+
  * Deprecated obsolete EVP_PKEY_CTX_get0_dh_kdf_ukm() and
    EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions.
 
diff --git a/apps/dgst.c b/apps/dgst.c
index 0fa668511a..e39d645cb8 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -248,7 +248,7 @@ int dgst_main(int argc, char **argv)
         goto end;
 
     if (debug) {
-        BIO_set_callback(in, BIO_debug_callback);
+        BIO_set_callback_ex(in, BIO_debug_callback_ex);
         /* needed for windows 3.1 */
         BIO_set_callback_arg(in, (char *)bio_err);
     }
diff --git a/apps/enc.c b/apps/enc.c
index 32ed08d943..cda0022ebb 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -389,8 +389,8 @@ int enc_main(int argc, char **argv)
         goto end;
 
     if (debug) {
-        BIO_set_callback(in, BIO_debug_callback);
-        BIO_set_callback(out, BIO_debug_callback);
+        BIO_set_callback_ex(in, BIO_debug_callback_ex);
+        BIO_set_callback_ex(out, BIO_debug_callback_ex);
         BIO_set_callback_arg(in, (char *)bio_err);
         BIO_set_callback_arg(out, (char *)bio_err);
     }
@@ -403,7 +403,7 @@ int enc_main(int argc, char **argv)
         if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
             goto end;
         if (debug) {
-            BIO_set_callback(bzl, BIO_debug_callback);
+            BIO_set_callback_ex(bzl, BIO_debug_callback_ex);
             BIO_set_callback_arg(bzl, (char *)bio_err);
         }
         if (enc)
@@ -417,7 +417,7 @@ int enc_main(int argc, char **argv)
         if ((b64 = BIO_new(BIO_f_base64())) == NULL)
             goto end;
         if (debug) {
-            BIO_set_callback(b64, BIO_debug_callback);
+            BIO_set_callback_ex(b64, BIO_debug_callback_ex);
             BIO_set_callback_arg(b64, (char *)bio_err);
         }
         if (olb64)
@@ -579,7 +579,7 @@ int enc_main(int argc, char **argv)
         }
 
         if (debug) {
-            BIO_set_callback(benc, BIO_debug_callback);
+            BIO_set_callback_ex(benc, BIO_debug_callback_ex);
             BIO_set_callback_arg(benc, (char *)bio_err);
         }
 
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index a5e9762aed..18dbd50d31 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -36,8 +36,8 @@ int init_client(int *sock, const char *host, const char *port,
 int should_retry(int i);
 void do_ssl_shutdown(SSL *ssl);
 
-long bio_dump_callback(BIO *bio, int cmd, const char *argp,
-                       int argi, long argl, long ret);
+long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
+                       int argi, long argl, int ret, size_t *processed);
 
 void apps_ssl_info_callback(const SSL *s, int where, int ret);
 void msg_cb(int write_p, int version, int content_type, const void *buf,
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index e3d9ec1916..ba883996ba 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -415,8 +415,8 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
     return 1;
 }
 
-long bio_dump_callback(BIO *bio, int cmd, const char *argp,
-                       int argi, long argl, long ret)
+long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
+                       int argi, long argl, int ret, size_t *processed)
 {
     BIO *out;
 
@@ -425,14 +425,23 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp,
         return ret;
 
     if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
-        BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
-                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
-        BIO_dump(out, argp, (int)ret);
-        return ret;
+        if (ret > 0 && processed != NULL) {
+            BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n",
+                       (void *)bio, (void *)argp, len, *processed, *processed);
+            BIO_dump(out, argp, (int)*processed);
+        } else {
+            BIO_printf(out, "read from %p [%p] (%zu bytes => %d)\n",
+                       (void *)bio, (void *)argp, len, ret);
+        }
     } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
-        BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
-                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
-        BIO_dump(out, argp, (int)ret);
+        if (ret > 0 && processed != NULL) {
+            BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n",
+                       (void *)bio, (void *)argp, len, *processed, *processed);
+            BIO_dump(out, argp, (int)*processed);
+        } else {
+            BIO_printf(out, "write to %p [%p] (%zu bytes => %d)\n",
+                       (void *)bio, (void *)argp, len, ret);
+        }
     }
     return ret;
 }
diff --git a/apps/s_client.c b/apps/s_client.c
index 1754d3e1a4..85789eed23 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2076,7 +2076,7 @@ int s_client_main(int argc, char **argv)
     }
 
     if (c_debug) {
-        BIO_set_callback(sbio, bio_dump_callback);
+        BIO_set_callback_ex(sbio, bio_dump_callback);
         BIO_set_callback_arg(sbio, (char *)bio_c_out);
     }
     if (c_msg) {
diff --git a/apps/s_server.c b/apps/s_server.c
index 0ff436be1e..644fe1a905 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2392,7 +2392,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
     /* SSL_set_fd(con,s); */
 
     if (s_debug) {
-        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_ex(SSL_get_rbio(con), bio_dump_callback);
         BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
     }
     if (s_msg) {
@@ -3025,7 +3025,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
 #endif
 
     if (s_debug) {
-        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_ex(SSL_get_rbio(con), bio_dump_callback);
         BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
     }
     if (s_msg) {
@@ -3429,7 +3429,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
 #endif
 
     if (s_debug) {
-        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_ex(SSL_get_rbio(con), bio_dump_callback);
         BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
     }
     if (s_msg) {
diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index 154fb5c9f0..dfe15c5f24 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
@@ -14,25 +16,25 @@
 #include "internal/cryptlib.h"
 #include <openssl/err.h>
 
-long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
-                        int argi, long argl, long ret)
+long BIO_debug_callback_ex(BIO *bio, int cmd, const char *argp, size_t len,
+                           int argi, long argl, int ret, size_t *processed)
 {
     BIO *b;
     char buf[256];
     char *p;
-    long r = 1;
-    int len, left;
+    int left;
+    size_t l = 0;
 
-    if (BIO_CB_RETURN & cmd)
-        r = ret;
+    if (processed != NULL)
+        l = *processed;
 
-    len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
+    left = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
 
     /* Ignore errors and continue printing the other information. */
-    if (len < 0)
-        len = 0;
-    p = buf + len;
-    left = sizeof(buf) - len;
+    if (left < 0)
+        left = 0;
+    p = buf + left;
+    left = sizeof(buf) - left;
 
     switch (cmd) {
     case BIO_CB_FREE:
@@ -40,47 +42,47 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
         break;
     case BIO_CB_READ:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            BIO_snprintf(p, left, "read(%d,%lu) - %s fd=%d\n",
-                         bio->num, (unsigned long)argi,
+            BIO_snprintf(p, left, "read(%d,%zu) - %s fd=%d\n",
+                         bio->num, len,
                          bio->method->name, bio->num);
         else
-            BIO_snprintf(p, left, "read(%d,%lu) - %s\n",
-                    bio->num, (unsigned long)argi, bio->method->name);
+            BIO_snprintf(p, left, "read(%d,%zu) - %s\n",
+                    bio->num, len, bio->method->name);
         break;
     case BIO_CB_WRITE:
         if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-            BIO_snprintf(p, left, "write(%d,%lu) - %s fd=%d\n",
-                         bio->num, (unsigned long)argi,
+            BIO_snprintf(p, left, "write(%d,%zu) - %s fd=%d\n",
+                         bio->num, len,
                          bio->method->name, bio->num);
         else
-            BIO_snprintf(p, left, "write(%d,%lu) - %s\n",
-                         bio->num, (unsigned long)argi, bio->method->name);
+            BIO_snprintf(p, left, "write(%d,%zu) - %s\n",
+                         bio->num, len, bio->method->name);
         break;
     case BIO_CB_PUTS:
         BIO_snprintf(p, left, "puts() - %s\n", bio->method->name);
         break;
     case BIO_CB_GETS:
-        BIO_snprintf(p, left, "gets(%lu) - %s\n", (unsigned long)argi,
+        BIO_snprintf(p, left, "gets(%zu) - %s\n", len,
                      bio->method->name);
         break;
     case BIO_CB_CTRL:
-        BIO_snprintf(p, left, "ctrl(%lu) - %s\n", (unsigned long)argi,
+        BIO_snprintf(p, left, "ctrl(%d) - %s\n", argi,
                      bio->method->name);
         break;
     case BIO_CB_RETURN | BIO_CB_READ:
-        BIO_snprintf(p, left, "read return %ld\n", ret);
+        BIO_snprintf(p, left, "read return %d processed: %zu\n", ret, l);
         break;
     case BIO_CB_RETURN | BIO_CB_WRITE:
-        BIO_snprintf(p, left, "write return %ld\n", ret);
+        BIO_snprintf(p, left, "write return %d processed: %zu\n", ret, l);
         break;
     case BIO_CB_RETURN | BIO_CB_GETS:
-        BIO_snprintf(p, left, "gets return %ld\n", ret);
+        BIO_snprintf(p, left, "gets return %d processed: %zu\n", ret, l);
         break;
     case BIO_CB_RETURN | BIO_CB_PUTS:
-        BIO_snprintf(p, left, "puts return %ld\n", ret);
+        BIO_snprintf(p, left, "puts return %d processed: %zu\n", ret, l);
         break;
     case BIO_CB_RETURN | BIO_CB_CTRL:
-        BIO_snprintf(p, left, "ctrl return %ld\n", ret);
+        BIO_snprintf(p, left, "ctrl return %d\n", ret);
         break;
     default:
         BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd);
@@ -94,5 +96,19 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
     else
         fputs(buf, stderr);
 #endif
-    return r;
+    return ret;
+}
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+                        int argi, long argl, long ret)
+{
+    size_t processed = 0;
+
+    if (ret > 0)
+        processed = (size_t)ret;
+    BIO_debug_callback_ex(bio, cmd, argp, (size_t)argi,
+                          argi, argl, ret > 0 ? 1 : (int)ret, &processed);
+    return ret;
 }
+#endif
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 9f25376e95..91db2290c4 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 #include <stdio.h>
 #include <errno.h>
 #include <openssl/crypto.h>
@@ -19,6 +21,11 @@
 #define HAS_LEN_OPER(o) ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE \
                          || (o) == BIO_CB_GETS)
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# define HAS_CALLBACK(b) ((b)->callback != NULL || (b)->callback_ex != NULL)
+#else
+# define HAS_CALLBACK(b) ((b)->callback_ex != NULL)
+#endif
 /*
  * Helper function to work out whether to call the new style callback or the old
  * one, and translate between the two.
@@ -30,12 +37,15 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
                               int argi, long argl, long inret,
                               size_t *processed)
 {
-    long ret;
+    long ret = inret;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     int bareoper;
 
     if (b->callback_ex != NULL)
+#endif
         return b->callback_ex(b, oper, argp, len, argi, argl, inret, processed);
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     /* Strip off any BIO_CB_RETURN flag */
     bareoper = oper & ~BIO_CB_RETURN;
 
@@ -63,7 +73,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
         *processed = (size_t)ret;
         ret = 1;
     }
-
+#endif
     return ret;
 }
 
@@ -127,7 +137,7 @@ int BIO_free(BIO *a)
         return 1;
     REF_ASSERT_ISNT(ret < 0);
 
-    if (a->callback != NULL || a->callback_ex != NULL) {
+    if (HAS_CALLBACK(a)) {
         ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
         if (ret <= 0)
             return ret;
@@ -207,6 +217,7 @@ void BIO_set_flags(BIO *b, int flags)
     b->flags |= flags;
 }
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 BIO_callback_fn BIO_get_callback(const BIO *b)
 {
     return b->callback;
@@ -216,6 +227,7 @@ void BIO_set_callback(BIO *b, BIO_callback_fn cb)
 {
     b->callback = cb;
 }
+#endif
 
 BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b)
 {
@@ -266,7 +278,7 @@ static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes)
         return -2;
     }
 
-    if ((b->callback != NULL || b->callback_ex != NULL) &&
+    if (HAS_CALLBACK(b) &&
         ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L,
                                        NULL)) <= 0))
         return ret;
@@ -281,7 +293,7 @@ static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes)
     if (ret > 0)
         b->num_read += (uint64_t)*readbytes;
 
-    if (b->callback != NULL || b->callback_ex != NULL)
+    if (HAS_CALLBACK(b))
         ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data,
                                      dlen, 0, 0L, ret, readbytes);
 
@@ -331,7 +343,7 @@ static int bio_write_intern(BIO *b, const void *data, size_t dlen,
         return -2;
     }
 
-    if ((b->callback != NULL || b->callback_ex != NULL) &&
+    if (HAS_CALLBACK(b) &&
         ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L,
                                        NULL)) <= 0))
         return ret;
@@ -346,7 +358,7 @@ static int bio_write_intern(BIO *b, const void *data, size_t dlen,
     if (ret > 0)
         b->num_write += (uint64_t)*written;
 
-    if (b->callback != NULL || b->callback_ex != NULL)
+    if (HAS_CALLBACK(b))
         ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data,
                                      dlen, 0, 0L, ret, written);
 
@@ -390,7 +402,7 @@ int BIO_puts(BIO *b, const char *buf)
         return -2;
     }
 
-    if (b->callback != NULL || b->callback_ex != NULL) {
+    if (HAS_CALLBACK(b)) {
         ret = (int)bio_call_callback(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
         if (ret <= 0)
             return ret;
@@ -409,7 +421,7 @@ int BIO_puts(BIO *b, const char *buf)
         ret = 1;
     }
 
-    if (b->callback != NULL || b->callback_ex != NULL)
+    if (HAS_CALLBACK(b))
         ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0,
                                      0L, ret, &written);
 
@@ -444,7 +456,7 @@ int BIO_gets(BIO *b, char *buf, int size)
         return -1;
     }
 
-    if (b->callback != NULL || b->callback_ex != NULL) {
+    if (HAS_CALLBACK(b)) {
         ret = (int)bio_call_callback(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL);
         if (ret <= 0)
             return ret;
@@ -462,7 +474,7 @@ int BIO_gets(BIO *b, char *buf, int size)
         ret = 1;
     }
 
-    if (b->callback != NULL || b->callback_ex != NULL)
+    if (HAS_CALLBACK(b))
         ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size,
                                      0, 0L, ret, &readbytes);
 
@@ -551,7 +563,7 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
         return -2;
     }
 
-    if (b->callback != NULL || b->callback_ex != NULL) {
+    if (HAS_CALLBACK(b)) {
         ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL);
         if (ret <= 0)
             return ret;
@@ -559,7 +571,7 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 
     ret = b->method->ctrl(b, cmd, larg, parg);
 
-    if (b->callback != NULL || b->callback_ex != NULL)
+    if (HAS_CALLBACK(b))
         ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd,
                                 larg, ret, NULL);
 
@@ -580,7 +592,7 @@ long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
         return -2;
     }
 
-    if (b->callback != NULL || b->callback_ex != NULL) {
+    if (HAS_CALLBACK(b)) {
         ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L,
                                 NULL);
         if (ret <= 0)
@@ -589,7 +601,7 @@ long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 
     ret = b->method->callback_ctrl(b, cmd, fp);
 
-    if (b->callback != NULL || b->callback_ex != NULL)
+    if (HAS_CALLBACK(b))
         ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0,
                                 cmd, 0, ret, NULL);
 
@@ -742,7 +754,9 @@ BIO *BIO_dup_chain(BIO *in)
     for (bio = in; bio != NULL; bio = bio->next_bio) {
         if ((new_bio = BIO_new(bio->method)) == NULL)
             goto err;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
         new_bio->callback = bio->callback;
+#endif
         new_bio->callback_ex = bio->callback_ex;
         new_bio->cb_arg = bio->cb_arg;
         new_bio->init = bio->init;
diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h
index 581b19c0c1..134ad748a1 100644
--- a/crypto/bio/bio_local.h
+++ b/crypto/bio/bio_local.h
@@ -116,7 +116,9 @@ struct bio_st {
     OSSL_LIB_CTX *libctx;
     const BIO_METHOD *method;
     /* bio, mode, argp, argi, argl, ret */
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     BIO_callback_fn callback;
+#endif
     BIO_callback_fn_ex callback_ex;
     char *cb_arg;               /* first argument for the callback */
     int init;
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 5b776224d6..aff92223af 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 #include <stdio.h>
 #include <errno.h>
 #include "bio_local.h"
@@ -305,9 +307,11 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c)
             if (bio == NULL)
                 goto exit_loop;
 
+            BIO_set_callback_ex(bio, BIO_get_callback_ex(b));
+#ifndef OPENSSL_NO_DEPRECATED_3_0
             BIO_set_callback(bio, BIO_get_callback(b));
+#endif
             BIO_set_callback_arg(bio, BIO_get_callback_arg(b));
-
             /*
              * If the accept BIO has an bio_chain, we dup it and put the new
              * socket at the end.
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index df669245f3..9d7a9eafef 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#define OPENSSL_SUPPRESS_DEPRECATED /* for BIO_get_callback */
+
 #include <stdio.h>
 #include <errno.h>
 #include "internal/cryptlib.h"
@@ -392,7 +394,7 @@ static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 
     if (next == NULL)
         return 0;
-    
+
     return BIO_callback_ctrl(next, cmd, fp);
 }
 
@@ -400,25 +402,42 @@ int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
                    const unsigned char *i, int e)
 {
     BIO_ENC_CTX *ctx;
-    long (*callback) (struct bio_st *, int, const char *, int, long, long);
+    BIO_callback_fn_ex callback_ex;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    long (*callback) (struct bio_st *, int, const char *, int, long, long) = NULL;
+#endif
 
     ctx = BIO_get_data(b);
     if (ctx == NULL)
         return 0;
 
-    callback = BIO_get_callback(b);
+    if ((callback_ex = BIO_get_callback_ex(b)) != NULL) {
+        if (callback_ex(b, BIO_CB_CTRL, (const char *)c, 0, BIO_CTRL_SET,
+                        e, 1, NULL) <= 0)
+            return 0;
+    }
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    else {
+        callback = BIO_get_callback(b);
 
-    if ((callback != NULL) &&
+        if ((callback != NULL) &&
             (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e,
                       0L) <= 0))
-        return 0;
+            return 0;
+    }
+#endif
 
     BIO_set_init(b, 1);
 
     if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
         return 0;
 
-    if (callback != NULL)
+    if (callback_ex != NULL)
+        return callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, (const char *)c, 0,
+                           BIO_CTRL_SET, e, 1, NULL);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+    else if (callback != NULL)
         return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+#endif
     return 1;
 }
diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod
index 975fef78d2..e3b86c095c 100644
--- a/doc/man3/BIO_set_callback.pod
+++ b/doc/man3/BIO_set_callback.pod
@@ -4,7 +4,7 @@
 
 BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback,
 BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback,
-BIO_callback_fn_ex, BIO_callback_fn
+BIO_debug_callback_ex, BIO_callback_fn_ex, BIO_callback_fn
 - BIO callback functions
 
 =head1 SYNOPSIS
@@ -14,17 +14,24 @@ BIO_callback_fn_ex, BIO_callback_fn
  typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
                                     size_t len, int argi,
                                     long argl, int ret, size_t *processed);
- typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
-                                 long argl, long ret);
 
  void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
  BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
 
- void BIO_set_callback(BIO *b, BIO_callback_fn cb);
- BIO_callback_fn BIO_get_callback(BIO *b);
  void BIO_set_callback_arg(BIO *b, char *arg);
  char *BIO_get_callback_arg(const BIO *b);
 
+ long BIO_debug_callback_ex(BIO *bio, int oper, const char *argp, size_t len,
+                            int argi, long argl, int ret, size_t *processed);
+
+ Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+ OPENSSL_API_COMPAT with a suitable version value, see
+ openssl_user_macros(7):
+
+ typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                 long argl, long ret);
+ void BIO_set_callback(BIO *b, BIO_callback_fn cb);
+ BIO_callback_fn BIO_get_callback(BIO *b);
  long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
                          long argl, long ret);
 
@@ -43,10 +50,12 @@ called in preference to any set by BIO_set_callback().
 BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be
 used to set and retrieve an argument for use in the callback.
 
-BIO_debug_callback() is a standard debugging callback which prints
+BIO_debug_callback_ex() is a standard debugging callback which prints
 out information relating to each BIO operation. If the callback
 argument is set it is interpreted as a BIO to send the information
-to, otherwise stderr is used.
+to, otherwise stderr is used. The BIO_debug_callback() function is the
+deprecated version of the same callback for use with the old callback
+format BIO_set_callback() function.
 
 BIO_callback_fn_ex is the type of the callback function and BIO_callback_fn
 is the type of the old format callback function. The meaning of each argument
@@ -225,9 +234,16 @@ operations.
 
 =head1 EXAMPLES
 
-The BIO_debug_callback() function is a good example, its source is
+The BIO_debug_callback_ex() function is an example, its source is
 in crypto/bio/bio_cb.c
 
+=head1 HISTORY
+
+The BIO_debug_callback_ex() function was added in OpenSSL 3.0.
+
+BIO_set_callback(), BIO_get_callback(), and BIO_debug_callback() were
+deprecated in OpenSSL 3.0. Use the non-deprecated _ex functions instead.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 022ac88207..89ef74f0a1 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -1085,6 +1085,12 @@ There is no replacement. This option returned a constant string.
 
 =item -
 
+BIO_get_callback(), BIO_set_callback(), BIO_debug_callback()
+
+Use the respective non-deprecated _ex() functions.
+
+=item -
+
 BN_is_prime_ex(), BN_is_prime_fasttest_ex()
 
 Use L<BN_check_prime(3)> which that avoids possible misuse and always uses at least
diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
index 4e2fbb5f07..2c65b7e1a7 100644
--- a/include/openssl/bio.h.in
+++ b/include/openssl/bio.h.in
@@ -271,16 +271,23 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 # define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
                                 long argl, long ret);
+OSSL_DEPRECATEDIN_3_0 BIO_callback_fn BIO_get_callback(const BIO *b);
+OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback);
+OSSL_DEPRECATEDIN_3_0 long BIO_debug_callback(BIO *bio, int cmd,
+                                               const char *argp, int argi,
+                                               long argl, long ret);
+# endif
+
 typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
                                    size_t len, int argi,
                                    long argl, int ret, size_t *processed);
-BIO_callback_fn BIO_get_callback(const BIO *b);
-void BIO_set_callback(BIO *b, BIO_callback_fn callback);
-
 BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
 void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+long BIO_debug_callback_ex(BIO *bio, int oper, const char *argp, size_t len,
+                           int argi, long argl, int ret, size_t *processed);
 
 char *BIO_get_callback_arg(const BIO *b);
 void BIO_set_callback_arg(BIO *b, char *arg);
@@ -634,9 +641,6 @@ int BIO_nread(BIO *bio, char **buf, int num);
 int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 
-long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
-                        long argl, long ret);
-
 const BIO_METHOD *BIO_s_mem(void);
 const BIO_METHOD *BIO_s_secmem(void);
 BIO *BIO_new_mem_buf(const void *buf, int len);
diff --git a/test/bio_callback_test.c b/test/bio_callback_test.c
index 9b9c305205..66cf0e7974 100644
--- a/test/bio_callback_test.c
+++ b/test/bio_callback_test.c
@@ -6,6 +6,7 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
+#define OPENSSL_SUPPRESS_DEPRECATED
 #include <stdio.h>
 #include <string.h>
 #include <openssl/bio.h>
@@ -20,7 +21,184 @@ static const char *my_param_argp[MAXCOUNT];
 static int         my_param_argi[MAXCOUNT];
 static long        my_param_argl[MAXCOUNT];
 static long        my_param_ret[MAXCOUNT];
+static size_t      my_param_len[MAXCOUNT];
+static size_t      my_param_processed[MAXCOUNT];
 
+static long my_bio_cb_ex(BIO *b, int oper, const char *argp, size_t len,
+                         int argi, long argl, int ret, size_t *processed)
+{
+    if (my_param_count >= MAXCOUNT)
+        return -1;
+    my_param_b[my_param_count]    = b;
+    my_param_oper[my_param_count] = oper;
+    my_param_argp[my_param_count] = argp;
+    my_param_argi[my_param_count] = argi;
+    my_param_argl[my_param_count] = argl;
+    my_param_ret[my_param_count]  = ret;
+    my_param_len[my_param_count]  = len;
+    my_param_processed[my_param_count] = processed != NULL ? *processed : 0;
+
+    my_param_count++;
+    return ret;
+}
+
+static int test_bio_callback_ex(void)
+{
+    int ok = 0;
+    BIO *bio;
+    int i;
+    char test1[] = "test";
+    const size_t test1len = sizeof(test1) - 1;
+    char test2[] = "hello";
+    const size_t test2len = sizeof(test2) - 1;
+    char buf[16];
+
+    my_param_count = 0;
+
+    bio = BIO_new(BIO_s_mem());
+    if (bio == NULL)
+        goto err;
+
+    BIO_set_callback_ex(bio, my_bio_cb_ex);
+    i = BIO_write(bio, test1, test1len);
+    if (!TEST_int_eq(i, test1len)
+            || !TEST_int_eq(my_param_count, 2)
+            || !TEST_ptr_eq(my_param_b[0], bio)
+            || !TEST_int_eq(my_param_oper[0], BIO_CB_WRITE)
+            || !TEST_ptr_eq(my_param_argp[0], test1)
+            || !TEST_size_t_eq(my_param_len[0], test1len)
+            || !TEST_long_eq(my_param_argl[0], 0L)
+            || !TEST_int_eq((int)my_param_ret[0], 1)
+            || !TEST_ptr_eq(my_param_b[1], bio)
+            || !TEST_int_eq(my_param_oper[1], BIO_CB_WRITE | BIO_CB_RETURN)
+            || !TEST_ptr_eq(my_param_argp[1], test1)
+            || !TEST_size_t_eq(my_param_len[1], test1len)
+            || !TEST_long_eq(my_param_argl[1], 0L)
+            || !TEST_size_t_eq(my_param_processed[1], test1len)
+            || !TEST_int_eq((int)my_param_ret[1], 1))
+        goto err;
+
+    my_param_count = 0;
+    i = BIO_read(bio, buf, sizeof(buf));
+    if (!TEST_mem_eq(buf, i, test1, test1len)
+            || !TEST_int_eq(my_param_count, 2)
+            || !TEST_ptr_eq(my_param_b[0], bio)
+            || !TEST_int_eq(my_param_oper[0], BIO_CB_READ)
+            || !TEST_ptr_eq(my_param_argp[0], buf)
+            || !TEST_size_t_eq(my_param_len[0], sizeof(buf))
+            || !TEST_long_eq(my_param_argl[0], 0L)
+            || !TEST_int_eq((int)my_param_ret[0], 1)
+            || !TEST_ptr_eq(my_param_b[1], bio)
+            || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN)
+            || !TEST_ptr_eq(my_param_argp[1], buf)
+            || !TEST_size_t_eq(my_param_len[1], sizeof(buf))
+            || !TEST_long_eq(my_param_argl[1], 0L)
+            || !TEST_size_t_eq(my_param_processed[1], test1len)
+            || !TEST_int_eq((int)my_param_ret[1], 1))
+        goto err;
+
+    /* By default a mem bio returns -1 if it has run out of data */
+    my_param_count = 0;
+    i = BIO_read(bio, buf, sizeof(buf));
+    if (!TEST_int_eq(i, -1)
+            || !TEST_int_eq(my_param_count, 2)
+            || !TEST_ptr_eq(my_param_b[0], bio)
+            || !TEST_int_eq(my_param_oper[0], BIO_CB_READ)
+            || !TEST_ptr_eq(my_param_argp[0], buf)
+            || !TEST_size_t_eq(my_param_len[0], sizeof(buf))
+            || !TEST_long_eq(my_param_argl[0], 0L)
+            || !TEST_int_eq((int)my_param_ret[0], 1)
+            || !TEST_ptr_eq(my_param_b[1], bio)
+            || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN)
+            || !TEST_ptr_eq(my_param_argp[1], buf)
+            || !TEST_size_t_eq(my_param_len[1], sizeof(buf))
+            || !TEST_long_eq(my_param_argl[1], 0L)
+            || !TEST_size_t_eq(my_param_processed[1], 0)
+            || !TEST_int_eq((int)my_param_ret[1], -1))
+        goto err;
+
+    /* Force the mem bio to return 0 if it has run out of data */
+    my_param_count = 0;
+    i = BIO_set_mem_eof_return(bio, 0);
+    if (!TEST_int_eq(i, 1)
+            || !TEST_int_eq(my_param_count, 2)
+            || !TEST_ptr_eq(my_param_b[0], bio)
+            || !TEST_int_eq(my_param_oper[0], BIO_CB_CTRL)
+            || !TEST_ptr_eq(my_param_argp[0], NULL)
+            || !TEST_int_eq(my_param_argi[0], BIO_C_SET_BUF_MEM_EOF_RETURN)
+            || !TEST_long_eq(my_param_argl[0], 0L)
+            || !TEST_int_eq((int)my_param_ret[0], 1)
+            || !TEST_ptr_eq(my_param_b[1], bio)
+            || !TEST_int_eq(my_param_oper[1], BIO_CB_CTRL | BIO_CB_RETURN)
+            || !TEST_ptr_eq(my_param_argp[1], NULL)
+            || !TEST_int_eq(my_param_argi[1], BIO_C_SET_BUF_MEM_EOF_RETURN)
+            || !TEST_long_eq(my_param_argl[1], 0L)
+            || !TEST_int_eq((int)my_param_ret[1], 1))
+        goto err;
+    my_param_count = 0;
+    i = BIO_read(bio, buf, sizeof(buf));
+    if (!TEST_int_eq(i, 0)
+            || !TEST_int_eq(my_param_count, 2)
+            || !TEST_ptr_eq(my_param_b[0], bio)
+            || !TEST_int_eq(my_param_oper[0], BIO_CB_READ)
+            || !TEST_ptr_eq(my_param_argp[0], buf)
+            || !TEST_size_t_eq(my_param_len[0], sizeof(buf))
+            || !TEST_long_eq(my_param_argl[0], 0L)
+            || !TEST_int_eq((int)my_param_ret[0], 1)
+            || !TEST_ptr_eq(my_param_b[1], bio)
+            || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN)
+            || !TEST_ptr_eq(my_param_argp[1], buf)
+            || !TEST_size_t_eq(my_param_len[1], sizeof(buf))
+            || !TEST_long_eq(my_param_argl[1], 0L)
+            || !TEST_size_t_eq(my_param_processed[1], 0)
+            || !TEST_int_eq((int)my_param_ret[1], 0))
+        goto err;
+
+    my_param_count = 0;
+    i = BIO_puts(bio, test2);
+    if (!TEST_int_eq(i, 5)
+            || !TEST_int_eq(my_param_count, 2)
+            || !TEST_ptr_eq(my_param_b[0], bio)
+            || !TEST_int_eq(my_param_oper[0], BIO_CB_PUTS)
+            || !TEST_ptr_eq(my_param_argp[0], test2)
+            || !TEST_int_eq(my_param_argi[0], 0)
+            || !TEST_long_eq(my_param_argl[0], 0L)
+            || !TEST_int_eq((int)my_param_ret[0], 1)
+            || !TEST_ptr_eq(my_param_b[1], bio)
+            || !TEST_int_eq(my_param_oper[1], BIO_CB_PUTS | BIO_CB_RETURN)
+            || !TEST_ptr_eq(my_param_argp[1], test2)
+            || !TEST_int_eq(my_param_argi[1], 0)
+            || !TEST_long_eq(my_param_argl[1], 0L)
+            || !TEST_size_t_eq(my_param_processed[1], test2len)
+            || !TEST_int_eq((int)my_param_ret[1], 1))
+        goto err;
+
+    my_param_count = 0;
+    i = BIO_free(bio);
+    if (!TEST_int_eq(i, 1)
+            || !TEST_int_eq(my_param_count, 1)
+            || !TEST_ptr_eq(my_param_b[0], bio)
+            || !TEST_int_eq(my_param_oper[0], BIO_CB_FREE)
+            || !TEST_ptr_eq(my_param_argp[0], NULL)
+            || !TEST_int_eq(my_param_argi[0], 0)
+            || !TEST_long_eq(my_param_argl[0], 0L)
+            || !TEST_int_eq((int)my_param_ret[0], 1))
+        goto finish;
+
+    ok = 1;
+    goto finish;
+
+err:
+    BIO_free(bio);
+
+finish:
+    /* This helps finding memory leaks with ASAN */
+    memset(my_param_b, 0, sizeof(my_param_b));
+    memset(my_param_argp, 0, sizeof(my_param_argp));
+    return ok;
+}
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 static long my_bio_callback(BIO *b, int oper, const char *argp, int argi,
                             long argl, long ret)
 {
@@ -170,9 +348,13 @@ finish:
     memset(my_param_argp, 0, sizeof(my_param_argp));
     return ok;
 }
+#endif
 
 int setup_tests(void)
 {
+    ADD_TEST(test_bio_callback_ex);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     ADD_TEST(test_bio_callback);
+#endif
     return 1;
 }
diff --git a/util/libcrypto.num b/util/libcrypto.num
index b20c18d782..1016d9c327 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1226,7 +1226,7 @@ UI_method_get_opener                    1254	3_0_0	EXIST::FUNCTION:
 EVP_aes_192_gcm                         1255	3_0_0	EXIST::FUNCTION:
 TS_CONF_set_tsa_name                    1256	3_0_0	EXIST::FUNCTION:TS
 X509_email_free                         1257	3_0_0	EXIST::FUNCTION:
-BIO_get_callback                        1258	3_0_0	EXIST::FUNCTION:
+BIO_get_callback                        1258	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 OPENSSL_sk_shift                        1259	3_0_0	EXIST::FUNCTION:
 i2d_X509_REVOKED                        1260	3_0_0	EXIST::FUNCTION:
 CMS_sign                                1261	3_0_0	EXIST::FUNCTION:CMS
@@ -3060,7 +3060,7 @@ ASN1_STRING_print                       3126	3_0_0	EXIST::FUNCTION:
 CRYPTO_THREAD_lock_free                 3127	3_0_0	EXIST::FUNCTION:
 TS_ACCURACY_get_seconds                 3128	3_0_0	EXIST::FUNCTION:TS
 BN_options                              3129	3_0_0	EXIST::FUNCTION:
-BIO_debug_callback                      3130	3_0_0	EXIST::FUNCTION:
+BIO_debug_callback                      3130	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_MD_meth_get_update                  3131	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 GENERAL_NAME_set0_othername             3132	3_0_0	EXIST::FUNCTION:
 ASN1_BIT_STRING_set_bit                 3133	3_0_0	EXIST::FUNCTION:
@@ -3671,7 +3671,7 @@ X509v3_get_ext_count                    3753	3_0_0	EXIST::FUNCTION:
 UI_OpenSSL                              3754	3_0_0	EXIST::FUNCTION:UI_CONSOLE
 CRYPTO_ccm128_decrypt                   3755	3_0_0	EXIST::FUNCTION:
 d2i_OCSP_RESPDATA                       3756	3_0_0	EXIST::FUNCTION:OCSP
-BIO_set_callback                        3757	3_0_0	EXIST::FUNCTION:
+BIO_set_callback                        3757	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 BN_GF2m_poly2arr                        3758	3_0_0	EXIST::FUNCTION:EC2M
 CMS_unsigned_get_attr_count             3759	3_0_0	EXIST::FUNCTION:CMS
 EVP_aes_256_gcm                         3760	3_0_0	EXIST::FUNCTION:
@@ -5415,3 +5415,4 @@ OSSL_LIB_CTX_new_child                  5542	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get0_dispatch             5543	3_0_0	EXIST::FUNCTION:
 PKCS5_PBE_keyivgen_ex                   5544	3_0_0	EXIST::FUNCTION:
 EVP_MAC_CTX_get_block_size              5545	3_0_0	EXIST::FUNCTION:
+BIO_debug_callback_ex                   5546	3_0_0	EXIST::FUNCTION:

From no-reply at appveyor.com  Wed May 26 17:38:56 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 26 May 2021 17:38:56 +0000
Subject: Build failed: openssl master.42160
Message-ID: <20210526173856.1.F73034E1C3F83240@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210526/09d0877e/attachment.html>

From no-reply at appveyor.com  Wed May 26 21:03:08 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Wed, 26 May 2021 21:03:08 +0000
Subject: Build failed: openssl master.42161
Message-ID: <20210526210308.1.F0C01F8AD110AF17@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210526/a85cd30b/attachment.html>

From pauli at openssl.org  Wed May 26 23:36:59 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 23:36:59 +0000
Subject: [openssl]  master update
Message-ID: <1622072219.725262.13338.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e475d9a443ecb20d7cec711e208190c1e2b5bb0d (commit)
       via  3675334e2b92eabedbd2f0eb452ade30283b0e56 (commit)
       via  190c029eab0d553f1a94cccc3021440ee2ff4a1e (commit)
       via  36ec749fda0c24a8d850cde35ec7c56a999a457e (commit)
      from  0800318a0c1f80ed838838951b0478cb977d40a6 (commit)


- Log -----------------------------------------------------------------
commit e475d9a443ecb20d7cec711e208190c1e2b5bb0d
Author: Pauli <pauli at openssl.org>
Date:   Tue May 25 11:15:38 2021 +1000

    rsa: rename global rsaz_ sumbols so they are in namespace
    
    The symbols renamed are:
    
    RSAZ_amm52x20_x1_256
    RSAZ_amm52x20_x2_256
    rsaz_avx512ifma_eligible
    RSAZ_mod_exp_avx512_x2
    
    Additionally, RSAZ_exp52x20_x2_256 was made static
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15445)

commit 3675334e2b92eabedbd2f0eb452ade30283b0e56
Author: Pauli <pauli at openssl.org>
Date:   Tue May 25 10:40:44 2021 +1000

    aes: rename new bsaes_ symbols -> ossl_bsaes_ ones
    
    bsaes_cbc_encrypt -> ossl_bsaes_cbc_encrypt
    bsaes_ctr32_encrypt_blocks -> ossl_bsaes_ctr32_encrypt_blocks
    bsaes_xts_decrypt -> ossl_bsaes_xts_decrypt
    bsaes_xts_encrypt -> ossl_bsaes_xts_encrypt
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15445)

commit 190c029eab0d553f1a94cccc3021440ee2ff4a1e
Author: Pauli <pauli at openssl.org>
Date:   Tue May 25 10:34:10 2021 +1000

    bn: rename extract_multiplier_2x20_win5 -> ossl_extract_multiplier_2x20_win5
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15445)

commit 36ec749fda0c24a8d850cde35ec7c56a999a457e
Author: Pauli <pauli at openssl.org>
Date:   Tue May 25 10:31:05 2021 +1000

    bn: rename bn_check_prime_int -> ossl_bn_check_primt
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15445)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/asm/bsaes-armv7.pl                      | 32 +++----
 crypto/aes/asm/bsaes-x86_64.pl                     | 32 +++----
 crypto/bn/asm/rsaz-avx512.pl                       | 98 +++++++++++-----------
 crypto/bn/bn_depr.c                                |  4 +-
 crypto/bn/bn_exp.c                                 | 12 +--
 crypto/bn/bn_local.h                               |  4 +-
 crypto/bn/bn_prime.c                               | 10 +--
 crypto/bn/rsaz_exp.h                               | 30 +++----
 crypto/bn/rsaz_exp_x2.c                            | 82 +++++++++---------
 crypto/evp/e_aes.c                                 |  8 +-
 include/crypto/aes_platform.h                      | 25 +++---
 .../implementations/ciphers/cipher_aes_gcm_hw.c    |  2 +-
 providers/implementations/ciphers/cipher_aes_hw.c  |  4 +-
 .../implementations/ciphers/cipher_aes_xts_hw.c    |  4 +-
 14 files changed, 177 insertions(+), 170 deletions(-)

diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
index 39ccc3dbed..f97dea2077 100644
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/aes/asm/bsaes-armv7.pl
@@ -1119,10 +1119,10 @@ $code.=<<___;
 .extern AES_cbc_encrypt
 .extern AES_decrypt
 
-.global	bsaes_cbc_encrypt
-.type	bsaes_cbc_encrypt,%function
+.global	ossl_bsaes_cbc_encrypt
+.type	ossl_bsaes_cbc_encrypt,%function
 .align	5
-bsaes_cbc_encrypt:
+ossl_bsaes_cbc_encrypt:
 #ifndef	__KERNEL__
 	cmp	$len, #128
 #ifndef	__thumb__
@@ -1384,7 +1384,7 @@ bsaes_cbc_encrypt:
 	vst1.8	{@XMM[15]}, [$ivp]		@ return IV
 	VFP_ABI_POP
 	ldmia	sp!, {r4-r10, pc}
-.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
+.size	ossl_bsaes_cbc_encrypt,.-ossl_bsaes_cbc_encrypt
 ___
 }
 {
@@ -1394,10 +1394,10 @@ my $keysched = "sp";
 
 $code.=<<___;
 .extern	AES_encrypt
-.global	bsaes_ctr32_encrypt_blocks
-.type	bsaes_ctr32_encrypt_blocks,%function
+.global	ossl_bsaes_ctr32_encrypt_blocks
+.type	ossl_bsaes_ctr32_encrypt_blocks,%function
 .align	5
-bsaes_ctr32_encrypt_blocks:
+ossl_bsaes_ctr32_encrypt_blocks:
 	cmp	$len, #8			@ use plain AES for
 	blo	.Lctr_enc_short			@ small sizes
 
@@ -1620,7 +1620,7 @@ bsaes_ctr32_encrypt_blocks:
 	vstmia		sp!, {q0-q1}
 
 	ldmia	sp!, {r4-r8, pc}
-.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
+.size	ossl_bsaes_ctr32_encrypt_blocks,.-ossl_bsaes_ctr32_encrypt_blocks
 ___
 }
 {
@@ -1635,10 +1635,10 @@ my $twmask=@XMM[5];
 my @T=@XMM[6..7];
 
 $code.=<<___;
-.globl	bsaes_xts_encrypt
-.type	bsaes_xts_encrypt,%function
+.globl	ossl_bsaes_xts_encrypt
+.type	ossl_bsaes_xts_encrypt,%function
 .align	4
-bsaes_xts_encrypt:
+ossl_bsaes_xts_encrypt:
 	mov	ip, sp
 	stmdb	sp!, {r4-r10, lr}		@ 0x20
 	VFP_ABI_PUSH
@@ -2037,12 +2037,12 @@ $code.=<<___;
 	VFP_ABI_POP
 	ldmia		sp!, {r4-r10, pc}	@ return
 
-.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
+.size	ossl_bsaes_xts_encrypt,.-ossl_bsaes_xts_encrypt
 
-.globl	bsaes_xts_decrypt
-.type	bsaes_xts_decrypt,%function
+.globl	ossl_bsaes_xts_decrypt
+.type	ossl_bsaes_xts_decrypt,%function
 .align	4
-bsaes_xts_decrypt:
+ossl_bsaes_xts_decrypt:
 	mov	ip, sp
 	stmdb	sp!, {r4-r10, lr}		@ 0x20
 	VFP_ABI_PUSH
@@ -2472,7 +2472,7 @@ $code.=<<___;
 	VFP_ABI_POP
 	ldmia		sp!, {r4-r10, pc}	@ return
 
-.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
+.size	ossl_bsaes_xts_decrypt,.-ossl_bsaes_xts_decrypt
 ___
 }
 $code.=<<___;
diff --git a/crypto/aes/asm/bsaes-x86_64.pl b/crypto/aes/asm/bsaes-x86_64.pl
index 2cf8211581..fa249cc3d9 100644
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ b/crypto/aes/asm/bsaes-x86_64.pl
@@ -1611,10 +1611,10 @@ ___
 }
 $code.=<<___;
 .extern	asm_AES_cbc_encrypt
-.globl	bsaes_cbc_encrypt
-.type	bsaes_cbc_encrypt,\@abi-omnipotent
+.globl	ossl_bsaes_cbc_encrypt
+.type	ossl_bsaes_cbc_encrypt,\@abi-omnipotent
 .align	16
-bsaes_cbc_encrypt:
+ossl_bsaes_cbc_encrypt:
 .cfi_startproc
 	endbranch
 ___
@@ -1915,12 +1915,12 @@ $code.=<<___;
 .Lcbc_dec_epilogue:
 	ret
 .cfi_endproc
-.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
+.size	ossl_bsaes_cbc_encrypt,.-ossl_bsaes_cbc_encrypt
 
-.globl	bsaes_ctr32_encrypt_blocks
-.type	bsaes_ctr32_encrypt_blocks,\@abi-omnipotent
+.globl	ossl_bsaes_ctr32_encrypt_blocks
+.type	ossl_bsaes_ctr32_encrypt_blocks,\@abi-omnipotent
 .align	16
-bsaes_ctr32_encrypt_blocks:
+ossl_bsaes_ctr32_encrypt_blocks:
 .cfi_startproc
 	endbranch
 	mov	%rsp, %rax
@@ -2166,7 +2166,7 @@ $code.=<<___;
 .Lctr_enc_epilogue:
 	ret
 .cfi_endproc
-.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
+.size	ossl_bsaes_ctr32_encrypt_blocks,.-ossl_bsaes_ctr32_encrypt_blocks
 ___
 ######################################################################
 # void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
@@ -2177,10 +2177,10 @@ my ($twmask,$twres,$twtmp)=@XMM[13..15];
 $arg6=~s/d$//;
 
 $code.=<<___;
-.globl	bsaes_xts_encrypt
-.type	bsaes_xts_encrypt,\@abi-omnipotent
+.globl	ossl_bsaes_xts_encrypt
+.type	ossl_bsaes_xts_encrypt,\@abi-omnipotent
 .align	16
-bsaes_xts_encrypt:
+ossl_bsaes_xts_encrypt:
 .cfi_startproc
 	mov	%rsp, %rax
 .Lxts_enc_prologue:
@@ -2574,12 +2574,12 @@ $code.=<<___;
 .Lxts_enc_epilogue:
 	ret
 .cfi_endproc
-.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
+.size	ossl_bsaes_xts_encrypt,.-ossl_bsaes_xts_encrypt
 
-.globl	bsaes_xts_decrypt
-.type	bsaes_xts_decrypt,\@abi-omnipotent
+.globl	ossl_bsaes_xts_decrypt
+.type	ossl_bsaes_xts_decrypt,\@abi-omnipotent
 .align	16
-bsaes_xts_decrypt:
+ossl_bsaes_xts_decrypt:
 .cfi_startproc
 	mov	%rsp, %rax
 .Lxts_dec_prologue:
@@ -2998,7 +2998,7 @@ $code.=<<___;
 .Lxts_dec_epilogue:
 	ret
 .cfi_endproc
-.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
+.size	ossl_bsaes_xts_decrypt,.-ossl_bsaes_xts_decrypt
 ___
 }
 $code.=<<___;
diff --git a/crypto/bn/asm/rsaz-avx512.pl b/crypto/bn/asm/rsaz-avx512.pl
index 1842bec609..d031caa88e 100644
--- a/crypto/bn/asm/rsaz-avx512.pl
+++ b/crypto/bn/asm/rsaz-avx512.pl
@@ -61,17 +61,17 @@ if ($avx512ifma>0) {{{
 
 $code.=<<___;
 .extern OPENSSL_ia32cap_P
-.globl  rsaz_avx512ifma_eligible
-.type   rsaz_avx512ifma_eligible,\@abi-omnipotent
+.globl  ossl_rsaz_avx512ifma_eligible
+.type   ossl_rsaz_avx512ifma_eligible,\@abi-omnipotent
 .align  32
-rsaz_avx512ifma_eligible:
+ossl_rsaz_avx512ifma_eligible:
     mov OPENSSL_ia32cap_P+8(%rip), %ecx
     xor %eax,%eax
     and \$`1<<31|1<<21|1<<17|1<<16`, %ecx     # avx512vl + avx512ifma + avx512dq + avx512f
     cmp \$`1<<31|1<<21|1<<17|1<<16`, %ecx
     cmove %ecx,%eax
     ret
-.size   rsaz_avx512ifma_eligible, .-rsaz_avx512ifma_eligible
+.size   ossl_rsaz_avx512ifma_eligible, .-ossl_rsaz_avx512ifma_eligible
 ___
 
 ###############################################################################
@@ -92,7 +92,7 @@ ___
 # This post-condition is true, provided the correct parameter |s| is choosen, i.e.
 # s >= n + 2 * k, which matches our case: 1040 > 1024 + 2 * 1.
 #
-# void RSAZ_amm52x20_x1_256(BN_ULONG *res,
+# void ossl_rsaz_amm52x20_x1_256(BN_ULONG *res,
 #                           const BN_ULONG *a,
 #                           const BN_ULONG *b,
 #                           const BN_ULONG *m,
@@ -305,10 +305,10 @@ ___
 $code.=<<___;
 .text
 
-.globl  RSAZ_amm52x20_x1_256
-.type   RSAZ_amm52x20_x1_256,\@function,5
+.globl  ossl_rsaz_amm52x20_x1_256
+.type   ossl_rsaz_amm52x20_x1_256,\@function,5
 .align 32
-RSAZ_amm52x20_x1_256:
+ossl_rsaz_amm52x20_x1_256:
 .cfi_startproc
     endbranch
     push    %rbx
@@ -381,7 +381,7 @@ $code.=<<___;
 .Lrsaz_amm52x20_x1_256_epilogue:
     ret
 .cfi_endproc
-.size   RSAZ_amm52x20_x1_256, .-RSAZ_amm52x20_x1_256
+.size   ossl_rsaz_amm52x20_x1_256, .-ossl_rsaz_amm52x20_x1_256
 ___
 
 $code.=<<___;
@@ -397,12 +397,12 @@ ___
 ###############################################################################
 # Dual Almost Montgomery Multiplication for 20-digit number in radix 2^52
 #
-# See description of RSAZ_amm52x20_x1_256() above for details about Almost
+# See description of ossl_rsaz_amm52x20_x1_256() above for details about Almost
 # Montgomery Multiplication algorithm and function input parameters description.
 #
 # This function does two AMMs for two independent inputs, hence dual.
 #
-# void RSAZ_amm52x20_x2_256(BN_ULONG out[2][20],
+# void ossl_rsaz_amm52x20_x2_256(BN_ULONG out[2][20],
 #                           const BN_ULONG a[2][20],
 #                           const BN_ULONG b[2][20],
 #                           const BN_ULONG m[2][20],
@@ -412,10 +412,10 @@ ___
 $code.=<<___;
 .text
 
-.globl  RSAZ_amm52x20_x2_256
-.type   RSAZ_amm52x20_x2_256,\@function,5
+.globl  ossl_rsaz_amm52x20_x2_256
+.type   ossl_rsaz_amm52x20_x2_256,\@function,5
 .align 32
-RSAZ_amm52x20_x2_256:
+ossl_rsaz_amm52x20_x2_256:
 .cfi_startproc
     endbranch
     push    %rbx
@@ -500,7 +500,7 @@ $code.=<<___;
 .Lrsaz_amm52x20_x2_256_epilogue:
     ret
 .cfi_endproc
-.size   RSAZ_amm52x20_x2_256, .-RSAZ_amm52x20_x2_256
+.size   ossl_rsaz_amm52x20_x2_256, .-ossl_rsaz_amm52x20_x2_256
 ___
 }
 
@@ -514,10 +514,10 @@ ___
 #
 # Extracted value (output) is 20 digit number in 2^52 radix.
 #
-# void extract_multiplier_2x20_win5(BN_ULONG *red_Y,
-#                                   const BN_ULONG red_table[1 << EXP_WIN_SIZE][2][20],
-#                                   int red_table_idx,
-#                                   int tbl_idx);           # 0 or 1
+# void ossl_extract_multiplier_2x20_win5(BN_ULONG *red_Y,
+#                                        const BN_ULONG red_table[1 << EXP_WIN_SIZE][2][20],
+#                                        int red_table_idx,
+#                                        int tbl_idx);           # 0 or 1
 #
 # EXP_WIN_SIZE = 5
 ###############################################################################
@@ -535,9 +535,9 @@ $code.=<<___;
 .text
 
 .align 32
-.globl  extract_multiplier_2x20_win5
-.type   extract_multiplier_2x20_win5,\@function,4
-extract_multiplier_2x20_win5:
+.globl  ossl_extract_multiplier_2x20_win5
+.type   ossl_extract_multiplier_2x20_win5,\@function,4
+ossl_extract_multiplier_2x20_win5:
 .cfi_startproc
     endbranch
     leaq    ($tbl_idx,$tbl_idx,4), %rax
@@ -581,7 +581,7 @@ extract_multiplier_2x20_win5:
 
     ret
 .cfi_endproc
-.size   extract_multiplier_2x20_win5, .-extract_multiplier_2x20_win5
+.size   ossl_extract_multiplier_2x20_win5, .-ossl_extract_multiplier_2x20_win5
 ___
 $code.=<<___;
 .data
@@ -688,55 +688,55 @@ rsaz_def_handler:
 
 .section    .pdata
 .align  4
-    .rva    .LSEH_begin_RSAZ_amm52x20_x1_256
-    .rva    .LSEH_end_RSAZ_amm52x20_x1_256
-    .rva    .LSEH_info_RSAZ_amm52x20_x1_256
+    .rva    .LSEH_begin_ossl_rsaz_amm52x20_x1_256
+    .rva    .LSEH_end_ossl_rsaz_amm52x20_x1_256
+    .rva    .LSEH_info_ossl_rsaz_amm52x20_x1_256
 
-    .rva    .LSEH_begin_RSAZ_amm52x20_x2_256
-    .rva    .LSEH_end_RSAZ_amm52x20_x2_256
-    .rva    .LSEH_info_RSAZ_amm52x20_x2_256
+    .rva    .LSEH_begin_ossl_rsaz_amm52x20_x2_256
+    .rva    .LSEH_end_ossl_rsaz_amm52x20_x2_256
+    .rva    .LSEH_info_ossl_rsaz_amm52x20_x2_256
 
-    .rva    .LSEH_begin_extract_multiplier_2x20_win5
-    .rva    .LSEH_end_extract_multiplier_2x20_win5
-    .rva    .LSEH_info_extract_multiplier_2x20_win5
+    .rva    .LSEH_begin_ossl_extract_multiplier_2x20_win5
+    .rva    .LSEH_end_ossl_extract_multiplier_2x20_win5
+    .rva    .LSEH_info_ossl_extract_multiplier_2x20_win5
 
 .section    .xdata
 .align  8
-.LSEH_info_RSAZ_amm52x20_x1_256:
+.LSEH_info_ossl_rsaz_amm52x20_x1_256:
     .byte   9,0,0,0
     .rva    rsaz_def_handler
     .rva    .Lrsaz_amm52x20_x1_256_body,.Lrsaz_amm52x20_x1_256_epilogue
-.LSEH_info_RSAZ_amm52x20_x2_256:
+.LSEH_info_ossl_rsaz_amm52x20_x2_256:
     .byte   9,0,0,0
     .rva    rsaz_def_handler
     .rva    .Lrsaz_amm52x20_x2_256_body,.Lrsaz_amm52x20_x2_256_epilogue
-.LSEH_info_extract_multiplier_2x20_win5:
+.LSEH_info_ossl_extract_multiplier_2x20_win5:
     .byte   9,0,0,0
     .rva    rsaz_def_handler
-    .rva    .LSEH_begin_extract_multiplier_2x20_win5,.LSEH_begin_extract_multiplier_2x20_win5
+    .rva    .LSEH_begin_ossl_extract_multiplier_2x20_win5,.LSEH_begin_ossl_extract_multiplier_2x20_win5
 ___
 }
 }}} else {{{                # fallback for old assembler
 $code.=<<___;
 .text
 
-.globl  rsaz_avx512ifma_eligible
-.type   rsaz_avx512ifma_eligible,\@abi-omnipotent
-rsaz_avx512ifma_eligible:
+.globl  ossl_rsaz_avx512ifma_eligible
+.type   ossl_rsaz_avx512ifma_eligible,\@abi-omnipotent
+ossl_rsaz_avx512ifma_eligible:
     xor     %eax,%eax
     ret
-.size   rsaz_avx512ifma_eligible, .-rsaz_avx512ifma_eligible
-
-.globl  RSAZ_amm52x20_x1_256
-.globl  RSAZ_amm52x20_x2_256
-.globl  extract_multiplier_2x20_win5
-.type   RSAZ_amm52x20_x1_256,\@abi-omnipotent
-RSAZ_amm52x20_x1_256:
-RSAZ_amm52x20_x2_256:
-extract_multiplier_2x20_win5:
+.size   ossl_rsaz_avx512ifma_eligible, .-ossl_rsaz_avx512ifma_eligible
+
+.globl  ossl_rsaz_amm52x20_x1_256
+.globl  ossl_rsaz_amm52x20_x2_256
+.globl  ossl_extract_multiplier_2x20_win5
+.type   ossl_rsaz_amm52x20_x1_256,\@abi-omnipotent
+ossl_rsaz_amm52x20_x1_256:
+ossl_rsaz_amm52x20_x2_256:
+ossl_extract_multiplier_2x20_win5:
     .byte   0x0f,0x0b    # ud2
     ret
-.size   RSAZ_amm52x20_x1_256, .-RSAZ_amm52x20_x1_256
+.size   ossl_rsaz_amm52x20_x1_256, .-ossl_rsaz_amm52x20_x1_256
 ___
 }}}
 
diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
index 9d73cae98f..09ff34d4a4 100644
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
@@ -49,7 +49,7 @@ int BN_is_prime(const BIGNUM *a, int checks,
 {
     BN_GENCB cb;
     BN_GENCB_set_old(&cb, callback, cb_arg);
-    return bn_check_prime_int(a, checks, ctx_passed, 0, &cb);
+    return ossl_bn_check_prime(a, checks, ctx_passed, 0, &cb);
 }
 
 int BN_is_prime_fasttest(const BIGNUM *a, int checks,
@@ -59,5 +59,5 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
 {
     BN_GENCB cb;
     BN_GENCB_set_old(&cb, callback, cb_arg);
-    return bn_check_prime_int(a, checks, ctx_passed, do_trial_division, &cb);
+    return ossl_bn_check_prime(a, checks, ctx_passed, do_trial_division, &cb);
 }
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 2419d6e163..12dd6d554c 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1410,7 +1410,7 @@ int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1
     BN_MONT_CTX *mont1 = NULL;
     BN_MONT_CTX *mont2 = NULL;
 
-    if (rsaz_avx512ifma_eligible() &&
+    if (ossl_rsaz_avx512ifma_eligible() &&
         ((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) &&
          (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024))) {
 
@@ -1437,11 +1437,11 @@ int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1
                 goto err;
         }
 
-        ret = RSAZ_mod_exp_avx512_x2(rr1->d, a1->d, p1->d, m1->d, mont1->RR.d,
-                                     mont1->n0[0],
-                                     rr2->d, a2->d, p2->d, m2->d, mont2->RR.d,
-                                     mont2->n0[0],
-                                     1024 /* factor bit size */);
+        ret = ossl_rsaz_mod_exp_avx512_x2(rr1->d, a1->d, p1->d, m1->d,
+                                          mont1->RR.d, mont1->n0[0],
+                                          rr2->d, a2->d, p2->d, m2->d,
+                                          mont2->RR.d, mont2->n0[0],
+                                          1024 /* factor bit size */);
 
         rr1->top = 16;
         rr1->neg = 0;
diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
index 5a5829d73a..d9e9977291 100644
--- a/crypto/bn/bn_local.h
+++ b/crypto/bn/bn_local.h
@@ -667,7 +667,7 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
     return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
 }
 
-int bn_check_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
-                      int do_trial_division, BN_GENCB *cb);
+int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
+                        int do_trial_division, BN_GENCB *cb);
 
 #endif
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 33a2c85129..557f038105 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -230,19 +230,19 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
 int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
                    BN_GENCB *cb)
 {
-    return bn_check_prime_int(a, checks, ctx_passed, 0, cb);
+    return ossl_bn_check_prime(a, checks, ctx_passed, 0, cb);
 }
 
 int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx,
                             int do_trial_division, BN_GENCB *cb)
 {
-    return bn_check_prime_int(w, checks, ctx, do_trial_division, cb);
+    return ossl_bn_check_prime(w, checks, ctx, do_trial_division, cb);
 }
 #endif
 
 /* Wrapper around bn_is_prime_int that sets the minimum number of checks */
-int bn_check_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
-                       int do_trial_division, BN_GENCB *cb)
+int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
+                        int do_trial_division, BN_GENCB *cb)
 {
     int min_checks = bn_mr_min_checks(BN_num_bits(w));
 
@@ -254,7 +254,7 @@ int bn_check_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
 
 int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb)
 {
-    return bn_check_prime_int(p, 0, ctx, 1, cb);
+    return ossl_bn_check_prime(p, 0, ctx, 1, cb);
 }
 
 /*
diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
index 7b62afee0d..b4fd3cbbba 100644
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -36,21 +36,21 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
                       const BN_ULONG RR[8]);
 
 
-int rsaz_avx512ifma_eligible(void);
-
-int RSAZ_mod_exp_avx512_x2(BN_ULONG *res1,
-                           const BN_ULONG *base1,
-                           const BN_ULONG *exponent1,
-                           const BN_ULONG *m1,
-                           const BN_ULONG *RR1,
-                           BN_ULONG k0_1,
-                           BN_ULONG *res2,
-                           const BN_ULONG *base2,
-                           const BN_ULONG *exponent2,
-                           const BN_ULONG *m2,
-                           const BN_ULONG *RR2,
-                           BN_ULONG k0_2,
-                           int factor_size);
+int ossl_rsaz_avx512ifma_eligible(void);
+
+int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1,
+                                const BN_ULONG *base1,
+                                const BN_ULONG *exponent1,
+                                const BN_ULONG *m1,
+                                const BN_ULONG *RR1,
+                                BN_ULONG k0_1,
+                                BN_ULONG *res2,
+                                const BN_ULONG *base2,
+                                const BN_ULONG *exponent2,
+                                const BN_ULONG *m2,
+                                const BN_ULONG *RR2,
+                                BN_ULONG k0_2,
+                                int factor_size);
 
 # endif
 
diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c
index b2a83e81be..b7d11180f8 100644
--- a/crypto/bn/rsaz_exp_x2.c
+++ b/crypto/bn/rsaz_exp_x2.c
@@ -73,18 +73,18 @@ typedef void (*EXP52_x2)(BN_ULONG *res, const BN_ULONG *base,
  */
 
 /*AMM = Almost Montgomery Multiplication. */
-void RSAZ_amm52x20_x1_256(BN_ULONG *res, const BN_ULONG *base,
-                          const BN_ULONG *exp, const BN_ULONG *m,
-                          BN_ULONG k0);
-void RSAZ_exp52x20_x2_256(BN_ULONG *res, const BN_ULONG *base,
-                      const BN_ULONG *exp[2], const BN_ULONG *m,
-                      const BN_ULONG *rr, const BN_ULONG k0[2]);
-void RSAZ_amm52x20_x2_256(BN_ULONG *out, const BN_ULONG *a,
-                          const BN_ULONG *b, const BN_ULONG *m,
-                          const BN_ULONG k0[2]);
-void extract_multiplier_2x20_win5(BN_ULONG *red_Y,
-                                  const BN_ULONG *red_table,
-                                  int red_table_idx, int tbl_idx);
+void ossl_rsaz_amm52x20_x1_256(BN_ULONG *res, const BN_ULONG *base,
+                               const BN_ULONG *exp, const BN_ULONG *m,
+                               BN_ULONG k0);
+static void RSAZ_exp52x20_x2_256(BN_ULONG *res, const BN_ULONG *base,
+                                 const BN_ULONG *exp[2], const BN_ULONG *m,
+                                 const BN_ULONG *rr, const BN_ULONG k0[2]);
+void ossl_rsaz_amm52x20_x2_256(BN_ULONG *out, const BN_ULONG *a,
+                               const BN_ULONG *b, const BN_ULONG *m,
+                               const BN_ULONG k0[2]);
+void ossl_extract_multiplier_2x20_win5(BN_ULONG *red_Y,
+                                       const BN_ULONG *red_table,
+                                       int red_table_idx, int tbl_idx);
 
 /*
  * Dual Montgomery modular exponentiation using prime moduli of the
@@ -112,19 +112,19 @@ void extract_multiplier_2x20_win5(BN_ULONG *red_Y,
  * \return 0 in case of failure,
  *         1 in case of success.
  */
-int RSAZ_mod_exp_avx512_x2(BN_ULONG *res1,
-                           const BN_ULONG *base1,
-                           const BN_ULONG *exp1,
-                           const BN_ULONG *m1,
-                           const BN_ULONG *rr1,
-                           BN_ULONG k0_1,
-                           BN_ULONG *res2,
-                           const BN_ULONG *base2,
-                           const BN_ULONG *exp2,
-                           const BN_ULONG *m2,
-                           const BN_ULONG *rr2,
-                           BN_ULONG k0_2,
-                           int factor_size)
+int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1,
+                                const BN_ULONG *base1,
+                                const BN_ULONG *exp1,
+                                const BN_ULONG *m1,
+                                const BN_ULONG *rr1,
+                                BN_ULONG k0_1,
+                                BN_ULONG *res2,
+                                const BN_ULONG *base2,
+                                const BN_ULONG *exp2,
+                                const BN_ULONG *m2,
+                                const BN_ULONG *rr2,
+                                BN_ULONG k0_2,
+                                int factor_size)
 {
     int ret = 0;
 
@@ -152,7 +152,7 @@ int RSAZ_mod_exp_avx512_x2(BN_ULONG *res1,
     /* Only 1024-bit factor size is supported now */
     switch (factor_size) {
     case 1024:
-        amm = RSAZ_amm52x20_x1_256;
+        amm = ossl_rsaz_amm52x20_x1_256;
         exp_x2 = RSAZ_exp52x20_x2_256;
         break;
     default:
@@ -247,12 +247,12 @@ err:
  *
  * \return (void).
  */
-void RSAZ_exp52x20_x2_256(BN_ULONG *out,          /* [2][20] */
-                          const BN_ULONG *base,   /* [2][20] */
-                          const BN_ULONG *exp[2], /* 2x16    */
-                          const BN_ULONG *m,      /* [2][20] */
-                          const BN_ULONG *rr,     /* [2][20] */
-                          const BN_ULONG k0[2])
+static void RSAZ_exp52x20_x2_256(BN_ULONG *out,          /* [2][20] */
+                                 const BN_ULONG *base,   /* [2][20] */
+                                 const BN_ULONG *exp[2], /* 2x16    */
+                                 const BN_ULONG *m,      /* [2][20] */
+                                 const BN_ULONG *rr,     /* [2][20] */
+                                 const BN_ULONG k0[2])
 {
 # define BITSIZE_MODULUS (1024)
 # define EXP_WIN_SIZE (5)
@@ -263,13 +263,13 @@ void RSAZ_exp52x20_x2_256(BN_ULONG *out,          /* [2][20] */
  */
 # define RED_DIGITS (20)
 # define EXP_DIGITS (16)
-# define DAMM RSAZ_amm52x20_x2_256
+# define DAMM ossl_rsaz_amm52x20_x2_256
 /*
  * Squaring is done using multiplication now. That can be a subject of
  * optimization in future.
  */
 # define DAMS(r,a,m,k0) \
-              RSAZ_amm52x20_x2_256((r),(a),(a),(m),(k0))
+              ossl_rsaz_amm52x20_x2_256((r),(a),(a),(m),(k0))
 
     /* Allocate stack for red(undant) result Y and multiplier X */
     ALIGN64 BN_ULONG red_Y[2][RED_DIGITS];
@@ -328,8 +328,10 @@ void RSAZ_exp52x20_x2_256(BN_ULONG *out,          /* [2][20] */
         red_table_idx_0 >>= exp_chunk_shift;
         red_table_idx_1 >>= exp_chunk_shift;
 
-        extract_multiplier_2x20_win5(red_Y[0], (const BN_ULONG*)red_table, (int)red_table_idx_0, 0);
-        extract_multiplier_2x20_win5(red_Y[1], (const BN_ULONG*)red_table, (int)red_table_idx_1, 1);
+        ossl_extract_multiplier_2x20_win5(red_Y[0], (const BN_ULONG*)red_table,
+                                          (int)red_table_idx_0, 0);
+        ossl_extract_multiplier_2x20_win5(red_Y[1], (const BN_ULONG*)red_table,
+                                          (int)red_table_idx_1, 1);
 
         /* Process other exp windows */
         for (exp_bit_no -= EXP_WIN_SIZE; exp_bit_no >= 0; exp_bit_no -= EXP_WIN_SIZE) {
@@ -354,7 +356,9 @@ void RSAZ_exp52x20_x2_256(BN_ULONG *out,          /* [2][20] */
                     }
                     red_table_idx_0 &= table_idx_mask;
 
-                    extract_multiplier_2x20_win5(red_X[0], (const BN_ULONG*)red_table, (int)red_table_idx_0, 0);
+                    ossl_extract_multiplier_2x20_win5(red_X[0],
+                                                      (const BN_ULONG*)red_table,
+                                                      (int)red_table_idx_0, 0);
                 }
                 {
                     red_table_idx_1 = expz[1][exp_chunk_no];
@@ -371,7 +375,9 @@ void RSAZ_exp52x20_x2_256(BN_ULONG *out,          /* [2][20] */
                     }
                     red_table_idx_1 &= table_idx_mask;
 
-                    extract_multiplier_2x20_win5(red_X[1], (const BN_ULONG*)red_table, (int)red_table_idx_1, 1);
+                    ossl_extract_multiplier_2x20_win5(red_X[1],
+                                                      (const BN_ULONG*)red_table,
+                                                      (int)red_table_idx_1, 1);
                 }
             }
 
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 91e8cd861c..7e8f8ece72 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2323,7 +2323,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
             ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
                                       &dat->ks.ks);
             dat->block = (block128_f) AES_decrypt;
-            dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
+            dat->stream.cbc = (cbc128_f) ossl_bsaes_cbc_encrypt;
         } else
 #endif
 #ifdef VPAES_CAPABLE
@@ -2369,7 +2369,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
                                   &dat->ks.ks);
         dat->block = (block128_f) AES_encrypt;
-        dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+        dat->stream.ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks;
     } else
 #endif
 #ifdef VPAES_CAPABLE
@@ -2711,7 +2711,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                                    (block128_f) AES_encrypt);
-                gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+                gctx->ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks;
                 break;
             } else
 #endif
@@ -3168,7 +3168,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #endif
 #ifdef BSAES_CAPABLE
             if (BSAES_CAPABLE)
-                xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
+                xctx->stream = enc ? ossl_bsaes_xts_encrypt : ossl_bsaes_xts_decrypt;
             else
 #endif
 #ifdef VPAES_CAPABLE
diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
index b2b0b11877..fa3b3eb8ab 100644
--- a/include/crypto/aes_platform.h
+++ b/include/crypto/aes_platform.h
@@ -29,18 +29,19 @@ void vpaes_cbc_encrypt(const unsigned char *in,
 # endif /* VPAES_ASM */
 
 # ifdef BSAES_ASM
-void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t length, const AES_KEY *key,
-                       unsigned char ivec[16], int enc);
-void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-                                size_t len, const AES_KEY *key,
-                                const unsigned char ivec[16]);
-void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
-                       size_t len, const AES_KEY *key1,
-                       const AES_KEY *key2, const unsigned char iv[16]);
-void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
-                       size_t len, const AES_KEY *key1,
-                       const AES_KEY *key2, const unsigned char iv[16]);
+void ossl_bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t length, const AES_KEY *key,
+                            unsigned char ivec[16], int enc);
+void ossl_bsaes_ctr32_encrypt_blocks(const unsigned char *in,
+                                     unsigned char *out, size_t len,
+                                     const AES_KEY *key,
+                                     const unsigned char ivec[16]);
+void ossl_bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                            size_t len, const AES_KEY *key1,
+                            const AES_KEY *key2, const unsigned char iv[16]);
+void ossl_bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                            size_t len, const AES_KEY *key1,
+                            const AES_KEY *key2, const unsigned char iv[16]);
 # endif /* BSAES_ASM */
 
 # ifdef AES_CTR_ASM
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
index 1aca2bf9e7..44fa9d4d72 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
@@ -37,7 +37,7 @@ static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
 # ifdef BSAES_CAPABLE
     if (BSAES_CAPABLE) {
         GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
-                              bsaes_ctr32_encrypt_blocks);
+                              ossl_bsaes_ctr32_encrypt_blocks);
     } else
 # endif /* BSAES_CAPABLE */
 
diff --git a/providers/implementations/ciphers/cipher_aes_hw.c b/providers/implementations/ciphers/cipher_aes_hw.c
index d9b9b044b8..596cdba8d3 100644
--- a/providers/implementations/ciphers/cipher_aes_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_hw.c
@@ -46,7 +46,7 @@ static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
         if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
             ret = AES_set_decrypt_key(key, keylen * 8, ks);
             dat->block = (block128_f)AES_decrypt;
-            dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
+            dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt;
         } else
 #endif
 #ifdef VPAES_CAPABLE
@@ -91,7 +91,7 @@ static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
     if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
         ret = AES_set_encrypt_key(key, keylen * 8, ks);
         dat->block = (block128_f)AES_encrypt;
-        dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
+        dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks;
     } else
 #endif
 #ifdef VPAES_CAPABLE
diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c
index c45d67b825..bd19868f62 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
@@ -65,8 +65,8 @@ static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
 
 #ifdef BSAES_CAPABLE
     if (BSAES_CAPABLE) {
-        stream_enc = bsaes_xts_encrypt;
-        stream_dec = bsaes_xts_decrypt;
+        stream_enc = ossl_bsaes_xts_encrypt;
+        stream_dec = ossl_bsaes_xts_decrypt;
     } else
 #endif /* BSAES_CAPABLE */
 #ifdef VPAES_CAPABLE

From pauli at openssl.org  Wed May 26 23:57:36 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Wed, 26 May 2021 23:57:36 +0000
Subject: [openssl]  master update
Message-ID: <1622073456.266204.29974.nullmailer@dev.openssl.org>

The branch master has been updated
       via  9d0dd1d51335cd17d2594adfe4d30142f2ab8b19 (commit)
       via  449bdf3746244160e8ab0ee3ac73d4c73017c2fb (commit)
       via  6229815ab8f6e0a6e272c7a7094a061606cd0a90 (commit)
      from  e475d9a443ecb20d7cec711e208190c1e2b5bb0d (commit)


- Log -----------------------------------------------------------------
commit 9d0dd1d51335cd17d2594adfe4d30142f2ab8b19
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 25 15:09:07 2021 -0400

    Use "" for include crypto/xxx
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15468)

commit 449bdf3746244160e8ab0ee3ac73d4c73017c2fb
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 25 15:08:03 2021 -0400

    Use "" for include internal/xxx
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15468)

commit 6229815ab8f6e0a6e272c7a7094a061606cd0a90
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 25 15:06:22 2021 -0400

    Use <> for #include openssl/xxx
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15468)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_time.c                                        | 2 +-
 crypto/asn1/n_pkey.c                                 | 3 +--
 crypto/cmp/cmp_client.c                              | 3 +--
 crypto/cmp/cmp_http.c                                | 2 +-
 crypto/conf/conf_mod.c                               | 2 +-
 crypto/ctype.c                                       | 2 +-
 crypto/dh/dh_kdf.c                                   | 4 ++--
 crypto/ec/curve448/arch_32/f_impl32.c                | 2 +-
 crypto/ec/curve448/arch_64/f_impl64.c                | 2 +-
 crypto/ec/ec_ameth.c                                 | 2 +-
 crypto/evp/e_rc4_hmac_md5.c                          | 2 +-
 crypto/ppccap.c                                      | 4 ++--
 crypto/seed/seed_local.h                             | 2 +-
 engines/e_devcrypto.c                                | 2 +-
 fuzz/asn1.c                                          | 2 +-
 include/crypto/aes_platform.h                        | 2 +-
 include/internal/ktls.h                              | 8 ++++----
 providers/fips/self_test.c                           | 4 ++--
 providers/implementations/asymciphers/sm2_enc.c      | 2 +-
 providers/implementations/ciphers/cipher_camellia.h  | 2 +-
 providers/implementations/kem/rsa_kem.c              | 2 +-
 providers/implementations/keymgmt/ecx_kmgmt.c        | 2 +-
 providers/implementations/keymgmt/mac_legacy_kmgmt.c | 2 +-
 ssl/ktls.c                                           | 2 +-
 ssl/statem/statem_clnt.c                             | 2 +-
 test/ectest.c                                        | 6 +++---
 test/param_build_test.c                              | 2 +-
 test/sparse_array_test.c                             | 3 +--
 test/tls-provider.c                                  | 2 +-
 29 files changed, 37 insertions(+), 40 deletions(-)

diff --git a/apps/s_time.c b/apps/s_time.c
index 8c43db952e..34e939d047 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -22,7 +22,7 @@
 #include <openssl/pem.h>
 #include "s_apps.h"
 #include <openssl/err.h>
-#include <internal/sockets.h>
+#include "internal/sockets.h"
 #if !defined(OPENSSL_SYS_MSDOS)
 # include <unistd.h>
 #endif
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 91d6c60659..d1d4874bcb 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -7,8 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "openssl/opensslconf.h"
-
+#include <openssl/opensslconf.h>
 #include "internal/cryptlib.h"
 #include <stdio.h>
 #include <openssl/rsa.h>
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index dce7d0c010..367ddfd207 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -19,8 +19,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/x509v3.h>
-
-#include "openssl/cmp_util.h"
+#include <openssl/cmp_util.h>
 
 #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \
                         || (t) == OSSL_CMP_PKIBODY_KUP)
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c
index 8da7a10fee..6ac4212db7 100644
--- a/crypto/cmp/cmp_http.c
+++ b/crypto/cmp/cmp_http.c
@@ -16,7 +16,7 @@
 #include <openssl/http.h>
 #include "internal/sockets.h"
 
-#include "openssl/cmp.h"
+#include <openssl/cmp.h>
 #include "cmp_local.h"
 
 /* explicit #includes not strictly needed since implied by the above: */
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 93e0fa5e17..d82f0c7f2c 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -15,7 +15,7 @@
 #include <ctype.h>
 #include <openssl/crypto.h>
 #include "internal/conf.h"
-#include "openssl/conf_api.h"
+#include <openssl/conf_api.h>
 #include "internal/dso.h"
 #include "internal/thread_once.h"
 #include <openssl/x509.h>
diff --git a/crypto/ctype.c b/crypto/ctype.c
index 01850e8897..83c24a546f 100644
--- a/crypto/ctype.c
+++ b/crypto/ctype.c
@@ -10,7 +10,7 @@
 #include <string.h>
 #include <stdio.h>
 #include "crypto/ctype.h"
-#include "openssl/ebcdic.h"
+#include <openssl/ebcdic.h>
 
 /*
  * Define the character classes for each character in the seven bit ASCII
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 619571537a..ecc37fa92a 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -21,8 +21,8 @@
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/kdf.h>
-#include <internal/provider.h>
-#include <crypto/dh.h>
+#include "internal/provider.h"
+#include "crypto/dh.h"
 
 /* Key derivation function from X9.63/SECG */
 int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
diff --git a/crypto/ec/curve448/arch_32/f_impl32.c b/crypto/ec/curve448/arch_32/f_impl32.c
index 507b185f64..8714a51422 100644
--- a/crypto/ec/curve448/arch_32/f_impl32.c
+++ b/crypto/ec/curve448/arch_32/f_impl32.c
@@ -11,7 +11,7 @@
  */
 
 #include "e_os.h"
-#include "openssl/macros.h"
+#include <openssl/macros.h>
 #include "internal/numbers.h"
 
 #ifdef UINT128_MAX
diff --git a/crypto/ec/curve448/arch_64/f_impl64.c b/crypto/ec/curve448/arch_64/f_impl64.c
index 764d911dfb..7653545ee7 100644
--- a/crypto/ec/curve448/arch_64/f_impl64.c
+++ b/crypto/ec/curve448/arch_64/f_impl64.c
@@ -11,7 +11,7 @@
  */
 
 #include "e_os.h"
-#include "openssl/macros.h"
+#include <openssl/macros.h>
 #include "internal/numbers.h"
 
 #ifndef UINT128_MAX
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 32fe692d8a..574ad51581 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -23,7 +23,7 @@
 #include "crypto/evp.h"
 #include "crypto/x509.h"
 #include <openssl/core_names.h>
-#include "openssl/param_build.h"
+#include <openssl/param_build.h>
 #include "ec_local.h"
 
 static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key)
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 6a38f95d5e..c8b6da246f 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -13,7 +13,7 @@
  */
 #include "internal/deprecated.h"
 
-#include <internal/cryptlib.h>
+#include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
 
 #include <stdio.h>
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index a504bc59b0..4d28d84cae 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -28,8 +28,8 @@
 #endif
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
-#include <internal/cryptlib.h>
-#include <crypto/chacha.h>
+#include "internal/cryptlib.h"
+#include "crypto/chacha.h"
 #include "bn/bn_local.h"
 
 #include "ppc_arch.h"
diff --git a/crypto/seed/seed_local.h b/crypto/seed/seed_local.h
index ed3cebc6b1..084bfa8243 100644
--- a/crypto/seed/seed_local.h
+++ b/crypto/seed/seed_local.h
@@ -35,7 +35,7 @@
 #ifndef OSSL_CRYPTO_SEED_LOCAL_H
 # define OSSL_CRYPTO_SEED_LOCAL_H
 
-# include "openssl/e_os2.h"
+# include <openssl/e_os2.h>
 # include <openssl/seed.h>
 
 # ifdef SEED_LONG               /* need 32-bit type */
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index 76255a978d..d279b601f5 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -24,7 +24,7 @@
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #include <openssl/objects.h>
-#include <crypto/cryptodev.h>
+#include "crypto/cryptodev.h"
 
 /* #define ENGINE_DEVCRYPTO_DEBUG */
 
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 449d851e68..8ce9a57c25 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -37,7 +37,7 @@
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
-#include <internal/nelem.h>
+#include "internal/nelem.h"
 #include "fuzzer.h"
 
 static ASN1_ITEM_EXP *item_type[] = {
diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
index fa3b3eb8ab..431aef908b 100644
--- a/include/crypto/aes_platform.h
+++ b/include/crypto/aes_platform.h
@@ -11,7 +11,7 @@
 # define OSSL_AES_PLATFORM_H
 # pragma once
 
-# include "openssl/aes.h"
+# include <openssl/aes.h>
 
 # ifdef VPAES_ASM
 int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index dae94226d7..b572e681c5 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -32,7 +32,7 @@
 #   include <sys/ktls.h>
 #   include <netinet/in.h>
 #   include <netinet/tcp.h>
-#   include "openssl/ssl3.h"
+#   include <openssl/ssl3.h>
 
 #   ifndef TCP_RXTLS_ENABLE
 #    define OPENSSL_NO_KTLS_RX
@@ -232,9 +232,9 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off,
 #   include <sys/sendfile.h>
 #   include <netinet/tcp.h>
 #   include <linux/socket.h>
-#   include "openssl/ssl3.h"
-#   include "openssl/tls1.h"
-#   include "openssl/evp.h"
+#   include <openssl/ssl3.h>
+#   include <openssl/tls1.h>
+#   include <openssl/evp.h>
 
 #   ifndef SOL_TLS
 #    define SOL_TLS 282
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 2b3b30de27..a4d7a4ffe2 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -11,7 +11,7 @@
 #include <openssl/evp.h>
 #include <openssl/params.h>
 #include <openssl/crypto.h>
-#include <internal/cryptlib.h>
+#include "internal/cryptlib.h"
 #include <openssl/fipskey.h>
 #include <openssl/err.h>
 #include <openssl/proverr.h>
@@ -25,7 +25,7 @@
  * it should be run once regardless of the number of OSSL_LIB_CTXs we have.
  */
 #define ALLOW_RUN_ONCE_IN_FIPS
-#include <internal/thread_once.h>
+#include "internal/thread_once.h"
 #include "self_test.h"
 
 #define FIPS_STATE_INIT     0
diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c
index 581ca632b2..a855a36d20 100644
--- a/providers/implementations/asymciphers/sm2_enc.c
+++ b/providers/implementations/asymciphers/sm2_enc.c
@@ -16,7 +16,7 @@
 #include <openssl/params.h>
 #include <openssl/err.h>
 #include <openssl/proverr.h>
-#include <crypto/sm2.h>
+#include "crypto/sm2.h"
 #include "prov/provider_ctx.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
diff --git a/providers/implementations/ciphers/cipher_camellia.h b/providers/implementations/ciphers/cipher_camellia.h
index bd4debcd39..dc7516cedb 100644
--- a/providers/implementations/ciphers/cipher_camellia.h
+++ b/providers/implementations/ciphers/cipher_camellia.h
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "openssl/camellia.h"
+#include <openssl/camellia.h>
 #include "prov/ciphercommon.h"
 #include "crypto/cmll_platform.h"
 
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 9aa0a7aaee..1ccc57a8da 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -21,7 +21,7 @@
 #include <openssl/rsa.h>
 #include <openssl/params.h>
 #include <openssl/err.h>
-#include <crypto/rsa.h>
+#include "crypto/rsa.h"
 #include <openssl/proverr.h>
 #include "prov/provider_ctx.h"
 #include "prov/implementations.h"
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 45593be544..506f350173 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -19,7 +19,7 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include "internal/param_build_set.h"
-#include "openssl/param_build.h"
+#include <openssl/param_build.h>
 #include "crypto/ecx.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index c33ed3e2c2..f11bcc560c 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -17,7 +17,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/proverr.h>
-#include "openssl/param_build.h"
+#include <openssl/param_build.h>
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
diff --git a/ssl/ktls.c b/ssl/ktls.c
index 2d1ef693c2..4aece2e7b7 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -11,7 +11,7 @@
 #include "internal/ktls.h"
 
 #if defined(__FreeBSD__)
-# include <crypto/cryptodev.h>
+# include "crypto/cryptodev.h"
 
 /*-
  * Check if a given cipher is supported by the KTLS interface.
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 85ed3e4259..ad1d0e7e05 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -26,7 +26,7 @@
 #include <openssl/trace.h>
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
-#include <internal/cryptlib.h>
+#include "internal/cryptlib.h"
 
 static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
diff --git a/test/ectest.c b/test/ectest.c
index f58cd4e4bc..c08b14be45 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -28,9 +28,9 @@
 #include <openssl/rand.h>
 #include <openssl/bn.h>
 #include <openssl/opensslconf.h>
-#include "openssl/core_names.h"
-#include "openssl/param_build.h"
-#include "openssl/evp.h"
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#include <openssl/evp.h>
 
 static size_t crv_len = 0;
 static EC_builtin_curve *curves = NULL;
diff --git a/test/param_build_test.c b/test/param_build_test.c
index e08bb31bf6..bfa463acc5 100644
--- a/test/param_build_test.c
+++ b/test/param_build_test.c
@@ -10,7 +10,7 @@
 
 #include <string.h>
 #include <openssl/params.h>
-#include "openssl/param_build.h"
+#include <openssl/param_build.h>
 #include "internal/nelem.h"
 #include "testutil.h"
 
diff --git a/test/sparse_array_test.c b/test/sparse_array_test.c
index 2c7f5a878c..69f830e5c7 100644
--- a/test/sparse_array_test.c
+++ b/test/sparse_array_test.c
@@ -13,8 +13,7 @@
 #include <limits.h>
 
 #include <openssl/crypto.h>
-#include <internal/nelem.h>
-
+#include "internal/nelem.h"
 #include "crypto/sparse_array.h"
 #include "testutil.h"
 
diff --git a/test/tls-provider.c b/test/tls-provider.c
index d9d52664b2..20360d469e 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -14,7 +14,7 @@
 #include <openssl/params.h>
 /* For TLS1_3_VERSION */
 #include <openssl/ssl.h>
-#include <internal/nelem.h>
+#include "internal/nelem.h"
 
 static OSSL_FUNC_keymgmt_import_fn xor_import;
 static OSSL_FUNC_keymgmt_import_types_fn xor_import_types;

From no-reply at appveyor.com  Thu May 27 00:25:26 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 00:25:26 +0000
Subject: Build failed: openssl master.42162
Message-ID: <20210527002526.1.63AF27A9E75E002F@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/5b28cb4b/attachment.html>

From pauli at openssl.org  Thu May 27 03:03:28 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 27 May 2021 03:03:28 +0000
Subject: [openssl]  master update
Message-ID: <1622084608.894069.9005.nullmailer@dev.openssl.org>

The branch master has been updated
       via  422da9bbfb739a5d42292c990c0b81552060d5a2 (commit)
       via  5c99d57ea3903211f313e7760f045ac48273e79d (commit)
       via  dfad3a00be4101479744cac1fe4314c567f1e35e (commit)
       via  3134fb284fe632424ee3bd380c4bf95342aa00fd (commit)
       via  476798f22f76040dc5218aa8e91ffb0177fea9e7 (commit)
       via  0c05fda40e3d55a322970f2bbbfea89e645e6902 (commit)
      from  9d0dd1d51335cd17d2594adfe4d30142f2ab8b19 (commit)


- Log -----------------------------------------------------------------
commit 422da9bbfb739a5d42292c990c0b81552060d5a2
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:24:40 2021 +1000

    test: test MP genrsa in deprecated builds
    
    These multi-prime tests were omitted when genrsa was deprecated but not
    returned when it was restored.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 5c99d57ea3903211f313e7760f045ac48273e79d
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:11:29 2021 +1000

    test: add test for key generation strength > RNG strength
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit dfad3a00be4101479744cac1fe4314c567f1e35e
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:10:51 2021 +1000

    test: test genrsa in deprecated builds
    
    These tests were omitted when genrsa was deprecated but not returned when
    it was restored.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 3134fb284fe632424ee3bd380c4bf95342aa00fd
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:02:09 2021 +1000

    errors: update error message (to be squashed)
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 476798f22f76040dc5218aa8e91ffb0177fea9e7
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 10:00:37 2021 +1000

    rsa: check that the RNG is capable of producing a key of the specified size
    
    During key generation, any sized key can be asked for.  Attempting to generate
    a key with a security strength larger than the RNG strength now fails.
    
    Fixes #15421
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

commit 0c05fda40e3d55a322970f2bbbfea89e645e6902
Author: Pauli <pauli at openssl.org>
Date:   Wed May 26 09:27:32 2021 +1000

    rsa: remove the limit on the maximum key strength
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15472)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt         |  2 ++
 crypto/rsa/rsa_err.c           |  4 ++-
 crypto/rsa/rsa_sp800_56b_gen.c | 26 ++++++++++++++++---
 include/crypto/rsaerr.h        |  2 +-
 include/openssl/rsaerr.h       |  1 +
 test/recipes/15-test_genrsa.t  | 58 ++++++++++++++++++------------------------
 test/recipes/15-test_mp_rsa.t  | 31 ++++++++++++++--------
 7 files changed, 76 insertions(+), 48 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 3e9bfc1acf..48d1175bce 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1190,6 +1190,8 @@ RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small
 RSA_R_PUB_EXPONENT_OUT_OF_RANGE:178:pub exponent out of range
 RSA_R_P_NOT_PRIME:128:p not prime
 RSA_R_Q_NOT_PRIME:129:q not prime
+RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT:180:\
+	randomness source strength insufficient
 RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported
 RSA_R_SLEN_CHECK_FAILED:136:salt length check failed
 RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 1e3c81ff5e..85bee965fc 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -118,6 +118,8 @@ static const ERR_STRING_DATA RSA_str_reasons[] = {
     "pub exponent out of range"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT),
+    "randomness source strength insufficient"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
     "rsa operations not supported"},
     {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED),
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c
index 077c32f1e9..d2052c5796 100644
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -11,13 +11,14 @@
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/core.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
 #include "crypto/bn.h"
 #include "crypto/security_bits.h"
 #include "rsa_local.h"
 
 #define RSA_FIPS1864_MIN_KEYGEN_KEYSIZE 2048
 #define RSA_FIPS1864_MIN_KEYGEN_STRENGTH 112
-#define RSA_FIPS1864_MAX_KEYGEN_STRENGTH 256
 
 /*
  * Generate probable primes 'p' & 'q'. See FIPS 186-4 Section B.3.6
@@ -174,8 +175,7 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
     int s = (int)ossl_ifc_ffc_compute_security_bits(nbits);
 
 #ifdef FIPS_MODULE
-    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH
-            || s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) {
+    if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH) {
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS);
         return 0;
     }
@@ -187,6 +187,22 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
     return 1;
 }
 
+/*
+ * Validate that the random bit generator is of sufficient strength to generate
+ * a key of the specified length.
+ */
+static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits)
+{
+    if (rng == NULL)
+        return 0;
+    if (EVP_RAND_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) {
+        ERR_raise(ERR_LIB_RSA,
+                  RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT);
+        return 0;
+    }
+    return 1;
+}
+
 /*
  *
  * Using p & q, calculate other required parameters such as n, d.
@@ -348,6 +364,10 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
     if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1))
         return 0;
 
+    /* Check that the RNG is capable of generating a key this large */
+   if (!rsa_validate_rng_strength(RAND_get0_private(rsa->libctx), nbits))
+        return 0;
+
     ctx = BN_CTX_new_ex(rsa->libctx);
     if (ctx == NULL)
         return 0;
diff --git a/include/crypto/rsaerr.h b/include/crypto/rsaerr.h
index 43541b7faf..9b23500b37 100644
--- a/include/crypto/rsaerr.h
+++ b/include/crypto/rsaerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h
index bc31d2fe65..4335f1cb33 100644
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -85,6 +85,7 @@
 # define RSA_R_PUB_EXPONENT_OUT_OF_RANGE                  178
 # define RSA_R_P_NOT_PRIME                                128
 # define RSA_R_Q_NOT_PRIME                                129
+# define RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT    180
 # define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
 # define RSA_R_SLEN_CHECK_FAILED                          136
 # define RSA_R_SLEN_RECOVERY_FAILED                       135
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index 501d3a100f..6c67f04af9 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,18 +25,21 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
     ($no_fips ? 0 : 2)          # Extra FIPS related test
-    + 13;
+    + 14;
 
 # We want to know that an absurdly small number of bits isn't support
-if (disabled("deprecated-3.0")) {
-    is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
-                 '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
-                 '-pkeyopt', 'rsa_keygen_pubexp:3'])),
-               0, "genrsa -3 8");
-} else {
-    is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
-               0, "genrsa -3 8");
-}
+is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+             '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
+             '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+           0, "genpkey 8");
+is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
+           0, "genrsa -3 8");
+
+# We want to know that an absurdly large number of bits fails the RNG check
+is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+             '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:1000000000',
+             '-pkeyopt', 'rsa_keygen_pubexp:3'])),
+           0, "genpkey 1000000000");
 
 # Depending on the shared library, we might have different lower limits.
 # Let's find it!  This is a simple binary search
@@ -50,16 +53,10 @@ my $fin;
 while ($good > $bad + 1) {
     my $checked = int(($good + $bad + 1) / 2);
     my $bits = 2 ** $checked;
-    if (disabled("deprecated-3.0")) {
-        $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
-                         '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
-                         '-pkeyopt', "rsa_keygen_bits:$bits",
-                       ], stderr => undef));
-    } else {
-        $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
-                         $bits
-                       ], stderr => undef));
-    }
+    $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
+                     '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
+                     '-pkeyopt', "rsa_keygen_bits:$bits",
+                   ], stderr => undef));
     if ($fin) {
         note 2 ** $checked, " bits is good";
         $good = $checked;
@@ -76,14 +73,9 @@ ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
              '-pkeyopt', 'rsa_keygen_pubexp:65537',
              '-pkeyopt', "rsa_keygen_bits:$good",
              '-out', 'genrsatest.pem' ])),
-   "genpkey -3 $good");
+   "genpkey $good");
 ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
    "pkey -check");
-ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
-             '-pkeyopt', 'rsa_keygen_pubexp:65537',
-             '-pkeyopt', "rsa_keygen_bits:$good",
-             '-out', 'genrsatest.pem' ])),
-   "genpkey -f4 $good");
 
 ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
              '-pkeyopt', 'rsa_keygen_bits:2048',
@@ -104,19 +96,19 @@ ok(!run(app([ 'openssl', 'genpkey', '-propquery', 'unknown',
              '-algorithm', 'RSA' ])),
    "genpkey requesting unknown=yes property should fail");
 
-
  SKIP: {
-    skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0");
+    skip "Skipping rsa command line test", 2 if disabled("deprecated-3.0");
 
     ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
        "genrsa -3 $good");
     ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
        "rsa -check");
-    ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
-       "genrsa -f4 $good");
-    ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
-       "rsa -check");
-}
+ }
+
+ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
+   "genrsa -f4 $good");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+   "rsa -check");
 
 unless ($no_fips) {
     my $provconf = srctop_file("test", "fips-and-base.cnf");
diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t
index ad7018789b..339a2a811d 100644
--- a/test/recipes/15-test_mp_rsa.t
+++ b/test/recipes/15-test_mp_rsa.t
@@ -35,14 +35,14 @@ my @test_param = (
     },
 );
 
-plan tests => 1 + scalar(@test_param) * 5 * (disabled('deprecated-3.0') ? 1 : 2);
+plan tests => 1 + scalar(@test_param) * 5 * 2;
 
 ok(run(test(["rsa_mp_test"])), "running rsa multi prime test");
 
 my $cleartext = data_file("plain_text");
 
 # genrsa
-run_mp_tests(0) if !disabled('deprecated-3.0');
+run_mp_tests(0);
 # evp
 run_mp_tests(1);
 
@@ -77,14 +77,25 @@ sub run_mp_tests {
             ok(run(app([ 'openssl', 'rsa', '-check',
                          '-in', "rsamptest-$name.pem", '-noout'])),
                "rsa -check $name");
-            ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
-                         '-encrypt', '-in', $cleartext,
-                         '-out', "rsamptest-$name.enc" ])),
-               "rsa $name encrypt");
-            ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
-                         '-decrypt', '-in', "rsamptest-$name.enc",
-                         '-out', "rsamptest-$name.dec" ])),
-               "rsa $name decrypt");
+            if (!disabled('deprecated-3.0')) {
+                ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
+                             '-encrypt', '-in', $cleartext,
+                             '-out', "rsamptest-$name.enc" ])),
+                   "rsa $name encrypt");
+                ok(run(app([ 'openssl', 'rsautl', '-inkey', "rsamptest-$name.pem",
+                             '-decrypt', '-in', "rsamptest-$name.enc",
+                             '-out', "rsamptest-$name.dec" ])),
+                   "rsa $name decrypt");
+            } else {
+                ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
+                             '-encrypt', '-in', $cleartext,
+                             '-out', "rsamptest-$name.enc" ])),
+                   "rsa $name encrypt");
+                ok(run(app([ 'openssl', 'pkeyutl', '-inkey', "rsamptest-$name.pem",
+                             '-decrypt', '-in', "rsamptest-$name.enc",
+                             '-out', "rsamptest-$name.dec" ])),
+                   "rsa $name decrypt");
+            }
         }
         ok(check_msg("rsamptest-$name.dec"), "rsa $name check result");
     }

From pauli at openssl.org  Thu May 27 03:21:02 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 27 May 2021 03:21:02 +0000
Subject: [openssl]  master update
Message-ID: <1622085662.296306.16943.nullmailer@dev.openssl.org>

The branch master has been updated
       via  dcc780cf8d03309e62e5c135f250bd4fd0b7fe41 (commit)
      from  422da9bbfb739a5d42292c990c0b81552060d5a2 (commit)


- Log -----------------------------------------------------------------
commit dcc780cf8d03309e62e5c135f250bd4fd0b7fe41
Author: jwalch <jeremy.walch at gmail.com>
Date:   Tue May 25 19:43:23 2021 -0400

    Fix OCSP_sendreq_nbio arg order
    
    Fixes #15470
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15471)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ocsp.h.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in
index 869c3ad415..a9ff4e565c 100644
--- a/include/openssl/ocsp.h.in
+++ b/include/openssl/ocsp.h.in
@@ -189,7 +189,7 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
         OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
 #   define OCSP_REQ_CTX_nbio OSSL_HTTP_REQ_CTX_nbio
 #   define OCSP_REQ_CTX_nbio_d2i OSSL_HTTP_REQ_CTX_nbio_d2i
-#   define OCSP_sendreq_nbio(r, p) \
+#   define OCSP_sendreq_nbio(p, r) \
         OSSL_HTTP_REQ_CTX_nbio_d2i(r, (ASN1_VALUE **)(p), \
                                    ASN1_ITEM_rptr(OCSP_RESPONSE))
 #   define OCSP_REQ_CTX_get0_mem_bio OSSL_HTTP_REQ_CTX_get0_mem_bio

From no-reply at appveyor.com  Thu May 27 03:55:07 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 03:55:07 +0000
Subject: Build failed: openssl master.42163
Message-ID: <20210527035507.1.A8BE14A0FD63ACC2@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/9c42628d/attachment.html>

From no-reply at appveyor.com  Thu May 27 07:19:09 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 07:19:09 +0000
Subject: Build failed: openssl master.42164
Message-ID: <20210527071909.1.61D528C5005BE010@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/af221d5b/attachment.html>

From shane.lontis at oracle.com  Thu May 27 08:57:28 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Thu, 27 May 2021 08:57:28 +0000
Subject: [openssl]  master update
Message-ID: <1622105848.772884.6594.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3257179b7a9a9430c5b54fe0321fdc6862f91345 (commit)
       via  8cf78d634ba389573d8006c36bce2f0bc36e43f0 (commit)
      from  dcc780cf8d03309e62e5c135f250bd4fd0b7fe41 (commit)


- Log -----------------------------------------------------------------
commit 3257179b7a9a9430c5b54fe0321fdc6862f91345
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sun May 23 16:49:48 2021 +1000

    Fix spelling mistake in d2i_PrivateKey.pod
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15423)

commit 8cf78d634ba389573d8006c36bce2f0bc36e43f0
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sun May 23 16:48:45 2021 +1000

    Add demo for EC keygen
    
    Fixes #14112
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15423)

-----------------------------------------------------------------------

Summary of changes:
 demos/README.txt                |  19 ++---
 demos/pkey/EVP_PKEY_EC_keygen.c | 155 ++++++++++++++++++++++++++++++++++++++++
 demos/pkey/Makefile             |  20 ++++++
 doc/man3/d2i_PrivateKey.pod     |   2 +-
 4 files changed, 187 insertions(+), 9 deletions(-)
 create mode 100644 demos/pkey/EVP_PKEY_EC_keygen.c
 create mode 100644 demos/pkey/Makefile

diff --git a/demos/README.txt b/demos/README.txt
index cfb2b3c82d..27093aba30 100644
--- a/demos/README.txt
+++ b/demos/README.txt
@@ -3,21 +3,24 @@ OpenSSL Demonstration Applications
 This folder contains source code that demonstrates the proper use of the OpenSSL
 library API.
 
-bio:              Demonstration of a simple TLS client and server.
+bio:                   Demonstration of a simple TLS client and server.
 
-certs:            Demonstration of creating certs, using OCSP
+certs:                 Demonstration of creating certs, using OCSP
 
 ciphers:
 
 cms:
 
 digest:
-EVP_MD_demo.c      Compute a digest from multiple buffers
-EVP_MD_stdin.c     Compute a digest with data read from stdin
-EVP_f_md.c         Compute a digest using BIO and EVP_f_md
+EVP_MD_demo.c          Compute a digest from multiple buffers
+EVP_MD_stdin.c         Compute a digest with data read from stdin
+EVP_f_md.c             Compute a digest using BIO and EVP_f_md
+
+pkey:
+EVP_PKEY_EC_keygen.c   Generate an EC key.
 
 smime:
 
-pkcs12:            
-pkread.c           Print out a description of a PKCS12 file.
-pkwrite.c          Add a password to an existing PKCS12 file.
+pkcs12:
+pkread.c               Print out a description of a PKCS12 file.
+pkwrite.c              Add a password to an existing PKCS12 file.
diff --git a/demos/pkey/EVP_PKEY_EC_keygen.c b/demos/pkey/EVP_PKEY_EC_keygen.c
new file mode 100644
index 0000000000..14efaea53a
--- /dev/null
+++ b/demos/pkey/EVP_PKEY_EC_keygen.c
@@ -0,0 +1,155 @@
+/*-
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Example showing how to generate an EC key and extract values from the
+ * generated key.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+
+static int get_key_values(EVP_PKEY *pkey);
+
+/*
+ * The following code shows how to generate an EC key from a curve name
+ * with additional parameters. If only the curve name is required then the
+ * simple helper can be used instead i.e. Either
+ * pkey = EVP_EC_gen(curvename); OR
+ * pkey = EVP_PKEY_Q_keygen(libctx, propq, "EC", curvename);
+ */
+static EVP_PKEY *do_ec_keygen(void)
+{
+    /*
+     * The libctx and propq can be set if required, they are included here
+     * to show how they are passed to EVP_PKEY_CTX_new_from_name().
+     */
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+    EVP_PKEY *key = NULL;
+    OSSL_PARAM params[3];
+    EVP_PKEY_CTX *genctx = NULL;
+    const char *curvename = "P-256";
+    int use_cofactordh = 1;
+
+    genctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", propq);
+    if (genctx == NULL) {
+        fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n");
+        goto cleanup;
+    }
+
+    if (EVP_PKEY_keygen_init(genctx) <= 0) {
+        fprintf(stderr, "EVP_PKEY_keygen_init() failed\n");
+        goto cleanup;
+    }
+
+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+                                                 (char *)curvename, 0);
+    /*
+     * This is an optional parameter.
+     * For many curves where the cofactor is 1, setting this has no effect.
+     */
+    params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
+                                         &use_cofactordh);
+    params[2] = OSSL_PARAM_construct_end();
+    if (!EVP_PKEY_CTX_set_params(genctx, params)) {
+        fprintf(stderr, "EVP_PKEY_CTX_set_params() failed\n");
+        goto cleanup;
+    }
+
+    fprintf(stdout, "Generating EC key\n\n");
+    if (EVP_PKEY_generate(genctx, &key) <= 0) {
+        fprintf(stderr, "EVP_PKEY_generate() failed\n");
+        goto cleanup;
+    }
+cleanup:
+    EVP_PKEY_CTX_free(genctx);
+    return key;
+}
+
+/*
+ * The following code shows how retrieve key data from the generated
+ * EC key. See doc/man7/EVP_PKEY-EC.pod for more information.
+ *
+ * EVP_PKEY_print_private() could also be used to display the values.
+ */
+static int get_key_values(EVP_PKEY *pkey)
+{
+    int result = 0;
+    char out_curvename[80];
+    unsigned char out_pubkey[80];
+    unsigned char out_privkey[80];
+    BIGNUM *out_priv = NULL;
+    size_t i, out_pubkey_len, out_privkey_len = 0;
+
+    if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
+                                        out_curvename, sizeof(out_curvename),
+                                        NULL)) {
+        fprintf(stderr, "Failed to get curve name\n");
+        goto cleanup;
+    }
+
+    if (!EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
+                                        out_pubkey, sizeof(out_pubkey),
+                                        &out_pubkey_len)) {
+        fprintf(stderr, "Failed to get public key\n");
+        goto cleanup;
+    }
+
+    if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &out_priv)) {
+        fprintf(stderr, "Failed to get private key\n");
+        goto cleanup;
+    }
+
+    out_privkey_len = BN_bn2bin(out_priv, out_privkey);
+    if (out_privkey_len <= 0 || out_privkey_len > sizeof(out_privkey)) {
+        fprintf(stderr, "BN_bn2bin failed\n");
+        goto cleanup;
+    }
+
+    fprintf(stdout, "Curve name: %s\n", out_curvename);
+    fprintf(stdout, "Public key:\n");
+    BIO_dump_indent_fp(stdout, out_pubkey, out_pubkey_len, 2);
+    fprintf(stdout, "Private Key:\n");
+    BIO_dump_indent_fp(stdout, out_privkey, out_privkey_len, 2);
+
+    result = 1;
+cleanup:
+    /* Zeroize the private key data when we free it */
+    BN_clear_free(out_priv);
+    return result;
+}
+
+int main(void)
+{
+    int result = 0;
+    EVP_PKEY *pkey;
+
+    pkey = do_ec_keygen();
+    if (pkey == NULL)
+        goto cleanup;
+
+    if (!get_key_values(pkey))
+        goto cleanup;
+
+    /*
+     * At this point we can write out the generated key using
+     * i2d_PrivateKey() and i2d_PublicKey() if required.
+     */
+    result = 1;
+cleanup:
+    if (result != 1)
+        ERR_print_errors_fp(stderr);
+
+    EVP_PKEY_free(pkey);
+    return result == 0;
+}
diff --git a/demos/pkey/Makefile b/demos/pkey/Makefile
new file mode 100644
index 0000000000..35cdca229a
--- /dev/null
+++ b/demos/pkey/Makefile
@@ -0,0 +1,20 @@
+#
+# To run the demos when linked with a shared library (default):
+#
+#    LD_LIBRARY_PATH=../.. ./EVP_PKEY_EC_keygen
+
+CFLAGS = -I../../include -g
+LDFLAGS = -L../..
+LDLIBS = -lcrypto
+
+all: EVP_PKEY_EC_keygen
+
+%.o: %.c
+	$(CC) $(CFLAGS) -c $<
+
+EVP_PKEY_EC_keygen: EVP_PKEY_EC_keygen.o
+
+test: ;
+
+clean:
+	$(RM) *.o EVP_PKEY_EC_keygen
diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod
index 38c3d748cc..eb34a1386f 100644
--- a/doc/man3/d2i_PrivateKey.pod
+++ b/doc/man3/d2i_PrivateKey.pod
@@ -81,7 +81,7 @@ i2d_PublicKey() does the same for public keys.
 i2d_KeyParams() does the same for key parameters.
 These functions are similar to the d2i_X509() functions; see L<d2i_X509(3)>.
 i2d_PrivateKey_bio() and i2d_PrivateKey_fp() do the same thing except that they
-encode to a B<BIO> or B<FILE> respectrively. Again, these work similarly to the
+encode to a B<BIO> or B<FILE> respectively. Again, these work similarly to the
 functions described in L<d2i_X509(3)>.
 
 =head1 NOTES

From dev at ddvo.net  Thu May 27 09:06:57 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Thu, 27 May 2021 09:06:57 +0000
Subject: [openssl]  master update
Message-ID: <1622106417.416354.1500.nullmailer@dev.openssl.org>

The branch master has been updated
       via  91f2b15f2ecd9dd92b6ed2563b10c1a126db2643 (commit)
       via  8b893c35da65c7b9a126c779caf42500e1297e7d (commit)
       via  54e8f7259bec08a6655a0693a315a75d9ce65e95 (commit)
      from  3257179b7a9a9430c5b54fe0321fdc6862f91345 (commit)


- Log -----------------------------------------------------------------
commit 91f2b15f2ecd9dd92b6ed2563b10c1a126db2643
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat Dec 12 22:04:05 2020 +0100

    TEST: Prefer using precomputed RSA and DH keys for more efficient tests
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13715)

commit 8b893c35da65c7b9a126c779caf42500e1297e7d
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 26 09:22:48 2021 +0200

    APPS req: Extend the -keyout option to be respected also with -key
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13715)

commit 54e8f7259bec08a6655a0693a315a75d9ce65e95
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed May 26 09:08:14 2021 +0200

    DOC: Improve description of 'req' app: -new, -newkey, and -keyout options
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13715)

-----------------------------------------------------------------------

Summary of changes:
 apps/req.c                                    | 26 +++++++++++--------
 doc/man1/openssl-req.pod.in                   | 37 ++++++++++++++++-----------
 test/CAtsa.cnf                                |  1 -
 test/ca-and-certs.cnf                         |  4 ---
 test/certs/dhk2048.pem                        | 14 ++++++++++
 test/endecode_test.c                          | 34 ++++++++++++++----------
 test/endecoder_legacy_test.c                  | 31 +++++++++++++++++++++-
 test/evp_libctx_test.c                        |  5 ++--
 test/proxy.cnf                                |  4 ---
 test/recipes/04-test_encoder_decoder.t        |  5 +++-
 test/recipes/04-test_encoder_decoder_legacy.t |  6 +++--
 test/recipes/25-test_req.t                    |  2 ++
 test/recipes/25-test_verify_store.t           |  4 +++
 test/recipes/80-test_ca.t                     | 10 +++++---
 test/recipes/80-test_ssl_old.t                | 20 +++++++--------
 test/recipes/80-test_tsa.t                    |  7 +++--
 test/test.cnf                                 |  4 ---
 17 files changed, 141 insertions(+), 73 deletions(-)
 create mode 100644 test/certs/dhk2048.pem

diff --git a/apps/req.c b/apps/req.c
index 67cefa7e87..a9769b7452 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -142,10 +142,11 @@ const OPTIONS req_options[] = {
     {"key", OPT_KEY, 's', "Private key to use"},
     {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
     {"pubkey", OPT_PUBKEY, '-', "Output public key"},
-    {"keyout", OPT_KEYOUT, '>', "File to save newly created private key"},
+    {"keyout", OPT_KEYOUT, '>', "File to write private key to"},
     {"passin", OPT_PASSIN, 's', "Private key and certificate password source"},
     {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
-    {"newkey", OPT_NEWKEY, 's', "Specify as type:bits"},
+    {"newkey", OPT_NEWKEY, 's',
+     "Generate new key with [<alg>:]<nbits> or <alg>[:<file>] or param:<file>"},
     {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
     {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
     {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"},
@@ -675,17 +676,21 @@ int req_main(int argc, char **argv)
 
         EVP_PKEY_CTX_free(genctx);
         genctx = NULL;
+    }
+    if (keyout == NULL) {
+        keyout = NCONF_get_string(req_conf, section, KEYFILE);
+        if (keyout == NULL)
+            ERR_clear_error();
+    }
 
-        if (keyout == NULL) {
-            keyout = NCONF_get_string(req_conf, section, KEYFILE);
+    if (pkey != NULL && (keyfile == NULL || keyout != NULL)) {
+        if (verbose) {
+            BIO_printf(bio_err, "Writing private key to ");
             if (keyout == NULL)
-                ERR_clear_error();
+                BIO_printf(bio_err, "stdout\n");
+            else
+                BIO_printf(bio_err, "'%s'\n", keyout);
         }
-
-        if (keyout == NULL)
-            BIO_printf(bio_err, "Writing new private key to stdout\n");
-        else
-            BIO_printf(bio_err, "Writing new private key to '%s'\n", keyout);
         out = bio_open_owner(keyout, outformat, newreq);
         if (out == NULL)
             goto end;
@@ -704,7 +709,6 @@ int req_main(int argc, char **argv)
 
         i = 0;
  loop:
-        assert(newreq);
         if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
                                       NULL, 0, NULL, passout)) {
             if ((ERR_GET_REASON(ERR_peek_error()) ==
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in
index 32434852ed..7897610818 100644
--- a/doc/man1/openssl-req.pod.in
+++ b/doc/man1/openssl-req.pod.in
@@ -149,29 +149,33 @@ the user for the relevant field values. The actual fields
 prompted for and their maximum and minimum sizes are specified
 in the configuration file and any requested extensions.
 
-If the B<-key> option is not given it will generate a new RSA private key
+If the B<-key> option is not given it will generate a new private key
 using information specified in the configuration file or given with
-the B<-newkey> and B<-pkeyopt> options, else by default with 2048 bits length.
+the B<-newkey> and B<-pkeyopt> options,
+else by default an RSA key with 2048 bits length.
 
 =item B<-newkey> I<arg>
 
 This option creates a new certificate request and a new private
 key. The argument takes one of several forms.
 
-B<rsa:>I<nbits>, where
-I<nbits> is the number of bits, generates an RSA key I<nbits>
-in size. If I<nbits> is omitted, i.e. B<-newkey> I<rsa> specified,
-the default key size, specified in the configuration file is used.
+[B<rsa:>]I<nbits> generates an RSA key I<nbits> in size.
+If I<nbits> is omitted, i.e., B<-newkey> B<rsa> is specified,
+the default key size specified in the configuration file
+with the B<default_bits> option is used if present, else 2048.
 
-All other algorithms support the B<-newkey> I<alg>:I<file> form, where file
-may be an algorithm parameter file, created with C<openssl genpkey -genparam>
+All other algorithms support the B<-newkey> I<algname>:I<file> form, where
+I<file> is an algorithm parameter file, created with C<openssl genpkey -genparam>
 or an X.509 certificate for a key with appropriate algorithm.
 
 B<param:>I<file> generates a key using the parameter file or certificate
-I<file>, the algorithm is determined by the parameters. I<algname>:I<file>
-use algorithm I<algname> and parameter file I<file>: the two algorithms must
-match or an error occurs. I<algname> just uses algorithm I<algname>, and
-parameters, if necessary should be specified via B<-pkeyopt> parameter.
+I<file>, the algorithm is determined by the parameters.
+
+I<algname>[:I<file>] generates a key using the given algorithm I<algname>.
+If a parameter file I<file> is given then the parameters specified there
+are used, where the algorithm parameters must match I<algname>.
+If algorithm parameters are not given,
+any necessary parameters should be specified via the B<-pkeyopt> option.
 
 B<dsa:>I<filename> generates a DSA key using the parameters
 in the file I<filename>. B<ec:>I<filename> generates EC key (usable both with
@@ -200,9 +204,12 @@ See L<openssl-format-options(1)> for details.
 
 =item B<-keyout> I<filename>
 
-This gives the filename to write the newly created private key to.
-If this option is not specified then the filename present in the
-configuration file is used.
+This gives the filename to write any private key to that has been newly created
+or read from B<-key>.
+If the B<-keyout> option is not given the filename specified in the
+configuration file with the B<default_keyfile> option is used, if present.
+If a new key is generated and no filename is specified
+the key is written to standard output.
 
 =item B<-noenc>
 
diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf
index e7ca8c5a1e..e232e7023e 100644
--- a/test/CAtsa.cnf
+++ b/test/CAtsa.cnf
@@ -48,7 +48,6 @@ emailAddress		= optional
 
 #----------------------------------------------------------------------
 [ req ]
-default_bits		= 2048
 default_md		= sha1
 distinguished_name	= $ENV::TSDNSECT
 encrypt_rsa_key		= no
diff --git a/test/ca-and-certs.cnf b/test/ca-and-certs.cnf
index 598db2b6a0..f6663924ae 100644
--- a/test/ca-and-certs.cnf
+++ b/test/ca-and-certs.cnf
@@ -3,8 +3,6 @@ CN2 = Brother 2
 
 ####################################################################
 [ req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= req_distinguished_name
 encrypt_rsa_key		= no
 default_md		= sha1
@@ -19,8 +17,6 @@ commonName_value		= Dodgy CA
 
 ####################################################################
 [ userreq ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= user_dn
 encrypt_rsa_key		= no
 default_md		= sha256
diff --git a/test/certs/dhk2048.pem b/test/certs/dhk2048.pem
new file mode 100644
index 0000000000..1e1cef4b8c
--- /dev/null
+++ b/test/certs/dhk2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN PRIVATE KEY-----
+MIICKgIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////yQ/aoiFowjTE
+xmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP
+4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJ
+KGZR7ORbPcIAfLihY78FmNpINhxV05ppFj+o/STPX4NlXSPco62WHGLzViCFUrue
+1SkHcJaWbWcMNU5KvJgE8XRsCMoYIXwykF5GLjbOO+OedywYDoYDmyeDouwHoo+1
+xV3wb0xSyd4ry/aVWBcYOZVJfOqVauUV0iYYmPoFEBVyjlqKrKpo//////////8C
+AQICAgf/BIIBBAKCAQBPXxEkDA2EWknARF2EzUo6gc1eFNdKMVwa7aT3e2ClTIkN
+B4Y6XsJCS5C4q0vKhHtdH5LswCxUPfTQQAOlKPzcdMcGuOvx8gl90kvaOuxnD0wQ
+rpRmC64FbN+h503UJuGuNTFO2AvgLVb6EA637soAcWR6qLtRJ3wDpr1OW/ertIUj
+jhzD1i255j+z6UVQBNLy882AUSHfjr1UzWTYfcyn1zpQbZtbIh+0O5cloIl6Ek4N
+c3NtCgwAmTROrsKqHGmaW+pw4sOAAtNJByPT0y725s7tq4mAJKJgCc2J8Lbwbx9Z
+s+tEoCidGYuBRNouVH6I6POwjIhdpU0kIscdv+w8
+-----END PRIVATE KEY-----
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 9d0ebeb7e7..f851f73ffd 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -88,6 +88,7 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
 }
 #endif
 
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
                           OSSL_PARAM *genparams)
 {
@@ -109,6 +110,7 @@ static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
     EVP_PKEY_CTX_free(ctx);
     return pkey;
 }
+#endif
 
 /* Main test driver */
 
@@ -1182,6 +1184,9 @@ static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
 # endif /* OPENSSL_NO_EC2M */
 #endif /* OPENSSL_NO_EC */
 
+#define USAGE "rsa-key.pem rsa-pss-key.pem\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
 int setup_tests(void)
 {
 # ifndef OPENSSL_NO_RC4
@@ -1207,12 +1212,14 @@ int setup_tests(void)
     };
 #endif
 
-    /* 7 is the default magic number */
-    static unsigned int rsapss_min_saltlen = 7;
-    OSSL_PARAM RSA_PSS_params[] = {
-        OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
-        OSSL_PARAM_END
-    };
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+    if (test_get_argument_count() != 2) {
+        TEST_error("usage: endecode_test %s", USAGE);
+        return 0;
+    }
 
 #ifndef OPENSSL_NO_EC
     if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
@@ -1237,15 +1244,16 @@ int setup_tests(void)
     TEST_info("Generating keys...");
 
 #ifndef OPENSSL_NO_DH
+    TEST_info("Generating DH keys...");
     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
-    TEST_info("Generating keys...DH done");
 #endif
 #ifndef OPENSSL_NO_DSA
+    TEST_info("Generating DSA keys...");
     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
-    TEST_info("Generating keys...DSA done");
 #endif
 #ifndef OPENSSL_NO_EC
+    TEST_info("Generating EC keys...");
     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
@@ -1257,12 +1265,12 @@ int setup_tests(void)
     MAKE_KEYS(ED448, "ED448", NULL);
     MAKE_KEYS(X25519, "X25519", NULL);
     MAKE_KEYS(X448, "X448", NULL);
-    TEST_info("Generating keys...EC done");
 #endif
-    MAKE_KEYS(RSA, "RSA", NULL);
-    TEST_info("Generating keys...RSA done");
-    MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
-    TEST_info("Generating keys...RSA_PSS done");
+    TEST_info("Loading RSA key...");
+    ok = ok && TEST_ptr(key_RSA = load_pkey_pem(test_get_argument(0), NULL));
+    TEST_info("Loading RSA_PSS key...");
+    ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(test_get_argument(1), NULL));
+    TEST_info("Generating keys done");
 
     if (ok) {
 #ifndef OPENSSL_NO_DH
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index 9e54f1f03b..b3bd4f5872 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -674,19 +674,48 @@ static int test_key(int idx)
     return ok;
 }
 
+#define USAGE "rsa-key.pem dh-key.pem\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
 int setup_tests(void)
 {
     size_t i;
 
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+    if (test_get_argument_count() != 2) {
+        TEST_error("usage: endecoder_legacy_test %s", USAGE);
+        return 0;
+    }
+
     TEST_info("Generating keys...");
 
     for (i = 0; i < OSSL_NELEM(keys); i++) {
+#ifndef OPENSSL_NO_DH
+        if (strcmp(keys[i].keytype, "DH") == 0) {
+            if (!TEST_ptr(keys[i].key =
+                          load_pkey_pem(test_get_argument(1), NULL)))
+                return  0;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+        if (strcmp(keys[i].keytype, "RSA") == 0) {
+            if (!TEST_ptr(keys[i].key =
+                          load_pkey_pem(test_get_argument(0), NULL)))
+                return  0;
+            continue;
+        }
+#endif
+        TEST_info("Generating %s key...", keys[i].keytype);
         if (!TEST_ptr(keys[i].key =
                       make_key(keys[i].keytype, keys[i].template_params)))
             return 0;
     }
 
-    TEST_info("Generating key... done");
+    TEST_info("Generating keys done");
 
     ADD_ALL_TESTS(test_key, OSSL_NELEM(test_stanzas));
     return 1;
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index 1fcfdadeef..5e8f436cca 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -530,15 +530,16 @@ static int kem_rsa_gen_recover(void)
     unsigned char ct[256] = { 0, };
     unsigned char unwrap[256] = { 0, };
     size_t ctlen = 0, unwraplen = 0, secretlen = 0;
+    int bits = 2048;
 
-    ret = TEST_true(rsa_keygen(2048, &pub, &priv))
+    ret = TEST_true(rsa_keygen(bits, &pub, &priv))
           && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
           && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
           && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
                                               &secretlen), 1)
           && TEST_int_eq(ctlen, secretlen)
-          && TEST_int_eq(ctlen, 2048 / 8)
+          && TEST_int_eq(ctlen, bits / 8)
           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
                                               &secretlen), 1)
           && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
diff --git a/test/proxy.cnf b/test/proxy.cnf
index e6b60542bb..ceac227c04 100644
--- a/test/proxy.cnf
+++ b/test/proxy.cnf
@@ -2,8 +2,6 @@
 ## Config file for proxy certificate testing.
 
 [ req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= req_distinguished_name_p1
 encrypt_rsa_key		= no
 default_md		= sha256
@@ -29,8 +27,6 @@ proxyCertInfo	= critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
 ####################################################################
 
 [ proxy2_req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
 distinguished_name	= req_distinguished_name_p2
 encrypt_rsa_key		= no
 default_md		= sha256
diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t
index 2041eb1fb9..0152519716 100644
--- a/test/recipes/04-test_encoder_decoder.t
+++ b/test/recipes/04-test_encoder_decoder.t
@@ -20,4 +20,7 @@ plan tests => 1;
 $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf"));
 
-ok(run(test(["endecode_test"])));
+my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
+my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem");
+
+ok(run(test(["endecode_test", $rsa_key, $pss_key])));
diff --git a/test/recipes/04-test_encoder_decoder_legacy.t b/test/recipes/04-test_encoder_decoder_legacy.t
index d6671b2215..f278e17e48 100644
--- a/test/recipes/04-test_encoder_decoder_legacy.t
+++ b/test/recipes/04-test_encoder_decoder_legacy.t
@@ -20,8 +20,10 @@ plan skip_all => "Not available in a no-deprecated build"
     if disabled("deprecated");
 plan tests => 1;
 
-
 $ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers"));
 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default.cnf"));
 
-ok(run(test(["endecoder_legacy_test"])));
+my $rsa_key = srctop_file("test", "certs", "ee-key.pem");
+my $dh_key = srctop_file("test", "certs", "dhk2048.pem");
+
+ok(run(test(["endecoder_legacy_test", $rsa_key, $dh_key])));
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 0fcb56a46a..9783fe3960 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -33,6 +33,7 @@ if (disabled("rsa")) {
 
 # Check for duplicate -addext parameters, and one "working" case.
 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
+                    "-key",  srctop_file("test", "certs", "ee-key.pem"),
     "-config", srctop_file("test", "test.cnf"), @req_new );
 my $val = "subjectAltName=DNS:example.com";
 my $val2 = " " . $val;
@@ -288,6 +289,7 @@ subtest "generating certificate requests" => sub {
     plan tests => 2;
 
     ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                "-key", srctop_file("test", "certs", "ee-key.pem"),
                 @req_new, "-out", "testreq.pem"])),
        "Generating request");
 
diff --git a/test/recipes/25-test_verify_store.t b/test/recipes/25-test_verify_store.t
index 920b608a37..a2268c59e4 100644
--- a/test/recipes/25-test_verify_store.t
+++ b/test/recipes/25-test_verify_store.t
@@ -17,6 +17,8 @@ setup("test_verify_store");
 plan tests => 10;
 
 my $dummycnf = srctop_file("apps", "openssl.cnf");
+my $cakey = srctop_file("test", "certs", "ca-key.pem");
+my $ukey = srctop_file("test", "certs", "ee-key.pem");
 
 my $cnf = srctop_file("test", "ca-and-certs.cnf");
 my $CAkey = "keyCA.ss";
@@ -33,6 +35,7 @@ SKIP: {
          qw(-new -section userreq),
          -config       => $cnf,
          -out          => $CAreq,
+         -key          => $cakey,
          -keyout       => $CAkey );
 
     skip 'failure', 8 unless
@@ -73,6 +76,7 @@ SKIP: {
              qw(-new -section userreq),
              -config  => $cnf,
              -out     => $Ureq,
+             -key     => $ukey,
              -keyout  => $Ukey );
 
     skip 'failure', 2 unless
diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index 4b145264ad..59a09ee917 100644
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -29,15 +29,18 @@ rmtree("demoCA", { safe => 0 });
 
 plan tests => 15;
  SKIP: {
+     my $cakey = srctop_file("test", "certs", "ca-key.pem");
      $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
      skip "failed creating CA structure", 4
-	 if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
+	 if !ok(run(perlapp(["CA.pl","-newca",
+                             "-extra-req", "-key $cakey"], stdin => undef)),
 		'creating CA structure');
 
+     my $eekey = srctop_file("test", "certs", "ee-key.pem");
      $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
      skip "failed creating new certificate request", 3
 	 if !ok(run(perlapp(["CA.pl","-newreq",
-                             '-extra-req', '-outform DER -section userreq'])),
+                             '-extra-req', "-outform DER -section userreq -key $eekey"])),
 		'creating certificate request');
      $ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf;
      skip "failed to sign certificate request", 2
@@ -50,8 +53,9 @@ plan tests => 15;
      skip "CT not configured, can't use -precert", 1
          if disabled("ct");
 
+     my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem");
      $ENV{OPENSSL_CONFIG} = '-config ' . $cnf;
-     ok(run(perlapp(["CA.pl", "-precert", '-extra-req', '-section userreq'], stderr => undef)),
+     ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)),
         'creating new pre-certificate');
 }
 
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index d01b2b72a8..59f364d7f7 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -46,12 +46,12 @@ my @genpkeycmd = ("openssl", "genpkey");
 my $dummycnf = srctop_file("apps", "openssl.cnf");
 
 my $cnf = srctop_file("test", "ca-and-certs.cnf");
-my $CAkey = "keyCA.ss";
+my $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss"
 my $CAcert="certCA.ss";
 my $CAserial="certCA.srl";
 my $CAreq="reqCA.ss";
 my $CAreq2="req2CA.ss";	# temp
-my $Ukey="keyU.ss";
+my $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss";
 my $Ureq="reqU.ss";
 my $Ucert="certU.ss";
 my $Dkey="keyD.ss";
@@ -62,11 +62,11 @@ my $Ereq="reqE.ss";
 my $Ecert="certE.ss";
 
 my $proxycnf=srctop_file("test", "proxy.cnf");
-my $P1key="keyP1.ss";
+my $P1key= srctop_file("test", "certs", "alt1-key.pem"); # "keyP1.ss";
 my $P1req="reqP1.ss";
 my $P1cert="certP1.ss";
 my $P1intermediate="tmp_intP1.ss";
-my $P2key="keyP2.ss";
+my $P2key= srctop_file("test", "certs", "alt2-key.pem"); # "keyP2.ss";
 my $P2req="reqP2.ss";
 my $P2cert="certP2.ss";
 my $P2intermediate="tmp_intP2.ss";
@@ -125,7 +125,7 @@ sub testss {
   SKIP: {
       skip 'failure', 16 unless
 	  ok(run(app([@reqcmd, "-config", $cnf,
-		      "-out", $CAreq, "-keyout", $CAkey,
+		      "-out", $CAreq, "-key", $CAkey,
 		      @req_new])),
 	     'make cert request');
 
@@ -159,7 +159,7 @@ sub testss {
 
       skip 'failure', 10 unless
 	  ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq",
-		      "-out", $Ureq, "-keyout", $Ukey, @req_new],
+		      "-out", $Ureq, "-key", $Ukey, @req_new],
 		     stdout => "err.ss")),
 	     'make a user cert request');
 
@@ -271,7 +271,7 @@ sub testss {
 
       skip 'failure', 5 unless
 	  ok(run(app([@reqcmd, "-config", $proxycnf,
-		      "-out", $P1req, "-keyout", $P1key, @req_new],
+		      "-out", $P1req, "-key", $P1key, @req_new],
 		     stdout => "err.ss")),
 	     'make a proxy cert request');
 
@@ -294,7 +294,7 @@ sub testss {
 
       skip 'failure', 2 unless
 	  ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req",
-		      "-out", $P2req, "-keyout", $P2key,
+		      "-out", $P2req, "-key", $P2key,
 		      @req_new],
 		     stdout => "err.ss")),
 	     'make another proxy cert request');
@@ -427,11 +427,11 @@ sub testssl {
         my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
 
         if (!$no_dsa) {
-            push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
+            push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
         }
 
         if (!$no_ec) {
-            push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
+            push @exkeys, "-s_cert", "certE.ss", "-s_key", $Ekey;
         }
 
         my @protocols = ();
diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t
index 6fa005aebc..a76d4a9d05 100644
--- a/test/recipes/80-test_tsa.t
+++ b/test/recipes/80-test_tsa.t
@@ -25,6 +25,7 @@ plan skip_all => "TS is not supported by this OpenSSL build"
 # here, however, to be available in all subroutines.
 my $openssl_conf;
 my $testtsa;
+my $tsacakey;
 my $CAtsa;
 my @QUERY = ("openssl", "ts", "-query");
 my @REPLY;
@@ -38,12 +39,13 @@ sub create_tsa_cert {
 
     ok(run(app(["openssl", "req", "-config", $openssl_conf, "-new",
                 "-out", "tsa_req${INDEX}.pem",
+                "-key", srctop_file("test", "certs", "alt${INDEX}-key.pem"),
                 "-keyout", "tsa_key${INDEX}.pem"])));
     note "using extension $EXT";
     ok(run(app(["openssl", "x509", "-req",
                 "-in", "tsa_req${INDEX}.pem",
                 "-out", "tsa_cert${INDEX}.pem",
-                "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem",
+                "-CA", "tsaca.pem", "-CAkey", $tsacakey,
                 "-CAcreateserial",
                 "-extfile", $openssl_conf, "-extensions", $EXT])));
 }
@@ -90,6 +92,7 @@ indir "tsa" => sub
 {
     $openssl_conf = srctop_file("test", "CAtsa.cnf");
     $testtsa = srctop_file("test", "recipes", "80-test_tsa.t");
+    $tsacakey = srctop_file("test", "certs", "ca-key.pem");
     $CAtsa = srctop_file("test", "CAtsa.cnf");
     @REPLY = ("openssl", "ts", "-config", $openssl_conf, "-reply");
 
@@ -102,7 +105,7 @@ indir "tsa" => sub
      skip "failed", 19
          unless ok(run(app(["openssl", "req", "-config", $openssl_conf,
                             "-new", "-x509", "-noenc",
-                            "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])),
+                            "-out", "tsaca.pem", "-key", $tsacakey])),
                    'creating a new CA for the TSA tests');
 
      skip "failed", 18
diff --git a/test/test.cnf b/test/test.cnf
index a686c3d8bd..8b2f92ad8e 100644
--- a/test/test.cnf
+++ b/test/test.cnf
@@ -49,15 +49,11 @@ emailAddress		= optional
 
 ####################################################################
 [ req ]
-default_bits		= 2048
-default_keyfile 	= testkey.pem
 distinguished_name	= req_distinguished_name
 encrypt_rsa_key		= no
 
 # Make altreq be identical to req
 [ altreq ]
-default_bits		= 2048
-default_keyfile 	= testkey.pem
 distinguished_name	= req_distinguished_name
 encrypt_rsa_key		= no
 

From shane.lontis at oracle.com  Thu May 27 09:10:00 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Thu, 27 May 2021 09:10:00 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1622106600.896308.11829.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  a0f0e6f38009a4a93bd724f6f9c741c413be22d4 (commit)
      from  7fc0b9376135e9e5db76c713122a6e319c0b9768 (commit)


- Log -----------------------------------------------------------------
commit a0f0e6f38009a4a93bd724f6f9c741c413be22d4
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Fri Sep 18 12:45:14 2020 +1000

    s_client.pod: Fix grammar in NOTES section.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12907)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/s_client.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 743b2db2ba..f1a2c4abdf 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -797,7 +797,7 @@ server.
 
 The B<s_client> utility is a test tool and is designed to continue the
 handshake after any certificate verification errors. As a result it will
-accept any certificate chain (trusted or not) sent by the peer. None test
+accept any certificate chain (trusted or not) sent by the peer. Non-test
 applications should B<not> do this as it makes them vulnerable to a MITM
 attack. This behaviour can be changed by with the B<-verify_return_error>
 option: any verify errors are then returned aborting the handshake.

From pauli at openssl.org  Thu May 27 10:29:56 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 27 May 2021 10:29:56 +0000
Subject: [openssl]  master update
Message-ID: <1622111396.459614.9213.nullmailer@dev.openssl.org>

The branch master has been updated
       via  72f62f4408d2a4e75c58706d41775e4f8f7f0034 (commit)
       via  29604f492020b76fde2665cde3f2a9c5adea3549 (commit)
      from  91f2b15f2ecd9dd92b6ed2563b10c1a126db2643 (commit)


- Log -----------------------------------------------------------------
commit 72f62f4408d2a4e75c58706d41775e4f8f7f0034
Author: Pauli <pauli at openssl.org>
Date:   Mon May 24 09:35:08 2021 +1000

    coverity 1484912: Null pointer dereferences (NULL_RETURNS)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15425)

commit 29604f492020b76fde2665cde3f2a9c5adea3549
Author: Pauli <pauli at openssl.org>
Date:   Mon May 24 08:59:36 2021 +1000

    coverity 1484913: Null pointer dereferences (REVERSE_INULL)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15425)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_fetch.c |  3 +++
 crypto/evp/p_seal.c    | 11 ++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c
index e71d827d4b..f628eb2fae 100644
--- a/crypto/evp/evp_fetch.c
+++ b/crypto/evp/evp_fetch.c
@@ -504,6 +504,9 @@ char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig)
     char *propstr = NULL;
     size_t sz;
 
+    if (plp == NULL)
+        return OPENSSL_strdup("");
+
     sz = ossl_property_list_to_string(libctx, *plp, NULL, 0);
     if (sz == 0) {
         ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 6a07737e59..c13041f027 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -15,23 +15,28 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/evp.h>
 
 int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                  unsigned char **ek, int *ekl, unsigned char *iv,
                  EVP_PKEY **pubk, int npubk)
 {
     unsigned char key[EVP_MAX_KEY_LENGTH];
-    const OSSL_PROVIDER *prov = EVP_CIPHER_provider(type);
-    OSSL_LIB_CTX *libctx = prov != NULL ? ossl_provider_libctx(prov) : NULL;
+    const OSSL_PROVIDER *prov;
+    OSSL_LIB_CTX *libctx = NULL;
     EVP_PKEY_CTX *pctx = NULL;
+    const EVP_CIPHER *cipher;
     int i, len;
     int rv = 0;
 
-    if (type) {
+    if (type != NULL) {
         EVP_CIPHER_CTX_reset(ctx);
         if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
             return 0;
     }
+    if ((cipher = EVP_CIPHER_CTX_get0_cipher(ctx)) != NULL
+            && (prov = EVP_CIPHER_provider(cipher)) != NULL)
+        libctx = ossl_provider_libctx(prov);
     if ((npubk <= 0) || !pubk)
         return 1;
 

From pauli at openssl.org  Thu May 27 10:31:37 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 27 May 2021 10:31:37 +0000
Subject: [openssl]  master update
Message-ID: <1622111497.439181.10731.nullmailer@dev.openssl.org>

The branch master has been updated
       via  4612eec35def0523192ee2c406f99ea5bbb184fb (commit)
      from  72f62f4408d2a4e75c58706d41775e4f8f7f0034 (commit)


- Log -----------------------------------------------------------------
commit 4612eec35def0523192ee2c406f99ea5bbb184fb
Author: Juergen Christ <jchrist at linux.ibm.com>
Date:   Tue May 25 18:03:06 2021 +0200

    Fix compilation warning with GCC11.
    
    Parameter "header" of ssl3_cbc_digest_record was fixed to a 13 bytes header
    but used as a pointer.  This caused a warning about out-of-bounds array access
    with GCC 11.
    
    Fixes #15462.
    
    Signed-off-by: Juergen Christ <jchrist at linux.ibm.com>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15463)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_cbc.c    | 4 ++--
 ssl/ssl_local.h | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index f5db247e92..8e1c779ddb 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -34,7 +34,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
 int ssl3_cbc_digest_record(const EVP_MD *md,
                            unsigned char *md_out,
                            size_t *md_out_size,
-                           const unsigned char header[13],
+                           const unsigned char *header,
                            const unsigned char *data,
                            size_t data_size,
                            size_t data_plus_mac_plus_padding_size,
@@ -156,7 +156,7 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
 int ssl3_cbc_digest_record(const EVP_MD *md,
                            unsigned char *md_out,
                            size_t *md_out_size,
-                           const unsigned char header[13],
+                           const unsigned char *header,
                            const unsigned char *data,
                            size_t data_size,
                            size_t data_plus_mac_plus_padding_size,
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 8f3a2f93d6..28603a81ad 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2770,7 +2770,7 @@ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
 __owur int ssl3_cbc_digest_record(const EVP_MD *md,
                                   unsigned char *md_out,
                                   size_t *md_out_size,
-                                  const unsigned char header[13],
+                                  const unsigned char *header,
                                   const unsigned char *data,
                                   size_t data_size,
                                   size_t data_plus_mac_plus_padding_size,

From no-reply at appveyor.com  Thu May 27 10:43:36 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 10:43:36 +0000
Subject: Build failed: openssl master.42165
Message-ID: <20210527104336.1.842BD9267EFB30DA@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/7c6ae391/attachment.html>

From no-reply at appveyor.com  Thu May 27 12:15:43 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 12:15:43 +0000
Subject: Build failed: openssl master.42166
Message-ID: <20210527121543.1.91878B593ADBB660@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/a10aa245/attachment.html>

From tomas at openssl.org  Thu May 27 13:31:20 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Thu, 27 May 2021 13:31:20 +0000
Subject: [openssl]  master update
Message-ID: <1622122280.897623.980.nullmailer@dev.openssl.org>

The branch master has been updated
       via  07fb85cf6191961fcad824d2f8f2b2a0fcba18ce (commit)
       via  9fc7a053fce0c6d1d0f39e919f16e35405171b10 (commit)
      from  4612eec35def0523192ee2c406f99ea5bbb184fb (commit)


- Log -----------------------------------------------------------------
commit 07fb85cf6191961fcad824d2f8f2b2a0fcba18ce
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed May 26 13:13:02 2021 +0200

    FIPS Checksums CI: use separate directories for the checkouts
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15481)

commit 9fc7a053fce0c6d1d0f39e919f16e35405171b10
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue May 25 18:15:21 2021 +0200

    generate_fips_sources: properly include providers/common/der/*.in
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15481)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/fips-checksums.yml | 23 ++++++++++++++---------
 Configurations/unix-Makefile.tmpl    |  9 ++-------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml
index 12953a38fb..8d17cbd5a4 100644
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@@ -9,16 +9,19 @@ jobs:
         run: |
             sudo apt-get update
             sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
-      - uses: actions/checkout at v2
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
       - name: create build dirs
         run: |
           mkdir ./build-pristine
+          mkdir ./source-pristine
           mkdir ./build
+          mkdir ./source
           mkdir ./artifact
+      - uses: actions/checkout at v2
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
+          path: source-pristine
       - name: config pristine
-        run: ../config enable-fips && perl configdata.pm --dump
+        run: ../source-pristine/config enable-fips && perl configdata.pm --dump
         working-directory: ./build-pristine
       - name: make build_generated pristine
         run: make -s build_generated
@@ -28,9 +31,9 @@ jobs:
         working-directory: ./build-pristine
       - uses: actions/checkout at v2
         with:
-          clean: false
+          path: source
       - name: config
-        run: ../config enable-fips && perl configdata.pm --dump
+        run: ../source/config enable-fips && perl configdata.pm --dump
         working-directory: ./build
       - name: make build_generated
         run: make -s build_generated
@@ -38,9 +41,11 @@ jobs:
       - name: make fips-checksums
         run: make fips-checksums
         working-directory: ./build
-      - name: update checksums pristine
-        run: touch providers/fips.checksum.new && make update-fips-checksums
-        working-directory: ./build-pristine
+      - name: update checksums
+        run: |
+          cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
+          cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
+          cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
       - name: make diff-fips-checksums
         run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
         working-directory: ./build
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 78db83a377..7855018e3d 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1220,12 +1220,6 @@ providers/fips.module.sources.new: \
 	     | sed -e 's/^.*: *//' -e 's/  */ /g' \
 	     | fgrep -f sources-tmp/sources | tr ' ' '\n' \
 	     | sed -E -e '/^include/s:$$:.in:' -e 's:^ *([.][.]/)*$(SRCDIR)::' -e 's:^/::' ; \
-	  for x in providers/common/include/prov/*.h; do \
-	    echo providers/common/der/`basename "$$x"`.in; \
-	  done ; \
-	  for x in providers/common/der/*.c; do \
-	    echo "$$x".in; \
-	  done ; \
 	  for x in `cat sources-tmp/sources`; do \
 	    if [ -f "$(SRCDIR)$$x" ]; then echo $$x | sed 's:^/::' ; fi ; \
 	  done ; \
@@ -1235,7 +1229,8 @@ providers/fips.module.sources.new: \
 		   crypto/ec/asm/*.pl \
 		   crypto/modes/asm/*.pl \
 		   crypto/sha/asm/*.pl \
-		   crypto/x86_64cpuid.pl; do \
+		   crypto/x86_64cpuid.pl \
+	           providers/common/der/*.in; do \
 	    echo "$$x"; \
 	  done \
 	) | sed -e 's:/[^/]*/[^/]*/[.][.]/[.][.]/:/:g' -e 's:/[^/]*/[.][.]/:/:g' \

From no-reply at appveyor.com  Thu May 27 14:09:56 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 14:09:56 +0000
Subject: Build failed: openssl master.42167
Message-ID: <20210527140956.1.77DD5A7BC7F6EE88@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/70827f84/attachment.html>

From no-reply at appveyor.com  Thu May 27 15:50:20 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 15:50:20 +0000
Subject: Build failed: openssl master.42168
Message-ID: <20210527155020.1.DC00F18139613390@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/be56eaff/attachment.html>

From no-reply at appveyor.com  Thu May 27 17:28:16 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 17:28:16 +0000
Subject: Build failed: openssl master.42169
Message-ID: <20210527172816.1.CDFB765CA45F6CF9@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/85e0d964/attachment.html>

From no-reply at appveyor.com  Thu May 27 18:55:05 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 18:55:05 +0000
Subject: Build failed: openssl master.42170
Message-ID: <20210527185505.1.3F3C84D50B26F42E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/8ccadcca/attachment.html>

From kaduk at mit.edu  Thu May 27 19:06:31 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Thu, 27 May 2021 19:06:31 +0000
Subject: [openssl]  master update
Message-ID: <1622142391.609046.31963.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e49095f186dcea5dbd902eae6cc81935063f782d (commit)
      from  07fb85cf6191961fcad824d2f8f2b2a0fcba18ce (commit)


- Log -----------------------------------------------------------------
commit e49095f186dcea5dbd902eae6cc81935063f782d
Author: Todd Short <tshort at akamai.com>
Date:   Wed May 26 10:03:35 2021 -0400

    Call SSLfatal when the generate_ticket_cb returns 0
    
    Otherwise, the state machine ends up being in a bad state:
    ```
    SSL routines:write_state_machine:missing fatal:ssl/statem/statem.c:XXX:
    ```
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15487)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 386bd983fc..56d4b4591a 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3945,9 +3945,10 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
     }
 
     if (tctx->generate_ticket_cb != NULL &&
-        tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
+        tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
-
+    }
     /*
      * If we are using anti-replay protection then we behave as if
      * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there

From kaduk at mit.edu  Thu May 27 19:12:26 2021
From: kaduk at mit.edu (kaduk at mit.edu)
Date: Thu, 27 May 2021 19:12:26 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1622142746.038690.2024.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  9008dc9e38bc35541957eacebafac35912d20821 (commit)
      from  a0f0e6f38009a4a93bd724f6f9c741c413be22d4 (commit)


- Log -----------------------------------------------------------------
commit 9008dc9e38bc35541957eacebafac35912d20821
Author: Todd Short <tshort at akamai.com>
Date:   Wed May 26 10:03:35 2021 -0400

    Call SSLfatal when the generate_ticket_cb returns 0
    
    Otherwise, the state machine ends up being in a bad state:
    ```
    SSL routines:write_state_machine:missing fatal:ssl/statem/statem.c:850:
    ```
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/15485)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index fec12f6130..30d20f1297 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -4139,9 +4139,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
     }
 
     if (tctx->generate_ticket_cb != NULL &&
-        tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
+        tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                 ERR_R_INTERNAL_ERROR);
         goto err;
-
+    }
     /*
      * If we are using anti-replay protection then we behave as if
      * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there

From no-reply at appveyor.com  Thu May 27 20:44:04 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 20:44:04 +0000
Subject: Build failed: openssl master.42171
Message-ID: <20210527204404.1.C0747AC6256F1707@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/235ac01e/attachment.html>

From no-reply at appveyor.com  Thu May 27 22:13:38 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 22:13:38 +0000
Subject: Build failed: openssl master.42172
Message-ID: <20210527221338.1.7BB50497EE67FF07@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/b7847a7c/attachment-0001.html>

From pauli at openssl.org  Thu May 27 23:11:40 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Thu, 27 May 2021 23:11:40 +0000
Subject: [openssl]  master update
Message-ID: <1622157100.945062.18361.nullmailer@dev.openssl.org>

The branch master has been updated
       via  365d207faa9245bf55879595ee6e7f63da84610d (commit)
      from  e49095f186dcea5dbd902eae6cc81935063f782d (commit)


- Log -----------------------------------------------------------------
commit 365d207faa9245bf55879595ee6e7f63da84610d
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu May 27 16:41:56 2021 +0200

    FIPS Checksums: checkout the head of the base repo as pristine
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15503)

-----------------------------------------------------------------------

Summary of changes:
 .github/workflows/fips-checksums.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml
index 8d17cbd5a4..0b3111c1a7 100644
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@@ -18,7 +18,8 @@ jobs:
           mkdir ./artifact
       - uses: actions/checkout at v2
         with:
-          ref: ${{ github.event.pull_request.base.sha }}
+          repository: ${{ github.event.pull_request.base.repo.full_name }}
+          ref: ${{ github.event.pull_request.base.ref }}
           path: source-pristine
       - name: config pristine
         run: ../source-pristine/config enable-fips && perl configdata.pm --dump

From no-reply at appveyor.com  Thu May 27 23:46:45 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Thu, 27 May 2021 23:46:45 +0000
Subject: Build failed: openssl master.42173
Message-ID: <20210527234645.1.ED322D71C41B7A32@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210527/5f68267f/attachment.html>

From pauli at openssl.org  Fri May 28 00:30:44 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 28 May 2021 00:30:44 +0000
Subject: [openssl]  master update
Message-ID: <1622161844.931495.29316.nullmailer@dev.openssl.org>

The branch master has been updated
       via  bb97dc508f85c729a0e5ac793557067016f879e5 (commit)
      from  365d207faa9245bf55879595ee6e7f63da84610d (commit)


- Log -----------------------------------------------------------------
commit bb97dc508f85c729a0e5ac793557067016f879e5
Author: Tom Cosgrove <tom.cosgrove at arm.com>
Date:   Wed May 26 16:46:00 2021 +0100

    Initialise OPENSSL_armcap_P to 0 before setting it based on capabilities, not after
    
    Signed-off-by: Tom Cosgrove <tom.cosgrove at arm.com>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15486)

-----------------------------------------------------------------------

Summary of changes:
 crypto/armcap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/armcap.c b/crypto/armcap.c
index 28cadfbb2e..43438e0aa4 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -133,6 +133,8 @@ void OPENSSL_cpuid_setup(void)
         return;
     trigger = 1;
 
+    OPENSSL_armcap_P = 0;
+
     if ((e = getenv("OPENSSL_armcap"))) {
         OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0);
         return;
@@ -166,8 +168,6 @@ void OPENSSL_cpuid_setup(void)
 #   endif
 # endif
 
-    OPENSSL_armcap_P = 0;
-
 # ifdef OSSL_IMPLEMENT_GETAUXVAL
     if (getauxval(HWCAP) & HWCAP_NEON) {
         unsigned long hwcap = getauxval(HWCAP_CE);

From no-reply at appveyor.com  Fri May 28 01:11:49 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 01:11:49 +0000
Subject: Build failed: openssl master.42174
Message-ID: <20210528011149.1.5AB3FCC584EB4F2C@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/cdafd6f3/attachment.html>

From no-reply at appveyor.com  Fri May 28 02:36:20 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 02:36:20 +0000
Subject: Build failed: openssl master.42175
Message-ID: <20210528023620.1.00355AFDFBD7DA3B@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/b6e4c348/attachment.html>

From no-reply at appveyor.com  Fri May 28 03:43:07 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 03:43:07 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42176
Message-ID: <20210528034307.1.87661639DE2D5E58@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/aba210ac/attachment.html>

From pauli at openssl.org  Fri May 28 04:03:59 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Fri, 28 May 2021 04:03:59 +0000
Subject: [openssl]  master update
Message-ID: <1622174639.831359.27762.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6bf3692d311ad15d3667e7015bbe1a8f849f3c7b (commit)
      from  bb97dc508f85c729a0e5ac793557067016f879e5 (commit)


- Log -----------------------------------------------------------------
commit 6bf3692d311ad15d3667e7015bbe1a8f849f3c7b
Author: David Makepeace <david.p.makepeace at oracle.com>
Date:   Wed May 26 23:07:38 2021 +1000

    Fix doc typos.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15483)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/X509_STORE_CTX_get_error.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod
index eb68f8a7fc..fad51ea756 100644
--- a/doc/man3/X509_STORE_CTX_get_error.pod
+++ b/doc/man3/X509_STORE_CTX_get_error.pod
@@ -398,11 +398,11 @@ This error is only possible in L<openssl-s_client(1)>.
 
 EE certificate key too weak.
 
-=item B<X509_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak>
+=item B<X509_V_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak>
 
 CA certificate key too weak.
 
-=item B<X509_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak>
+=item B<X509_V_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak>
 
 CA signature digest algorithm too weak.
 

From no-reply at appveyor.com  Fri May 28 05:03:59 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 05:03:59 +0000
Subject: Build failed: openssl master.42177
Message-ID: <20210528050359.1.A1C1396046CB75C8@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/943dd212/attachment-0001.html>

From no-reply at appveyor.com  Fri May 28 06:27:35 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 06:27:35 +0000
Subject: Build failed: openssl master.42178
Message-ID: <20210528062735.1.E0EB58CF0C0166DC@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/ac54459b/attachment.html>

From no-reply at appveyor.com  Fri May 28 07:54:54 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 07:54:54 +0000
Subject: Build failed: openssl master.42179
Message-ID: <20210528075454.1.3ADB2887F30F8EDA@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/f1312309/attachment.html>

From levitte at openssl.org  Fri May 28 08:06:59 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 28 May 2021 08:06:59 +0000
Subject: [openssl]  master update
Message-ID: <1622189219.065639.25597.nullmailer@dev.openssl.org>

The branch master has been updated
       via  a935791d54078f43209ffbc1886ac5e68772ce34 (commit)
      from  6bf3692d311ad15d3667e7015bbe1a8f849f3c7b (commit)


- Log -----------------------------------------------------------------
commit a935791d54078f43209ffbc1886ac5e68772ce34
Author: Rich Salz <rsalz at akamai.com>
Date:   Wed May 19 11:09:49 2021 -0400

    Rework and make DEBUG macros consistent.
    
    Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG.
    
    Rename REF_PRINT to REF_DEBUG for consistency, and add a new
    tracing category and use it for printing reference counts.
    
    Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG
    
    Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to
    be set also.
    
    Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
    
    Fixes #15357
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15353)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                            | 14 +++++++++++---
 Configurations/90-team.norelease.conf | 15 +++++++++------
 Configure                             |  5 ++---
 crypto/asn1/tasn_utl.c                |  4 +---
 crypto/bio/bio_local.h                |  2 +-
 crypto/bn/bn_exp.c                    |  4 ++--
 crypto/bn/bn_gf2m.c                   |  4 ++--
 crypto/bn/bn_local.h                  | 25 +++++++++++++++----------
 crypto/ec/ecp_nistp224.c              |  2 +-
 crypto/ec/ecp_nistp256.c              |  2 +-
 crypto/ec/ecp_nistp521.c              |  2 +-
 crypto/engine/eng_init.c              |  6 +++---
 crypto/engine/eng_lib.c               |  4 ++--
 crypto/engine/eng_list.c              | 12 ++++++------
 crypto/engine/eng_local.h             | 12 ++++++------
 crypto/engine/tb_asnmth.c             |  2 +-
 crypto/trace.c                        |  2 ++
 include/internal/refcount.h           | 18 +++++-------------
 include/openssl/e_os2.h               |  2 +-
 include/openssl/trace.h               |  4 +++-
 20 files changed, 75 insertions(+), 66 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 65f3c88ece..326a99b0fc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,22 +30,30 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Rework and make DEBUG macros consistent. Remove unused -DCONF_DEBUG,
+   -DBN_CTX_DEBUG, and REF_PRINT. Add a new tracing category and use it for
+   printing reference counts. Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG
+   Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to be set
+   also. Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
+
+   *Rich Salz*
+
  * The signatures of the functions to get and set options on SSL and
    SSL_CTX objects changed from "unsigned long" to "uint64_t" type.
    Some source code changes may be required.
 
-   * Rich Salz *
+   *Rich Salz*
 
  * Client-initiated renegotiation is disabled by default. To allow it, use
    the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION
    flag, or the "ClientRenegotiation" config parameter as appropriate.
 
-   * Rich Salz *
+   *Rich Salz*
 
  * Add "abspath" and "includedir" pragma's to config files, to prevent,
    or modify relative pathname inclusion.
 
-   * Rich Salz *
+   *Rich Salz*
 
  * OpenSSL includes a cryptographic module that is intended to be FIPS 140-2
    validated. Please consult the README-FIPS and
diff --git a/Configurations/90-team.norelease.conf b/Configurations/90-team.norelease.conf
index 8ad05a6cc6..c0a14328c6 100644
--- a/Configurations/90-team.norelease.conf
+++ b/Configurations/90-team.norelease.conf
@@ -12,14 +12,17 @@ my %targets = (
     "debug" => {
         inherit_from     => [ 'BASE_unix' ],
         cc               => "gcc",
-        cflags           => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
+        cflags           => combine(join(' ', @gcc_devteam_warn),
+                                "-DOPENSSL_NO_ASM -ggdb -g2"
+                              . " -DBN_DEBUG -DBN_RAND_DEBUG"
+                              ),
         thread_scheme    => "(unknown)",
     },
     "debug-erbridge" => {
         inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
         cc               => "gcc",
         cflags           => combine(join(' ', @gcc_devteam_warn),
-                                    "-DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
+                                    "-m64 -DL_ENDIAN -DTERMIO -g",
                                     threads("-D_REENTRANT")),
         ex_libs          => add(" ","-ldl"),
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
@@ -35,7 +38,7 @@ my %targets = (
     "debug-linux-pentium" => {
         inherit_from     => [ 'BASE_unix', "x86_elf_asm" ],
         cc               => "gcc",
-        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
+        cflags           => combine("-DL_ENDIAN -g -mcpu=pentium -Wall",
                                     threads("-D_REENTRANT")),
         ex_libs          => add(" ","-ldl"),
         bn_ops           => "BN_LLONG",
@@ -47,7 +50,7 @@ my %targets = (
     "debug-linux-ppro" => {
         inherit_from     => [ 'BASE_unix', "x86_elf_asm" ],
         cc               => "gcc",
-        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
+        cflags           => combine("-DL_ENDIAN -g -mcpu=pentiumpro -Wall",
                                     threads("-D_REENTRANT")),
         ex_libs          => add(" ","-ldl"),
         bn_ops           => "BN_LLONG",
@@ -60,7 +63,7 @@ my %targets = (
         inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
         cc               => "clang",
         cflags           => combine(join(' ', @gcc_devteam_warn),
-                                    "-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    "-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -g3 -O3 -pipe",
                                     threads("${BSDthreads}")),
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
         thread_scheme    => "pthreads",
@@ -75,7 +78,7 @@ my %targets = (
         cc               => "clang",
         cflags           => combine("-arch x86_64 -DL_ENDIAN",
                                     join(' ', @gcc_devteam_warn),
-                                    "-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    "-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -g3 -O3 -pipe",
                                     threads("${BSDthreads}")),
         sys_id           => "MACOSX",
         bn_ops           => "SIXTY_FOUR_BIT_LONG",
diff --git a/Configure b/Configure
index 92f7526bfa..3a9ef03a6e 100755
--- a/Configure
+++ b/Configure
@@ -136,7 +136,6 @@ EOF
 # get past these.  Note that we only use these with C compilers, not with
 # C++ compilers.
 
-# DEBUG_UNUSED enables __owur (warn unused result) checks.
 # -DPEDANTIC complements -pedantic and is meant to mask code that
 # is not strictly standard-compliant and/or implementation-specific,
 # e.g. inline assembly, disregards to alignment requirements, such
@@ -150,9 +149,9 @@ EOF
 # but 'long long' type.
 
 my @gcc_devteam_warn = qw(
-    -DDEBUG_UNUSED
-    -DPEDANTIC -pedantic -Wno-long-long
+    -DPEDANTIC -pedantic -Wno-long-long -DUNUSEDRESULT_DEBUG
     -Wall
+    -Wmissing-declarations
     -Wextra
     -Wno-unused-parameter
     -Wno-missing-field-initializers
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 28a4b23aa4..e5f25d88df 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -97,9 +97,7 @@ int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
     case -1:
         if (!CRYPTO_DOWN_REF(lck, &ret, *lock))
             return -1;  /* failed */
-#ifdef REF_PRINT
-        fprintf(stderr, "%p:%4d:%s\n", (void*)it, ret, it->sname);
-#endif
+        REF_PRINT_EX(it->sname, ret, (void *)it);
         REF_ASSERT_ISNT(ret < 0);
         if (ret == 0) {
             CRYPTO_THREAD_lock_free(*lock);
diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h
index 134ad748a1..749e8f810c 100644
--- a/crypto/bio/bio_local.h
+++ b/crypto/bio/bio_local.h
@@ -9,7 +9,6 @@
 
 #include "e_os.h"
 #include "internal/sockets.h"
-#include "internal/refcount.h"
 
 /* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */
 
@@ -88,6 +87,7 @@ union bio_addr_st {
 
 #include "internal/cryptlib.h"
 #include "internal/bio.h"
+#include "internal/refcount.h"
 
 typedef struct bio_f_buffer_ctx_struct {
     /*-
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 12dd6d554c..2ee85aa0cf 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -819,7 +819,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
         /*
          * BN_to_montgomery can contaminate words above .top [in
-         * BN_DEBUG[_DEBUG] build]...
+         * BN_DEBUG build...
          */
         for (i = am.top; i < top; i++)
             am.d[i] = 0;
@@ -924,7 +924,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
         /*
          * BN_to_montgomery can contaminate words above .top [in
-         * BN_DEBUG[_DEBUG] build]...
+         * BN_DEBUG build...
          */
         for (i = am.top; i < top; i++)
             am.d[i] = 0;
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index c9524eaece..82aad3f599 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -715,8 +715,8 @@ static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a,
     ret = 1;
 
  err:
-# ifdef BN_DEBUG                /* BN_CTX_end would complain about the
-                                 * expanded form */
+# ifdef BN_DEBUG
+    /* BN_CTX_end would complain about the expanded form */
     bn_correct_top(c);
     bn_correct_top(u);
     bn_correct_top(v);
diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
index d9e9977291..3c8534e1f7 100644
--- a/crypto/bn/bn_local.h
+++ b/crypto/bn/bn_local.h
@@ -28,14 +28,19 @@
 /*
  * These preprocessor symbols control various aspects of the bignum headers
  * and library code. They're not defined by any "normal" configuration, as
- * they are intended for development and testing purposes. NB: defining all
- * three can be useful for debugging application code as well as openssl
+ * they are intended for development and testing purposes. NB: defining
+ * them can be useful for debugging application code as well as openssl
  * itself. BN_DEBUG - turn on various debugging alterations to the bignum
- * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
- * mismanagement of bignum internals. You must also define BN_DEBUG.
+ * code BN_RAND_DEBUG - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. Enable BN_RAND_DEBUG is known to
+ * break some of the OpenSSL tests.
  */
-/* #define BN_DEBUG */
-/* #define BN_DEBUG_RAND */
+# if defined(BN_RAND_DEBUG) && !defined(BN_DEBUG)
+#  define BN_DEBUG
+# endif
+# if defined(BN_RAND_DEBUG)
+#  include <openssl/rand.h>
+# endif
 
 # ifndef OPENSSL_SMALL_FOOTPRINT
 #  define BN_MUL_COMBA
@@ -127,7 +132,7 @@
  *   bn_check_top() is as before.
  * - if BN_DEBUG *is* defined;
  *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
+ *     consistent. (ed: only if BN_RAND_DEBUG is defined)
  *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
  * The idea is to have debug builds flag up inconsistent bignums when they
  * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
@@ -153,7 +158,7 @@
  * all operations manipulating the bit in question in non-BN_DEBUG build.
  */
 #  define BN_FLG_FIXED_TOP 0x10000
-#  ifdef BN_DEBUG_RAND
+#  ifdef BN_RAND_DEBUG
 #   define bn_pollute(a) \
         do { \
             const BIGNUM *_bnum1 = (a); \
@@ -164,7 +169,7 @@
                  * wouldn't be constructed with top!=dmax. */ \
                 BN_ULONG *_not_const; \
                 memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
-                RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
+                (void)RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
                 memset(_not_const + _bnum1->top, _tmp_char, \
                        sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
             } \
@@ -451,7 +456,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
 #  endif                        /* cpu */
 # endif                         /* OPENSSL_NO_ASM */
 
-# ifdef BN_DEBUG_RAND
+# ifdef BN_RAND_DEBUG
 #  define bn_clear_top2max(a) \
         { \
         int      ind = (a)->dmax - (a)->top; \
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 47f33825ad..5ab0dd7bef 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -1270,7 +1270,7 @@ void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p)
         return;
 
     CRYPTO_DOWN_REF(&p->references, &i, p->lock);
-    REF_PRINT_COUNT("EC_nistp224", x);
+    REF_PRINT_COUNT("EC_nistp224", p);
     if (i > 0)
         return;
     REF_ASSERT_ISNT(i < 0);
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index 67d2dce9b7..4a55f925c4 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -1881,7 +1881,7 @@ void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre)
         return;
 
     CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
-    REF_PRINT_COUNT("EC_nistp256", x);
+    REF_PRINT_COUNT("EC_nistp256", pre);
     if (i > 0)
         return;
     REF_ASSERT_ISNT(i < 0);
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 694031b45d..c449b93a0a 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -1723,7 +1723,7 @@ void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p)
         return;
 
     CRYPTO_DOWN_REF(&p->references, &i, p->lock);
-    REF_PRINT_COUNT("EC_nistp521", x);
+    REF_PRINT_COUNT("EC_nistp521", p);
     if (i > 0)
         return;
     REF_ASSERT_ISNT(i < 0);
diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c
index 20147a5263..c204eb1899 100644
--- a/crypto/engine/eng_init.c
+++ b/crypto/engine/eng_init.c
@@ -34,8 +34,8 @@ int engine_unlocked_init(ENGINE *e)
          */
         e->struct_ref++;
         e->funct_ref++;
-        engine_ref_debug(e, 0, 1);
-        engine_ref_debug(e, 1, 1);
+        ENGINE_REF_PRINT(e, 0, 1);
+        ENGINE_REF_PRINT(e, 1, 1);
     }
     return to_return;
 }
@@ -57,7 +57,7 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
      * to 0 without either calling finish().
      */
     e->funct_ref--;
-    engine_ref_debug(e, 1, -1);
+    ENGINE_REF_PRINT(e, 1, -1);
     if ((e->funct_ref == 0) && e->finish) {
         if (unlock_for_handlers)
             CRYPTO_THREAD_unlock(global_engine_lock);
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index a022fc1d54..44e997e77b 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -34,7 +34,7 @@ ENGINE *ENGINE_new(void)
         return NULL;
     }
     ret->struct_ref = 1;
-    engine_ref_debug(ret, 0, 1);
+    ENGINE_REF_PRINT(ret, 0, 1);
     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
         OPENSSL_free(ret);
         return NULL;
@@ -77,7 +77,7 @@ int engine_free_util(ENGINE *e, int not_locked)
         CRYPTO_DOWN_REF(&e->struct_ref, &i, global_engine_lock);
     else
         i = --e->struct_ref;
-    engine_ref_debug(e, 0, -1);
+    ENGINE_REF_PRINT(e, 0, -1);
     if (i > 0)
         return 1;
     REF_ASSERT_ISNT(i < 0);
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 7ea1ef675a..fec0ef7129 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -91,7 +91,7 @@ static int engine_list_add(ENGINE *e)
      * Having the engine in the list assumes a structural reference.
      */
     e->struct_ref++;
-    engine_ref_debug(e, 0, 1);
+    ENGINE_REF_PRINT(e, 0, 1);
     /* However it came to be, e is the last item in the list. */
     engine_list_tail = e;
     e->next = NULL;
@@ -143,7 +143,7 @@ ENGINE *ENGINE_get_first(void)
     ret = engine_list_head;
     if (ret) {
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1);
+        ENGINE_REF_PRINT(ret, 0, 1);
     }
     CRYPTO_THREAD_unlock(global_engine_lock);
     return ret;
@@ -163,7 +163,7 @@ ENGINE *ENGINE_get_last(void)
     ret = engine_list_tail;
     if (ret) {
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1);
+        ENGINE_REF_PRINT(ret, 0, 1);
     }
     CRYPTO_THREAD_unlock(global_engine_lock);
     return ret;
@@ -183,7 +183,7 @@ ENGINE *ENGINE_get_next(ENGINE *e)
     if (ret) {
         /* Return a valid structural reference to the next ENGINE */
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1);
+        ENGINE_REF_PRINT(ret, 0, 1);
     }
     CRYPTO_THREAD_unlock(global_engine_lock);
     /* Release the structural reference to the previous ENGINE */
@@ -204,7 +204,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e)
     if (ret) {
         /* Return a valid structural reference to the next ENGINE */
         ret->struct_ref++;
-        engine_ref_debug(ret, 0, 1);
+        ENGINE_REF_PRINT(ret, 0, 1);
     }
     CRYPTO_THREAD_unlock(global_engine_lock);
     /* Release the structural reference to the previous ENGINE */
@@ -316,7 +316,7 @@ ENGINE *ENGINE_by_id(const char *id)
             }
         } else {
             iterator->struct_ref++;
-            engine_ref_debug(iterator, 0, 1);
+            ENGINE_REF_PRINT(iterator, 0, 1);
         }
     }
     CRYPTO_THREAD_unlock(global_engine_lock);
diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h
index ef96a5769f..9f5840e837 100644
--- a/crypto/engine/eng_local.h
+++ b/crypto/engine/eng_local.h
@@ -20,14 +20,14 @@
 extern CRYPTO_RWLOCK *global_engine_lock;
 
 /*
- * This prints the engine's pointer address (truncated to unsigned int),
- * "struct" or "funct" to indicate the reference type, the before and after
- * reference count, and the file:line-number pair. The "engine_ref_debug"
- * statements must come *after* the change.
+ * This prints the engine's pointer address, "struct" or "funct" to
+ * indicate the reference type, the before and after reference count, and
+ * the file:line-number pair. The "ENGINE_REF_PRINT" statements must come
+ * *after* the change.
  */
-# define engine_ref_debug(e, isfunct, diff)                             \
+# define ENGINE_REF_PRINT(e, isfunct, diff)                             \
     OSSL_TRACE6(ENGINE_REF_COUNT,                                       \
-               "engine: %p %s from %d to %d (%s:%d)\n",               \
+               "engine: %p %s from %d to %d (%s:%d)\n",                 \
                (void *)(e), (isfunct ? "funct" : "struct"),             \
                ((isfunct)                                               \
                 ? ((e)->funct_ref - (diff))                             \
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
index fffd4888f9..e3a5c82e99 100644
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -206,7 +206,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
     /* If found obtain a structural reference to engine */
     if (fstr.e) {
         fstr.e->struct_ref++;
-        engine_ref_debug(fstr.e, 0, 1);
+        ENGINE_REF_PRINT(fstr.e, 0, 1);
     }
     *pe = fstr.e;
     CRYPTO_THREAD_unlock(global_engine_lock);
diff --git a/crypto/trace.c b/crypto/trace.c
index 0c3a90b002..f012b617ab 100644
--- a/crypto/trace.c
+++ b/crypto/trace.c
@@ -16,6 +16,7 @@
 #include <openssl/trace.h>
 #include "internal/bio.h"
 #include "internal/nelem.h"
+#include "internal/refcount.h"
 #include "crypto/cryptlib.h"
 
 #include "e_os.h"                /* strcasecmp for Windows */
@@ -138,6 +139,7 @@ static const struct trace_category_st trace_categories[] = {
     TRACE_CATEGORY_(STORE),
     TRACE_CATEGORY_(DECODER),
     TRACE_CATEGORY_(ENCODER),
+    TRACE_CATEGORY_(REF_COUNT)
 };
 
 const char *OSSL_trace_get_category_name(int num)
diff --git a/include/internal/refcount.h b/include/internal/refcount.h
index ee506e592d..7412d62f56 100644
--- a/include/internal/refcount.h
+++ b/include/internal/refcount.h
@@ -11,13 +11,7 @@
 # pragma once
 
 # include <openssl/e_os2.h>
-
-/* Used to checking reference counts, most while doing perl5 stuff :-) */
-# if defined(OPENSSL_NO_STDIO)
-#  if defined(REF_PRINT)
-#   error "REF_PRINT requires stdio"
-#  endif
-# endif
+# include <openssl/trace.h>
 
 # ifndef OPENSSL_DEV_NO_ATOMICS
 #  if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \
@@ -176,11 +170,9 @@ typedef int CRYPTO_REF_COUNT;
 #  define REF_ASSERT_ISNT(i)
 # endif
 
-# ifdef REF_PRINT
-#  define REF_PRINT_COUNT(a, b) \
-        fprintf(stderr, "%p:%4d:%s\n", (void*)b, b->references, a)
-# else
-#  define REF_PRINT_COUNT(a, b)
-# endif
+# define REF_PRINT_EX(text, count, object) \
+    OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text));
+# define REF_PRINT_COUNT(text, object) \
+    REF_PRINT_EX(text, object->references, (void *)object)
 
 #endif
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index 4ee41cad26..49e6dad73c 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -210,7 +210,7 @@ extern "C" {
 #  endif
 # endif
 
-# ifdef DEBUG_UNUSED
+# if defined(UNUSEDRESULT_DEBUG)
 #  define __owur __attribute__((__warn_unused_result__))
 # else
 #  define __owur
diff --git a/include/openssl/trace.h b/include/openssl/trace.h
index ad57babe4f..58e5cc8f11 100644
--- a/include/openssl/trace.h
+++ b/include/openssl/trace.h
@@ -56,7 +56,9 @@ extern "C" {
 # define OSSL_TRACE_CATEGORY_STORE              14
 # define OSSL_TRACE_CATEGORY_DECODER            15
 # define OSSL_TRACE_CATEGORY_ENCODER            16
-# define OSSL_TRACE_CATEGORY_NUM                17
+# define OSSL_TRACE_CATEGORY_REF_COUNT          17
+/* Count of available categories. */
+# define OSSL_TRACE_CATEGORY_NUM                18
 
 /* Returns the trace category number for the given |name| */
 int OSSL_trace_get_category_num(const char *name);

From levitte at openssl.org  Fri May 28 09:13:02 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 28 May 2021 09:13:02 +0000
Subject: [openssl]  master update
Message-ID: <1622193182.149763.13157.nullmailer@dev.openssl.org>

The branch master has been updated
       via  32075a17249636b3e2986a0ac422b1803663ccaa (commit)
      from  a935791d54078f43209ffbc1886ac5e68772ce34 (commit)


- Log -----------------------------------------------------------------
commit 32075a17249636b3e2986a0ac422b1803663ccaa
Author: Petr Gotthard <petr.gotthard at centrum.cz>
Date:   Tue May 25 15:39:01 2021 +0200

    Fix memory leak in OSSL_CMP_CTX
    
    The ctx->propq is strdup'ed, so it must be free'd too.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15458)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cmp/cmp_ctx.c   | 1 +
 crypto/cmp/cmp_local.h | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index a09432597b..d1f8f27e13 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -179,6 +179,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
         (void)OSSL_HTTP_close(ctx->http_ctx, 1);
         ossl_cmp_debug(ctx, "disconnected from CMP server");
     }
+    OPENSSL_free(ctx->propq);
     OPENSSL_free(ctx->serverPath);
     OPENSSL_free(ctx->server);
     OPENSSL_free(ctx->proxy);
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index eee609937b..fec4916ed3 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -32,7 +32,7 @@
  */
 struct ossl_cmp_ctx_st {
     OSSL_LIB_CTX *libctx;
-    const char *propq;
+    char *propq;
     OSSL_CMP_log_cb_t log_cb; /* log callback for error/debug/etc. output */
     OSSL_CMP_severity log_verbosity; /* level of verbosity of log output */
 

From levitte at openssl.org  Fri May 28 09:15:19 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 28 May 2021 09:15:19 +0000
Subject: [openssl]  master update
Message-ID: <1622193319.293006.14649.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3e3ad3c54855dd534437871a0c78858de5e3d246 (commit)
      from  32075a17249636b3e2986a0ac422b1803663ccaa (commit)


- Log -----------------------------------------------------------------
commit 3e3ad3c54855dd534437871a0c78858de5e3d246
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 25 10:28:49 2021 -0400

    Fix issues found by md-nits
    
    Fixes #15460
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15461)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                |  4 +---
 NOTES-PERL.md             | 36 +++++++++---------------------------
 NOTES-VMS.md              |  1 -
 NOTES-WINDOWS.md          |  1 -
 README-PROVIDERS.md       |  6 ------
 doc/life-cycles/README.md | 12 +++++++-----
 6 files changed, 17 insertions(+), 43 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 326a99b0fc..203deac7f2 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -12257,7 +12257,7 @@ s-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
    *"Brian Havard" <brianh at kheldar.apana.org.au> and Richard Levitte*
 
  * Rewrite commands to use `NCONF` routines instead of the old `CONF`.
-   New functions to support `NCONF `routines in extension code.
+   New functions to support `NCONF` routines in extension code.
    New function `CONF_set_nconf()`
    to allow functions which take an `NCONF` to also handle the old `LHASH`
    structure: this means that the old `CONF` compatible routines can be
@@ -18578,13 +18578,11 @@ ndif
    *Ralf S. Engelschall*
 
  * Removed dummy files from the 0.9.1b source tree:
-   ```
    crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
    crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
    crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
    crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
    util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
-   ```
 
    *Ralf S. Engelschall*
 
diff --git a/NOTES-PERL.md b/NOTES-PERL.md
index a28f5b9033..b7fc83fc7d 100644
--- a/NOTES-PERL.md
+++ b/NOTES-PERL.md
@@ -8,7 +8,6 @@ Notes on Perl
  - [Required Perl modules](#required-perl-modules)
  - [Notes on installing a Perl module](#notes-on-installing-a-perl-module])
 
-
 General Notes
 -------------
 
@@ -70,35 +69,18 @@ Required Perl modules
 We do our best to limit ourselves to core Perl modules to keep the
 requirements down. There are just a few exceptions.
 
+ * Text::Template this is required *for building*
 
-## For Building
-
- * `Text::Template`
-
-   This module is not part of the core Perl modules.
-   As a matter of fact, the core Perl modules do not
-   include any templating module to date.
-   This module is absolutely needed,
-   configuration depends on it.
-
-## For Testing
-
- * `Test::More`
-
-   We require the minimum version to be 0.96, which
-   appeared in Perl 5.13.4, because that version was
-   the first to have all the features we're using.
-   This module is required for testing only!
-   If you don't plan on running the tests,
-   you don't need to bother with this one.
-
-
+   To avoid unnecessary initial hurdles, we include a copy of this module
+   in the source. It will work as a fallback if the module isn't already
+   installed.
 
-To avoid unnecessary initial hurdles, we have bundled a copy of the
-following modules in our source.  They will work as fallbacks if
-these modules aren't already installed on the system.
+ * `Test::More` this is required *for testing*
 
-   Text::Template
+   We require the minimum version to be 0.96, which appeared in Perl 5.13.4,
+   because that version was the first to have all the features we're using.
+   This module is required for testing only!  If you don't plan on running
+   the tests, you don't need to bother with this one.
 
 Notes on installing a Perl module
 ---------------------------------
diff --git a/NOTES-VMS.md b/NOTES-VMS.md
index 02e6cbcb8d..e27f3d682a 100644
--- a/NOTES-VMS.md
+++ b/NOTES-VMS.md
@@ -8,7 +8,6 @@ Notes for the OpenVMS platform
  - [About debugging](#about-debugging)
  - [Checking the distribution](#checking-the-distribution)
 
-
 Requirement details
 -------------------
 
diff --git a/NOTES-WINDOWS.md b/NOTES-WINDOWS.md
index 7ca8de299e..40fd95cf67 100644
--- a/NOTES-WINDOWS.md
+++ b/NOTES-WINDOWS.md
@@ -8,7 +8,6 @@ Notes for Windows platforms
  - [Linking native applications](#linking-native-applications)
  - [Hosted builds using Cygwin](#hosted-builds-using-cygwin)
 
-
 There are various options to build and run OpenSSL on the Windows platforms.
 
 "Native" OpenSSL uses the Windows APIs directly at run time.
diff --git a/README-PROVIDERS.md b/README-PROVIDERS.md
index 5092d039f3..33533f671c 100644
--- a/README-PROVIDERS.md
+++ b/README-PROVIDERS.md
@@ -9,7 +9,6 @@ Providers
     - [The Null Provider](#the-null-provider)
  - [Loading Providers](#loading-providers)
 
-
 Standard Providers
 ==================
 
@@ -23,7 +22,6 @@ manual page.
 
  [provider(7)]: https://www.openssl.org/docs/manmaster/man7/provider.html
 
-
 The Default Provider
 --------------------
 
@@ -83,11 +81,9 @@ automatically loaded, the null provider can be loaded instead.
 This can be useful if you are using non-default library contexts and want
 to ensure that the default library context is never used unintentionally.
 
-
 Loading Providers
 =================
 
-
 Providers to be loaded can be specified in the OpenSSL config file.
 See the [config(5)] manual page for information about how to configure
 providers via the config file, and how to automatically activate them.
@@ -112,14 +108,12 @@ the legacy and the default provider in the default library context.
     [legacy_sect]
     activate = 1
 
-
 It is also possible to load providers programmatically. For example you can
 load the legacy provider into the default library context as shown below.
 Note that once you have explicitly loaded a provider into the library context
 the default provider will no longer be automatically loaded. Therefore you will
 often also want to explicitly load the default provider, as is done here:
 
-
     #include <stdio.h>
     #include <stdlib.h>
 
diff --git a/doc/life-cycles/README.md b/doc/life-cycles/README.md
index d504396545..e65c3d3435 100644
--- a/doc/life-cycles/README.md
+++ b/doc/life-cycles/README.md
@@ -1,3 +1,6 @@
+Algorithm Life-Cycle Diagrams
+=============================
+
 This directory contains the algorithm life-cycle diagram sources.
 
 The canonical life-cycles are in the spreadsheet.
@@ -6,11 +9,10 @@ The various .dot files are graph descriptions for the
 [GraphViz](https://www.graphviz.org/) tool.  These omit edges and should
 be used for guidance only.
 
-To generate the rendered images, you need to install:
-``` sh
-sudo apt install graphviz cpanminus
-sudo cpanm Graph::Easy
-```
+To generate the rendered images, you need to install the following packages:
+
+    sudo apt install graphviz cpanminus
+    sudo cpanm Graph::Easy
 
 Running `make` will produce a number of `.txt` and `.png` files.
 These are the rendered `.dot` files.  The `.txt` files require

From levitte at openssl.org  Fri May 28 09:21:02 2021
From: levitte at openssl.org (Richard Levitte)
Date: Fri, 28 May 2021 09:21:02 +0000
Subject: [openssl]  master update
Message-ID: <1622193662.341702.7514.nullmailer@dev.openssl.org>

The branch master has been updated
       via  6c014da0b2d84f657a6ea5145b5e90ddc9913ebe (commit)
      from  3e3ad3c54855dd534437871a0c78858de5e3d246 (commit)


- Log -----------------------------------------------------------------
commit 6c014da0b2d84f657a6ea5145b5e90ddc9913ebe
Author: Tommy Chiang <oToToT at users.noreply.github.com>
Date:   Thu May 27 02:46:13 2021 +0800

    Fix typo about SSL_CONF_FLAG_CMDLINE
    
    change SSL_CONF_CMDLINE to SSL_CONF_FLAG_CMDLINE
    CLA: trivial
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15489)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CONF_cmd.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index bbd622a687..68c05d33d7 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -24,8 +24,8 @@ SSL_CONF_cmd_value_type() returns the type of value that B<option> refers to.
 =head1 SUPPORTED COMMAND LINE COMMANDS
 
 Currently supported B<option> names for command lines (i.e. when the
-flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<option> names
-are case sensitive. Unless otherwise stated commands can be used by
+flag B<SSL_CONF_FLAG_CMDLINE> is set) are listed below. Note: all B<option>
+names are case sensitive. Unless otherwise stated commands can be used by
 both clients and servers and the B<value> parameter is not used. The default
 prefix for command line commands is B<-> and that is reflected below.
 

From no-reply at appveyor.com  Fri May 28 11:12:32 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 11:12:32 +0000
Subject: Build failed: openssl master.42186
Message-ID: <20210528111232.1.0A3FB1D8127201BF@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/50a3e8dc/attachment.html>

From tomas at openssl.org  Fri May 28 11:54:29 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 28 May 2021 11:54:29 +0000
Subject: [openssl]  master update
Message-ID: <1622202869.191572.10056.nullmailer@dev.openssl.org>

The branch master has been updated
       via  da5f770ae31e0df17b1b8a143d13fee805d8deb3 (commit)
      from  6c014da0b2d84f657a6ea5145b5e90ddc9913ebe (commit)


- Log -----------------------------------------------------------------
commit da5f770ae31e0df17b1b8a143d13fee805d8deb3
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Wed May 26 10:26:27 2021 +1000

    Fix PKCS12_create() so that a fetch error is not added to the error stack.
    
    Fixes #15392
    
    PBE algorithms such as NID_pbe_WithSHA1And3_Key_TripleDES_CBC will
    currently always fail to the EVP_CIPHER_fetch() call, so the fallback to
    a legacy algorithm always happens. In this case the error stack should
    ignore the fetch error.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15473)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pkcs12/p12_sbag.c  |  2 ++
 test/pkcs12_format_test.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+)

diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c
index 888736d16b..7574c54120 100644
--- a/crypto/pkcs12/p12_sbag.c
+++ b/crypto/pkcs12/p12_sbag.c
@@ -212,9 +212,11 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid,
     EVP_CIPHER *pbe_ciph_fetch = NULL;
     X509_SIG *p8;
 
+    ERR_set_mark();
     pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq);
     if (pbe_ciph == NULL)
         pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+    ERR_pop_to_mark();
 
     if (pbe_ciph != NULL)
         pbe_nid = -1;
diff --git a/test/pkcs12_format_test.c b/test/pkcs12_format_test.c
index 0ab1651322..d4129d2522 100644
--- a/test/pkcs12_format_test.c
+++ b/test/pkcs12_format_test.c
@@ -708,6 +708,90 @@ static int test_multiple_contents(void)
     return end_pkcs12_builder(pb);
 }
 
+#ifndef OPENSSL_NO_DES
+static int pkcs12_create_test(void)
+{
+    int ret = 0;
+    EVP_PKEY *pkey = NULL;
+    PKCS12 *p12 = NULL;
+    const unsigned char *p;
+
+    static const unsigned char rsa_key[] = {
+        0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbb,
+        0x24, 0x7a, 0x09, 0x7e, 0x0e, 0xb2, 0x37, 0x32, 0xcc, 0x39, 0x67, 0xad,
+        0xf1, 0x9e, 0x3d, 0x6b, 0x82, 0x83, 0xd1, 0xd0, 0xac, 0xa4, 0xc0, 0x18,
+        0xbe, 0x8d, 0x98, 0x00, 0xc0, 0x7b, 0xff, 0x07, 0x44, 0xc9, 0xca, 0x1c,
+        0xba, 0x36, 0xe1, 0x27, 0x69, 0xff, 0xb1, 0xe3, 0x8d, 0x8b, 0xee, 0x57,
+        0xa9, 0x3a, 0xaa, 0x16, 0x43, 0x39, 0x54, 0x19, 0x7c, 0xae, 0x69, 0x24,
+        0x14, 0xf6, 0x64, 0xff, 0xbc, 0x74, 0xc6, 0x67, 0x6c, 0x4c, 0xf1, 0x02,
+        0x49, 0x69, 0xc7, 0x2b, 0xe1, 0xe1, 0xa1, 0xa3, 0x43, 0x14, 0xf4, 0x77,
+        0x8f, 0xc8, 0xd0, 0x85, 0x5a, 0x35, 0x95, 0xac, 0x62, 0xa9, 0xc1, 0x21,
+        0x00, 0x77, 0xa0, 0x8b, 0x97, 0x30, 0xb4, 0x5a, 0x2c, 0xb8, 0x90, 0x2f,
+        0x48, 0xa0, 0x05, 0x28, 0x4b, 0xf2, 0x0f, 0x8d, 0xec, 0x8b, 0x4d, 0x03,
+        0x42, 0x75, 0xd6, 0xad, 0x81, 0xc0, 0x11, 0x02, 0x03, 0x01, 0x00, 0x01,
+        0x02, 0x81, 0x80, 0x00, 0xfc, 0xb9, 0x4a, 0x26, 0x07, 0x89, 0x51, 0x2b,
+        0x53, 0x72, 0x91, 0xe0, 0x18, 0x3e, 0xa6, 0x5e, 0x31, 0xef, 0x9c, 0x0c,
+        0x16, 0x24, 0x42, 0xd0, 0x28, 0x33, 0xf9, 0xfa, 0xd0, 0x3c, 0x54, 0x04,
+        0x06, 0xc0, 0x15, 0xf5, 0x1b, 0x9a, 0xb3, 0x24, 0x31, 0xab, 0x3c, 0x6b,
+        0x47, 0x43, 0xb0, 0xd2, 0xa9, 0xdc, 0x05, 0xe1, 0x81, 0x59, 0xb6, 0x04,
+        0xe9, 0x66, 0x61, 0xaa, 0xd7, 0x0b, 0x00, 0x8f, 0x3d, 0xe5, 0xbf, 0xa2,
+        0xf8, 0x5e, 0x25, 0x6c, 0x1e, 0x22, 0x0f, 0xb4, 0xfd, 0x41, 0xe2, 0x03,
+        0x31, 0x5f, 0xda, 0x20, 0xc5, 0xc0, 0xf3, 0x55, 0x0e, 0xe1, 0xc9, 0xec,
+        0xd7, 0x3e, 0x2a, 0x0c, 0x01, 0xca, 0x7b, 0x22, 0xcb, 0xac, 0xf4, 0x2b,
+        0x27, 0xf0, 0x78, 0x5f, 0xb5, 0xc2, 0xf9, 0xe8, 0x14, 0x5a, 0x6e, 0x7e,
+        0x86, 0xbd, 0x6a, 0x9b, 0x20, 0x0c, 0xba, 0xcc, 0x97, 0x20, 0x11, 0x02,
+        0x41, 0x00, 0xc9, 0x59, 0x9f, 0x29, 0x8a, 0x5b, 0x9f, 0xe3, 0x2a, 0xd8,
+        0x7e, 0xc2, 0x40, 0x9f, 0xa8, 0x45, 0xe5, 0x3e, 0x11, 0x8d, 0x3c, 0xed,
+        0x6e, 0xab, 0xce, 0xd0, 0x65, 0x46, 0xd8, 0xc7, 0x07, 0x63, 0xb5, 0x23,
+        0x34, 0xf4, 0x9f, 0x7e, 0x1c, 0xc7, 0xc7, 0xf9, 0x65, 0xd1, 0xf4, 0x04,
+        0x42, 0x38, 0xbe, 0x3a, 0x0c, 0x9d, 0x08, 0x25, 0xfc, 0xa3, 0x71, 0xd9,
+        0xae, 0x0c, 0x39, 0x61, 0xf4, 0x89, 0x02, 0x41, 0x00, 0xed, 0xef, 0xab,
+        0xa9, 0xd5, 0x39, 0x9c, 0xee, 0x59, 0x1b, 0xff, 0xcf, 0x48, 0x44, 0x1b,
+        0xb6, 0x32, 0xe7, 0x46, 0x24, 0xf3, 0x04, 0x7f, 0xde, 0x95, 0x08, 0x6d,
+        0x75, 0x9e, 0x67, 0x17, 0xba, 0x5c, 0xa4, 0xd4, 0xe2, 0xe2, 0x4d, 0x77,
+        0xce, 0xeb, 0x66, 0x29, 0xc5, 0x96, 0xe0, 0x62, 0xbb, 0xe5, 0xac, 0xdc,
+        0x44, 0x62, 0x54, 0x86, 0xed, 0x64, 0x0c, 0xce, 0xd0, 0x60, 0x03, 0x9d,
+        0x49, 0x02, 0x40, 0x54, 0xd9, 0x18, 0x72, 0x27, 0xe4, 0xbe, 0x76, 0xbb,
+        0x1a, 0x6a, 0x28, 0x2f, 0x95, 0x58, 0x12, 0xc4, 0x2c, 0xa8, 0xb6, 0xcc,
+        0xe2, 0xfd, 0x0d, 0x17, 0x64, 0xc8, 0x18, 0xd7, 0xc6, 0xdf, 0x3d, 0x4c,
+        0x1a, 0x9e, 0xf9, 0x2a, 0xb0, 0xb9, 0x2e, 0x12, 0xfd, 0xec, 0xc3, 0x51,
+        0xc1, 0xed, 0xa9, 0xfd, 0xb7, 0x76, 0x93, 0x41, 0xd8, 0xc8, 0x22, 0x94,
+        0x1a, 0x77, 0xf6, 0x9c, 0xc3, 0xc3, 0x89, 0x02, 0x41, 0x00, 0x8e, 0xf9,
+        0xa7, 0x08, 0xad, 0xb5, 0x2a, 0x04, 0xdb, 0x8d, 0x04, 0xa1, 0xb5, 0x06,
+        0x20, 0x34, 0xd2, 0xcf, 0xc0, 0x89, 0xb1, 0x72, 0x31, 0xb8, 0x39, 0x8b,
+        0xcf, 0xe2, 0x8e, 0xa5, 0xda, 0x4f, 0x45, 0x1e, 0x53, 0x42, 0x66, 0xc4,
+        0x30, 0x4b, 0x29, 0x8e, 0xc1, 0x69, 0x17, 0x29, 0x8c, 0x8a, 0xe6, 0x0f,
+        0x82, 0x68, 0xa1, 0x41, 0xb3, 0xb6, 0x70, 0x99, 0x75, 0xa9, 0x27, 0x18,
+        0xe4, 0xe9, 0x02, 0x41, 0x00, 0x89, 0xea, 0x6e, 0x6d, 0x70, 0xdf, 0x25,
+        0x5f, 0x18, 0x3f, 0x48, 0xda, 0x63, 0x10, 0x8b, 0xfe, 0xa8, 0x0c, 0x94,
+        0x0f, 0xde, 0x97, 0x56, 0x53, 0x89, 0x94, 0xe2, 0x1e, 0x2c, 0x74, 0x3c,
+        0x91, 0x81, 0x34, 0x0b, 0xa6, 0x40, 0xf8, 0xcb, 0x2a, 0x60, 0x8c, 0xe0,
+        0x02, 0xb7, 0x89, 0x93, 0xcf, 0x18, 0x9f, 0x49, 0x54, 0xfd, 0x7d, 0x3f,
+        0x9a, 0xef, 0xd4, 0xa4, 0x4f, 0xc1, 0x45, 0x99, 0x91,
+    };
+
+    p = rsa_key;
+    if (!TEST_ptr(pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &p,
+                                           sizeof(rsa_key), NULL, NULL)))
+        goto err;
+    if (!TEST_int_eq(ERR_peek_error(), 0))
+        goto err;
+    p12 = PKCS12_create(NULL, NULL, pkey, NULL, NULL,
+                        NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                        NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2, 1, 0);
+    if (!TEST_ptr(p12))
+        goto err;
+
+    if (!TEST_int_eq(ERR_peek_error(), 0))
+        goto err;
+    ret = 1;
+err:
+    PKCS12_free(p12);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+#endif
+
 typedef enum OPTION_choice {
     OPT_ERR = -1,
     OPT_EOF = 0,
@@ -785,6 +869,10 @@ int setup_tests(void)
         ADD_ALL_TESTS(test_single_key_enc_alg, OSSL_NELEM(enc_nids_all));
         ADD_ALL_TESTS(test_single_secret_enc_alg, OSSL_NELEM(enc_nids_all));
     }
+#ifndef OPENSSL_NO_DES
+    if (default_libctx)
+        ADD_TEST(pkcs12_create_test);
+#endif
     ADD_ALL_TESTS(test_single_key_enc_pass, OSSL_NELEM(passwords));
     ADD_ALL_TESTS(test_single_key_enc_iter, OSSL_NELEM(iters));
     ADD_TEST(test_single_key_with_attrs);

From tomas at openssl.org  Fri May 28 12:23:10 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 28 May 2021 12:23:10 +0000
Subject: [openssl]  master update
Message-ID: <1622204590.556828.20246.nullmailer@dev.openssl.org>

The branch master has been updated
       via  29253e1e87f4d417f4a082f6193ba539f9b9b1a5 (commit)
       via  5642882f11b0ca6b026b20775c0cddf4a29bc26c (commit)
      from  da5f770ae31e0df17b1b8a143d13fee805d8deb3 (commit)


- Log -----------------------------------------------------------------
commit 29253e1e87f4d417f4a082f6193ba539f9b9b1a5
Author: Sven Schwermer <sven.schwermer at disruptive-technologies.com>
Date:   Thu May 27 08:41:07 2021 +0200

    ERR: Rebuild generated engine error files
    
    CLA: trivial
    
    Signed-off-by: Sven Schwermer <sven.schwermer at disruptive-technologies.com>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15495)

commit 5642882f11b0ca6b026b20775c0cddf4a29bc26c
Author: Sven Schwermer <sven.schwermer at disruptive-technologies.com>
Date:   Thu May 27 08:33:08 2021 +0200

    mkerr: Fix string literal conversion
    
    This fixes a compiler warning on clang-1205.0.22.9 when compiling the
    generated code as C++11:
    
    ISO C++11 does not allow conversion from string literal to 'char *'
    [-Wwritable-strings]
    
    CLA: trivial
    
    Signed-off-by: Sven Schwermer <sven.schwermer at disruptive-technologies.com>
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15495)

-----------------------------------------------------------------------

Summary of changes:
 engines/e_afalg_err.c        | 4 ++--
 engines/e_capi_err.c         | 4 ++--
 engines/e_dasync_err.c       | 4 ++--
 engines/e_loader_attic_err.c | 4 ++--
 engines/e_ossltest_err.c     | 4 ++--
 util/mkerr.pl                | 4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/engines/e_afalg_err.c b/engines/e_afalg_err.c
index cc365064ef..47a3d034e5 100644
--- a/engines/e_afalg_err.c
+++ b/engines/e_afalg_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -62,7 +62,7 @@ static void ERR_unload_AFALG_strings(void)
     }
 }
 
-static void ERR_AFALG_error(int function, int reason, char *file, int line)
+static void ERR_AFALG_error(int function, int reason, const char *file, int line)
 {
     if (lib_code == 0)
         lib_code = ERR_get_next_error_library();
diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c
index 12eb8e0a89..1d7636562e 100644
--- a/engines/e_capi_err.c
+++ b/engines/e_capi_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -85,7 +85,7 @@ static void ERR_unload_CAPI_strings(void)
     }
 }
 
-static void ERR_CAPI_error(int function, int reason, char *file, int line)
+static void ERR_CAPI_error(int function, int reason, const char *file, int line)
 {
     if (lib_code == 0)
         lib_code = ERR_get_next_error_library();
diff --git a/engines/e_dasync_err.c b/engines/e_dasync_err.c
index 1ee237a54d..16021f3196 100644
--- a/engines/e_dasync_err.c
+++ b/engines/e_dasync_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,7 +47,7 @@ static void ERR_unload_DASYNC_strings(void)
     }
 }
 
-static void ERR_DASYNC_error(int function, int reason, char *file, int line)
+static void ERR_DASYNC_error(int function, int reason, const char *file, int line)
 {
     if (lib_code == 0)
         lib_code = ERR_get_next_error_library();
diff --git a/engines/e_loader_attic_err.c b/engines/e_loader_attic_err.c
index 2bc4e854c8..d7c71463d8 100644
--- a/engines/e_loader_attic_err.c
+++ b/engines/e_loader_attic_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -64,7 +64,7 @@ static void ERR_unload_ATTIC_strings(void)
     }
 }
 
-static void ERR_ATTIC_error(int function, int reason, char *file, int line)
+static void ERR_ATTIC_error(int function, int reason, const char *file, int line)
 {
     if (lib_code == 0)
         lib_code = ERR_get_next_error_library();
diff --git a/engines/e_ossltest_err.c b/engines/e_ossltest_err.c
index 141fcd1ca9..f229aeb438 100644
--- a/engines/e_ossltest_err.c
+++ b/engines/e_ossltest_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,7 +47,7 @@ static void ERR_unload_OSSLTEST_strings(void)
     }
 }
 
-static void ERR_OSSLTEST_error(int function, int reason, char *file, int line)
+static void ERR_OSSLTEST_error(int function, int reason, const char *file, int line)
 {
     if (lib_code == 0)
         lib_code = ERR_get_next_error_library();
diff --git a/util/mkerr.pl b/util/mkerr.pl
index ab25b8fc96..1cb772c00f 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -459,7 +459,7 @@ extern \"C\" {
 # endif
 int ERR_load_${lib}_strings(void);
 void ERR_unload_${lib}_strings(void);
-void ERR_${lib}_error(int function, int reason, char *file, int line);
+void ERR_${lib}_error(int function, int reason, const char *file, int line);
 # ifdef  __cplusplus
 }
 # endif
@@ -621,7 +621,7 @@ ${st}void ERR_unload_${lib}_strings(void)
     }
 }
 
-${st}void ERR_${lib}_error(int function, int reason, char *file, int line)
+${st}void ERR_${lib}_error(int function, int reason, const char *file, int line)
 {
     if (lib_code == 0)
         lib_code = ERR_get_next_error_library();

From tomas at openssl.org  Fri May 28 12:29:59 2021
From: tomas at openssl.org (tomas at openssl.org)
Date: Fri, 28 May 2021 12:29:59 +0000
Subject: [openssl]  master update
Message-ID: <1622204999.929157.23679.nullmailer@dev.openssl.org>

The branch master has been updated
       via  b6b3694c9002faf17636a32ae2486e252b3247b4 (commit)
       via  37115f65122d028be85fe0e3d1f33af4a4b9dd39 (commit)
       via  f5d0c02cdcb49d31f07d82e36a113c118f4775ec (commit)
       via  b9098d4edd48fd094afee82ed1e0324f5d247ace (commit)
       via  97aede6846f32287877e7730055b4e782004a05d (commit)
      from  29253e1e87f4d417f4a082f6193ba539f9b9b1a5 (commit)


- Log -----------------------------------------------------------------
commit b6b3694c9002faf17636a32ae2486e252b3247b4
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat May 22 12:40:42 2021 +1000

    Fix incorrect gettable OSSL_CIPHER_PARAM_TLS_MAC parameter
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15416)

commit 37115f65122d028be85fe0e3d1f33af4a4b9dd39
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat May 22 12:39:39 2021 +1000

    Fix incorrect OSSL_CIPHER_PARAM_SPEED get_ctx_params
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15416)

commit f5d0c02cdcb49d31f07d82e36a113c118f4775ec
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat May 22 12:38:19 2021 +1000

    Add missing EVP_CTRL_CCM_SET_L control
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15416)

commit b9098d4edd48fd094afee82ed1e0324f5d247ace
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat May 22 12:37:11 2021 +1000

    Add Docs for EVP_CIPHER-*
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15416)

commit 97aede6846f32287877e7730055b4e782004a05d
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Sat May 22 12:29:18 2021 +1000

    EVP_CIPHER Documentation updates
    
    EVP_EncryptInit.pod now follows the pattern used in EVP_DigestInit.pod.
    i.e.
    '=item' is used for methods
    PARAMETERS and CONTROLS sections have been added.
    
    The PARAMETERS list has been moved from provider-cipher.pod (this file just
    has a link now).
    Missing fields were updated.
    
    The CONTROLS shows the mappings to OSSL_PARAM keys.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15416)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_enc.c                               |   6 +
 doc/build.info                                     |  78 ++
 doc/man3/EVP_EncryptInit.pod                       | 943 ++++++++++++++++-----
 doc/man7/EVP_CIPHER-AES.pod                        |  77 ++
 doc/man7/EVP_CIPHER-ARIA.pod                       |  55 ++
 doc/man7/EVP_CIPHER-BLOWFISH.pod                   |  46 +
 doc/man7/EVP_CIPHER-CAMELLIA.pod                   |  49 ++
 doc/man7/EVP_CIPHER-CAST.pod                       |  45 +
 doc/man7/EVP_CIPHER-CHACHA.pod                     |  41 +
 doc/man7/EVP_CIPHER-DES.pod                        |  78 ++
 doc/man7/EVP_CIPHER-IDEA.pod                       |  45 +
 doc/man7/EVP_CIPHER-RC2.pod                        |  49 ++
 doc/man7/EVP_CIPHER-RC4.pod                        |  43 +
 doc/man7/EVP_CIPHER-RC5.pod                        |  47 +
 doc/man7/EVP_CIPHER-SEED.pod                       |  45 +
 doc/man7/EVP_CIPHER-SM4.pod                        |  47 +
 doc/man7/OSSL_PROVIDER-FIPS.pod                    |   2 +-
 doc/man7/OSSL_PROVIDER-default.pod                 |   8 +-
 doc/man7/OSSL_PROVIDER-legacy.pod                  |  16 +-
 doc/man7/provider-cipher.pod                       | 272 +-----
 providers/implementations/ciphers/cipher_aes_siv.c |   1 -
 providers/implementations/ciphers/ciphercommon.c   |   2 +-
 22 files changed, 1502 insertions(+), 493 deletions(-)
 create mode 100644 doc/man7/EVP_CIPHER-AES.pod
 create mode 100644 doc/man7/EVP_CIPHER-ARIA.pod
 create mode 100644 doc/man7/EVP_CIPHER-BLOWFISH.pod
 create mode 100644 doc/man7/EVP_CIPHER-CAMELLIA.pod
 create mode 100644 doc/man7/EVP_CIPHER-CAST.pod
 create mode 100644 doc/man7/EVP_CIPHER-CHACHA.pod
 create mode 100644 doc/man7/EVP_CIPHER-DES.pod
 create mode 100644 doc/man7/EVP_CIPHER-IDEA.pod
 create mode 100644 doc/man7/EVP_CIPHER-RC2.pod
 create mode 100644 doc/man7/EVP_CIPHER-RC4.pod
 create mode 100644 doc/man7/EVP_CIPHER-RC5.pod
 create mode 100644 doc/man7/EVP_CIPHER-SEED.pod
 create mode 100644 doc/man7/EVP_CIPHER-SM4.pod

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 143ae1b076..dc22d507a4 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1073,6 +1073,12 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
             return 0;
         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
         break;
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        sz = 15 - arg;
+        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
+        break;
     case EVP_CTRL_AEAD_SET_IV_FIXED:
         params[0] = OSSL_PARAM_construct_octet_string(
                         OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz);
diff --git a/doc/build.info b/doc/build.info
index 55e7fff306..b77c04d2b6 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -4019,6 +4019,58 @@ DEPEND[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod
 GENERATE[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod
 DEPEND[man/man7/EVP_ASYM_CIPHER-SM2.7]=man7/EVP_ASYM_CIPHER-SM2.pod
 GENERATE[man/man7/EVP_ASYM_CIPHER-SM2.7]=man7/EVP_ASYM_CIPHER-SM2.pod
+DEPEND[html/man7/EVP_CIPHER-AES.html]=man7/EVP_CIPHER-AES.pod
+GENERATE[html/man7/EVP_CIPHER-AES.html]=man7/EVP_CIPHER-AES.pod
+DEPEND[man/man7/EVP_CIPHER-AES.7]=man7/EVP_CIPHER-AES.pod
+GENERATE[man/man7/EVP_CIPHER-AES.7]=man7/EVP_CIPHER-AES.pod
+DEPEND[html/man7/EVP_CIPHER-ARIA.html]=man7/EVP_CIPHER-ARIA.pod
+GENERATE[html/man7/EVP_CIPHER-ARIA.html]=man7/EVP_CIPHER-ARIA.pod
+DEPEND[man/man7/EVP_CIPHER-ARIA.7]=man7/EVP_CIPHER-ARIA.pod
+GENERATE[man/man7/EVP_CIPHER-ARIA.7]=man7/EVP_CIPHER-ARIA.pod
+DEPEND[html/man7/EVP_CIPHER-BLOWFISH.html]=man7/EVP_CIPHER-BLOWFISH.pod
+GENERATE[html/man7/EVP_CIPHER-BLOWFISH.html]=man7/EVP_CIPHER-BLOWFISH.pod
+DEPEND[man/man7/EVP_CIPHER-BLOWFISH.7]=man7/EVP_CIPHER-BLOWFISH.pod
+GENERATE[man/man7/EVP_CIPHER-BLOWFISH.7]=man7/EVP_CIPHER-BLOWFISH.pod
+DEPEND[html/man7/EVP_CIPHER-CAMELLIA.html]=man7/EVP_CIPHER-CAMELLIA.pod
+GENERATE[html/man7/EVP_CIPHER-CAMELLIA.html]=man7/EVP_CIPHER-CAMELLIA.pod
+DEPEND[man/man7/EVP_CIPHER-CAMELLIA.7]=man7/EVP_CIPHER-CAMELLIA.pod
+GENERATE[man/man7/EVP_CIPHER-CAMELLIA.7]=man7/EVP_CIPHER-CAMELLIA.pod
+DEPEND[html/man7/EVP_CIPHER-CAST.html]=man7/EVP_CIPHER-CAST.pod
+GENERATE[html/man7/EVP_CIPHER-CAST.html]=man7/EVP_CIPHER-CAST.pod
+DEPEND[man/man7/EVP_CIPHER-CAST.7]=man7/EVP_CIPHER-CAST.pod
+GENERATE[man/man7/EVP_CIPHER-CAST.7]=man7/EVP_CIPHER-CAST.pod
+DEPEND[html/man7/EVP_CIPHER-CHACHA.html]=man7/EVP_CIPHER-CHACHA.pod
+GENERATE[html/man7/EVP_CIPHER-CHACHA.html]=man7/EVP_CIPHER-CHACHA.pod
+DEPEND[man/man7/EVP_CIPHER-CHACHA.7]=man7/EVP_CIPHER-CHACHA.pod
+GENERATE[man/man7/EVP_CIPHER-CHACHA.7]=man7/EVP_CIPHER-CHACHA.pod
+DEPEND[html/man7/EVP_CIPHER-DES.html]=man7/EVP_CIPHER-DES.pod
+GENERATE[html/man7/EVP_CIPHER-DES.html]=man7/EVP_CIPHER-DES.pod
+DEPEND[man/man7/EVP_CIPHER-DES.7]=man7/EVP_CIPHER-DES.pod
+GENERATE[man/man7/EVP_CIPHER-DES.7]=man7/EVP_CIPHER-DES.pod
+DEPEND[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod
+GENERATE[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod
+DEPEND[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
+GENERATE[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
+DEPEND[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
+GENERATE[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
+DEPEND[man/man7/EVP_CIPHER-RC2.7]=man7/EVP_CIPHER-RC2.pod
+GENERATE[man/man7/EVP_CIPHER-RC2.7]=man7/EVP_CIPHER-RC2.pod
+DEPEND[html/man7/EVP_CIPHER-RC4.html]=man7/EVP_CIPHER-RC4.pod
+GENERATE[html/man7/EVP_CIPHER-RC4.html]=man7/EVP_CIPHER-RC4.pod
+DEPEND[man/man7/EVP_CIPHER-RC4.7]=man7/EVP_CIPHER-RC4.pod
+GENERATE[man/man7/EVP_CIPHER-RC4.7]=man7/EVP_CIPHER-RC4.pod
+DEPEND[html/man7/EVP_CIPHER-RC5.html]=man7/EVP_CIPHER-RC5.pod
+GENERATE[html/man7/EVP_CIPHER-RC5.html]=man7/EVP_CIPHER-RC5.pod
+DEPEND[man/man7/EVP_CIPHER-RC5.7]=man7/EVP_CIPHER-RC5.pod
+GENERATE[man/man7/EVP_CIPHER-RC5.7]=man7/EVP_CIPHER-RC5.pod
+DEPEND[html/man7/EVP_CIPHER-SEED.html]=man7/EVP_CIPHER-SEED.pod
+GENERATE[html/man7/EVP_CIPHER-SEED.html]=man7/EVP_CIPHER-SEED.pod
+DEPEND[man/man7/EVP_CIPHER-SEED.7]=man7/EVP_CIPHER-SEED.pod
+GENERATE[man/man7/EVP_CIPHER-SEED.7]=man7/EVP_CIPHER-SEED.pod
+DEPEND[html/man7/EVP_CIPHER-SM4.html]=man7/EVP_CIPHER-SM4.pod
+GENERATE[html/man7/EVP_CIPHER-SM4.html]=man7/EVP_CIPHER-SM4.pod
+DEPEND[man/man7/EVP_CIPHER-SM4.7]=man7/EVP_CIPHER-SM4.pod
+GENERATE[man/man7/EVP_CIPHER-SM4.7]=man7/EVP_CIPHER-SM4.pod
 DEPEND[html/man7/EVP_KDF-HKDF.html]=man7/EVP_KDF-HKDF.pod
 GENERATE[html/man7/EVP_KDF-HKDF.html]=man7/EVP_KDF-HKDF.pod
 DEPEND[man/man7/EVP_KDF-HKDF.7]=man7/EVP_KDF-HKDF.pod
@@ -4441,6 +4493,19 @@ IMAGEDOCS[man7]=man7/img/kdf.png \
 man7/img/mac.png \
 man7/img/rand.png
 HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-SM2.html \
+html/man7/EVP_CIPHER-AES.html \
+html/man7/EVP_CIPHER-ARIA.html \
+html/man7/EVP_CIPHER-BLOWFISH.html \
+html/man7/EVP_CIPHER-CAMELLIA.html \
+html/man7/EVP_CIPHER-CAST.html \
+html/man7/EVP_CIPHER-CHACHA.html \
+html/man7/EVP_CIPHER-DES.html \
+html/man7/EVP_CIPHER-IDEA.html \
+html/man7/EVP_CIPHER-RC2.html \
+html/man7/EVP_CIPHER-RC4.html \
+html/man7/EVP_CIPHER-RC5.html \
+html/man7/EVP_CIPHER-SEED.html \
+html/man7/EVP_CIPHER-SM4.html \
 html/man7/EVP_KDF-HKDF.html \
 html/man7/EVP_KDF-KB.html \
 html/man7/EVP_KDF-KRB5KDF.html \
@@ -4546,6 +4611,19 @@ html/man7/proxy-certificates.html \
 html/man7/ssl.html \
 html/man7/x509.html
 MANDOCS[man7]=man/man7/EVP_ASYM_CIPHER-SM2.7 \
+man/man7/EVP_CIPHER-AES.7 \
+man/man7/EVP_CIPHER-ARIA.7 \
+man/man7/EVP_CIPHER-BLOWFISH.7 \
+man/man7/EVP_CIPHER-CAMELLIA.7 \
+man/man7/EVP_CIPHER-CAST.7 \
+man/man7/EVP_CIPHER-CHACHA.7 \
+man/man7/EVP_CIPHER-DES.7 \
+man/man7/EVP_CIPHER-IDEA.7 \
+man/man7/EVP_CIPHER-RC2.7 \
+man/man7/EVP_CIPHER-RC4.7 \
+man/man7/EVP_CIPHER-RC5.7 \
+man/man7/EVP_CIPHER-SEED.7 \
+man/man7/EVP_CIPHER-SM4.7 \
 man/man7/EVP_KDF-HKDF.7 \
 man/man7/EVP_KDF-KB.7 \
 man/man7/EVP_KDF-KRB5KDF.7 \
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index b4a00cf76c..52b8736d07 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -132,7 +132,7 @@ EVP_CIPHER_do_all_provided
 
  int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
  int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
- int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2);
  int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
 
  const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
@@ -197,78 +197,140 @@ symmetric ciphers.
 
 The B<EVP_CIPHER> type is a structure for cipher method implementation.
 
-EVP_CIPHER_fetch() fetches the cipher implementation for the given
-B<algorithm> from any provider offering it, within the criteria given
-by the B<properties>.
+=over 4
+
+=item EVP_CIPHER_fetch()
+
+Fetches the cipher implementation for the given I<algorithm> from any provider
+offering it, within the criteria given by the I<properties>.
 See L<crypto(7)/ALGORITHM FETCHING> for further information.
 
 The returned value must eventually be freed with EVP_CIPHER_free().
 
-EVP_CIPHER_up_ref() increments the reference count for an B<EVP_CIPHER>
-structure.
+Fetched B<EVP_CIPHER> structures are reference counted.
+
+=item EVP_CIPHER_up_ref()
 
-EVP_CIPHER_free() decrements the reference count for the B<EVP_CIPHER>
-structure.
+Increments the reference count for an B<EVP_CIPHER> structure.
+
+=item EVP_CIPHER_free()
+
+Decrements the reference count for the fetched B<EVP_CIPHER> structure.
 If the reference count drops to 0 then the structure is freed.
 
-EVP_CIPHER_CTX_new() creates a cipher context.
-
-EVP_CIPHER_CTX_free() clears all information from a cipher context
-and free up any allocated memory associate with it, including B<ctx>
-itself. This function should be called after all operations using a
-cipher are complete so sensitive information does not remain in
-memory.
-
-EVP_EncryptInit_ex2() sets up cipher context B<ctx> for encryption
-with cipher B<type>. B<type> is typically supplied by a function such
-as EVP_aes_256_cbc(), or a value explicitly fetched with
-EVP_CIPHER_fetch(). B<key> is the symmetric key to use
-and B<iv> is the IV to use (if necessary), the actual number of bytes
-used for the key and IV depends on the cipher. The parameters B<params> will
-be set on the context after initialisation. It is possible to set
-all parameters to NULL except B<type> in an initial call and supply
-the remaining parameters in subsequent calls, all of which have B<type>
-set to NULL. This is done when the default cipher parameters are not
-appropriate.
-For EVP_CIPH_GCM_MODE the IV will be generated internally if it is not
-specified.
+=item EVP_CIPHER_CTX_new()
+
+Allocates and returns a cipher context.
+
+=item EVP_CIPHER_CTX_free()
+
+Clears all information from a cipher context and frees any allocated memory
+associated with it, including I<ctx> itself. This function should be called after
+all operations using a cipher are complete so sensitive information does not
+remain in memory.
+
+=item EVP_CIPHER_CTX_ctrl()
+
+I<This is a legacy method.> EVP_CIPHER_CTX_set_params() and
+EVP_CIPHER_CTX_get_params() is the mechanism that should be used to set and get
+parameters that are used by providers.
+
+Performs cipher-specific control actions on context I<ctx>. The control command
+is indicated in I<cmd> and any additional arguments in I<p1> and I<p2>.
+EVP_CIPHER_CTX_ctrl() must be called after EVP_CipherInit_ex2(). Other restrictions
+may apply depending on the control type and cipher implementation.
+
+If this function happens to be used with a fetched B<EVP_CIPHER>, it will
+translate the controls that are known to OpenSSL into L<OSSL_PARAM(3)>
+parameters with keys defined by OpenSSL and call EVP_CIPHER_CTX_get_params() or
+EVP_CIPHER_CTX_set_params() as is appropriate for each control command.
+
+See L</CONTROLS> below for more information, including what translations are
+being done.
 
-EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
-with cipher B<type>. B<type> is typically supplied by a function such
-as EVP_aes_256_cbc(), or a value explicitly fetched with
-EVP_CIPHER_fetch(). If B<impl> is non-NULL, its implementation of the
-cipher B<type> is used if there is one, and if not, the default
-implementation is used. B<key> is the symmetric key to use
-and B<iv> is the IV to use (if necessary), the actual number of bytes
-used for the key and IV depends on the cipher. It is possible to set
-all parameters to NULL except B<type> in an initial call and supply
-the remaining parameters in subsequent calls, all of which have B<type>
-set to NULL. This is done when the default cipher parameters are not
-appropriate.
-For EVP_CIPH_GCM_MODE the IV will be generated internally if it is not
+=item EVP_CIPHER_get_params()
+
+Retrieves the requested list of algorithm I<params> from a CIPHER I<cipher>.
+See L</PARAMETERS> below for more information.
+
+=item EVP_CIPHER_CTX_get_params()
+
+Retrieves the requested list of I<params> from CIPHER context I<ctx>.
+See L</PARAMETERS> below for more information.
+
+=item EVP_CIPHER_CTX_set_params()
+
+Sets the list of I<params> into a CIPHER context I<ctx>.
+See L</PARAMETERS> below for more information.
+
+=item EVP_CIPHER_gettable_params()
+
+Get a constant B<OSSL_PARAM> array that describes the retrievable parameters
+that can be used with EVP_CIPHER_get_params().  See L<OSSL_PARAM(3)> for the
+use of B<OSSL_PARAM> as a parameter descriptor.
+
+=item EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params()
+
+Get a constant B<OSSL_PARAM> array that describes the retrievable parameters
+that can be used with EVP_CIPHER_CTX_get_params().
+EVP_CIPHER_gettable_ctx_params() returns the parameters that can be retrieved
+from the algorithm, whereas EVP_CIPHER_CTX_gettable_params() returns the
+parameters that can be retrieved in the context's current state.
+See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor.
+
+=item EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params()
+
+Get a constant B<OSSL_PARAM> array that describes the settable parameters
+that can be used with EVP_CIPHER_CTX_set_params().
+EVP_CIPHER_settable_ctx_params() returns the parameters that can be set from the
+algorithm, whereas EVP_CIPHER_CTX_settable_params() returns the parameters that
+can be set in the context's current state.
+See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor.
+
+=item EVP_EncryptInit_ex2()
+
+Sets up cipher context I<ctx> for encryption with cipher I<type>. I<type> is
+typically supplied by calling EVP_CIPHER_fetch(). I<type> may also be set
+using legacy functions such as EVP_aes_256_cbc(), but this is not recommended
+for new applications. I<key> is the symmetric key to use and I<iv> is the IV to
+use (if necessary), the actual number of bytes used for the key and IV depends
+on the cipher. The parameters I<params> will be set on the context after
+initialisation. It is possible to set all parameters to NULL except I<type> in
+an initial call and supply the remaining parameters in subsequent calls, all of
+which have I<type> set to NULL. This is done when the default cipher parameters
+are not appropriate.
+For B<EVP_CIPH_GCM_MODE> the IV will be generated internally if it is not
 specified.
 
-EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
-writes the encrypted version to B<out>. This function can be called
-multiple times to encrypt successive blocks of data. The amount
-of data written depends on the block alignment of the encrypted data.
+=item EVP_EncryptInit_ex()
+
+This legacy function is similar to EVP_EncryptInit_ex2() when I<impl> is NULL.
+The implementation of the I<type> from the I<impl> engine will be used if it
+exists.
+
+=item EVP_EncryptUpdate()
+
+Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to
+I<out>. This function can be called multiple times to encrypt successive blocks
+of data. The amount of data written depends on the block alignment of the
+encrypted data.
 For most ciphers and modes, the amount of data written can be anything
 from zero bytes to (inl + cipher_block_size - 1) bytes.
 For wrap cipher modes, the amount of data written can be anything
 from zero bytes to (inl + cipher_block_size) bytes.
 For stream ciphers, the amount of data written can be anything from zero
 bytes to inl bytes.
-Thus, B<out> should contain sufficient room for the operation being performed.
-The actual number of bytes written is placed in B<outl>. It also
-checks if B<in> and B<out> are partially overlapping, and if they are
+Thus, I<out> should contain sufficient room for the operation being performed.
+The actual number of bytes written is placed in I<outl>. It also
+checks if I<in> and I<out> are partially overlapping, and if they are
 0 is returned to indicate failure.
 
 If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
 the "final" data, that is any data that remains in a partial block.
 It uses standard block padding (aka PKCS padding) as described in
 the NOTES section, below. The encrypted
-final data is written to B<out> which should have sufficient space for
-one cipher block. The number of bytes written is placed in B<outl>. After
+final data is written to I<out> which should have sufficient space for
+one cipher block. The number of bytes written is placed in I<outl>. After
 this function is called the encryption operation is finished and no further
 calls to EVP_EncryptUpdate() should be made.
 
@@ -276,180 +338,183 @@ If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
 data and it will return an error if any data remains in a partial block:
 that is if the total data length is not a multiple of the block size.
 
-EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate()
-and EVP_DecryptFinal_ex() are the corresponding decryption
-operations. EVP_DecryptFinal() will return an error code if padding is
-enabled and the final block is not correctly formatted. The parameters
-and restrictions are identical to the encryption operations except
-that if padding is enabled the decrypted data buffer B<out> passed
-to EVP_DecryptUpdate() should have sufficient room for (B<inl> +
-cipher_block_size) bytes unless the cipher block size is 1 in which case
-B<inl> bytes is sufficient.
-
-EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and
-EVP_CipherFinal_ex() are functions that can be used for decryption or
-encryption. The operation performed depends on the value of the B<enc>
-parameter. It should be set to 1 for encryption, 0 for decryption and -1
-to leave the value unchanged (the actual value of 'enc' being supplied
-in a previous call).
-
-EVP_CIPHER_CTX_reset() clears all information from a cipher context
-and free up any allocated memory associate with it, except the B<ctx>
-itself. This function should be called anytime B<ctx> is to be reused
-for another EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal()
-series of calls.
-
-EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
-similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and
-EVP_CipherInit_ex() except they always use the default cipher implementation.
-
-EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are
-identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
+=item EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate()
+and EVP_DecryptFinal_ex()
+
+These functions are the corresponding decryption operations.
+EVP_DecryptFinal() will return an error code if padding is enabled and the
+final block is not correctly formatted. The parameters and restrictions are
+identical to the encryption operations except that if padding is enabled the
+decrypted data buffer I<out> passed to EVP_DecryptUpdate() should have
+sufficient room for (I<inl> + cipher_block_size) bytes unless the cipher block
+size is 1 in which case I<inl> bytes is sufficient.
+
+=item EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and
+EVP_CipherFinal_ex()
+
+These functions can be used for decryption or encryption. The operation
+performed depends on the value of the I<enc> parameter. It should be set to 1
+for encryption, 0 for decryption and -1 to leave the value unchanged
+(the actual value of 'enc' being supplied in a previous call).
+
+=item EVP_CIPHER_CTX_reset()
+
+Clears all information from a cipher context and free up any allocated memory
+associated with it, except the I<ctx> itself. This function should be called
+anytime I<ctx> is reused by another
+EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls.
+
+=item EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit()
+
+Behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and
+EVP_CipherInit_ex() except if the I<type> is not a fetched cipher they use the
+default implementation of the I<type>.
+
+=item EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()
+
+Identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
 EVP_CipherFinal_ex(). In previous releases they also cleaned up
-the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean()
+the I<ctx>, but this is no longer done and EVP_CIPHER_CTX_cleanup()
 must be called to free any context resources.
 
-EVP_Cipher() encrypts or decrypts a maximum I<inl> amount of bytes from
-I<in> and leaves the result in I<out>.
+=item EVP_Cipher()
+
+Encrypts or decrypts a maximum I<inl> amount of bytes from I<in> and leaves the
+result in I<out>.
 If the cipher doesn't have the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set,
 then I<inl> must be a multiple of EVP_CIPHER_block_size().  If it isn't,
 the result is undefined.  If the cipher has that flag set, then I<inl>
 can be any size.
-This function is historic and shouldn't be used in an application, please
-consider using EVP_CipherUpdate() and EVP_CipherFinal_ex instead.
+Due to the constraints of the API contract of this function it shouldn't be used
+in applications, please consider using EVP_CipherUpdate() and
+EVP_CipherFinal_ex() instead.
 
-EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
-return an EVP_CIPHER structure when passed a cipher name, a NID or an
+=item EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+
+Return an EVP_CIPHER structure when passed a cipher name, a NID or an
 ASN1_OBJECT structure.
 
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
-passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
-value is an internal value which may not have a corresponding OBJECT
-IDENTIFIER.
-
-EVP_CIPHER_CTX_set_padding() enables or disables padding. This
-function should be called after the context is set up for encryption
-or decryption with EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
-EVP_CipherInit_ex2(). By default encryption operations are padded using
-standard block padding and the padding is checked and removed when
-decrypting. If the B<pad> parameter is zero then no padding is
+=item EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid()
+
+Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure.  The actual NID value is an internal value which may not have a
+corresponding OBJECT IDENTIFIER.
+
+=item EVP_CIPHER_CTX_set_padding()
+
+Enables or disables padding. This function should be called after the context
+is set up for encryption or decryption with EVP_EncryptInit_ex2(),
+EVP_DecryptInit_ex2() or EVP_CipherInit_ex2(). By default encryption operations
+are padded using standard block padding and the padding is checked and removed
+when decrypting. If the I<pad> parameter is zero then no padding is
 performed, the total amount of data encrypted or decrypted must then
 be a multiple of the block size or an error will occur.
 
-EVP_CIPHER_get_params() retrieves the requested list of algorithm
-B<params> from a B<cipher>.
-
-EVP_CIPHER_CTX_set_params() Sets the list of operation B<params> into a CIPHER
-context B<ctx>.
-
-EVP_CIPHER_CTX_get_params() retrieves the requested list of operation
-B<params> from CIPHER context B<ctx>.
-
-EVP_CIPHER_gettable_params() returns an B<OSSL_PARAM> array that describes
-the retrievable and settable parameters.  EVP_CIPHER_gettable_params()
-returns parameters that can be used with EVP_CIPHER_get_params().  See
-L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor.
-
-EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params()
-return constant B<OSSL_PARAM> arrays that describe the retrievable
-parameters that can be used with EVP_CIPHER_CTX_get_params().
-EVP_CIPHER_gettable_ctx_params() returns the parameters that can be
-retrieved from the algorithm, whereas EVP_CIPHER_CTX_gettable_params()
-returns the parameters that can be retrieved in the context's current
-state.  See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter
-descriptor.
-
-EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params()
-return constant B<OSSL_PARAM> arrays that describe the settable
-parameters that can be used with EVP_CIPHER_CTX_set_params().
-EVP_CIPHER_settable_ctx_params() returns the parameters that can be
-retrieved from the algorithm, whereas EVP_CIPHER_CTX_settable_params()
-returns the parameters that can be retrieved in the context's current
-state.  See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter
-descriptor.
+=item EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length()
 
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
-for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
-given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
-for variable key length ciphers.
+Return the key length of a cipher when passed an B<EVP_CIPHER> or
+B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum
+key length for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for
+a given cipher, the value of EVP_CIPHER_CTX_key_length() may be different for
+variable key length ciphers.
 
-EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
+=item EVP_CIPHER_CTX_set_key_length()
+
+Sets the key length of the cipher context.
 If the cipher is a fixed length cipher then attempting to set the key
 length to any value other than the fixed value is an error.
 
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
-It will return zero if the cipher does not use an IV.  The constant
-B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+=item EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length()
 
-EVP_CIPHER_CTX_tag_length() returns the tag length of a AEAD cipher when passed
-a B<EVP_CIPHER_CTX>. It will return zero if the cipher does not support a tag.
-It returns a default value if the tag length has not been set.
+Return the IV length of a cipher when passed an B<EVP_CIPHER> or
+B<EVP_CIPHER_CTX>. It will return zero if the cipher does not use an IV.
+The constant B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
 
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the maximum block
-length for all ciphers.
-
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
-cipher or context. This "type" is the actual NID of the cipher OBJECT
-IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
-128 bit RC2 have the same NID. If the cipher does not have an object
-identifier or does not have ASN1 support this function will return
+=item EVP_CIPHER_CTX_tag_length()
+
+Returns the tag length of an AEAD cipher when passed a B<EVP_CIPHER_CTX>. It will
+return zero if the cipher does not support a tag. It returns a default value if
+the tag length has not been set.
+
+=item EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size()
+
+Return the block size of a cipher when passed an B<EVP_CIPHER> or
+B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the
+maximum block length for all ciphers.
+
+=item EVP_CIPHER_type() and EVP_CIPHER_CTX_type()
+
+Return the type of the passed cipher or context. This "type" is the actual NID
+of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters
+(40 bit RC2 and 128 bit RC2 have the same NID). If the cipher does not have an
+object identifier or does not have ASN1 support this function will return
 B<NID_undef>.
 
-EVP_CIPHER_is_a() returns 1 if I<cipher> is an implementation of an
-algorithm that's identifiable with I<name>, otherwise 0.
-If I<cipher> is a legacy cipher (it's the return value from the likes
-of EVP_aes128() rather than the result of an EVP_CIPHER_fetch()), only
-cipher names registered with the default library context (see
-L<OSSL_LIB_CTX(3)>) will be considered.
+=item EVP_CIPHER_is_a()
+
+Returns 1 if I<cipher> is an implementation of an algorithm that's identifiable
+with I<name>, otherwise 0. If I<cipher> is a legacy cipher (it's the return
+value from the likes of EVP_aes128() rather than the result of an
+EVP_CIPHER_fetch()), only cipher names registered with the default library
+context (see L<OSSL_LIB_CTX(3)>) will be considered.
+
+=item EVP_CIPHER_number()
+
+Returns the internal dynamic number assigned to the I<cipher>.  This is only
+useful with fetched B<EVP_CIPHER>s.
+
+=item EVP_CIPHER_name() and EVP_CIPHER_CTX_name()
 
-EVP_CIPHER_number() returns the internal dynamic number assigned to
-the I<cipher>.  This is only useful with fetched B<EVP_CIPHER>s.
+Return the name of the passed cipher or context.  For fetched ciphers with
+multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all().
 
-EVP_CIPHER_name() and EVP_CIPHER_CTX_name() return the name of the passed
-cipher or context.  For fetched ciphers with multiple names, only one
-of them is returned; it's recommended to use EVP_CIPHER_names_do_all()
-instead.
+=item EVP_CIPHER_names_do_all()
 
-EVP_CIPHER_names_do_all() traverses all names for the I<cipher>, and
-calls I<fn> with each name and I<data>.  This is only useful with
-fetched B<EVP_CIPHER>s.
+Traverses all names for the I<cipher>, and calls I<fn> with each name and
+I<data>.  This is only useful with fetched B<EVP_CIPHER>s.
 
-EVP_CIPHER_description() returns a description of the cipher, meant for
-display and human consumption.  The description is at the discretion of the
-cipher implementation.
+=item EVP_CIPHER_description()
 
-EVP_CIPHER_provider() returns an B<OSSL_PROVIDER> pointer to the provider
-that implements the given B<EVP_CIPHER>.
+Returns a description of the cipher, meant for display and human consumption.
+The description is at the discretion of the cipher implementation.
 
-EVP_CIPHER_CTX_get0_cipher() returns the B<EVP_CIPHER> structure when passed
-an B<EVP_CIPHER_CTX> structure.
+=item EVP_CIPHER_provider()
+
+Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given
+B<EVP_CIPHER>.
+
+=item EVP_CIPHER_CTX_get0_cipher()
+
+Returns the B<EVP_CIPHER> structure when passed an B<EVP_CIPHER_CTX> structure.
 EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to
 the caller.
 
-EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
+=item EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode()
+
+Return the block cipher mode:
 EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE,
 EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE,
-EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. If the cipher is a
-stream cipher then EVP_CIPH_STREAM_CIPHER is returned.
-
-EVP_CIPHER_flags() returns any flags associated with the cipher. See
-EVP_CIPHER_meth_set_flags() for a list of currently defined flags.
-
-EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
-on the passed cipher. This will typically include any parameters and an
-IV. The cipher IV (if any) must be set when this call is made. This call
-should be made before the cipher is actually "used" (before any
-EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
-may fail if the cipher does not have any ASN1 support.
-
-EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
-AlgorithmIdentifier "parameter". The precise effect depends on the cipher
-In the case of RC2, for example, it will set the IV and effective key length.
+EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE.
+If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned.
+
+=item EVP_CIPHER_flags()
+
+Returns any flags associated with the cipher. See EVP_CIPHER_meth_set_flags()
+for a list of currently defined flags.
+
+=item EVP_CIPHER_param_to_asn1()
+
+Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will
+typically include any parameters and an IV. The cipher IV (if any) must be set
+when this call is made. This call should be made before the cipher is actually
+"used" (before any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example).
+This function may fail if the cipher does not have any ASN1 support.
+
+=item EVP_CIPHER_asn1_to_param()
+
+Sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter".
+The precise effect depends on the cipher. In the case of B<RC2>, for example,
+it will set the IV and effective key length.
 This function should be called after the base cipher type is set but before
 the key is set. For example EVP_CipherInit() will be called with the IV and
 key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
@@ -458,18 +523,472 @@ possible for this function to fail if the cipher does not have any ASN1 support
 or the parameters cannot be set (for example the RC2 effective key length
 is not supported.
 
-EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
-and set.
+=item EVP_CIPHER_CTX_rand_key()
+
+Generates a random key of the appropriate length based on the cipher context.
+The B<EVP_CIPHER> can provide its own random key generation routine to support
+keys of a specific form. I<key> must point to a buffer at least as big as the
+value returned by EVP_CIPHER_CTX_key_length().
+
+=item EVP_CIPHER_do_all_provided()
+
+Traverses all ciphers implemented by all activated providers in the given
+library context I<libctx>, and for each of the implementations, calls the given
+function I<fn> with the implementation method and the given I<arg> as argument.
+
+=back
+
+=head1 PARAMETERS
+
+See L<OSSL_PARAM(3)> for information about passing parameters.
+
+=head2 Gettable EVP_CIPHER parameters
+
+When EVP_CIPHER_fetch() is called it internally calls EVP_CIPHER_get_params()
+and caches the results.
+
+EVP_CIPHER_get_params() can be used with the following B<OSSL_PARAM> keys:
+
+=over 4
+
+=item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer>
+
+Gets the mode for the associated cipher algorithm I<cipher>.
+See L</EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode()> for a list of valid modes.
+Use EVP_CIPHER_mode() to retrieve the cached value.
+
+=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
+
+Gets the key length for the associated cipher algorithm I<cipher>.
+Use EVP_CIPHER_key_length() to retrieve the cached value.
+
+=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer>
+
+Gets the IV length for the associated cipher algorithm I<cipher>.
+Use EVP_CIPHER_iv_length() to retrieve the cached value.
+
+=item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer>
+
+Gets the block size for the associated cipher algorithm I<cipher>.
+The block size should be 1 for stream ciphers.
+Note that the block size for a cipher may be different to the block size for
+the underlying encryption/decryption primitive.
+For example AES in CTR mode has a block size of 1 (because it operates like a
+stream cipher), even though AES has a block size of 16.
+Use EVP_CIPHER_block_size() to retreive the cached value.
+
+=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
+
+Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
+Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the
+cached value.
+
+=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer>
+
+Gets 1 if the cipher algorithm I<cipher> has a custom IV, otherwise it gets 0.
+Storing and initializing the IV is left entirely to the implementation, if a
+custom IV is used.
+Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the
+cached value.
+
+=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer>
+
+Gets 1 if the cipher algorithm I<cipher> uses ciphertext stealing,
+otherwise it gets 0.
+This is currently used to indicate that the cipher is a one shot that only
+allows a single call to EVP_CipherUpdate().
+Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the
+cached value.
+
+=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer>
+
+Gets 1 if the cipher algorithm I<cipher> supports interleaving of crypto blocks,
+otherwise it gets 0. The interleaving is an optimization only applicable to certain
+TLS ciphers.
+Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the
+cached value.
+
+=back
+
+=head2 Gettable and Settable EVP_CIPHER_CTX parameters
+
+The following B<OSSL_PARAM> keys can be used with both EVP_CIPHER_CTX_get_params()
+and EVP_CIPHER_CTX_set_params().
+
+=over 4
+
+=item "padding" (B<OSSL_CIPHER_PARAM_PADDING>) <unsigned integer>
+
+Gets or sets the padding mode for the cipher context I<ctx>.
+Padding is enabled if the value is 1, and disabled if the value is 0.
+See also EVP_CIPHER_CTX_set_padding().
+
+=item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer>
+
+Gets or sets the cipher specific "num" parameter for the cipher context I<ctx>.
+Built-in ciphers typically use this to track how much of the current underlying
+block has been "used" already.
+See also EVP_CIPHER_CTX_num() and EVP_CIPHER_CTX_set_num().
+
+=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
+
+Gets or sets the key length for the cipher context I<ctx>.
+The length of the "keylen" parameter should not exceed that of a B<size_t>.
+See also EVP_CIPHER_CTX_key_length() and EVP_CIPHER_CTX_set_key_length().
+
+=item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string>
+
+Gets or sets the AEAD tag for the associated cipher context I<ctx>.
+See L<EVP_EncryptInit(3)/AEAD Interface>.
+
+=item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer>
+
+Gets or sets the effective keybits used for a RC2 cipher.
+The length of the "keybits" parameter should not exceed that of a B<size_t>.
+
+=item "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>) <unsigned integer>
+
+Gets or sets the number of rounds to be used for a cipher.
+This is used by the RC5 cipher.
+
+=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string>
+
+Used to pass the DER encoded AlgorithmIdentifier parameter to or from
+the cipher implementation.  Functions like L<EVP_CIPHER_param_to_asn1(3)>
+and L<EVP_CIPHER_asn1_to_param(3)> use this parameter for any implementation
+that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set.
 
-EVP_CIPHER_CTX_rand_key() generates a random key of the appropriate length
-based on the cipher context. The EVP_CIPHER can provide its own random key
-generation routine to support keys of a specific form. B<Key> must point to a
-buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length().
+=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
 
-EVP_CIPHER_do_all_provided() traverses all ciphers implemented by all activated
-providers in the given library context I<libctx>, and for each of the
-implementations, calls the given function I<fn> with the implementation method
-and the given I<arg> as argument.
+Gets or sets the cipher text stealing mode. For all modes the output size is the
+same as the input size.
+
+Valid values for the mode are:
+
+=over 4
+
+=item "CS1"
+
+The NIST variant of cipher text stealing.
+For message lengths that are multiples of the block size it is equivalent to
+using a "AES-CBC" cipher otherwise the second last cipher text block is a
+partial block.
+
+=item "CS2"
+
+For message lengths that are multiples of the block size it is equivalent to
+using a "AES-CBC" cipher, otherwise it is the same as "CS3".
+
+=item "CS3"
+
+The Kerberos5 variant of cipher text stealing which always swaps the last
+cipher text block with the previous block (which may be a partial or full block
+depending on the input length).
+
+=back
+
+The default is "CS1".
+This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
+
+=item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer>
+
+Sets or gets the number of records being sent in one go for a tls1 multiblock
+cipher operation (either 4 or 8 records).
+
+=back
+
+=head2 Gettable EVP_CIPHER_CTX parameters
+
+The following B<OSSL_PARAM> keys can be used with EVP_CIPHER_CTX_get_params():
+
+=over 4
+
+=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN> and <B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer>
+
+Gets the IV length for the cipher context I<ctx>.
+The length of the "ivlen" parameter should not exceed that of a B<size_t>.
+See also EVP_CIPHER_CTX_iv_length().
+
+=item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr>
+
+Gets the IV used to initialize the associated cipher context I<ctx>.
+See also EVP_CIPHER_CTX_get_original_iv().
+
+=item "updated-iv" (B<OSSL_CIPHER_PARAM_UPDATED_IV>) <octet string OR octet ptr>
+
+Gets the updated pseudo-IV state for the associated cipher context, e.g.,
+the previous ciphertext block for CBC mode or the iteratively encrypted IV
+value for OFB mode.  Note that octet pointer access is deprecated and is
+provided only for backwards compatibility with historical libcrypto APIs.
+See also EVP_CIPHER_CTX_get_updated_iv().
+
+=item "randkey" (B<OSSL_CIPHER_PARAM_RANDOM_KEY>) <octet string>
+
+Gets an implementation specific randomly generated key for the associated
+cipher context I<ctx>. This is currently only supported by DES and 3DES (which set
+the key to odd parity).
+
+=item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer>
+
+Gets the tag length to be used for an AEAD cipher for the associated cipher
+context I<ctx>. It gets a default value if it has not been set.
+The length of the "taglen" parameter should not exceed that of a B<size_t>.
+See also EVP_CIPHER_CTX_tag_length().
+
+=item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer>
+
+Gets the length of the tag that will be added to a TLS record for the AEAD
+tag for the associated cipher context I<ctx>.
+The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>.
+
+=item "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>) <octet string>
+
+Gets the invocation field generated for encryption.
+Can only be called after "tlsivfixed" is set.
+This is only used for GCM mode.
+
+=item "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>) <unsigned integer>
+
+Get the total length of the record returned from the "tls1multi_enc" operation.
+
+=item "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>) <unsigned integer>
+
+Gets the maximum record length for a TLS1 multiblock cipher operation.
+The length of the "tls1multi_maxbufsz" parameter should not exceed that of a B<size_t>.
+
+=item "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) <unsigned integer>
+
+Gets the result of running the "tls1multi_aad" operation.
+
+=item "tls-mac" (B<OSSL_CIPHER_PARAM_TLS_MAC>) <octet ptr>
+
+Used to pass the TLS MAC data.
+
+=back
+
+=head2 Settable EVP_CIPHER_CTX parameters
+
+The following B<OSSL_PARAM> keys can be used with EVP_CIPHER_CTX_set_params():
+
+=over 4
+
+=item "mackey" (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>) <octet string>
+
+Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256.
+
+=item "speed" (B<OSSL_CIPHER_PARAM_SPEED>) <unsigned integer>
+
+Sets the speed option for the associated cipher context. This is only supported
+by AES SIV ciphers which disallow multiple operations by default.
+Setting "speed" to 1 allows another encrypt or decrypt operation to be
+performed. This is used for performance testing.
+
+=item "tls-version" (B<OSSL_CIPHER_PARAM_TLS_VERSION>) <integer>
+
+Sets the TLS version.
+
+=item "tls-mac-size" (B<OSSL_CIPHER_PARAM_TLS_MAC_SIZE>) <unsigned integer>
+
+Set the TLS MAC size.
+
+=item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>
+
+Sets TLSv1.2 AAD information for the associated cipher context I<ctx>.
+TLSv1.2 AAD information is always 13 bytes in length and is as defined for the
+"additional_data" field described in section 6.2.3.3 of RFC5246.
+
+=item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string>
+
+Sets the fixed portion of an IV for an AEAD cipher used in a TLS record
+encryption/ decryption for the associated cipher context.
+TLS record encryption/decryption always occurs "in place" so that the input and
+output buffers are always the same memory location.
+AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part
+that varies with every record.
+Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records.
+TLS records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per
+record.
+For a record decryption the first bytes of the input buffer will be the explicit
+part of the IV and the final bytes of the input buffer will be the AEAD tag.
+The length of the explicit part of the IV and the tag length will depend on the
+cipher in use and will be defined in the RFC for the relevant ciphersuite.
+In order to allow for "in place" decryption the plaintext output should be
+written to the same location in the output buffer that the ciphertext payload
+was read from, i.e. immediately after the explicit IV.
+
+When encrypting a record the first bytes of the input buffer should be empty to
+allow space for the explicit IV, as will the final bytes where the tag will
+be written.
+The length of the input buffer will include the length of the explicit IV, the
+payload, and the tag bytes.
+The cipher implementation should generate the explicit IV and write it to the
+beginning of the output buffer, do "in place" encryption of the payload and
+write that to the output buffer, and finally add the tag onto the end of the
+output buffer.
+
+Whether encrypting or decrypting the value written to I<*outl> in the
+OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit
+IV length and the tag length.
+
+=item "tlsivinv" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>) <octet string>
+
+Sets the invocation field used for decryption.
+Can only be called after "tlsivfixed" is set.
+This is only used for GCM mode.
+
+=item "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>) <octet string>
+
+Triggers a multiblock TLS1 encrypt operation for a TLS1 aware cipher that
+supports sending 4 or 8 records in one go.
+The cipher performs both the MAC and encrypt stages and constructs the record
+headers itself.
+"tls1multi_enc" supplies the output buffer for the encrypt operation,
+"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply
+values to the encrypt operation.
+
+=item "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) <octet string>
+
+Supplies the data to encrypt for a TLS1 multiblock cipher operation.
+
+=item "tls1multi_maxsndfrag" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT>) <unsigned integer>
+
+Sets the maximum send fragment size for a TLS1 multiblock cipher operation.
+It must be set before using "tls1multi_maxbufsz".
+The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a B<size_t>.
+
+=item "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) <octet string>
+
+Sets the authenticated additional data used by a TLS1 multiblock cipher operation.
+The supplied data consists of 13 bytes of record data containing:
+Bytes 0-7: The sequence number of the first record
+Byte 8: The record type
+Byte 9-10: The protocol version
+Byte 11-12: Input length (Always 0)
+
+"tls1multi_interleave" must also be set for this operation.
+
+=back
+
+=head1 CONTROLS
+
+The Mappings from EVP_CIPHER_CTX_ctrl() identifiers to PARAMETERS are listed
+in the following section. See the L</PARAMETERS> section for more details.
+
+EVP_CIPHER_CTX_ctrl() can be used to send the following standard controls:
+
+=over 4
+
+=item EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
+EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
+key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>).
+
+=item EVP_CTRL_AEAD_SET_IV_FIXED
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with an L<OSSL_PARAM(3)> item with the key "tlsivfixed"
+(B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>).
+
+=item EVP_CTRL_AEAD_SET_MAC_KEY
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with an L<OSSL_PARAM(3)> item with the key "mackey"
+(B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>).
+
+=item EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
+EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
+key "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>).
+
+=item EVP_CTRL_CCM_SET_L
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with an L<OSSL_PARAM(3)> item with the key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>)
+with a value of (15 - L)
+
+=item EVP_CTRL_COPY
+
+There is no OSSL_PARAM mapping for this. Use EVP_CIPHER_CTX_copy() instead.
+
+=item EVP_CTRL_GCM_SET_IV_INV
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with an L<OSSL_PARAM(3)> item with the key "tlsivinv"
+(B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>).
+
+=item EVP_CTRL_RAND_KEY
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with an L<OSSL_PARAM(3)> item with the key "randkey"
+(B<OSSL_CIPHER_PARAM_RANDOM_KEY>).
+
+=item EVP_CTRL_SET_KEY_LENGTH
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with an L<OSSL_PARAM(3)> item with the key "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>).
+
+=item EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
+EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
+key "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>).
+
+=item EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
+EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
+key "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>).
+
+=item EVP_CTRL_SET_SPEED
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with an L<OSSL_PARAM(3)> item with the key "speed" (B<OSSL_CIPHER_PARAM_SPEED>).
+
+=item EVP_CTRL_GCM_IV_GEN
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_get_params() gets called
+with an L<OSSL_PARAM(3)> item with the key
+"tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>).
+
+=item EVP_CTRL_AEAD_TLS1_AAD
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called
+with an L<OSSL_PARAM(3)> item with the key
+"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>)
+followed by EVP_CIPHER_CTX_get_params() with a key of
+"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>).
+
+=item EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE
+
+When used with a fetched B<EVP_CIPHER>,
+EVP_CIPHER_CTX_set_params() gets called with an L<OSSL_PARAM(3)> item with the
+key OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT
+followed by EVP_CIPHER_CTX_get_params() with a key of
+"tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>).
+
+=item EVP_CTRL_TLS1_1_MULTIBLOCK_AAD
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with L<OSSL_PARAM(3)> items with the keys
+"tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) and
+"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>)
+followed by EVP_CIPHER_CTX_get_params() with keys of
+"tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) and
+"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>).
+
+=item EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT
+
+When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
+with L<OSSL_PARAM(3)> items with the keys
+"tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>),
+"tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) and
+"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>),
+followed by EVP_CIPHER_CTX_get_params() with a key of
+"tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>).
+
+=back
 
 =head1 RETURN VALUES
 
@@ -552,7 +1071,7 @@ depending on the mode specified.
 
 To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
 EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
-parameter B<out> set to B<NULL>.
+parameter I<out> set to B<NULL>.
 
 When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
 indicates whether the operation was successful. If it does not indicate success,
@@ -609,8 +1128,8 @@ few additional requirements and different I<ctrl> values.
 
 For CCM mode, the total plaintext or ciphertext length B<MUST> be passed to
 EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output
-and input parameters (B<in> and B<out>) set to B<NULL> and the length passed in
-the B<inl> parameter.
+and input parameters (I<in> and I<out>) set to B<NULL> and the length passed in
+the I<inl> parameter.
 
 The following I<ctrl>s are supported in CCM mode.
 
@@ -644,7 +1163,7 @@ altered and several additional ctrl operations are supported.
 
 To specify any additional authenticated data (AAD) and/or a Nonce, a call to
 EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made
-with the output parameter B<out> set to B<NULL>.
+with the output parameter I<out> set to B<NULL>.
 
 RFC5297 states that the Nonce is the last piece of AAD before the actual
 encrypt/decrypt takes place. The API does not differentiate the Nonce from
@@ -661,14 +1180,14 @@ The following ctrls are supported in both SIV modes.
 
 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);
 
-Writes B<taglen> bytes of the tag value to the buffer indicated by B<tag>.
+Writes I<taglen> bytes of the tag value to the buffer indicated by I<tag>.
 This call can only be made when encrypting data and B<after> all data has been
 processed (e.g. after an EVP_EncryptFinal() call). For SIV mode the taglen must
 be 16.
 
 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
 
-Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal
+Sets the expected tag to I<taglen> bytes from I<tag>. This call is only legal
 when decrypting data and must be made B<before> any data is processed (e.g.
 before any EVP_DecryptUpdate() call). For SIV mode the taglen must be 16.
 
@@ -676,7 +1195,7 @@ before any EVP_DecryptUpdate() call). For SIV mode the taglen must be 16.
 
 SIV mode makes two passes over the input data, thus, only one call to
 EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made
-with B<out> set to a non-B<NULL> value. A call to EVP_Decrypt_Final() or
+with I<out> set to a non-B<NULL> value. A call to EVP_Decrypt_Final() or
 EVP_CipherFinal() is not required, but will indicate if the update
 operation succeeded.
 
@@ -737,9 +1256,9 @@ the input data earlier on will not produce a final decrypt error.
 If padding is disabled then the decryption operation will always succeed if
 the total amount of data decrypted is a multiple of the block size.
 
-The functions EVP_EncryptInit(), EVP_EncryptInit_ex1(),
-EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex1(),
-EVP_CipherInit(), EVP_CipherInit_ex1() and EVP_CipherFinal() are obsolete
+The functions EVP_EncryptInit(), EVP_EncryptInit_ex(),
+EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex(),
+EVP_CipherInit(), EVP_CipherInit_ex() and EVP_CipherFinal() are obsolete
 but are retained for compatibility with existing code. New code should
 use EVP_EncryptInit_ex2(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex2(),
 EVP_DecryptFinal_ex(), EVP_CipherInit_ex2() and EVP_CipherFinal_ex()
diff --git a/doc/man7/EVP_CIPHER-AES.pod b/doc/man7/EVP_CIPHER-AES.pod
new file mode 100644
index 0000000000..4cd59e4aae
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-AES.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-AES - The AES EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for AES symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the FIPS provider as well as the
+default provider:
+
+=over 4
+
+=item "AES-128-CBC", "AES-192-CBC" and  "AES-256-CBC"
+
+=item "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS"
+
+=item "AES-128-CFB", "AES-192-CFB", "AES-256-CFB",
+"AES-128-CFB1", "AES-192-CFB1", "AES-256-CFB1",
+"AES-128-CFB8", "AES-192-CFB8" and "AES-256-CFB8"
+
+=item "AES-128-CTR", "AES-192-CTR" and "AES-256-CTR"
+
+=item "AES-128-ECB", "AES-192-ECB" and "AES-256-ECB"
+
+=item "AES-192-OCB", "AES-128-OCB" and "AES-256-OCB"
+
+=item "AES-128-SIV", "AES-192-SIV" and "AES-256-SIV"
+
+=item "AES-128-XTS" and "AES-256-XTS"
+
+=item "AES-128-CCM", "AES-192-CCM" and "AES-256-CCM"
+
+=item "AES-128-GCM", "AES-192-GCM" and "AES-256-GCM"
+
+=item "AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP",
+"AES-128-WRAP-PAD", "AES-192-WRAP-PAD", "AES-256-WRAP-PAD",
+"AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV",
+"AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV"
+
+=item "AES-128-CBC-HMAC-SHA1", "AES-256-CBC-HMAC-SHA1",
+"AES-128-CBC-HMAC-SHA256" and "AES-256-CBC-HMAC-SHA256"
+
+=back
+
+The following algorithms are available in the default provider, but not the
+FIPS provider:
+
+=over 4
+
+=item "AES-128-OFB", "AES-192-OFB" and "AES-256-OFB"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-ARIA.pod b/doc/man7/EVP_CIPHER-ARIA.pod
new file mode 100644
index 0000000000..0528741665
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-ARIA.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-ARIA - The ARIA EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for ARIA symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the default provider:
+
+=over 4
+
+=item "ARIA-128-CBC", "ARIA-192-CBC" and  "ARIA-256-CBC"
+
+=item "ARIA-128-CFB", "ARIA-192-CFB", "ARIA-256-CFB",
+"ARIA-128-CFB1", "ARIA-192-CFB1", "ARIA-256-CFB1",
+"ARIA-128-CFB8", "ARIA-192-CFB8" and "ARIA-256-CFB8"
+
+=item "ARIA-128-CTR", "ARIA-192-CTR" and "ARIA-256-CTR"
+
+=item "ARIA-128-ECB", "ARIA-192-ECB" and "ARIA-256-ECB"
+
+=item "AES-192-OCB", "AES-128-OCB" and "AES-256-OCB"
+
+=item "ARIA-128-OFB", "ARIA-192-OFB" and "ARIA-256-OFB"
+
+=item "ARIA-128-CCM", "ARIA-192-CCM" and "ARIA-256-CCM"
+
+=item "ARIA-128-GCM", "ARIA-192-GCM" and "ARIA-256-GCM"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-default(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-BLOWFISH.pod b/doc/man7/EVP_CIPHER-BLOWFISH.pod
new file mode 100644
index 0000000000..d79fc75539
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-BLOWFISH.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-BLOWFISH - The BLOBFISH EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for BLOWFISH symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "BF-ECB"
+
+=item "BF-CBC"
+
+=item "BF-OFB"
+
+=item "BF-CFB"
+
+=back
+
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-legacy(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-CAMELLIA.pod b/doc/man7/EVP_CIPHER-CAMELLIA.pod
new file mode 100644
index 0000000000..7b129c6407
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-CAMELLIA.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-CAMELLIA - The CAMELLIA EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for CAMELLIA symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the default provider:
+
+=over 4
+
+=item "CAMELLIA-128-CBC", "CAMELLIA-192-CBC" and  "CAMELLIA-256-CBC"
+
+=item "CAMELLIA-128-CFB", "CAMELLIA-192-CFB", "CAMELLIA-256-CFB",
+"CAMELLIA-128-CFB1", "CAMELLIA-192-CFB1", "CAMELLIA-256-CFB1",
+"CAMELLIA-128-CFB8", "CAMELLIA-192-CFB8" and "CAMELLIA-256-CFB8"
+
+=item "CAMELLIA-128-CTR", "CAMELLIA-192-CTR" and "CAMELLIA-256-CTR"
+
+=item "CAMELLIA-128-ECB", "CAMELLIA-192-ECB" and "CAMELLIA-256-ECB"
+
+=item "CAMELLIA-192-OFB", "CAMELLIA-128-OFB" and "CAMELLIA-256-OFB"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-default(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-CAST.pod b/doc/man7/EVP_CIPHER-CAST.pod
new file mode 100644
index 0000000000..e68751d643
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-CAST.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-CAST - The CAST EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for CAST symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "CAST-128-CBC", "CAST-192-CBC" and  "CAST-256-CBC"
+
+=item "CAST-128-CFB", "CAST-192-CFB", "CAST-256-CFB"
+
+=item "CAST-128-ECB", "CAST-192-ECB" and "CAST-256-ECB"
+
+=item "CAST-192-OFB", "CAST-128-OFB" and "CAST-256-OFB"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-legacy(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-CHACHA.pod b/doc/man7/EVP_CIPHER-CHACHA.pod
new file mode 100644
index 0000000000..b7d57481ac
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-CHACHA.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-CHACHA - The CHACHA EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for CHACHA symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the default provider:
+
+=over 4
+
+=item "ChaCha20"
+
+=item "ChaCha20-Poly1305"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-default(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-DES.pod b/doc/man7/EVP_CIPHER-DES.pod
new file mode 100644
index 0000000000..25603f6fc6
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-DES.pod
@@ -0,0 +1,78 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-DES - The DES EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for DES symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the FIPS provider as well as the
+default provider:
+
+=over 4
+
+=item "DES-EDE3-ECB" or "DES-EDE3"
+
+=item "DES-EDE3-CBC" or "DES3"
+
+=back
+
+The following algorithms are available in the default provider, but not the
+FIPS provider:
+
+=over 4
+
+=item "DES-EDE3-CFB8" and "DES-EDE3-CFB1"
+
+=item "DES-EDE-ECB" or "DES-EDE"
+
+=item "DES-EDE-CBC"
+
+=item "DES-EDE-OFB"
+
+=item "DES-EDE-CFB"
+
+=item "DES3-WRAP"
+
+=back
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "DES-ECB"
+
+=item "DES-CBC"
+
+=item "DES-OFB"
+
+=item "DES-CFB", "DES-CFB1" and "DES-CFB8"
+
+=item "DESX-CBC"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>,
+L<OSSL_PROVIDER-legacy(7)>,
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-IDEA.pod b/doc/man7/EVP_CIPHER-IDEA.pod
new file mode 100644
index 0000000000..29041592c7
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-IDEA.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-IDEA - The IDEA EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for IDEA symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "IDEA-ECB"
+
+=item "IDEA-CBC"
+
+=item "IDEA-OFB" or "IDEA-OFB64"
+
+=item "IDEA-CFB" or "IDEA-CFB64"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-legacy(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-RC2.pod b/doc/man7/EVP_CIPHER-RC2.pod
new file mode 100644
index 0000000000..8a69a74622
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-RC2.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-RC2 - The RC2 EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for RC2 symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "RC2-CBC", "RC2" or "RC2-128"
+
+=item "RC2-40-CBC" or "RC2-40"
+
+=item "RC2-64-CBC" or "RC2-64"
+
+=item "RC2-ECB"
+
+=item "RC2-CFB"
+
+=item "RC2-OFB"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-legacy(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-RC4.pod b/doc/man7/EVP_CIPHER-RC4.pod
new file mode 100644
index 0000000000..309b7e24a0
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-RC4.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-RC4 - The RC4 EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for RC4 symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "RC4"
+
+=item "RC4-40"
+
+=item "RC4-HMAC-MD5"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-legacy(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-RC5.pod b/doc/man7/EVP_CIPHER-RC5.pod
new file mode 100644
index 0000000000..84204834b1
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-RC5.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-RC5 - The RC5 EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for RC5 symmetric encryption using the B<EVP_CIPHER> API.
+
+Disabled by default. Use the I<enable-rc5> configuration option to enable.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "RC5-CBC" or "RC5"
+
+=item "RC5-ECB"
+
+=item "RC5-OFB"
+
+=item "RC5-CFB"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-legacy(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-SEED.pod b/doc/man7/EVP_CIPHER-SEED.pod
new file mode 100644
index 0000000000..07b28917f8
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-SEED.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-SEED - The SEED EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for SEED symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the legacy provider:
+
+=over 4
+
+=item "SEED-CBC" or "SEED"
+
+=item "SEED-ECB"
+
+=item "SEED-OFB" or "SEED-OFB128"
+
+=item "SEED-CFB" or "SEED-CFB128"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-legacy(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/EVP_CIPHER-SM4.pod b/doc/man7/EVP_CIPHER-SM4.pod
new file mode 100644
index 0000000000..36a51d18a4
--- /dev/null
+++ b/doc/man7/EVP_CIPHER-SM4.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER-SM4 - The SM4 EVP_CIPHER implementations
+
+=head1 DESCRIPTION
+
+Support for SM4 symmetric encryption using the B<EVP_CIPHER> API.
+
+=head2 Algorithm Names
+
+The following algorithms are available in the default provider:
+
+=over 4
+
+=item "SM4-CBC:SM4"
+
+=item "SM4-ECB"
+
+=item "SM4-CTR"
+
+=item "SM4-OFB" or "SM4-OFB128"
+
+=item "SM4-CFB" or "SM4-CFB128"
+
+=back
+
+=head2 Parameters
+
+This implementation supports the parameters described in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+
+=head1 SEE ALSO
+
+L<provider-cipher(7)>, L<OSSL_PROVIDER-default(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index a1b03e9b19..af423e6224 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -62,7 +62,7 @@ The OpenSSL FIPS provider supports these operations and algorithms:
 
 =item AES, see L<EVP_CIPHER-AES(7)>
 
-=item DES-EDE3 (TrippleDES), see L<EVP_CIPHER-DES(7)>
+=item DES-EDE3 (TripleDES), see L<EVP_CIPHER-DES(7)>
 
 =back
 
diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod
index 2175e27af3..88ae3fec9d 100644
--- a/doc/man7/OSSL_PROVIDER-default.pod
+++ b/doc/man7/OSSL_PROVIDER-default.pod
@@ -83,11 +83,11 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item DES, see L<EVP_CIPHER-DES(7)>
 
-=item BF, see L<EVP_CIPHER-BF(7)>
+=item BF, see L<EVP_CIPHER-BLOWFISH(7)>
 
 =item IDEA, see L<EVP_CIPHER-IDEA(7)>
 
-=item CAST5, see L<EVP_CIPHER-CAST5(7)>
+=item CAST5, see L<EVP_CIPHER-CAST(7)>
 
 =item SEED, see L<EVP_CIPHER-SEED(7)>
 
@@ -99,9 +99,9 @@ The OpenSSL default provider supports these operations and algorithms:
 
 =item RC5, see L<EVP_CIPHER-RC5(7)>
 
-=item ChaCha20, see L<EVP_CIPHER-ChaCha20(7)>
+=item ChaCha20, see L<EVP_CIPHER-CHACHA(7)>
 
-=item ChaCha20-Poly1305, see L<EVP_CIPHER-ChaCha20-Poly1305(7)>
+=item ChaCha20-Poly1305, see L<EVP_CIPHER-CHACHA(7)>
 
 =back
 
diff --git a/doc/man7/OSSL_PROVIDER-legacy.pod b/doc/man7/OSSL_PROVIDER-legacy.pod
index 0e2965d618..d2fdfe3676 100644
--- a/doc/man7/OSSL_PROVIDER-legacy.pod
+++ b/doc/man7/OSSL_PROVIDER-legacy.pod
@@ -58,24 +58,26 @@ Not all of these symmetric cipher algorithms are enabled by default.
 
 =over 4
 
-=item Blowfish
+=item Blowfish, see L<EVP_CIPHER-BLOWFISH(7)>
 
-=item CAST
+=item CAST, see L<EVP_CIPHER-CAST(7)>
 
-=item DES
+=item DES, see L<EVP_CIPHER-DES(7)>
 
 The algorithm names are: DES_ECB, DES_CBC, DES_OFB, DES_CFB, DES_CFB1, DES_CFB8
 and DESX_CBC.
 
-=item RC2
+=item IDEA, see L<EVP_CIPHER-IDEA(7)>
 
-=item RC4
+=item RC2, see L<EVP_CIPHER-RC2(7)>
 
-=item RC5
+=item RC4, see L<EVP_CIPHER-RC4(7)>
+
+=item RC5, see L<EVP_CIPHER-RC5(7)>
 
 Disabled by default. Use I<enable-rc5> config option to enable.
 
-=item SEED
+=item SEED, see L<EVP_CIPHER-SEED(7)>
 
 =back
 
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index c0ff5f9d51..52e8417e73 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -202,272 +202,9 @@ with the provider side context I<cctx> in its current state if it is
 not NULL.  Otherwise, they return the parameters associated with the
 provider side algorithm I<provctx>.
 
-Parameters currently recognised by built-in ciphers are as follows. Not all
-parameters are relevant to, or are understood by all ciphers:
-
-=over 4
-
-=item "padding" (B<OSSL_CIPHER_PARAM_PADDING>) <unsigned integer>
-
-Sets the padding mode for the associated cipher ctx.
-Setting a value of 1 will turn padding on.
-Setting a value of 0 will turn padding off.
-
-=item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer>
-
-Gets the mode for the associated cipher algorithm.
-See L<EVP_CIPHER_mode(3)> for a list of valid modes.
-
-=item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer>
-
-Gets the block size for the associated cipher algorithm.
-The block size should be 1 for stream ciphers.
-Note that the block size for a cipher may be different to the block size for
-the underlying encryption/decryption primitive.
-For example AES in CTR mode has a block size of 1 (because it operates like a
-stream cipher), even though AES has a block size of 16.
-The length of the "blocksize" parameter should not exceed that of a B<size_t>.
-
-=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
-
-Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
-
-=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer>
-
-Gets 1 if the cipher algorithm has a custom IV, otherwise it gets 0.
-Storing and initializing the IV is left entirely to the implementation, if a
-custom IV is used.
-
-=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer>
-
-Gets 1 if the cipher algorithm uses ciphertext stealing, otherwise it gets 0.
-This is currently used to indicate that the cipher is a one shot that only
-allows a single call to EVP_CipherUpdate().
-
-=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer>
-
-Gets 1 if the cipher algorithm supports interleaving of crypto blocks, otherwise
-it gets 0. The interleaving is an optimization only applicable to certain
-TLS ciphers.
-
-=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
-
-Gets the key length for the associated cipher algorithm.
-This can also be used to get or set the key length for the associated cipher
-ctx.
-The length of the "keylen" parameter should not exceed that of a B<size_t>.
-
-=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer>
-
-Gets the IV length for the associated cipher algorithm.
-The length of the "ivlen" parameter should not exceed that of a B<size_t>.
-
-=item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr>
-
-Gets the IV used to initialize the associated cipher ctx.
-
-=item "updated-iv" (B<OSSL_CIPHER_PARAM_UPDATED_IV>) <octet string OR octet ptr>
-
-Gets the updated pseudo-IV state for the associated cipher ctx, e.g.,
-the previous ciphertext block for CBC mode or the iteratively encrypted IV
-value for OFB mode.  Note that octet pointer access is deprecated and is
-provided only for backwards compatibility with historical libcrypto APIs.
-
-=item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer>
-
-Gets or sets the cipher specific "num" parameter for the associated cipher ctx.
-Built-in ciphers typically use this to track how much of the current underlying
-block has been "used" already.
-
-=item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string>
-
-Gets or sets the AEAD tag for the associated cipher ctx.
-See L<EVP_EncryptInit(3)/AEAD Interface>.
-
-=item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer>
-
-Gets the tag length to be used for an AEAD cipher for the associated cipher ctx.
-It gets a default value if it has not been set.
-The length of the "taglen" parameter should not exceed that of a B<size_t>.
-
-=item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>
-
-Sets TLSv1.2 AAD information for the associated cipher ctx.
-TLSv1.2 AAD information is always 13 bytes in length and is as defined for the
-"additional_data" field described in section 6.2.3.3 of RFC5246.
-
-=item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer>
-
-Gets the length of the tag that will be added to a TLS record for the AEAD
-tag for the associated cipher ctx.
-The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>.
-
-=item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string>
-
-Sets the fixed portion of an IV for an AEAD cipher used in a TLS record
-encryption/ decryption for the associated cipher ctx.
-TLS record encryption/decryption always occurs "in place" so that the input and
-output buffers are always the same memory location.
-AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part
-that varies with every record.
-Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records.
-TLS records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per
-record.
-For a record decryption the first bytes of the input buffer will be the explicit
-part of the IV and the final bytes of the input buffer will be the AEAD tag.
-The length of the explicit part of the IV and the tag length will depend on the
-cipher in use and will be defined in the RFC for the relevant ciphersuite.
-In order to allow for "in place" decryption the plaintext output should be
-written to the same location in the output buffer that the ciphertext payload
-was read from, i.e. immediately after the explicit IV.
-
-When encrypting a record the first bytes of the input buffer will be empty to
-allow space for the explicit IV, as will the final bytes where the tag will
-be written.
-The length of the input buffer will include the length of the explicit IV, the
-payload, and the tag bytes.
-The cipher implementation should generate the explicit IV and write it to the
-beginning of the output buffer, do "in place" encryption of the payload and
-write that to the output buffer, and finally add the tag onto the end of the
-output buffer.
-
-Whether encrypting or decrypting the value written to I<*outl> in the
-OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit
-IV length and the tag length.
-
-=item "ivlen" (B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer>
-
-Sets the IV length to be used for an AEAD cipher for the associated cipher ctx.
-The length of the "ivlen" parameter should not exceed that of a B<size_t>.
-
-=item "mackey" (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>) <octet string>
-
-Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256.
-
-=item "randkey" (B<OSSL_CIPHER_PARAM_RANDOM_KEY>) <octet string>
-
-Gets a implementation specific randomly generated key for the associated
-cipher ctx. This is currently only supported by 3DES (which sets the key to
-odd parity).
-
-=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string>
-
-Used to pass the DER encoded AlgorithmIdentifier parameter to or from
-the cipher implementation.  Functions like L<EVP_CIPHER_param_to_asn1(3)>
-and L<EVP_CIPHER_asn1_to_param(3)> use this parameter for any implementation
-that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set.
-
-=item "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>) <unsigned integer>
-
-Sets or gets the number of rounds to be used for a cipher.
-This is used by the RC5 cipher.
-
-=item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer>
-
-Gets or sets the effective keybits used for a RC2 cipher.
-The length of the "keybits" parameter should not exceed that of a B<size_t>.
-
-=item "speed" (B<OSSL_CIPHER_PARAM_SPEED>) <unsigned integer>
-
-Sets the speed option for the associated cipher ctx. This is only supported
-by AES SIV ciphers which disallow multiple operations by default.
-Setting "speed" to 1 allows another encrypt or decrypt operation to be
-performed. This is used for performance testing.
-
-=item "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>) <octet string>
-
-Gets the invocation field generated for encryption.
-Can only be called after "tlsivfixed" is set.
-This is only used for GCM mode.
-
-=item "tlsivinv" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>) <octet string>
-
-Sets the invocation field used for decryption.
-Can only be called after "tlsivfixed" is set.
-This is only used for GCM mode.
-
-=item "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>) <octet string>
-
-Triggers a multiblock tls1 encrypt operation for a tls1 aware cipher that supports
-sending 4 or 8 records in one go.
-The cipher performs both the MAC and encrypt stages and constructs the record
-headers itself.
-"tls1multi_enc" supplies the output buffer for the encrypt operation,
-"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply
-values to the encrypt operation.
-
-=item "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>) <unsigned integer>
-
-Get the total length of the record returned from the "tls1multi_enc" operation.
-
-=item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer>
-
-Sets or gets the number of records being sent in one go for a tls1 multiblock
-cipher operation (either 4 or 8 records).
-
-=item "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) <octet string>
-
-Supplies the data to encrypt for a tls1 multiblock cipher operation.
-
-=item "tls1multi_maxsndfrag" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT>) <unsigned integer>
-
-Sets the maximum send fragment size for a tls1 multiblock cipher operation.
-It must be set before using "tls1multi_maxbufsz".
-The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a B<size_t>.
-
-=item "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>) <unsigned integer>
-
-Gets the maximum record length for a tls1 multiblock cipher operation.
-The length of the "tls1multi_maxbufsz" parameter should not exceed that of a B<size_t>.
-
-=item "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) <octet string>
-
-Sets the authenticated additional data used by a tls1 multiblock cipher operation.
-The supplied data consists of 13 bytes of record data containing:
-Bytes 0-7: The sequence number of the first record
-Byte 8: The record type
-Byte 9-10: The protocol version
-Byte 11-12: Input length (Always 0)
-
-"tls1multi_interleave" must also be set for this operation.
-
-=item "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) <unsigned integer>
-
-Gets the result of running the "tls1multi_aad" operation.
-
-=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
-
-Sets the cipher text stealing mode. For all modes the output size is the same as
-the input size.
-
-Valid values for the mode are:
-
-=over 4
-
-=item "CS1"
-
-The NIST variant of cipher text stealing.
-For message lengths that are multiples of the block size it is equivalent to
-using a "AES-CBC" cipher otherwise the second last cipher text block is a
-partial block.
-
-=item "CS2"
-
-For message lengths that are multiples of the block size it is equivalent to
-using a "AES-CBC" cipher, otherwise it is the same as "CS3".
-
-=item "CS3"
-
-The Kerberos5 variant of cipher text stealing which always swaps the last
-cipher text block with the previous block (which may be a partial or full block
-depending on the input length).
-
-=back
-
-The default is "CS1".
-This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
-
-=back
+Parameters currently recognised by built-in ciphers are listed in
+L<EVP_EncryptInit(3)/PARAMETERS>.
+Not all parameters are relevant to, or are understood by all ciphers.
 
 =head1 RETURN VALUES
 
@@ -485,7 +222,8 @@ array, or NULL if none is offered.
 
 =head1 SEE ALSO
 
-L<provider(7)>
+L<provider(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>,
+L<OSSL_PROVIDER-legacy(7)>
 
 =head1 HISTORY
 
diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
index dd3346a81c..45010b90db 100644
--- a/providers/implementations/ciphers/cipher_aes_siv.c
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
@@ -185,7 +185,6 @@ static int aes_siv_get_ctx_params(void *vctx, OSSL_PARAM params[])
 static const OSSL_PARAM aes_siv_known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
-    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_SPEED, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
     OSSL_PARAM_END
 };
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 2019699cc2..f84f7a36c2 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -30,7 +30,6 @@ static const OSSL_PARAM cipher_known_gettable_params[] = {
     OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
     OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
     OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
-    { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
     OSSL_PARAM_END
 };
 const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx)
@@ -92,6 +91,7 @@ int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
 }
 
 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
+{ OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
 
 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic)

From no-reply at appveyor.com  Fri May 28 12:37:01 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 12:37:01 +0000
Subject: Build failed: openssl master.42187
Message-ID: <20210528123701.1.26AC9AE624C8FBF0@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/769f50df/attachment.html>

From no-reply at appveyor.com  Fri May 28 14:06:19 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 14:06:19 +0000
Subject: Build failed: openssl master.42188
Message-ID: <20210528140619.1.907EF62E9F28BD76@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/5c819a82/attachment.html>

From no-reply at appveyor.com  Fri May 28 15:31:59 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 15:31:59 +0000
Subject: Build failed: openssl master.42189
Message-ID: <20210528153159.1.8035D7A59962127E@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/a848a2de/attachment.html>

From no-reply at appveyor.com  Fri May 28 17:02:04 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 17:02:04 +0000
Subject: Build failed: openssl master.42190
Message-ID: <20210528170204.1.2D4AC7469582907A@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/114366ed/attachment.html>

From no-reply at appveyor.com  Fri May 28 18:28:14 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 18:28:14 +0000
Subject: Build failed: openssl master.42191
Message-ID: <20210528182814.1.08C98FEAF22C0C55@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/637f247c/attachment.html>

From shane.lontis at oracle.com  Fri May 28 21:25:26 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Fri, 28 May 2021 21:25:26 +0000
Subject: [openssl]  master update
Message-ID: <1622237126.271033.30413.nullmailer@dev.openssl.org>

The branch master has been updated
       via  189c4759ebb7eefe6c8edb0a5493dc4082f45696 (commit)
      from  b6b3694c9002faf17636a32ae2486e252b3247b4 (commit)


- Log -----------------------------------------------------------------
commit 189c4759ebb7eefe6c8edb0a5493dc4082f45696
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Fri May 28 17:18:56 2021 +1000

    Fix intermittent CI failure in evp_kdf_test for non_caching build.
    
    Fixes #15515
    
    Another case of the order that tests run in causes a failure.
    A new test was loading "legacy" into the default lib ctx. If it
    ran first then everything fails. The test now has its own lib ctx.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15516)

-----------------------------------------------------------------------

Summary of changes:
 test/evp_kdf_test.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index 1dea980f00..ed7407255a 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -19,15 +19,21 @@
 #include "internal/numbers.h"
 #include "testutil.h"
 
-static EVP_KDF_CTX *get_kdfbyname(const char *name)
+
+static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name)
 {
-    EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
+    EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
     EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
     EVP_KDF_free(kdf);
     return kctx;
 }
 
+static EVP_KDF_CTX *get_kdfbyname(const char *name)
+{
+    return get_kdfbyname_libctx(NULL, name);
+}
+
 static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
     const char *seed)
 {
@@ -346,7 +352,8 @@ static int test_kdf_pbkdf1(void)
     EVP_KDF_CTX *kctx = NULL;
     unsigned char out[25];
     unsigned int iterations = 4096;
-    OSSL_PARAM *params;
+    OSSL_LIB_CTX *libctx = NULL;
+    OSSL_PARAM *params = NULL;
     OSSL_PROVIDER *prov = NULL;
     const unsigned char expected[sizeof(out)] = {
         0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
@@ -354,8 +361,11 @@ static int test_kdf_pbkdf1(void)
         0xcc
     };
 
+    if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
+        goto err;
+
     /* PBKDF1 only available in the legacy provider */
-    prov = OSSL_PROVIDER_load(NULL, "legacy");
+    prov = OSSL_PROVIDER_load(libctx, "legacy");
     if (prov == NULL)
         return TEST_skip("PBKDF1 only available in legacy provider");
 
@@ -364,7 +374,7 @@ static int test_kdf_pbkdf1(void)
                                      &iterations);
 
     if (!TEST_ptr(params)
-        || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF1))
+        || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
         || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
         || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
@@ -375,6 +385,7 @@ err:
     EVP_KDF_CTX_free(kctx);
     OPENSSL_free(params);
     OSSL_PROVIDER_unload(prov);
+    OSSL_LIB_CTX_free(libctx);
     return ret;
 }
 
@@ -1455,6 +1466,7 @@ static int test_kdf_krb5kdf(void)
 
 int setup_tests(void)
 {
+    ADD_TEST(test_kdf_pbkdf1);
 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
     ADD_TEST(test_kdf_kbkdf_6803_128);
     ADD_TEST(test_kdf_kbkdf_6803_256);
@@ -1483,7 +1495,6 @@ int setup_tests(void)
     ADD_TEST(test_kdf_hkdf_empty_key);
     ADD_TEST(test_kdf_hkdf_1byte_key);
     ADD_TEST(test_kdf_hkdf_empty_salt);
-    ADD_TEST(test_kdf_pbkdf1);
     ADD_TEST(test_kdf_pbkdf2);
     ADD_TEST(test_kdf_pbkdf2_small_output);
     ADD_TEST(test_kdf_pbkdf2_large_output);

From no-reply at appveyor.com  Fri May 28 22:47:04 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Fri, 28 May 2021 22:47:04 +0000
Subject: Build failed: openssl master.42192
Message-ID: <20210528224704.1.2C173844F59A0F66@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210528/fcc9303b/attachment-0001.html>

From dev at ddvo.net  Sat May 29 05:48:46 2021
From: dev at ddvo.net (dev at ddvo.net)
Date: Sat, 29 May 2021 05:48:46 +0000
Subject: [openssl]  master update
Message-ID: <1622267326.107794.30282.nullmailer@dev.openssl.org>

The branch master has been updated
       via  24c07e50551f73f565295db22478464ca9adc32e (commit)
       via  a7014122ac4d7b29e349e51028994581e8a73840 (commit)
       via  f4706b165a12dd5e120efaa9a94ea47f26792362 (commit)
       via  d318fc954524e413148baa5fa1620f85fb008100 (commit)
       via  d357dd51cbea662792b0816f441718b7fb66bd49 (commit)
      from  189c4759ebb7eefe6c8edb0a5493dc4082f45696 (commit)


- Log -----------------------------------------------------------------
commit 24c07e50551f73f565295db22478464ca9adc32e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue May 25 08:43:59 2021 +0200

    BIO acpt_state(): Allow retrying addresses (e.g., using IPv6 vs. IPv4) on creating accept socket
    
    Fixes #15386
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15417)

commit a7014122ac4d7b29e349e51028994581e8a73840
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon May 24 13:02:55 2021 +0200

    BIO_s_accept.pod: Add missing documentation for BIO_{get,set}_accept_ip_family()
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15417)

commit f4706b165a12dd5e120efaa9a94ea47f26792362
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sun May 23 12:36:11 2021 +0200

    apps/ocsp: Allow -port 0
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15417)

commit d318fc954524e413148baa5fa1620f85fb008100
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 22 12:02:00 2021 +0200

    DOC: Slightly improve the documentation of BIO_lookup() and related functions
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15417)

commit d357dd51cbea662792b0816f441718b7fb66bd49
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Sat May 22 11:59:44 2021 +0200

    apps/lib/s_socket.c and 80-test_cmp_http.t: Make ACCEPT port reporting more robust
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15417)

-----------------------------------------------------------------------

Summary of changes:
 NOTES-NONSTOP.md                                   |  2 +-
 apps/lib/s_socket.c                                | 11 +++++----
 apps/ocsp.c                                        |  2 +-
 crypto/bio/b_addr.c                                |  6 ++---
 crypto/bio/bss_acpt.c                              | 12 +++++++---
 doc/man1/openssl-ocsp.pod.in                       |  1 +
 doc/man3/BIO_ADDRINFO.pod                          |  5 ++--
 doc/man3/BIO_s_accept.pod                          |  8 ++++++-
 test/recipes/80-test_cmp_http.t                    | 28 ++++++++++++----------
 test/recipes/80-test_cmp_http_data/Mock/server.cnf |  3 +--
 test/recipes/80-test_cmp_http_data/Mock/test.cnf   |  1 +
 11 files changed, 48 insertions(+), 31 deletions(-)

diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md
index 0ad09bae8d..7bf051cdd3 100644
--- a/NOTES-NONSTOP.md
+++ b/NOTES-NONSTOP.md
@@ -42,7 +42,7 @@ The TNS/E platform is build using the same set of builds specifying `nse`
 instead of `nsx` in the set above.
 
 You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
-option to `./Configure`
+option to `./Configure`.
 
 About Prefix and OpenSSLDir
 ---------------------------
diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index f543551bf1..fbe913e37a 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -195,6 +195,8 @@ int report_server_accept(BIO *out, int asock, int with_address)
 {
     int success = 0;
 
+    if (BIO_printf(out, "ACCEPT") <= 0)
+        return 0;
     if (with_address) {
         union BIO_sock_info_u info;
         char *hostname = NULL;
@@ -206,16 +208,17 @@ int report_server_accept(BIO *out, int asock, int with_address)
             && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
             && BIO_printf(out,
                           strchr(hostname, ':') == NULL
-                          ? /* IPv4 */ "ACCEPT %s:%s\n"
-                          : /* IPv6 */ "ACCEPT [%s]:%s\n",
+                          ? /* IPv4 */ " %s:%s\n"
+                          : /* IPv6 */ " [%s]:%s\n",
                           hostname, service) > 0)
             success = 1;
+        else
+            (void)BIO_printf(out, "unknown:error\n");
 
         OPENSSL_free(hostname);
         OPENSSL_free(service);
         BIO_ADDR_free(info.addr);
-    } else {
-        (void)BIO_printf(out, "ACCEPT\n");
+    } else if (BIO_printf(out, "\n") > 0) {
         success = 1;
     }
     (void)BIO_flush(out);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index cf4f629db1..7a5f84e527 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -160,7 +160,7 @@ const OPTIONS ocsp_options[] = {
     OPT_SECTION("Client"),
     {"url", OPT_URL, 's', "Responder URL"},
     {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
-    {"port", OPT_PORT, 'p', "Port to run responder on"},
+    {"port", OPT_PORT, 'N', "Port to run responder on"},
     {"path", OPT_PATH, 's', "Path to use in OCSP request"},
 #ifndef OPENSSL_NO_SOCK
     {"proxy", OPT_PROXY, 's',
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 3ea5271bd3..0efbc3cb44 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -628,8 +628,8 @@ int BIO_lookup(const char *host, const char *service,
 }
 
 /*-
- * BIO_lookup_ex - look up the node and service you want to connect to.
- * @node: the node you want to connect to.
+ * BIO_lookup_ex - look up the host and service you want to connect to.
+ * @host: the host (or node, in case family == AF_UNIX) you want to connect to.
  * @service: the service you want to connect to.
  * @lookup_type: declare intent with the result, client or server.
  * @family: the address family you want to use.  Use AF_UNSPEC for any, or
@@ -642,7 +642,7 @@ int BIO_lookup(const char *host, const char *service,
  *            with 0 for the protocol)
  * @res: Storage place for the resulting list of returned addresses
  *
- * This will do a lookup of the node and service that you want to connect to.
+ * This will do a lookup of the host and service that you want to connect to.
  * It returns a linked list of different addresses you can try to connect to.
  *
  * When no longer needed you should call BIO_ADDRINFO_free() to free the result.
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index aff92223af..834c2ffef1 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -216,18 +216,24 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c)
                 ERR_raise(ERR_LIB_BIO, BIO_R_LOOKUP_RETURNED_NOTHING);
                 goto exit_loop;
             }
-            /* We're currently not iterating, but set this as preparation
-             * for possible future development in that regard
-             */
             c->addr_iter = c->addr_first;
             c->state = ACPT_S_CREATE_SOCKET;
             break;
 
         case ACPT_S_CREATE_SOCKET:
+            ERR_set_mark();
             s = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
                            BIO_ADDRINFO_socktype(c->addr_iter),
                            BIO_ADDRINFO_protocol(c->addr_iter), 0);
             if (s == (int)INVALID_SOCKET) {
+                if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) {
+                    /*
+                     * if there are more addresses to try, do that first
+                     */
+                    ERR_pop_to_mark();
+                    break;
+                }
+                ERR_clear_last_mark();
                 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
                                "calling socket(%s, %s)",
                                 c->param_addr, c->param_serv);
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index 0116feeaae..0ef1e1a002 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -371,6 +371,7 @@ subject name.
 
 Port to listen for OCSP requests on. The port may also be specified
 using the B<url> option.
+A `0` argument indicates that any available port shall be chosen automatically.
 
 =item B<-ignore_err>
 
diff --git a/doc/man3/BIO_ADDRINFO.pod b/doc/man3/BIO_ADDRINFO.pod
index d6f452065e..a4fa808830 100644
--- a/doc/man3/BIO_ADDRINFO.pod
+++ b/doc/man3/BIO_ADDRINFO.pod
@@ -23,7 +23,7 @@ BIO_lookup
 
  int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
                    int family, int socktype, int protocol, BIO_ADDRINFO **res);
- int BIO_lookup(const char *node, const char *service,
+ int BIO_lookup(const char *host, const char *service,
                 enum BIO_lookup_type lookup_type,
                 int family, int socktype, BIO_ADDRINFO **res);
 
@@ -54,8 +54,7 @@ used. B<res> points at a pointer to hold the start of a B<BIO_ADDRINFO>
 chain.
 
 For the family B<AF_UNIX>, BIO_lookup_ex() will ignore the B<service>
-parameter and expects the B<node> parameter to hold the path to the
-socket file.
+parameter and expects the B<host> parameter to hold the path to the socket file.
 
 BIO_lookup() does the same as BIO_lookup_ex() but does not provide the ability
 to select based on the protocol (any protocol may be returned).
diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod
index f49eb532fc..4e6a915b46 100644
--- a/doc/man3/BIO_s_accept.pod
+++ b/doc/man3/BIO_s_accept.pod
@@ -73,7 +73,7 @@ connect BIOs, that is it can be a numerical port string or a
 string to lookup using getservbyname() and a string table.
 
 BIO_set_accept_port() uses the string B<port> to set the accept
-port.  "port" has the same syntax as the port specified in
+port of BIO I<b>.  "port" has the same syntax as the port specified in
 BIO_set_conn_port() for connect BIOs, that is it can be a numerical
 port string or a string to lookup using getservbyname() and a string
 table.
@@ -94,6 +94,12 @@ buffering or SSL BIO is required for each connection. The
 chain of BIOs must not be freed after this call, they will
 be automatically freed when the accept BIO is freed.
 
+BIO_get_accept_ip_family() returns the IP family accepted by the BIO I<b>,
+which may be B<BIO_FAMILY_IPV4>, B<BIO_FAMILY_IPV6>, or B<BIO_FAMILY_IPANY>.
+
+BIO_set_accept_ip_family() sets the IP family I<family> accepted by BIO I<b>.
+The default is B<BIO_FAMILY_IPANY>.
+
 BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve
 the current bind mode. If B<BIO_BIND_NORMAL> (the default) is set
 then another socket cannot be bound to the same port. If
diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index c74a5faf03..106f580636 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -187,8 +187,7 @@ indir data_dir() => sub {
             if ($server_name eq "Mock") {
                 indir "Mock" => sub {
                     $pid = start_mock_server("");
-                    skip "Cannot start or find the started CMP mock server",
-                        scalar @all_aspects unless $pid;
+                    die "Cannot start or find the started CMP mock server" unless $pid;
                 }
             }
             foreach my $aspect (@all_aspects) {
@@ -275,20 +274,23 @@ sub start_mock_server {
     my $cmd = bldtop_dir($app) . " -config server.cnf $args";
     print "Current directory is ".getcwd()."\n";
     print "Launching mock server: $cmd\n";
+    die "Invalid port: $server_port" unless $server_port =~ m/^\d+$/;
     my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd";
     print "Pid is: $pid\n";
-    # Find out the actual server port
-    while (<$server_fh>) {
-        print;
-        s/\R$//;                # Better chomp
-        next unless (/^ACCEPT\s.*:(\d+)$/);
-        $server_port = $1;
-        $server_tls = $1;
-        $kur_port = $1;
-        $pbm_port = $1;
-        last;
+    if ($server_port eq "0") {
+        # Find out the actual server port
+        while (<$server_fh>) {
+            print;
+            s/\R$//;                # Better chomp
+            next unless (/^ACCEPT/);
+            $server_port = $server_tls = $kur_port = $pbm_port = $1
+                if m/^ACCEPT\s.*?:(\d+)$/;
+            last;
+        }
     }
-    return $pid;
+    return $pid if $server_port =~ m/^(\d+)$/;
+    stop_mock_server($pid);
+    return 0;
 }
 
 sub stop_mock_server {
diff --git a/test/recipes/80-test_cmp_http_data/Mock/server.cnf b/test/recipes/80-test_cmp_http_data/Mock/server.cnf
index 24a6ebb9f6..633dc9230b 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/server.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/server.cnf
@@ -1,7 +1,6 @@
 [cmp] # mock server configuration
 
-# port 0 means that a random available port will be used
-port = 0
+port = 0 # 0 means that the server should choose a random available port
 srv_cert = server.crt
 srv_key = server.key
 srv_secret = pass:test
diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
index 8c8913b3c9..87dd575a8a 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
@@ -17,6 +17,7 @@ policies = certificatePolicies
 [Mock] # the built-in OpenSSL CMP mock server
 no_check_time = 1
 server_host = 127.0.0.1 # localhost
+# server_port = 0 means that the port is determined by the server
 server_port = 0
 server_tls = $server_port
 server_cert = server.crt

From pauli at openssl.org  Sat May 29 06:08:23 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 29 May 2021 06:08:23 +0000
Subject: [openssl]  master update
Message-ID: <1622268503.222481.30956.nullmailer@dev.openssl.org>

The branch master has been updated
       via  30691da1ba465f3cff5d865187fbf5c5244448eb (commit)
       via  1036749883ccf38ed11afe424d69708cfdca99f3 (commit)
       via  3363a2c3d60a157817dce1d6d5af20de0e415875 (commit)
       via  77112270593c4c51631e9138174f6657096399e9 (commit)
      from  24c07e50551f73f565295db22478464ca9adc32e (commit)


- Log -----------------------------------------------------------------
commit 30691da1ba465f3cff5d865187fbf5c5244448eb
Author: Amitay Isaacs <amitay at ozlabs.org>
Date:   Tue Oct 13 05:11:40 2020 -0400

    ec: Add PPC64 vector assembly version of p521 field operations
    
    Only field multiplication and squaring (but not reduction) show a
    significant improvement.  This is enabled on Power ISA >= 3.0.
    
    On a Power 9 CPU an average 10% performance improvement is seen (ECHDE:
    14%, ECDSA sign: 6%, ECDSA verify 10%), compared to existing code.
    
    On an upcoming Power 10 CPU we see an average performance improvement
    of 26% (ECHDE: 38%, ECDSA sign: 16%, ECDSA verify 25%), compared to
    existing code.
    
    Signed-off-by: Amitay Isaacs <amitay at ozlabs.org>
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15401)

commit 1036749883ccf38ed11afe424d69708cfdca99f3
Author: Martin Schwenke <martin at meltin.net>
Date:   Wed May 12 14:21:58 2021 +1000

    ec: Add run time code selection for p521 field operations
    
    This is only used if ECP_NISTP521_ASM is defined and this currently
    only occurs on PPC64.
    
    This simply chooses the C reference implementation, which will be the
    default when custom code is available for certain CPUs.
    
    Only the multiplication and squaring operations are handled, since the
    upcoming assembly code only contains those.  This scheme can be easily
    extended to handle reduction too.
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Signed-off-by: Amitay Isaacs <amitay at ozlabs.org>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15401)

commit 3363a2c3d60a157817dce1d6d5af20de0e415875
Author: Martin Schwenke <martin at meltin.net>
Date:   Wed May 12 11:47:55 2021 +1000

    ec: Rename reference p521 field operations and use them via macros
    
    This will allow clean addition of assembly versions of these operations.
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15401)

commit 77112270593c4c51631e9138174f6657096399e9
Author: Martin Schwenke <martin at meltin.net>
Date:   Wed Dec 2 19:05:44 2020 +1100

    perlasm/ppc-xlate.pl: Handle rewriting of vector registers
    
    Power has 2 numbering systems for vector registers:
    
    * VR: Vector Registers are numbered from 0 to 31
    * VSR: Vector-Scalar registers are numbers from 32 to 63
    
    These refer to the same registers.  Some instructions use VR numbering
    for their operands, while others use VSR numbering.
    
    When using Perl to provide a meaningful name for a register it makes
    sense to use the same variable for both VR and VSR instructions.  This
    makes the code more readable.
    
    However, providing a VSR number (i.e. >=32) to an instruction that
    expects a VR number will cause an assembler error.
    
    So, for instructions that require VR numbering, map VSR numbers
    (i.e. >=32) to VR numbers.  This also allows existing code that uses
    VR numbering to remain unchanged.
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15401)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/asm/ecp_nistp521-ppc64.pl | 436 ++++++++++++++++++++++++++++++++++++
 crypto/ec/build.info                |   7 +-
 crypto/ec/ecp_nistp521.c            |  55 ++++-
 crypto/perlasm/ppc-xlate.pl         |  82 ++++++-
 providers/fips-sources.checksums    | 306 ++++---------------------
 providers/fips.checksum             |   2 +-
 providers/fips.module.sources       | 219 +-----------------
 7 files changed, 618 insertions(+), 489 deletions(-)
 create mode 100755 crypto/ec/asm/ecp_nistp521-ppc64.pl

diff --git a/crypto/ec/asm/ecp_nistp521-ppc64.pl b/crypto/ec/asm/ecp_nistp521-ppc64.pl
new file mode 100755
index 0000000000..7e71e924ba
--- /dev/null
+++ b/crypto/ec/asm/ecp_nistp521-ppc64.pl
@@ -0,0 +1,436 @@
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Amitay Isaacs <amitay at ozlabs.org> and Martin Schwenke
+# <martin at meltin.net> for the OpenSSL project.
+# ====================================================================
+#
+# p521 lower-level primitives for PPC64 using vector instructions.
+#
+
+use strict;
+use warnings;
+
+my $flavour = shift;
+my $output = "";
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+if (!$output) {
+	$output = "-";
+}
+
+my ($xlate, $dir);
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my $code = "";
+
+my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
+
+my $vzero = "v32";
+
+sub startproc($)
+{
+    my ($name) = @_;
+
+    $code.=<<___;
+    .globl ${name}
+${name}:
+	.cfi_startproc
+
+___
+}
+
+sub endproc($)
+{
+    my ($name) = @_;
+
+    $code.=<<___;
+	blr
+	.cfi_endproc
+	    .size	${name},.-${name}
+
+___
+}
+
+
+sub push_vrs($$)
+{
+	my ($min, $max) = @_;
+
+	my $count = $max - $min + 1;
+
+	$code.=<<___;
+	mr		$savesp,$sp
+	stdu		$sp,-16*`$count+1`($sp)
+
+___
+	    for (my $i = $min; $i <= $max; $i++) {
+		    my $mult = $max - $i + 1;
+		    $code.=<<___;
+	stxv		$i,-16*$mult($savesp)
+___
+
+	}
+
+	$code.=<<___;
+
+___
+}
+
+sub pop_vrs($$)
+{
+	my ($min, $max) = @_;
+
+	$code.=<<___;
+	ld		$savesp,0($sp)
+___
+	for (my $i = $min; $i <= $max; $i++) {
+		my $mult = $max - $i + 1;
+		$code.=<<___;
+	lxv		$i,-16*$mult($savesp)
+___
+	}
+
+	$code.=<<___;
+	mr		$sp,$savesp
+
+___
+}
+
+sub load_vrs($$)
+{
+	my ($pointer, $reg_list) = @_;
+
+	for (my $i = 0; $i <= 8; $i++) {
+		my $offset = $i * 8;
+		$code.=<<___;
+	lxsd		$reg_list->[$i],$offset($pointer)
+___
+	}
+
+	$code.=<<___;
+
+___
+}
+
+sub store_vrs($$)
+{
+	my ($pointer, $reg_list) = @_;
+
+	for (my $i = 0; $i <= 8; $i++) {
+		my $offset = $i * 16;
+		$code.=<<___;
+	stxv		$reg_list->[$i],$offset($pointer)
+___
+	}
+
+	$code.=<<___;
+
+___
+}
+
+$code.=<<___;
+.text
+
+___
+
+{
+	# mul/square common
+	my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v44", "v54");
+	my ($zero, $one) = ("r8", "r9");
+	my @out = map("v$_",(55..63));
+
+	{
+		#
+		# p521_felem_mul
+		#
+
+		my ($in1p, $in2p) = ("r4", "r5");
+		my @in1 = map("v$_",(45..53));
+		my @in2 = map("v$_",(35..43));
+
+		startproc("p521_felem_mul");
+
+		push_vrs(52, 63);
+
+		$code.=<<___;
+	vspltisw	$vzero,0
+
+___
+
+		load_vrs($in1p, \@in1);
+		load_vrs($in2p, \@in2);
+
+		$code.=<<___;
+	vmsumudm	$out[0],$in1[0],$in2[0],$vzero
+
+	xxpermdi	$t1,$in1[0],$in1[1],0b00
+	xxpermdi	$t2,$in2[1],$in2[0],0b00
+	vmsumudm	$out[1],$t1,$t2,$vzero
+
+	xxpermdi	$t2,$in2[2],$in2[1],0b00
+	vmsumudm	$out[2],$t1,$t2,$vzero
+	vmsumudm	$out[2],$in1[2],$in2[0],$out[2]
+
+	xxpermdi	$t2,$in2[3],$in2[2],0b00
+	vmsumudm	$out[3],$t1,$t2,$vzero
+	xxpermdi	$t3,$in1[2],$in1[3],0b00
+	xxpermdi	$t4,$in2[1],$in2[0],0b00
+	vmsumudm	$out[3],$t3,$t4,$out[3]
+
+	xxpermdi	$t2,$in2[4],$in2[3],0b00
+	vmsumudm	$out[4],$t1,$t2,$vzero
+	xxpermdi	$t4,$in2[2],$in2[1],0b00
+	vmsumudm	$out[4],$t3,$t4,$out[4]
+	vmsumudm	$out[4],$in1[4],$in2[0],$out[4]
+
+	xxpermdi	$t2,$in2[5],$in2[4],0b00
+	vmsumudm	$out[5],$t1,$t2,$vzero
+	xxpermdi	$t4,$in2[3],$in2[2],0b00
+	vmsumudm	$out[5],$t3,$t4,$out[5]
+
+	xxpermdi	$t2,$in2[6],$in2[5],0b00
+	vmsumudm	$out[6],$t1,$t2,$vzero
+	xxpermdi	$t4,$in2[4],$in2[3],0b00
+	vmsumudm	$out[6],$t3,$t4,$out[6]
+
+	xxpermdi	$t2,$in2[7],$in2[6],0b00
+	vmsumudm	$out[7],$t1,$t2,$vzero
+	xxpermdi	$t4,$in2[5],$in2[4],0b00
+	vmsumudm	$out[7],$t3,$t4,$out[7]
+
+	xxpermdi	$t2,$in2[8],$in2[7],0b00
+	vmsumudm	$out[8],$t1,$t2,$vzero
+	xxpermdi	$t4,$in2[6],$in2[5],0b00
+	vmsumudm	$out[8],$t3,$t4,$out[8]
+
+	xxpermdi	$t1,$in1[4],$in1[5],0b00
+	xxpermdi	$t2,$in2[1],$in2[0],0b00
+	vmsumudm	$out[5],$t1,$t2,$out[5]
+
+	xxpermdi	$t2,$in2[2],$in2[1],0b00
+	vmsumudm	$out[6],$t1,$t2,$out[6]
+	vmsumudm	$out[6],$in1[6],$in2[0],$out[6]
+
+	xxpermdi	$t2,$in2[3],$in2[2],0b00
+	vmsumudm	$out[7],$t1,$t2,$out[7]
+	xxpermdi	$t3,$in1[6],$in1[7],0b00
+	xxpermdi	$t4,$in2[1],$in2[0],0b00
+	vmsumudm	$out[7],$t3,$t4,$out[7]
+
+	xxpermdi	$t2,$in2[4],$in2[3],0b00
+	vmsumudm	$out[8],$t1,$t2,$out[8]
+	xxpermdi	$t4,$in2[2],$in2[1],0b00
+	vmsumudm	$out[8],$t3,$t4,$out[8]
+	vmsumudm	$out[8],$in1[8],$in2[0],$out[8]
+
+	li		$zero,0
+	li		$one,1
+	mtvsrdd		$t1,$one,$zero
+___
+
+		for (my $i = 0; $i <= 8; $i++) {
+			$code.=<<___;
+	vsld		$in2[$i],$in2[$i],$t1
+___
+		}
+
+		$code.=<<___;
+
+	vmsumudm	$out[7],$in1[8],$in2[8],$out[7]
+
+	xxpermdi	$t2,$in2[8],$in2[7],0b00
+	xxpermdi	$t1,$in1[7],$in1[8],0b00
+	vmsumudm	$out[6],$t1,$t2,$out[6]
+
+	xxpermdi	$t1,$in1[6],$in1[7],0b00
+	vmsumudm	$out[5],$t1,$t2,$out[5]
+	vmsumudm	$out[5],$in1[8],$in2[6],$out[5]
+
+	xxpermdi	$t1,$in1[5],$in1[6],0b00
+	vmsumudm	$out[4],$t1,$t2,$out[4]
+	xxpermdi	$t4,$in2[6],$in2[5],0b00
+	xxpermdi	$t3,$in1[7],$in1[8],0b00
+	vmsumudm	$out[4],$t3,$t4,$out[4]
+
+	xxpermdi	$t1,$in1[4],$in1[5],0b00
+	vmsumudm	$out[3],$t1,$t2,$out[3]
+	xxpermdi	$t3,$in1[6],$in1[7],0b00
+	vmsumudm	$out[3],$t3,$t4,$out[3]
+	vmsumudm	$out[3],$in1[8],$in2[4],$out[3]
+
+	xxpermdi	$t1,$in1[3],$in1[4],0b00
+	vmsumudm	$out[2],$t1,$t2,$out[2]
+	xxpermdi	$t3,$in1[5],$in1[6],0b00
+	vmsumudm	$out[2],$t3,$t4,$out[2]
+
+	xxpermdi	$t1,$in1[2],$in1[3],0b00
+	vmsumudm	$out[1],$t1,$t2,$out[1]
+	xxpermdi	$t3,$in1[4],$in1[5],0b00
+	vmsumudm	$out[1],$t3,$t4,$out[1]
+
+	xxpermdi	$t1,$in1[1],$in1[2],0b00
+	vmsumudm	$out[0],$t1,$t2,$out[0]
+	xxpermdi	$t3,$in1[3],$in1[4],0b00
+	vmsumudm	$out[0],$t3,$t4,$out[0]
+
+	xxpermdi	$t2,$in2[4],$in2[3],0b00
+	xxpermdi	$t1,$in1[7],$in1[8],0b00
+	vmsumudm	$out[2],$t1,$t2,$out[2]
+
+	xxpermdi	$t1,$in1[6],$in1[7],0b00
+	vmsumudm	$out[1],$t1,$t2,$out[1]
+	vmsumudm	$out[1],$in1[8],$in2[2],$out[1]
+
+	xxpermdi	$t1,$in1[5],$in1[6],0b00
+	vmsumudm	$out[0],$t1,$t2,$out[0]
+	xxpermdi	$t4,$in2[2],$in2[1],0b00
+	xxpermdi	$t3,$in1[7],$in1[8],0b00
+	vmsumudm	$out[0],$t3,$t4,$out[0]
+
+___
+
+		store_vrs($outp, \@out);
+
+		pop_vrs(52, 63);
+
+		endproc("p521_felem_mul");
+	}
+
+	{
+		#
+		# p51_felem_square
+		#
+
+		my ($inp) = ("r4");
+		my @in = map("v$_",(45..53));
+		my @inx2 = map("v$_",(35..43));
+
+		startproc("p521_felem_square");
+
+		push_vrs(52, 63);
+
+		$code.=<<___;
+	vspltisw	$vzero,0
+
+___
+
+		load_vrs($inp, \@in);
+
+		$code.=<<___;
+	li		$zero,0
+	li		$one,1
+	mtvsrdd		$t1,$one,$zero
+___
+
+		for (my $i = 0; $i <= 8; $i++) {
+			$code.=<<___;
+	vsld		$inx2[$i],$in[$i],$t1
+___
+		}
+
+		$code.=<<___;
+	vmsumudm	$out[0],$in[0],$in[0],$vzero
+
+	vmsumudm	$out[1],$in[0],$inx2[1],$vzero
+
+	xxpermdi	$t1,$in[0],$in[1],0b00
+	xxpermdi	$t2,$inx2[2],$in[1],0b00
+	vmsumudm	$out[2],$t1,$t2,$vzero
+
+	xxpermdi	$t2,$inx2[3],$inx2[2],0b00
+	vmsumudm	$out[3],$t1,$t2,$vzero
+
+	xxpermdi	$t2,$inx2[4],$inx2[3],0b00
+	vmsumudm	$out[4],$t1,$t2,$vzero
+	vmsumudm	$out[4],$in[2],$in[2],$out[4]
+
+	xxpermdi	$t2,$inx2[5],$inx2[4],0b00
+	vmsumudm	$out[5],$t1,$t2,$vzero
+	vmsumudm	$out[5],$in[2],$inx2[3],$out[5]
+
+	xxpermdi	$t2,$inx2[6],$inx2[5],0b00
+	vmsumudm	$out[6],$t1,$t2,$vzero
+	xxpermdi	$t3,$in[2],$in[3],0b00
+	xxpermdi	$t4,$inx2[4],$in[3],0b00
+	vmsumudm	$out[6],$t3,$t4,$out[6]
+
+	xxpermdi	$t2,$inx2[7],$inx2[6],0b00
+	vmsumudm	$out[7],$t1,$t2,$vzero
+	xxpermdi	$t4,$inx2[5],$inx2[4],0b00
+	vmsumudm	$out[7],$t3,$t4,$out[7]
+
+	xxpermdi	$t2,$inx2[8],$inx2[7],0b00
+	vmsumudm	$out[8],$t1,$t2,$vzero
+	xxpermdi	$t4,$inx2[6],$inx2[5],0b00
+	vmsumudm	$out[8],$t3,$t4,$out[8]
+	vmsumudm	$out[8],$in[4],$in[4],$out[8]
+
+	vmsumudm	$out[1],$in[5],$inx2[5],$out[1]
+
+	vmsumudm	$out[3],$in[6],$inx2[6],$out[3]
+
+	vmsumudm	$out[5],$in[7],$inx2[7],$out[5]
+
+	vmsumudm	$out[7],$in[8],$inx2[8],$out[7]
+
+	mtvsrdd		$t1,$one,$zero
+___
+
+		for (my $i = 5; $i <= 8; $i++) {
+			$code.=<<___;
+	vsld		$inx2[$i],$inx2[$i],$t1
+___
+		}
+
+		$code.=<<___;
+
+	vmsumudm	$out[6],$in[7],$inx2[8],$out[6]
+
+	vmsumudm	$out[5],$in[6],$inx2[8],$out[5]
+
+	xxpermdi	$t2,$inx2[8],$inx2[7],0b00
+	xxpermdi	$t1,$in[5],$in[6],0b00
+	vmsumudm	$out[4],$t1,$t2,$out[4]
+
+	xxpermdi	$t1,$in[4],$in[5],0b00
+	vmsumudm	$out[3],$t1,$t2,$out[3]
+
+	xxpermdi	$t1,$in[3],$in[4],0b00
+	vmsumudm	$out[2],$t1,$t2,$out[2]
+	vmsumudm	$out[2],$in[5],$inx2[6],$out[2]
+
+	xxpermdi	$t1,$in[2],$in[3],0b00
+	vmsumudm	$out[1],$t1,$t2,$out[1]
+	vmsumudm	$out[1],$in[4],$inx2[6],$out[1]
+
+	xxpermdi	$t1,$in[1],$in[2],0b00
+	vmsumudm	$out[0],$t1,$t2,$out[0]
+	xxpermdi	$t2,$inx2[6],$inx2[5],0b00
+	xxpermdi	$t1,$in[3],$in[4],0b00
+	vmsumudm	$out[0],$t1,$t2,$out[0]
+
+___
+
+		store_vrs($outp, \@out);
+
+		pop_vrs(52, 63);
+
+		endproc("p521_felem_square");
+	}
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index dbe3a52572..f4314dd896 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -30,8 +30,9 @@ IF[{- !$disabled{asm} -}]
   $ECASM_parisc20_64=
 
   $ECASM_ppc32=
-  $ECASM_ppc64=ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s
-  $ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM
+  $ECASM_ppc64=ecp_nistz256.c ecp_nistz256-ppc64.s ecp_nistp521-ppc64.s x25519-ppc64.s
+  $ECDEF_ppc64=ECP_NISTZ256_ASM ECP_NISTP521_ASM X25519_ASM
+  INCLUDE[ecp_nistp521.o]=..
 
   $ECASM_c64xplus=
 
@@ -86,5 +87,7 @@ GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl
 INCLUDE[ecp_nistz256-armv8.o]=..
 GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl
 
+GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl
+
 GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl
 GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index c449b93a0a..338618ebca 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -401,7 +401,7 @@ static void felem_diff128(largefelem out, const largefelem in)
  * On exit:
  *   out[i] < 17 * max(in[i]) * max(in[i])
  */
-static void felem_square(largefelem out, const felem in)
+static void felem_square_ref(largefelem out, const felem in)
 {
     felem inx2, inx4;
     felem_scalar(inx2, in, 2);
@@ -485,7 +485,7 @@ static void felem_square(largefelem out, const felem in)
  * On exit:
  *   out[i] < 17 * max(in1[i]) * max(in2[i])
  */
-static void felem_mul(largefelem out, const felem in1, const felem in2)
+static void felem_mul_ref(largefelem out, const felem in1, const felem in2)
 {
     felem in2x2;
     felem_scalar(in2x2, in2, 2);
@@ -675,6 +675,57 @@ static void felem_reduce(felem out, const largefelem in)
      */
 }
 
+#if defined(ECP_NISTP521_ASM)
+void felem_square_wrapper(largefelem out, const felem in);
+void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
+
+static void (*felem_square_p)(largefelem out, const felem in) =
+    felem_square_wrapper;
+static void (*felem_mul_p)(largefelem out, const felem in1, const felem in2) =
+    felem_mul_wrapper;
+
+void p521_felem_square(largefelem out, const felem in);
+void p521_felem_mul(largefelem out, const felem in1, const felem in2);
+
+# if defined(_ARCH_PPC64)
+#  include "ppc_arch.h"
+# endif
+
+void felem_select(void)
+{
+# if defined(_ARCH_PPC64)
+    if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
+        felem_square_p = p521_felem_square;
+        felem_mul_p = p521_felem_mul;
+
+        return;
+    }
+# endif
+
+    /* Default */
+    felem_square_p = felem_square_ref;
+    felem_mul_p = felem_mul_ref;
+}
+
+void felem_square_wrapper(largefelem out, const felem in)
+{
+    felem_select();
+    felem_square_p(out, in);
+}
+
+void felem_mul_wrapper(largefelem out, const felem in1, const felem in2)
+{
+    felem_select();
+    felem_mul_p(out, in1, in2);
+}
+
+# define felem_square felem_square_p
+# define felem_mul felem_mul_p
+#else
+# define felem_square felem_square_ref
+# define felem_mul felem_mul_ref
+#endif
+
 static void felem_square_reduce(felem out, const felem in)
 {
     largefelem tmp;
diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
index 136e73e8af..14fd06dec4 100755
--- a/crypto/perlasm/ppc-xlate.pl
+++ b/crypto/perlasm/ppc-xlate.pl
@@ -135,6 +135,71 @@ my $quad = sub {
     join("\n", at ret);
 };
 
+################################################################
+# vector register number hacking
+################################################################
+
+# It is convenient to be able to set a variable like:
+#   my $foo = "v33";
+# and use this in different contexts where:
+# * a VSR (Vector-Scaler Register) number (i.e. "v33") is required
+# * a VR (Vector Register) number (i.e. "v1") is required
+# Map VSR numbering to VR number for certain vector instructions.
+
+# vs<N> -> v<N-32> if N > 32
+sub vsr2vr1 {
+    my $in = shift;
+
+    my $n = int($in);
+    if ($n >= 32) {
+	    $n -= 32;
+    }
+
+    return "$n";
+}
+# As above for first $num register args, returns list
+sub _vsr2vr {
+    my $num = shift;
+    my @rest = @_;
+    my @subst = splice(@rest, 0, $num);
+
+    @subst = map { vsr2vr1($_); } @subst;
+
+    return (@subst, @rest);
+}
+# As above but 1st arg ($f) is extracted and reinserted after
+# processing so that it can be ignored by a code generation function
+# that consumes the result
+sub vsr2vr_args {
+    my $num = shift;
+    my $f = shift;
+
+    my @out = _vsr2vr($num, @_);
+
+    return ($f, @out);
+}
+# As above but 1st arg is mnemonic, return formatted instruction
+sub vsr2vr {
+    my $mnemonic = shift;
+    my $num = shift;
+    my $f = shift;
+
+    my @out = _vsr2vr($num, @_);
+
+    "	${mnemonic}${f}	" . join(",", @out);
+}
+
+# ISA 2.03
+my $vsel	= sub { vsr2vr("vsel",		4, @_); };
+my $vsl		= sub { vsr2vr("vsl",		3, @_); };
+my $vspltisb	= sub { vsr2vr("vspltisb",	1, @_); };
+my $vspltisw	= sub { vsr2vr("vspltisw",	1, @_); };
+my $vsr		= sub { vsr2vr("vsr",		3, @_); };
+my $vsro	= sub { vsr2vr("vsro",		3, @_); };
+
+# ISA 3.0
+my $lxsd	= sub { vsr2vr("lxsd",		1, @_); };
+
 ################################################################
 # simplified mnemonics not handled by at least one assembler
 ################################################################
@@ -226,13 +291,18 @@ my $vpermdi	= sub {				# xxpermdi
 
 # PowerISA 2.07 stuff
 sub vcrypto_op {
-    my ($f, $vrt, $vra, $vrb, $op) = @_;
+    my ($f, $vrt, $vra, $vrb, $op) = vsr2vr_args(3, @_);
     "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op;
 }
 sub vfour {
     my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_;
     "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op;
 };
+sub vfour_vsr {
+    my ($f, $vrt, $vra, $vrb, $vrc, $op) = vsr2vr_args(4, @_);
+    "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op;
+};
+
 my $vcipher	= sub { vcrypto_op(@_, 1288); };
 my $vcipherlast	= sub { vcrypto_op(@_, 1289); };
 my $vncipher	= sub { vcrypto_op(@_, 1352); };
@@ -254,10 +324,10 @@ my $vsld	= sub { vcrypto_op(@_, 1476); };
 my $vsrd	= sub { vcrypto_op(@_, 1732); };
 my $vsubudm	= sub { vcrypto_op(@_, 1216); };
 my $vaddcuq	= sub { vcrypto_op(@_, 320);  };
-my $vaddeuqm	= sub { vfour(@_,60); };
-my $vaddecuq	= sub { vfour(@_,61); };
-my $vmrgew	= sub { vfour(@_,0,1932); };
-my $vmrgow	= sub { vfour(@_,0,1676); };
+my $vaddeuqm	= sub { vfour_vsr(@_,60); };
+my $vaddecuq	= sub { vfour_vsr(@_,61); };
+my $vmrgew	= sub { vfour_vsr(@_,0,1932); };
+my $vmrgow	= sub { vfour_vsr(@_,0,1676); };
 
 my $mtsle	= sub {
     my ($f, $arg) = @_;
@@ -300,7 +370,7 @@ my $addex = sub {
     my ($f, $rt, $ra, $rb, $cy) = @_;	# only cy==0 is specified in 3.0B
     "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1);
 };
-my $vmsumudm	= sub { vfour(@_,35); };
+my $vmsumudm	= sub { vfour_vsr(@_, 35); };
 
 while($line=<>) {
 
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 22d9c6ebd0..ac6bc5df84 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -1,7 +1,6 @@
 0e22ea0cf34ef3871e30df0bc302dc29352d38001d1622ddb78a27a374b6aee8  crypto/aes/aes_cbc.c
 6028cd3c2e466625cc0b8b9b6a12278e5935aec3bff1eab006c6f13a1e248260  crypto/aes/aes_core.c
 3fac41ce96acb9189eac2d5571425c3ff33a34c884ae7e275e1fd3068b5fc662  crypto/aes/aes_ecb.c
-d42d44734e2bf91335835f15ea3cf449a5af7395bc7af46c8484b3f3d3785a50  crypto/aes/aes_local.h
 a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd  crypto/aes/aes_misc.c
 6979c133f76f4623e62e6e970deae70fa025e713a72b71aead5a048d49e47f6f  crypto/aes/asm/aes-586.pl
 92be9ff608331a432e95247a8f4fb9e46897d0cb76f2b6db809b61d44287964a  crypto/aes/asm/aes-armv4.pl
@@ -22,8 +21,8 @@ c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93  crypto/aes/asm
 f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6  crypto/aes/asm/aesp8-ppc.pl
 0b0ff9898edbe069320979eadb0114cb37761416750d983520af7ae47bb0fb48  crypto/aes/asm/aest4-sparcv9.pl
 fbee40f89882019c0f03072f92fccd5cfc79bfebea2ff675909e731d0e71d622  crypto/aes/asm/aesv8-armx.pl
-d643cf9f1c5641c8b72d9d738233e246ada3d7cc663ed0185a963b1f6ca4a2c5  crypto/aes/asm/bsaes-armv7.pl
-88534cd35647eab07838cd005c04c8051236d4afca6df6f2b47e30b2a2e5c5a9  crypto/aes/asm/bsaes-x86_64.pl
+15cf92ba0ea6fb216c75bb0c134fa1e1b4159a3f9d3c571b2a8319252c4ae633  crypto/aes/asm/bsaes-armv7.pl
+0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6  crypto/aes/asm/bsaes-x86_64.pl
 1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196  crypto/aes/asm/vpaes-armv8.pl
 c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4  crypto/aes/asm/vpaes-ppc.pl
 3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3  crypto/aes/asm/vpaes-x86.pl
@@ -46,7 +45,7 @@ b27ec5181e387e812925bb26823b830f49d7a6e4971b6d11ea583f5632a1504b  crypto/bn/asm/
 13ba6625cc6c673dc6f7ef69a7bbe40487c5553b3873a996af4904de5b1cd82b  crypto/bn/asm/ppc64-mont-fixed.pl
 a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f  crypto/bn/asm/ppc64-mont.pl
 231579e532443665020d4d522d9f11713d9c5d5c814b95b434b0f65452e16de4  crypto/bn/asm/rsaz-avx2.pl
-c9bd8679a5104affd9f3f0bcda726f823a1a53cac872e4a21a6f2370489dae08  crypto/bn/asm/rsaz-avx512.pl
+8e193a1457ca30823f6172c9ec4568c1628c57c10ee12b88c7656adcc5f54491  crypto/bn/asm/rsaz-avx512.pl
 31e84dc905b13e38850071528d3abbfcaf8910bbc8b46f38d19c2b386a5f838e  crypto/bn/asm/rsaz-x86_64.pl
 30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf  crypto/bn/asm/s390x-gf2m.pl
 590388d69d7ac3a0e9af4014792f4f0fdb9552719e8fb48ebc7e5dfca2a491d4  crypto/bn/asm/s390x-mont.pl
@@ -73,21 +72,19 @@ d66453ceb0a1be02a9cd2aef0ceec5943a2b9ec42e2fe66c13d03bb669389749  crypto/bn/bn_c
 2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a  crypto/bn/bn_ctx.c
 d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16  crypto/bn/bn_dh.c
 034baac767c911705235da9507e0b9d029ec3746c5469069a110ed899cf7ddff  crypto/bn/bn_div.c
-fb4104aa82438b5dda1592a7d41e8936356734801b26f864c22264615cb4df4d  crypto/bn/bn_exp.c
+760f43a2ad60979c4afaf2ccba779357c99061c82b230e4a201e611998f4e201  crypto/bn/bn_exp.c
 4a0295e30ac91bfbfdcd3f2d0cbd5eaf4f5a44b4bba3135b137a692394a2f897  crypto/bn/bn_exp2.c
 ad162484e30b1961f8326ee1cb2c71b77ea55e8383c609d7d3ee210c01a3fbd8  crypto/bn/bn_gcd.c
 36314758440ce2ce20e22ff9b75f4689728c1c99cd51399a441c751502218074  crypto/bn/bn_gf2m.c
 a4087c6c57d38fa7db0c6f4e203a4c21af836cfb6cac10b4841ef3bbd724f67d  crypto/bn/bn_intern.c
 dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d  crypto/bn/bn_kron.c
 805da9886392dde1419c0a2e2cf202a10c21dcdca2d9b7a38ac3d47036dc0b36  crypto/bn/bn_lib.c
-51eb42088f8a79eaa351528d3c0fad0676e5ded392dc18f0d5d9c92f07370a11  crypto/bn/bn_local.h
 07247dc2ccc55f3be525baed92fd20031bbaa80fd0bc56155e80ee0da3fc943d  crypto/bn/bn_mod.c
 80fb6afcf66958883d8ea06e63645c2b3eab0b8626a39fd7ea64d1c1768867c8  crypto/bn/bn_mont.c
 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60  crypto/bn/bn_mpi.c
 02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e  crypto/bn/bn_mul.c
 0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1  crypto/bn/bn_nist.c
-2567f88812ba315eca454659a9d2eaeacc8d1753c9c19866ff00d2beed707636  crypto/bn/bn_prime.c
-c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3  crypto/bn/bn_prime.h
+bae4d0beab1757bda50d5767ad53588e87ef28081611abeeaa1ac8302d4634c0  crypto/bn/bn_prime.c
 cb27f0d2cc9d2d5f82b40378517e26fe2d9a5092f50fd26cdf648ae954190f2b  crypto/bn/bn_rand.c
 2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa  crypto/bn/bn_recp.c
 4e3d0ebda2d250887634ab491b398a71778431b3db4bc1eb329542f4bd0798cc  crypto/bn/bn_rsa_fips186_4.c
@@ -96,8 +93,7 @@ da5479cd30898cf455f2844478f2bf3993a5bfb612937a437976d7987867ee6f  crypto/bn/bn_s
 8815f85240c3af08ef421f83569c70ba68cdc7ad2ea5e6ab8079b40cdc2e1357  crypto/bn/bn_sqrt.c
 0618c7368688ca73ffac5baecac36192c428c0fda4d1d473ef65ce64a0ffb75b  crypto/bn/bn_word.c
 ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05  crypto/bn/rsaz_exp.c
-583ad3da782e26c09c0b916407252a8768208258e267506bb8f7a0530a82f747  crypto/bn/rsaz_exp.h
-135b85278d00b241eb2fc6714b3418e071618ec9dbbd2a6658a6291d71e7f393  crypto/bn/rsaz_exp_x2.c
+40ee4cd52ce429cac718acc58d12434e9386c76a647ffad3bf9a1fce51cacc77  crypto/bn/rsaz_exp_x2.c
 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea  crypto/bsearch.c
 c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
 35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c  crypto/cmac/cmac.c
@@ -107,32 +103,28 @@ b352903e60908dc7287051983e2068508715b4d9f3f46575540295010908bfa0  crypto/context
 9e0912561955172067e70ebb1913c4d9de35de612789e91f7f61180ca03b4ad8  crypto/core_namemap.c
 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3  crypto/cpuid.c
 7c5237bdc26eca21d4ccb25f13569e217103fe21574157b813c2aecd05983472  crypto/cryptlib.c
-53529f4e0575dd83b45a53e852fcec512ada53dd6979268e473885f139b8e0b9  crypto/ctype.c
+a3d146afa1d66cc3bbfdc7c106f262b679bb5aecce54e8dee732ae9b3e3333db  crypto/ctype.c
 8e61d79299003917ac409d129d291f0a63e4ed417811a8b21169b2b918355335  crypto/der_writer.c
 b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1  crypto/des/des_enc.c
-4971cdc016ee262d81e31f96c1617a33a63c0d90139e440c2ff32a368ee07bbd  crypto/des/des_local.h
 eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81  crypto/des/ecb3_enc.c
 cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69  crypto/des/fcrypt_b.c
-499513b3ad386fe694c4e04b3c8a9fd4c4e18fc44bb6c4f94d6bf2d9362a3a5a  crypto/des/ncbc_enc.c
 5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1  crypto/des/set_key.c
-8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d  crypto/des/spr.h
 25a73e1a14ffb43b39c6829aa51a22a43322fc5d9ec0fa47996ab85323fb074c  crypto/dh/dh_backend.c
 62f6652a60a8e20fc10a67cdcfd0de1c18f2ba7ad7ab4b2fb1c11b059755704c  crypto/dh/dh_check.c
 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120  crypto/dh/dh_gen.c
 ffe31cb7c0cd887d051867dfc37cce18a406c78c446f2a186d1f20247a5c914d  crypto/dh/dh_group_params.c
-c36310300c969a5096a67b5845f91b10acf1717cc2a192deaa8a2ff686796080  crypto/dh/dh_kdf.c
+26890c406b38a2a57ac1c5ccb139a9e29a9dcbf04d829975b0f8498c01685b6f  crypto/dh/dh_kdf.c
 959aef279023358d5bd4661f132ad809c7f62e4f7bea3d1f25006ff15e75e92b  crypto/dh/dh_key.c
 60c95e4ee43229d900317727df644347f41a065dd95e899d52696080bd6a988f  crypto/dh/dh_lib.c
-5f0e7b65b3ca9e13f8b874ea74e78d285cc7382d2956e52833c20f09284eb426  crypto/dh/dh_local.h
 27d0ea795bb7f571ba37b7460eee63608b9089a95337491c0980b91135563e15  crypto/dsa/dsa_backend.c
 b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7  crypto/dsa/dsa_check.c
 ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58  crypto/dsa/dsa_gen.c
 48e489ffbd49633a879554c895f57083b48cd8704b21cd6af8ed1e2417ba57ca  crypto/dsa/dsa_key.c
 c6b05c784a18e7b9f2d8dfcca8e93eb445b02c9e9eaa64087e00fb44f233962e  crypto/dsa/dsa_lib.c
-57de14ab077f573f9f1a44bd1aac25bdf06f8da802b3c1e8040e3256ecbec58c  crypto/dsa/dsa_local.h
 f79b00636aeb1dbfa67f0d6fab3835b576f59957f476467cbfb8ead2469f6514  crypto/dsa/dsa_ossl.c
 b57b648524bc7dd98f8e2737f4e87b5578c7921df59b1df4a03a34e23e977e8a  crypto/dsa/dsa_sign.c
 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1  crypto/dsa/dsa_vrf.c
+e9cd4e14e8952e66919ea41e727713db80f3f58b4812328cd8b688dff5c9d905  crypto/ec/asm/ecp_nistp521-ppc64.pl
 78ad06b88fcc8689a3a846b82f9ee01546e5734acd1bccf2494e523b71dc74d1  crypto/ec/asm/ecp_nistz256-armv4.pl
 4617351d2de4d0b2abfd358c58050cee00702d0b4c1acca09312ec870e351c7d  crypto/ec/asm/ecp_nistz256-armv8.pl
 3715ddd921425f3018741037f01455ed26a840ace08691a800708170a66cf4d2  crypto/ec/asm/ecp_nistz256-ppc64.pl
@@ -142,21 +134,13 @@ ac327475c7ec828d11aa05628b4e3b81ec3b1400f30fe7bec01daf3cf71f2dc9  crypto/ec/asm/
 cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368  crypto/ec/asm/x25519-ppc64.pl
 ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732  crypto/ec/asm/x25519-x86_64.pl
 a33b6a29af8d9fcde009c17d0c2172a1212b111d7ad57def9ef23ab9c462072d  crypto/ec/curve25519.c
-2ab01341b36aecfd639d78609069229e51d3ebb1c678e8e9871b351d494bab8c  crypto/ec/curve448/arch_32/f_impl32.c
-063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1  crypto/ec/curve448/arch_64/arch_intrinsics.h
-43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4  crypto/ec/curve448/arch_64/f_impl.h
-f9ff1d9c68fee883fbb42978302d51404c2b5874cf3ba06b3e95cadd4b3e6bf5  crypto/ec/curve448/arch_64/f_impl64.c
+9a95ec8366154bb20aeb24f4767a8cbb9953ca0380708eb2f39caca6078cd59e  crypto/ec/curve448/arch_32/f_impl32.c
+1689097ae10e4982a8cbe50c2f6eddb03c83436f331f0b67edb98d6b58adc962  crypto/ec/curve448/arch_64/f_impl64.c
 eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51  crypto/ec/curve448/curve448.c
-3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780  crypto/ec/curve448/curve448_local.h
 178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306  crypto/ec/curve448/curve448_tables.c
-c21cda9f8a98cc70cab9031073e76baee9b2c1ec736c45d7e36ef3a7d6c15ab9  crypto/ec/curve448/curve448utils.h
-4a45e7828831fbe9f282f933cda54b12cd393ec9bffe5c0ace8e4d1c4d5d6358  crypto/ec/curve448/ed448.h
 a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f  crypto/ec/curve448/eddsa.c
-d4969259e4fa5b71d8abbf5e736e658bd1daad6e46d272a9b88e190e2de96b61  crypto/ec/curve448/f_generic.c
-f6447921a0031fa5beddedd298e82096fb3fdb189b712fab328b61f6beae0c23  crypto/ec/curve448/field.h
-2ad8331e893b5db33198e27603891587686c0dfdab29706dc52a7097c5d6f219  crypto/ec/curve448/point_448.h
+b20892e0c2d947cc7541fb7e5d082acbbaca8d6d36b1e11e73816268a62366d1  crypto/ec/curve448/f_generic.c
 7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93  crypto/ec/curve448/scalar.c
-3052a044afae2e91b677542fc8b34b3ec9d033e0c6562b0d43098cfb34ab3c9d  crypto/ec/curve448/word.h
 ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d  crypto/ec/ec2_oct.c
 7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
@@ -167,7 +151,6 @@ ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d  crypto/ec/ec2_
 5485a66d4251bc2f044e4d91f6a6b5068957c3b685237bf96a4b45e9c737420c  crypto/ec/ec_key.c
 7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68  crypto/ec/ec_kmeth.c
 90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908  crypto/ec/ec_lib.c
-2d7af485efcfd7b40abb56ab2ff34289504e28d9673655b8b8745bff19426bca  crypto/ec/ec_local.h
 58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0  crypto/ec/ec_mult.c
 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166  crypto/ec/ec_oct.c
 4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73  crypto/ec/ecdh_kdf.c
@@ -181,32 +164,30 @@ f679269eec6f67ab7f859eca39cad7cc5ff2ba70e2f884eed9eadc9057c01272  crypto/ec/ecp_
 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a  crypto/ec/ecp_oct.c
 fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_smpl.c
 4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d  crypto/ec/ecx_backend.c
-5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3  crypto/ec/ecx_backend.h
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
-7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128  crypto/evp/asymcipher.c
+41014dc59651443d3b6f739573b478a9a613b2d6269b81ef5cfc338e9fee94af  crypto/evp/asymcipher.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
-3c8e633beeb9b79cac2f068de248b7f1ad55910d2e2ff10b2b3694daae552436  crypto/evp/digest.c
+768924252efe3b19a1f1bd56261ac49fce08b30ba9f6b1710e97a37cdaa67742  crypto/evp/digest.c
 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b  crypto/evp/ec_support.c
-c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0  crypto/evp/evp_enc.c
-7c654083c116f3e47d6fc7902bc0332643c4662cf2222d66ea66c90ca313de2f  crypto/evp/evp_fetch.c
-1a168c88f1ee61d0f0c94ea72e220f913526a09fc09b8ba1706eb126e948699c  crypto/evp/evp_lib.c
-69ecc84021430ac9568bb5f1e1ed12abcf6a1252a55b306ff21ffbfb1d3fd259  crypto/evp/evp_local.h
-af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291  crypto/evp/evp_rand.c
-c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329  crypto/evp/evp_utils.c
-896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a  crypto/evp/exchange.c
-58d0d29f105ef3cd38b790644b608f58e08289c4c52597769144be96c3e9cd26  crypto/evp/kdf_lib.c
-3fdce072607e5060d91fd1ba3d70ae75a13590051072b6010be0ab62b00ddd6f  crypto/evp/kdf_meth.c
-9627b89aa6a27fa96116964cbbe377ae283c46445887e4e8c2a5183aeb102789  crypto/evp/kem.c
+76a5d55109aff98a84dd4fce08877df3921424941705e87246e11fb6b8137bdc  crypto/evp/evp_enc.c
+1c6a5add46f82e4b2a0cce63c4abe7e82aedfdd9873214a3b6a71ca0d4cc8010  crypto/evp/evp_fetch.c
+61b1c3cfec1cf80a610fa6e6e2a075940826f05c3705dd3dd2c0320f8f635a64  crypto/evp/evp_lib.c
+23199e292db90651d676fb1864fe1158f48837375740731317e63ea86a1805ce  crypto/evp/evp_rand.c
+2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c  crypto/evp/evp_utils.c
+e07aca9748ad7d2672e910a09dba4d4c075a3afc96f5237574cca2c928b94344  crypto/evp/exchange.c
+bb4035836aa754b33ac44bc76aced8b2a1538589347bcda68b878c33d83cac44  crypto/evp/kdf_lib.c
+9c414ac10c663ad87d3f1cc3c8fa05bb4d2e83bc2214ffebc1076a19e01cdaf5  crypto/evp/kdf_meth.c
+cecde87d723eb861e1860ed8d15fe4ef4e472066bd5277bf86baf8c14a8c4712  crypto/evp/kem.c
 2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670  crypto/evp/keymgmt_lib.c
 56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535  crypto/evp/keymgmt_meth.c
-44d3d560bcd7cd26b442290353723efee587926f4f6af7e23ff8e8f095f92139  crypto/evp/m_sigver.c
-ec959b00487bfc51f4cf33c21a60fd8a73087a622504f459ba4cfe48bb0a738c  crypto/evp/mac_lib.c
-5f4b933a479d7cd589c47388aebfd8d6ffa3943ec2883049fc929e6ca37e26b5  crypto/evp/mac_meth.c
+39bce1fb6dab7892da1665276ce45645ded5f0206e29c2ce209d51a2b9f4a54d  crypto/evp/m_sigver.c
+53fe7938db485d2ab4b9ded0c72fa9a0a61d8a4492b12f1485ca6fe7f02e71c9  crypto/evp/mac_lib.c
+8236b55dca4a5f9bc1a6874acb9a35bdec3ab17dced03240d9bd47e0328cd2dc  crypto/evp/mac_meth.c
 abfcd63f0e715519ac9aa40407c391cecdb68ea4c72d44e8dc042249752336f7  crypto/evp/p_lib.c
 b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pmeth_check.c
 3c2ef0c56a0eefacc28aa7014cafcdf4a7f62704455fcda96d64b24f8c75057b  crypto/evp/pmeth_gn.c
-b360a72944bcb8f8ae8bd28d9b8a4a6aa4f39d1402295f84af243d14c3f1898c  crypto/evp/pmeth_lib.c
-bd7fe70cfe85095ba6b1baf463112d6a6163a6fcb232bab27e4fbae4b1d1679b  crypto/evp/signature.c
+6912c7212ccadb3fa2f8f6bb244feecd336b4ce3a0f5c7e8a76e5b0e8e7361ae  crypto/evp/pmeth_lib.c
+50f2250160aecff67bad16dec0fca507c385874a8afd5c483833e195b7386a4c  crypto/evp/signature.c
 b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac  crypto/ex_data.c
 00ca3b72cd56308aabb2826b6a400c675526afa7efca052d39c74b2ac6d137d8  crypto/ffc/ffc_backend.c
 ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc_dh.c
@@ -216,10 +197,8 @@ ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc
 4c614d354252e2cfdfa2fcb7d2abba0456fcdee3e5ffdcf4d7cec1d6c8c9d1d8  crypto/ffc/ffc_params_generate.c
 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
 31b822540566ab2a51b50dae884f4b3d5ef1403c7c50fce4e1cc76b2885726a5  crypto/hmac/hmac.c
-0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f  crypto/hmac/hmac_local.h
-271083f71a1ce24988a0932f73c0221260591823afd495bf2ae8d11e8469b659  crypto/initthread.c
+f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
-2a3ab2dd023df8bcd507e3ebfa5495e9ab51a109f6f568aff813011a0feab5f2  crypto/lhash/lhash_local.h
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d  crypto/modes/asm/aes-gcm-armv8_64.pl
 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0  crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -252,21 +231,17 @@ d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3  crypto/property/defn_cache.c
 e7ee9ae467238875a413c44552af3937942b4e61a8aa3af6bee81a456d9daad1  crypto/property/property.c
-d2ea0144cf661fe3369b2f1cae22409e2155313eaeed8eb8497aa2ab7a88e1ac  crypto/property/property_local.h
 6e7f3a8d15edb506dead2bba7c1ec6d1dbbe0c28846cce799c9273996b6cbfd5  crypto/property/property_parse.c
 9d5fad386cfb0b6ace3005c7def05edff3017436a4e7dc367a16c53acbbf0ff6  crypto/property/property_string.c
-e09600d89d160b02bcc3ccdc2943ce08848266ab533341de81d72be5b0fc3689  crypto/provider_core.c
-77068908daa856823e606702f938e033fb9d8941ee960fa47fba8985af18a514  crypto/provider_local.h
+751716fab7b474789b1cd3b99c7ac0b8fd4d9c80545f2213a34951ee00535160  crypto/provider_core.c
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
 14341361b4308fe1528b11a9f88edff037b10b51e9e7aa29b70b43a4e3be3d59  crypto/rand/rand_lib.c
-d86ad8b6885b557f60d7c1710b2d13ecc987fae26c38d487fd3cdd3a5a59c293  crypto/rand/rand_local.h
 f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde  crypto/rand/rand_meth.c
 a6841319cb6e9970a3c3f8adb619086310e4b56d1f52448ef2e2caaeface4146  crypto/rsa/rsa_backend.c
 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e  crypto/rsa/rsa_chk.c
 e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce  crypto/rsa/rsa_crpt.c
-f8d4b3f44e556eae4d1ec75c5cfd8442e8a509aafdd9fc2c8aea266a5391afba  crypto/rsa/rsa_gen.c
-bb2dc750739c26e0458f50544efc3c11a4e66b3f9d3002fa4a9515881b88781d  crypto/rsa/rsa_lib.c
-a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b  crypto/rsa/rsa_local.h
+5be5237213217d4a6bbd33b02abfbab4879bc7aa0a02a10dd1a3fbf7605915e9  crypto/rsa/rsa_gen.c
+ad396e62d26b756bc75b0b641b5ed9be7c66f1f3ead824848f840aa0ae30046d  crypto/rsa/rsa_lib.c
 cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00  crypto/rsa/rsa_mp_names.c
 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5  crypto/rsa/rsa_none.c
 b27d572bde071d09ca58b31bab6a2635552d4464d44aa99cbc73b56fdc3f4399  crypto/rsa/rsa_oaep.c
@@ -276,7 +251,7 @@ b27d572bde071d09ca58b31bab6a2635552d4464d44aa99cbc73b56fdc3f4399  crypto/rsa/rsa
 bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170  crypto/rsa/rsa_schemes.c
 de9161eecc7e99baa834d6f6e2baf96e291dd3da3586ddda396da77fcc3a94de  crypto/rsa/rsa_sign.c
 e8eb16af2cbfaf23731b96073750562938f168989d1460b7f522628d87e8e8a0  crypto/rsa/rsa_sp800_56b_check.c
-3b587f44bfa6315e0c21dab54be522aac1346f489f3b388105eb5b7f5e7a3ef6  crypto/rsa/rsa_sp800_56b_gen.c
+6b40bc75e86ceb91a0dec23479b5ea00e8dfddcab74a1c824020b8b5479a08aa  crypto/rsa/rsa_sp800_56b_gen.c
 1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc  crypto/rsa/rsa_x931.c
 5fa59240ca885cbc0c1cd026934b226d44fc9c3fdf0c2e7e3a7bd7f4963ca2e5  crypto/self_test_core.c
 05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31  crypto/sha/asm/keccak1600-armv4.pl
@@ -326,7 +301,6 @@ f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699  crypto/sha/asm
 4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b  crypto/sha/sha256.c
 01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07  crypto/sha/sha3.c
 65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96  crypto/sha/sha512.c
-6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea  crypto/sha/sha_local.h
 86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7  crypto/sparse_array.c
 32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df  crypto/stack/stack.c
 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8  crypto/threads_lib.c
@@ -334,226 +308,50 @@ a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c  crypto/threads
 5f5737f17902bf5b2ad0ebe22fec2831e4dbb61df1632d27c6360dccf330335b  crypto/threads_pthread.c
 60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a  crypto/threads_win.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
-26aaa5cc181b4cfb9d1930b8a2def0aa5f772fc49b5890b747df9dbbf7a7b958  e_os.h
-377ede25d45496d81843396b4cc51db2ec3c67ff3ce2395a382042596bfea9e6  include/crypto/aes_platform.h
-0282be3a62884ecb54c3beba9b9c47a2d5689a34ace50dbd4a2ecf7755b93d06  include/crypto/asn1.h
-8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee  include/crypto/asn1_dsa.h
-8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d  include/crypto/bn.h
-1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df  include/crypto/bn_conf.h.in
-7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6  include/crypto/bn_dh.h
-f33a097a5d98bfd8df6694f5b2a7e58284caf0c91fc3231a9f2d0f68e1682d39  include/crypto/cryptlib.h
-5ee1ea30382bef9869f29b6610665ca304f3b9cf3653746a2d02c64b1a24f103  include/crypto/ctype.h
-3036fb7a2e1f32e3e53e2bd1cf24acbf18705d75f9ce9de6d2945a6e7c3fb4e0  include/crypto/des_platform.h
-c7bef6ee3e29950650275470be540d182e1c6b9ccb30b45d97b3ad2911d14fca  include/crypto/dh.h
-c6d99cc3f9ce38c44220576835e18fbce854769c06bb4a8eaa47167e67e7b244  include/crypto/dsa.h
-103c6aa07939d6d62a878d074d5593b0268ece7bb5ff9236d0df455f9abec3a4  include/crypto/ec.h
-33a436599b6ac6b30fce96f312054a2453b582c5a897b6d66cfcf0d83955c3fd  include/crypto/ecx.h
-32fa498a3d3ae0eb7e83326d72939ededaa78f33cbf1320f32b2215ca1f69961  include/crypto/evp.h
-bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6  include/crypto/lhash.h
-41b5fe04624e4b6ba2b12caddbf2d1ff1728b0826073eda68e709e8a90189ced  include/crypto/md32_common.h
-d680560931ced45a5d215b3fc43d1cbaf2f3316f51bc24800182962ca34ca61f  include/crypto/modes.h
-763ec96091c828c16278873eb32665bfc70624dbd3809cb8043d19dc16e84d22  include/crypto/rand.h
-a79916de6fe7e06d15be4e10e9f3b2cce33236d3c99ee88dff74d47119dba8ba  include/crypto/rand_pool.h
-ff3313bfb4c6d5a41c2d229ca3f3b096c28cde9863904e6cf69468ce83d18807  include/crypto/rsa.h
-32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401  include/crypto/security_bits.h
-0f743762f646656b5480648c05632575fe8acc7506460c63e0fcdf42cf20c08a  include/crypto/sha.h
-af37cd4120756cbe24a206a3fa98de11c4da8464aae541ecd2b6de2f402a0094  include/crypto/sm2.h
-7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad  include/crypto/sparse_array.h
-5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37  include/crypto/types.h
-fc41057613482f5698e5fedca482512999e1e8d7b20d35e285e5ad14d72c8ace  include/crypto/x509.h
-a1778b610a244f49317a09e1e6c78b5fb68bc6d003ffdea0f6eefe5733ee5b5f  include/internal/bio.h
-92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131  include/internal/constant_time.h
-1a8e8ab7245d82fdb14c5f4a654634616e0b07b4137f60a7e3e3aef15a6247f7  include/internal/core.h
-f6ad40990f40445f5e098956ee42141eb098649aaf99b54922990f8bb747054e  include/internal/cryptlib.h
-9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63  include/internal/deprecated.h
-8a2371f964cbb7fc3916583d2a4cee5c56f98595dfa30bd60c71637811a6d9da  include/internal/der.h
-fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b  include/internal/dso.h
-a831a5d136a3d00f13e174af556c5b00ccbec6d88736a63abfaa8f034f1436de  include/internal/dsoerr.h
-70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef  include/internal/endian.h
-4a012af32c3cb5e2163d706ce9cc37b09d854cb96dbf90cf9cd4de085fb5912f  include/internal/ffc.h
-100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99  include/internal/namemap.h
-b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d  include/internal/nelem.h
-5df7377027b7c0640417441dea147eb0d95a0bd6b7a1a7e7f2a49cf4107faf87  include/internal/numbers.h
-ea1bec4f1fff37aef8d4a62745bb451baa3e3ad20ba1bc68920a24f5cbb2f0a7  include/internal/packet.h
-dd7ddecf30bef3002313e6b776ce34d660931e783b2f6edacf64c7c6e729e688  include/internal/param_build_set.h
-794504486afe80618bab452c5caa3837ccc4dc771c4934837f1a420d81d87547  include/internal/passphrase.h
-6d08ed9c307c5d85dce8baf7ee3fc358bfc53b9026760884b2d7e4a051c5a2bd  include/internal/property.h
-7479f972d1050d7f5ea0e7942175000a4b5cd89bbdcea2251907a7de6e17bb0f  include/internal/propertyerr.h
-f214a3d1ebe1109b739f0846e26ba2cd644759e8546a218b202886450018d34e  include/internal/provider.h
-754547e8937b46ead3d6188e20faf45ba4855eb345fb40339f11c2f587bfd22a  include/internal/refcount.h
-47e315163f1d2fb0ddc4e6c450deafd338bcbee66753a715c54ff2dd0cfacb11  include/internal/sha3.h
-494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1  include/internal/sizes.h
-79cd03ebe2ba199178350ceed0aed54b6714d68a16c381631fec819ef25079fa  include/internal/symhacks.h
-640cc6a2aae208073a7f495c08b4c5006a69e8ac1c2d9aaaafd56b0e74d5f859  include/internal/thread_once.h
-415b725d7f949a6191ab7bb30b48931bafc01c7aa93607e529fabbc853a4ddc5  include/internal/tlsgroups.h
-b24938409313384024524cbde837690d83119bcb70fb289b38cb7efa8e082852  include/internal/tsan_assist.h
-2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73  include/openssl/aes.h
-444e0754b9e9e8f272f43eb8356eac687dacb4eb615c3c27504542a5e251b75d  include/openssl/asn1.h.in
-d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429  include/openssl/asn1err.h
-f9f6b49f94e33171cb086774e307500f4a6d13a35af858b8da8fbed85815a045  include/openssl/asn1t.h.in
-cf4be859dba94326ba7d9e305fd7e7275bd11e534118c7b140a3a1c8dac01b76  include/openssl/async.h
-8ed44307406db3a25abebe94b792175f99ceb04ede8fdc5c84446c9622729a0a  include/openssl/asyncerr.h
-91ff638d1fb43cd9717ef6940668ee6b3ed98d22c8f09cd8216238e2244bc570  include/openssl/bio.h.in
-0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0  include/openssl/bioerr.h
-f39fc6139aad9be8d21347f5097fec42d7875375b119ebf1cb89bd8292804869  include/openssl/bn.h
-ea344bb0b690d4e47c99e83f6692b970c9b54a4520296bb2d3ddbcbdf0d51653  include/openssl/bnerr.h
-83b4510a377fcdaa2fff7ee09a37faebd7ea8e86885bc3704273c6144f0bdbb2  include/openssl/buffer.h
-9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac  include/openssl/buffererr.h
-8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5  include/openssl/cmac.h
-1eae6c12c4298d236b1ccefe3ebc28093fd8157214be16f8d34234b376002800  include/openssl/comp.h
-2c7c73adb2fa1da9d453d3776ce83f74e7fc354e268a92cb973abddfe14b7db5  include/openssl/comperr.h
-13a2107bcc030aa78356505dc4b0a18e3b567e7ac882a1dd381d7a038f30c1fa  include/openssl/conf.h.in
-f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3  include/openssl/conferr.h
-02a1baff7b71a298419c6c5dcb43eaa9cc13e9beeb88c03fb14854b4e84e8862  include/openssl/configuration.h.in
-84cd7cd3842c7e70d601acdb6a4a41de3c9fcce552add92425ab33a239d23c97  include/openssl/core.h
-b0bee179f08f605a22ad7c62ec96dae59c3dcabd9f357c64eb8a7f56164b97c6  include/openssl/core_dispatch.h
-c272a96db5e5487904e2405ee5886ea5e2a4d46c3f966a4df4ea1069ef530d37  include/openssl/core_names.h
-d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49  include/openssl/crypto.h.in
-06e9f521a6e98e104cdf37260ce967d928e25d424e0013f1feb3ff4da18eaec0  include/openssl/cryptoerr.h
-bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6  include/openssl/cryptoerr_legacy.h
-24f276f5e1292fededcc70b02c002cf5ea3e747d403582f30d2e085e65a9813e  include/openssl/ct.h.in
-b0f19457b19e0341d13c33863695723272ec6534c708914b4ec75891589565fc  include/openssl/cterr.h
-fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d  include/openssl/des.h
-3a57eceec58ab781d79cb0458c2251a233f45ba0ef8f414d148c55ac2dff1bc8  include/openssl/dh.h
-836130f5a32bbdce51b97b34758ed1b03a9d06065c187418eaf323dca6adfc6d  include/openssl/dherr.h
-92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6  include/openssl/dsa.h
-335eb40a33cd1e95e7783bda2d031ec2bcf02cff8aa804ba3484d1354452b7ea  include/openssl/dsaerr.h
-e067fc6ddda9827d7c4f0675acd0cad2dc427d7d3559749cff3086fcaa34d959  include/openssl/dtls1.h
-fca40ea61d8939485e9ca2b5f433195dd93e7112fa40c7c101b43fa1425c5d70  include/openssl/e_os2.h
-bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9  include/openssl/ebcdic.h
-8e301f2f8cfacda5d7de4f53e5592b523454cb93ba3c8029b628a6abf0ddb833  include/openssl/ec.h
-2a6cd2da2740c589bafaf7bb8533d890cefef98d6a6548e4aef90ac3bbd608d2  include/openssl/ecerr.h
-f2ba09838c280c874db66c5e3b040a684518ad94b671b2e8e6eab11860fe0c47  include/openssl/encoder.h
-69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc  include/openssl/encodererr.h
-f4a13ac910add061f69dfcd33fa71ad192db82ae7fc4238952cf6f50047cfdf0  include/openssl/engine.h
-fb510978001ebea15eee4c4c6cbeebb126a66e11117e6f6d9b9fb4be5057b92c  include/openssl/engineerr.h
-bfc224df9ef6ea16d0112dd8b1b1d9a09b8484a5a26f3f0c85041d7d5e83cf3b  include/openssl/err.h.in
-e650ad0eb7c29dc754f92115a2bea65b38d17a03ed0b67dcc603635da34539d5  include/openssl/evp.h
-5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a  include/openssl/evperr.h
-5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820  include/openssl/fips_names.h
-b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783  include/openssl/fipskey.h.in
-47a088c98ad536ea99f2c6a9333e372507cb61b9bdffb930c586ed52f8f261eb  include/openssl/hmac.h
-0658a7b34390faae0d2a8dbd1fa07453c91f54847d9cd5d705760be72e18b37f  include/openssl/http.h
-5a8fc8d457adc81a2db6ba070185fc61217f07cb6bd737efa52c09ac55448b71  include/openssl/kdf.h
-c6db6926e90c9efd530a7bdb018be8c62f2c2b3c2f7b90228e9f73b8437dd785  include/openssl/lhash.h.in
-fd5c049ac6c3498750fa8f8dcbf88b2a31c02fa62dfe43a33d7b490fb86f61c8  include/openssl/macros.h
-4ec92db58402e93d967bf7f69616e7d9b169aa337bfeb266b5f748ca6c9fb639  include/openssl/md4.h
-6e73e6ead21c841f2af694a4363680afb58b20fc51dd457964c2040b4d8b8816  include/openssl/md5.h
-bb1f2272e984100231add6a62a9a01126eecb447a2293b103b4a7f6bcd714789  include/openssl/mdc2.h
-9184207c562fd1fa7bd3a4f1fadcb984130561279818f0cdfcf3e9c55be8a7d1  include/openssl/modes.h
-7c71200e35f4cc1b4011a4bc14e521e4dc037b9b2d640a74bc30ef334b813de3  include/openssl/obj_mac.h
-157797b450215f973eb10be96a04e58048ab9c131ad29427e80d0e37e230ed98  include/openssl/objects.h
-d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad  include/openssl/objectserr.h
-b2bc74cbd9a589ea770409d3916117aead67a3bab166e419640822ee73bfc0a8  include/openssl/ocsp.h.in
-d77660e0b2d89c4a2359a81c4a04066719420eb4295d8acf679501cd13bf0b1d  include/openssl/ocsperr.h
-fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970  include/openssl/opensslconf.h
-1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0  include/openssl/opensslv.h.in
-767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20  include/openssl/param_build.h
-30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984  include/openssl/params.h
-c05703cea3bd3a447f600dafca7c7fac1d4f4202750ad366aa070ff2b8025828  include/openssl/pem.h
-fb453de1abc5ec8410586593921a66757441ecbfc4273349ddc6257c503a2000  include/openssl/pemerr.h
-749149c1958284291da5bf144eeeca0d3d8618f3eb2395b75e91ef84e569a543  include/openssl/pkcs7.h.in
-8394828da6fd7a794777320c955d27069bfef694356c25c62b7a9eb47cd55832  include/openssl/pkcs7err.h
-90fb37a1a564b989afca658dae8c78b0ba72ac1f4d1ffc0c52eb93e74e144603  include/openssl/proverr.h
-183c205ca22a1fa1f8754db71703098d8457a18888d94a55282c4e426605246c  include/openssl/provider.h
-39f158bae31d336bfb36dba8e1f0627a29f20de3995b157bb816a3bb3cfd0803  include/openssl/rand.h
-e3545298f0cdf598a3419416ce20acd0119c0e88557a13d52c5b1a0117ee643e  include/openssl/randerr.h
-44246a82a6515c932a6ba834fbab8ee2a82b91db977367e8de07a8f529d2f045  include/openssl/ripemd.h
-c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323  include/openssl/rsa.h
-de7e0326d37b1a5aa8b526ffe20d1f2dd76bde76cec102869938539acac20b59  include/openssl/rsaerr.h
-6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2  include/openssl/safestack.h.in
-8578f881906486eb4d5c8f1631a469d3fc6b350e1ff8dc103db40391234ceb47  include/openssl/self_test.h
-d8da6697ce0f23b40c9a557940f030008bf1a53eff2739974f7bdb6b12b93b44  include/openssl/sha.h
-1d0b2696819d7eda4210fcf6f16f30540f536c5433b4ef48e68fb54e95d03d1b  include/openssl/srtp.h
-a59992f46c7b98e3c9738c7f00648d8e3b84b4a19e09cf87709042c0b9798108  include/openssl/ssl.h.in
-9c6d59db5867965f0fc281836f55c4cfb300e43b81c0a1d10ae57184b82e00ba  include/openssl/ssl2.h
-a7593d089430355601f02df740f407ea26e25a643815cb3ded336f9ee3ab6e44  include/openssl/ssl3.h
-28586b305c6b96889daedaf0e7ddb946c42089a0fdb57ee4e5e9b2382629473a  include/openssl/sslerr.h
-cd7bbe3d9bdaea20969cf9a388570ade19201f48f44b4bb860499d49590f9bfb  include/openssl/sslerr_legacy.h
-c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70  include/openssl/stack.h
-22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6  include/openssl/symhacks.h
-b220280d27e4f30ea9605902b316d20953d1d4931c3d199321b9f46d9366d60d  include/openssl/tls1.h
-ae698984da38dfde4c9e09f6565a711b6e426a1a536217ea1a81bc3f42e84fa5  include/openssl/trace.h
-ffd0b00e9fdb307c6f4369fa52005033ff4746cf49dd82bb9dfae1a83532e6e0  include/openssl/types.h
-e2dc5cba3370613db267bea7229949596aec4b925ddb3047c7fb3b679adebc17  include/openssl/ui.h.in
-558433ae747ebf3d9a71d583b7a7ee8c5476f3bef38d97a1f88bdcace4c2f311  include/openssl/uierr.h
-eba1f6ff9d98e843cde6fa92997b5722ec4b7dcb5318db5689874ebd7d9ec51a  include/openssl/x509.h.in
-7aea205aa1cc5472f7ec5e02c23435a4520af3883eff43ce2341a88abb5dcd4c  include/openssl/x509_vfy.h.in
-9e6409eddfa13a469c1da6c5b562825381da2eb4da3c08546aa1182a4ec54726  include/openssl/x509err.h
-31a4ef4e9468ec4af5fa55eb1209ee3af53ef1f4a3b85b01dab879fc63028e8b  include/openssl/x509v3.h.in
-f78e901b2260416773c6d7933de8771a03bbb2cc3073809f3c1715d4276789ff  include/openssl/x509v3err.h
 c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13  providers/common/bio_prov.c
 9cf5f2b733755c0476141ccda0729e8c5e15fa7445d5168939b70867eac4482b  providers/common/capabilities.c
-18ce379903b078446945da9116026da8639b4b0d81d357f86f9674a2a5cb94ef  providers/common/der/der_digests.h.in
 f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8  providers/common/der/der_digests_gen.c.in
-c0a020765feb7ededc7e6f20b2b140dca09f347cc72404a5c7971df82b2f9ad0  providers/common/der/der_dsa.h.in
 424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e  providers/common/der/der_dsa_gen.c.in
 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae  providers/common/der/der_dsa_key.c
 2529d253b3e45c33249461fdedb2c32b3c16a7a305fe4920f2a79e7b3f16ed3f  providers/common/der/der_dsa_sig.c
-6024645ac9e165685b0a44a20feb342355eb06c07b7c7954508a125348570aea  providers/common/der/der_ec.h.in
 a81d36446eb8afa5c2318e24b86b52647059b4721ee52309b741e4ee78af29dd  providers/common/der/der_ec_gen.c.in
 b8f2f94daeaf20c636c90e386284c246cfded0c8275411fa02fe68b534520b95  providers/common/der/der_ec_key.c
 9104cd39dddd6e1a6e8f267656482131f4d0765e96fdced1f7344817a1c8ed7e  providers/common/der/der_ec_sig.c
-5b6b7d8d12011c48195b7db8f65bc4bc4a48fb753763a3ce5006dc227b5139d7  providers/common/der/der_ecx.h.in
 03a5620654438c58a8f971398e68922a3f33a519e2c92edb141d13ef4cbc4651  providers/common/der/der_ecx_gen.c.in
 f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1  providers/common/der/der_ecx_key.c
-ce605f32413b09d33ce5795de9498a08183895c3347f33344f9ae5d31c29ccac  providers/common/der/der_rsa.h.in
 5b3b0ae8da0fad1f7ba8b5fba2206210884728bf69a8aa00644036eb51953467  providers/common/der/der_rsa_gen.c.in
 3ba47f32b30f5540a34b3a8df7a4fd966aab9abcbb2b643af75a83a9ccda1df0  providers/common/der/der_rsa_key.c
 7e8d579986f53eaf1875d677e5cf4adfd4ccf79db0275368f6cac580ab6007ca  providers/common/der/der_rsa_sig.c
-531e3a319d9261a601e50e8661c6cdfb5f977a5b4cff80aa97f4ab2d704c4a32  providers/common/der/der_sm2.h.in
-ac9fa33898d5abe28fd10f115e4bdc636416bbf61ad8025250982621ffc76e31  providers/common/der/der_sm2_gen.c.in
-6c1fa3f229c6f049c3ac152c4c265f3eb056d94221b82df95a15400649690e93  providers/common/der/der_wrap.h.in
 0b18bc007f296e16f6210956f5b6ab612b77d8a95170f12ae32764125901db6d  providers/common/der/der_wrap_gen.c.in
 d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/common/digest_to_nid.c
-440c8ce0a4ca9f63157202bbfa26e12fec25847215fbae3416274124604ada6e  providers/common/include/prov/bio.h
-22cf0bb105a0a2cd817e28c53aa8a96040f4794108826082e957fe23749afd7b  providers/common/include/prov/proverr.h
-6cbc8930e4658b5b03fc52b230db1332ffd9a18e97121e14dd9078066aacb0b4  providers/common/include/prov/provider_ctx.h
-08b35879ae018aec67e21b725ae6bcb061e267f1aadafa869690374807e51a87  providers/common/include/prov/provider_util.h
-e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc  providers/common/include/prov/providercommon.h
-73d0e15963759fcb7c5c434bb214b50bc32f6066e90ac07fb53dad11c2fd1939  providers/common/include/prov/securitycheck.h
 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143  providers/common/provider_ctx.c
-71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0  providers/common/provider_err.c
+08eb591a084afaa48802734fa0a77a37c94b6caeee1cb5f810ed02cbd03afaff  providers/common/provider_err.c
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3  providers/common/provider_util.c
 ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e  providers/common/securitycheck.c
 50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789  providers/common/securitycheck_fips.c
 abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101  providers/fips/fips_entry.c
 0097ee47ca140cd4bafe7f12ce43263c08e3461e0005dcec4b2feed5b538d0c8  providers/fips/fipsprov.c
-c69e60c29711d55cd5672dab9ff051f3c093d54e63a0ec575baa899e6bbf9c2b  providers/fips/self_test.c
-4f10af8dd196a78b01494d6a02255b62c570133673549f1800e2fa323dd27170  providers/fips/self_test.h
-652bcbdd15619591466ad1f04240e7a3827f7241aa06410a363ef6cb7d97fea6  providers/fips/self_test_data.inc
+68093d08a3b0e82df3bf31387dcf7f76cb4a287f86d9c0bdd6943c2b1f459784  providers/fips/self_test.c
 fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
 08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a  providers/implementations/ciphers/cipher_aes.c
-9cdde931c725abe78b304e47029034dee2abf08cc36d4055a4d0212e38631788  providers/implementations/ciphers/cipher_aes.h
 5b7d6a1d0df42c082c3731a3d2a0fe2d0034874e0fbb2f4916efb72da4fe6b66  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
-f449c722118408e564746cd2d2d7df4c37f2c2b262e4e52012e4c70f01d10fd9  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
 10f5bee481daad40609b04743de5ea364f4a2d25bba6d901213294dd966ae786  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
 b9026b88005f2719f1836877b2baddadec97cb1d8e20eeaf012abffb6dfc004e  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
 6d6bf36329af3b77f457898294be05fea3940a61cdaf0ed60cfb8d091a94186e  providers/implementations/ciphers/cipher_aes_ccm.c
-13d82a9325b9cf989e632d08fffb960ceaa509efdee0c29d447c151463db2f64  providers/implementations/ciphers/cipher_aes_ccm.h
 6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7  providers/implementations/ciphers/cipher_aes_ccm_hw.c
-302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55  providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
 e63b682f97b424167e4feb28e0103ad3c2859c57056284de2999236d07663eed  providers/implementations/ciphers/cipher_aes_cts.c
-2e72401dbc4f64f0e263660bc7b5192dc5e0e8cc955661aca6a7e3e3359c97cf  providers/implementations/ciphers/cipher_aes_cts.h
-2ec666b6b7fdaa7ffb0f083a3358904c8c3159699540d270c7ddb46a8d96647b  providers/implementations/ciphers/cipher_aes_cts.inc
 e540092e34896a0f75622365a8d97473dfc7c3036ef6ef6f8ce343922ac03f56  providers/implementations/ciphers/cipher_aes_gcm.c
-582dcf5782f2766cb1369fd652985466df2bb8d41bb9791c263fc289df52b726  providers/implementations/ciphers/cipher_aes_gcm.h
-9f2303e103b4eb8244bdf97a2bb71d8a76c9e9adf09195acc2e42af72fab3250  providers/implementations/ciphers/cipher_aes_gcm_hw.c
-8ed4a100e4756c31c56147b4b0fab76a4c6e5292aa2f079045f37b5502fd41b9  providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
-33144c78ad050b2f9976946c67cbc593442d9a215c5f3d678ac56b504169fe18  providers/implementations/ciphers/cipher_aes_hw.c
-89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68  providers/implementations/ciphers/cipher_aes_hw_aesni.inc
+0fa7dad1d2d972aa74f32ff56ea0399dd60b39a7854f4c861201873bfd128749  providers/implementations/ciphers/cipher_aes_gcm_hw.c
+2882acc9191d15cd93522093e3e1a91135d4fcfcbb6c77980cf92369e5d1acb9  providers/implementations/ciphers/cipher_aes_hw.c
 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573  providers/implementations/ciphers/cipher_aes_ocb.c
-1e9c92098be7cc1c8765a4384d6d3b29a51717993c28f6502594cc62e0ba33dc  providers/implementations/ciphers/cipher_aes_ocb.h
 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70  providers/implementations/ciphers/cipher_aes_ocb_hw.c
 d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2  providers/implementations/ciphers/cipher_aes_wrp.c
 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931  providers/implementations/ciphers/cipher_aes_xts.c
-51faef25d9275061868bdcd7e60d2885353123fb4941b6b9feacfcbc63003ef9  providers/implementations/ciphers/cipher_aes_xts.h
 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da  providers/implementations/ciphers/cipher_aes_xts_fips.c
-f12bf83d8fffa833fed6d82d74709c7a0563ea0fe291988149d7c85bda8366e7  providers/implementations/ciphers/cipher_aes_xts_hw.c
+2248598561af2fc8593c101023fc629447967171d1dfc1d6bd74ca8affdf6c44  providers/implementations/ciphers/cipher_aes_xts_hw.c
 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5  providers/implementations/ciphers/cipher_tdes.c
-240075072fa0e1e47a256b0b3aa8e13e067b2e7f972d20d717d3c65e990405cf  providers/implementations/ciphers/cipher_tdes.h
 7b7172e7e5d646e07c1ac07036716c67d9a821de7c0dfd41f8243610215a61c4  providers/implementations/ciphers/cipher_tdes_common.c
 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25  providers/implementations/ciphers/cipher_tdes_hw.c
 db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/implementations/ciphers/ciphercommon.c
@@ -563,7 +361,6 @@ db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/impl
 1a6377698528eb24943c7616b55e43305a98569497279df8c6e6e411ed009424  providers/implementations/ciphers/ciphercommon_gcm.c
 bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/implementations/ciphers/ciphercommon_gcm_hw.c
 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693  providers/implementations/ciphers/ciphercommon_hw.c
-c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666  providers/implementations/ciphers/ciphercommon_local.h
 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057  providers/implementations/digests/sha2_prov.c
 de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/implementations/digests/sha3_prov.c
@@ -571,44 +368,31 @@ de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/impl
 427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6  providers/implementations/exchange/ecdh_exch.c
 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969  providers/implementations/exchange/ecx_exch.c
 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513  providers/implementations/exchange/kdf_exch.c
-45bed8c4d9f6b9d46d0ea870384424db36b403ff65259c3e12c6d0d631087a89  providers/implementations/include/prov/ciphercommon.h
-6dc876a1a785420e84210f085be6e4c7aca407ffb5433dbca4cd3f1c11bb7f06  providers/implementations/include/prov/ciphercommon_aead.h
-6748aed583c016ad57d443f8087c40e8da2f3598143e7d7832c982664e28c833  providers/implementations/include/prov/ciphercommon_ccm.h
-1738aa29c74e61d6aab6909c02f6e2857bf7b5183be532f2a7e999d6557fb1d2  providers/implementations/include/prov/ciphercommon_gcm.h
-79a5ed6e4a97431233c56eede9d9c9eec27598fff53590c627ea40bd5b871fd5  providers/implementations/include/prov/digestcommon.h
-f40451c176eeaeb035a8ef2d47bd31fea15e60634d1f8a92da372ed2245f4b2b  providers/implementations/include/prov/implementations.h
-5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8  providers/implementations/include/prov/kdfexchange.h
-c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af  providers/implementations/include/prov/macsignature.h
-cc30d303dd0ebc1a3828c3fe231a9dd6472dcec01415941b6cbd210d32862193  providers/implementations/include/prov/names.h
-2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda  providers/implementations/include/prov/seeding.h
 9b9e7937be361de8e3c3fa9a2ef17edde8a0a4391bf55c72ff9785c1e4ee7dfc  providers/implementations/kdfs/hkdf.c
 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
 f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
-c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c  providers/implementations/kdfs/pbkdf2.h
 abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/implementations/kdfs/pbkdf2_fips.c
 6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1  providers/implementations/kdfs/sshkdf.c
 eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/implementations/kdfs/sskdf.c
 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a  providers/implementations/kdfs/tls1_prf.c
 0eba0d205b1da2c298b1002abbedde0ee2c27d80d85044c478604be5b5c4222e  providers/implementations/kdfs/x942kdf.c
-7d621555c4bd9dcdb324031c28f70d8d382ff0e5369ce1ade30180e8f525b2e8  providers/implementations/kem/rsa_kem.c
+93cedf843388205691c18640713a2d8290f67b921d3aa6181f0072525313bcd0  providers/implementations/kem/rsa_kem.c
 6b60edb1ff512cb20d5727aa765efaaba54a151b9cefb819092da347e0d3d3f6  providers/implementations/keymgmt/dh_kmgmt.c
 6224f55f19d7f2794326357799cd61182a0b3ca6a9b29ced720ecb463d7469b3  providers/implementations/keymgmt/dsa_kmgmt.c
 20d650c547a138d86593bd56bcc91aa59bd89e869cef2fc91f40c6184f2f690b  providers/implementations/keymgmt/ec_kmgmt.c
-258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251  providers/implementations/keymgmt/ec_kmgmt_imexport.inc
-1a6b7e37229e81eae3981ab2e0b7669eb24aaa6487738c4b44a970da212560b6  providers/implementations/keymgmt/ecx_kmgmt.c
+a13ed39c1a96a8d504fb508e2edbc375d4548dfe868cd76453f4353cfd62461d  providers/implementations/keymgmt/ecx_kmgmt.c
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
-21b259d6a9eb5e319106012179e04963fb9659ed85af37f5c9c8752ec2385dae  providers/implementations/keymgmt/mac_legacy_kmgmt.c
+25f88308f924571ccd0ba6253573556c87f59c6e69f46a63e27ea2d6128f3467  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 adb3672738af90c3f5829c77abe95af2862b13a7cb1679aac4edc9c704cbdef7  providers/implementations/keymgmt/rsa_kmgmt.c
-25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef  providers/implementations/macs/cmac_prov.c
+8f85010af90897a657bbde1fa8c8cb0eb1cd322f3d0f4f53069b26f05818fe03  providers/implementations/macs/cmac_prov.c
 f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab  providers/implementations/macs/gmac_prov.c
-35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf  providers/implementations/macs/hmac_prov.c
-e42823cce1d08d9cb6cb32cc6b913241573c2cbbd856ff77a331b0956ee5aa02  providers/implementations/macs/kmac_prov.c
+04fb307d43a55d3ab77852da8fa315ca536025d47974e0ff8afd8be7f7960a1e  providers/implementations/macs/hmac_prov.c
+d09f137bc3cd4384a3fd71ba107c5636418fb0480c66151f43d615ef9be45903  providers/implementations/macs/kmac_prov.c
 bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c  providers/implementations/rands/crngt.c
 080afdc1704ad2a53cfbd54060b8b4f86a110ce48663fe86f2480d05aff00a15  providers/implementations/rands/drbg.c
 3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed  providers/implementations/rands/drbg_ctr.c
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
-29ae5c4e280734514b35870c773e685b60f4c95ed06612c529fc50ea1891f8bc  providers/implementations/rands/drbg_local.h
 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16  providers/implementations/rands/test_rng.c
 3a9dfbf5dcb9e1955f12f71f1ca086dded771b262d6d61bab2874f48260f702a  providers/implementations/signature/dsa_sig.c
 0ff792c30ba26f2d8f4d1c14b999f7183dcd928537f950a23573f0b65359b2f4  providers/implementations/signature/ecdsa_sig.c
@@ -616,4 +400,4 @@ c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/impl
 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy_sig.c
 40322e8782474a35f02fa350b43439a56124e680a1d24556b2a66310ed2e9e2e  providers/implementations/signature/rsa_sig.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
-85a9701b05ab8dfea42550fbc5e4d9f4011d08ccc64829648fc12091cc1133f5  ssl/s3_cbc.c
+b20895bc97561c908d246406af079d45339f1087f196ff356aba1f1089ad33ce  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 04fcc9deba..ce96b8ec1c 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-7a5559836cd09a35e480ba70e1bbdeb26a4899a789e9fc92d11bf5c697eea466  providers/fips-sources.checksums
+97e6404ae271c9511c863c6bb01c274cffbc5a3e0a7f09035381168ade82fadf  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 7dc0061919..78febf7714 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -1,7 +1,6 @@
 crypto/aes/aes_cbc.c
 crypto/aes/aes_core.c
 crypto/aes/aes_ecb.c
-crypto/aes/aes_local.h
 crypto/aes/aes_misc.c
 crypto/aes/asm/aes-586.pl
 crypto/aes/asm/aes-armv4.pl
@@ -80,14 +79,12 @@ crypto/bn/bn_gf2m.c
 crypto/bn/bn_intern.c
 crypto/bn/bn_kron.c
 crypto/bn/bn_lib.c
-crypto/bn/bn_local.h
 crypto/bn/bn_mod.c
 crypto/bn/bn_mont.c
 crypto/bn/bn_mpi.c
 crypto/bn/bn_mul.c
 crypto/bn/bn_nist.c
 crypto/bn/bn_prime.c
-crypto/bn/bn_prime.h
 crypto/bn/bn_rand.c
 crypto/bn/bn_recp.c
 crypto/bn/bn_rsa_fips186_4.c
@@ -96,7 +93,6 @@ crypto/bn/bn_sqr.c
 crypto/bn/bn_sqrt.c
 crypto/bn/bn_word.c
 crypto/bn/rsaz_exp.c
-crypto/bn/rsaz_exp.h
 crypto/bn/rsaz_exp_x2.c
 crypto/bsearch.c
 crypto/buffer/buffer.c
@@ -110,12 +106,9 @@ crypto/cryptlib.c
 crypto/ctype.c
 crypto/der_writer.c
 crypto/des/des_enc.c
-crypto/des/des_local.h
 crypto/des/ecb3_enc.c
 crypto/des/fcrypt_b.c
-crypto/des/ncbc_enc.c
 crypto/des/set_key.c
-crypto/des/spr.h
 crypto/dh/dh_backend.c
 crypto/dh/dh_check.c
 crypto/dh/dh_gen.c
@@ -123,16 +116,15 @@ crypto/dh/dh_group_params.c
 crypto/dh/dh_kdf.c
 crypto/dh/dh_key.c
 crypto/dh/dh_lib.c
-crypto/dh/dh_local.h
 crypto/dsa/dsa_backend.c
 crypto/dsa/dsa_check.c
 crypto/dsa/dsa_gen.c
 crypto/dsa/dsa_key.c
 crypto/dsa/dsa_lib.c
-crypto/dsa/dsa_local.h
 crypto/dsa/dsa_ossl.c
 crypto/dsa/dsa_sign.c
 crypto/dsa/dsa_vrf.c
+crypto/ec/asm/ecp_nistp521-ppc64.pl
 crypto/ec/asm/ecp_nistz256-armv4.pl
 crypto/ec/asm/ecp_nistz256-armv8.pl
 crypto/ec/asm/ecp_nistz256-ppc64.pl
@@ -143,20 +135,12 @@ crypto/ec/asm/x25519-ppc64.pl
 crypto/ec/asm/x25519-x86_64.pl
 crypto/ec/curve25519.c
 crypto/ec/curve448/arch_32/f_impl32.c
-crypto/ec/curve448/arch_64/arch_intrinsics.h
-crypto/ec/curve448/arch_64/f_impl.h
 crypto/ec/curve448/arch_64/f_impl64.c
 crypto/ec/curve448/curve448.c
-crypto/ec/curve448/curve448_local.h
 crypto/ec/curve448/curve448_tables.c
-crypto/ec/curve448/curve448utils.h
-crypto/ec/curve448/ed448.h
 crypto/ec/curve448/eddsa.c
 crypto/ec/curve448/f_generic.c
-crypto/ec/curve448/field.h
-crypto/ec/curve448/point_448.h
 crypto/ec/curve448/scalar.c
-crypto/ec/curve448/word.h
 crypto/ec/ec2_oct.c
 crypto/ec/ec2_smpl.c
 crypto/ec/ec_asn1.c
@@ -167,7 +151,6 @@ crypto/ec/ec_cvt.c
 crypto/ec/ec_key.c
 crypto/ec/ec_kmeth.c
 crypto/ec/ec_lib.c
-crypto/ec/ec_local.h
 crypto/ec/ec_mult.c
 crypto/ec/ec_oct.c
 crypto/ec/ecdh_kdf.c
@@ -181,7 +164,6 @@ crypto/ec/ecp_nistz256.c
 crypto/ec/ecp_oct.c
 crypto/ec/ecp_smpl.c
 crypto/ec/ecx_backend.c
-crypto/ec/ecx_backend.h
 crypto/ec/ecx_key.c
 crypto/evp/asymcipher.c
 crypto/evp/dh_support.c
@@ -190,7 +172,6 @@ crypto/evp/ec_support.c
 crypto/evp/evp_enc.c
 crypto/evp/evp_fetch.c
 crypto/evp/evp_lib.c
-crypto/evp/evp_local.h
 crypto/evp/evp_rand.c
 crypto/evp/evp_utils.c
 crypto/evp/exchange.c
@@ -216,10 +197,8 @@ crypto/ffc/ffc_params.c
 crypto/ffc/ffc_params_generate.c
 crypto/ffc/ffc_params_validate.c
 crypto/hmac/hmac.c
-crypto/hmac/hmac_local.h
 crypto/initthread.c
 crypto/lhash/lhash.c
-crypto/lhash/lhash_local.h
 crypto/mem_clr.c
 crypto/modes/asm/aes-gcm-armv8_64.pl
 crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -252,21 +231,17 @@ crypto/params_from_text.c
 crypto/passphrase.c
 crypto/property/defn_cache.c
 crypto/property/property.c
-crypto/property/property_local.h
 crypto/property/property_parse.c
 crypto/property/property_string.c
 crypto/provider_core.c
-crypto/provider_local.h
 crypto/provider_predefined.c
 crypto/rand/rand_lib.c
-crypto/rand/rand_local.h
 crypto/rand/rand_meth.c
 crypto/rsa/rsa_backend.c
 crypto/rsa/rsa_chk.c
 crypto/rsa/rsa_crpt.c
 crypto/rsa/rsa_gen.c
 crypto/rsa/rsa_lib.c
-crypto/rsa/rsa_local.h
 crypto/rsa/rsa_mp_names.c
 crypto/rsa/rsa_none.c
 crypto/rsa/rsa_oaep.c
@@ -326,7 +301,6 @@ crypto/sha/sha1dgst.c
 crypto/sha/sha256.c
 crypto/sha/sha3.c
 crypto/sha/sha512.c
-crypto/sha/sha_local.h
 crypto/sparse_array.c
 crypto/stack/stack.c
 crypto/threads_lib.c
@@ -334,184 +308,22 @@ crypto/threads_none.c
 crypto/threads_pthread.c
 crypto/threads_win.c
 crypto/x86_64cpuid.pl
-e_os.h
-include/crypto/aes_platform.h
-include/crypto/asn1.h
-include/crypto/asn1_dsa.h
-include/crypto/bn.h
-include/crypto/bn_conf.h.in
-include/crypto/bn_dh.h
-include/crypto/cryptlib.h
-include/crypto/ctype.h
-include/crypto/des_platform.h
-include/crypto/dh.h
-include/crypto/dsa.h
-include/crypto/ec.h
-include/crypto/ecx.h
-include/crypto/evp.h
-include/crypto/lhash.h
-include/crypto/md32_common.h
-include/crypto/modes.h
-include/crypto/rand.h
-include/crypto/rand_pool.h
-include/crypto/rsa.h
-include/crypto/security_bits.h
-include/crypto/sha.h
-include/crypto/sm2.h
-include/crypto/sparse_array.h
-include/crypto/types.h
-include/crypto/x509.h
-include/internal/bio.h
-include/internal/constant_time.h
-include/internal/core.h
-include/internal/cryptlib.h
-include/internal/deprecated.h
-include/internal/der.h
-include/internal/dso.h
-include/internal/dsoerr.h
-include/internal/endian.h
-include/internal/ffc.h
-include/internal/namemap.h
-include/internal/nelem.h
-include/internal/numbers.h
-include/internal/packet.h
-include/internal/param_build_set.h
-include/internal/passphrase.h
-include/internal/property.h
-include/internal/propertyerr.h
-include/internal/provider.h
-include/internal/refcount.h
-include/internal/sha3.h
-include/internal/sizes.h
-include/internal/symhacks.h
-include/internal/thread_once.h
-include/internal/tlsgroups.h
-include/internal/tsan_assist.h
-include/openssl/aes.h
-include/openssl/asn1.h.in
-include/openssl/asn1err.h
-include/openssl/asn1t.h.in
-include/openssl/async.h
-include/openssl/asyncerr.h
-include/openssl/bio.h.in
-include/openssl/bioerr.h
-include/openssl/bn.h
-include/openssl/bnerr.h
-include/openssl/buffer.h
-include/openssl/buffererr.h
-include/openssl/cmac.h
-include/openssl/comp.h
-include/openssl/comperr.h
-include/openssl/conf.h.in
-include/openssl/conferr.h
-include/openssl/configuration.h.in
-include/openssl/core.h
-include/openssl/core_dispatch.h
-include/openssl/core_names.h
-include/openssl/crypto.h.in
-include/openssl/cryptoerr.h
-include/openssl/cryptoerr_legacy.h
-include/openssl/ct.h.in
-include/openssl/cterr.h
-include/openssl/des.h
-include/openssl/dh.h
-include/openssl/dherr.h
-include/openssl/dsa.h
-include/openssl/dsaerr.h
-include/openssl/dtls1.h
-include/openssl/e_os2.h
-include/openssl/ebcdic.h
-include/openssl/ec.h
-include/openssl/ecerr.h
-include/openssl/encoder.h
-include/openssl/encodererr.h
-include/openssl/engine.h
-include/openssl/engineerr.h
-include/openssl/err.h.in
-include/openssl/evp.h
-include/openssl/evperr.h
-include/openssl/fips_names.h
-include/openssl/fipskey.h.in
-include/openssl/hmac.h
-include/openssl/http.h
-include/openssl/kdf.h
-include/openssl/lhash.h.in
-include/openssl/macros.h
-include/openssl/md4.h
-include/openssl/md5.h
-include/openssl/mdc2.h
-include/openssl/modes.h
-include/openssl/obj_mac.h
-include/openssl/objects.h
-include/openssl/objectserr.h
-include/openssl/ocsp.h.in
-include/openssl/ocsperr.h
-include/openssl/opensslconf.h
-include/openssl/opensslv.h.in
-include/openssl/param_build.h
-include/openssl/params.h
-include/openssl/pem.h
-include/openssl/pemerr.h
-include/openssl/pkcs7.h.in
-include/openssl/pkcs7err.h
-include/openssl/proverr.h
-include/openssl/provider.h
-include/openssl/rand.h
-include/openssl/randerr.h
-include/openssl/ripemd.h
-include/openssl/rsa.h
-include/openssl/rsaerr.h
-include/openssl/safestack.h.in
-include/openssl/self_test.h
-include/openssl/sha.h
-include/openssl/srtp.h
-include/openssl/ssl.h.in
-include/openssl/ssl2.h
-include/openssl/ssl3.h
-include/openssl/sslerr.h
-include/openssl/sslerr_legacy.h
-include/openssl/stack.h
-include/openssl/symhacks.h
-include/openssl/tls1.h
-include/openssl/trace.h
-include/openssl/types.h
-include/openssl/ui.h.in
-include/openssl/uierr.h
-include/openssl/x509.h.in
-include/openssl/x509_vfy.h.in
-include/openssl/x509err.h
-include/openssl/x509v3.h.in
-include/openssl/x509v3err.h
 providers/common/bio_prov.c
 providers/common/capabilities.c
-providers/common/der/der_digests.h.in
 providers/common/der/der_digests_gen.c.in
-providers/common/der/der_dsa.h.in
 providers/common/der/der_dsa_gen.c.in
 providers/common/der/der_dsa_key.c
 providers/common/der/der_dsa_sig.c
-providers/common/der/der_ec.h.in
 providers/common/der/der_ec_gen.c.in
 providers/common/der/der_ec_key.c
 providers/common/der/der_ec_sig.c
-providers/common/der/der_ecx.h.in
 providers/common/der/der_ecx_gen.c.in
 providers/common/der/der_ecx_key.c
-providers/common/der/der_rsa.h.in
 providers/common/der/der_rsa_gen.c.in
 providers/common/der/der_rsa_key.c
 providers/common/der/der_rsa_sig.c
-providers/common/der/der_sm2.h.in
-providers/common/der/der_sm2_gen.c.in
-providers/common/der/der_wrap.h.in
 providers/common/der/der_wrap_gen.c.in
 providers/common/digest_to_nid.c
-providers/common/include/prov/bio.h
-providers/common/include/prov/proverr.h
-providers/common/include/prov/provider_ctx.h
-providers/common/include/prov/provider_util.h
-providers/common/include/prov/providercommon.h
-providers/common/include/prov/securitycheck.h
 providers/common/provider_ctx.c
 providers/common/provider_err.c
 providers/common/provider_seeding.c
@@ -521,39 +333,25 @@ providers/common/securitycheck_fips.c
 providers/fips/fips_entry.c
 providers/fips/fipsprov.c
 providers/fips/self_test.c
-providers/fips/self_test.h
-providers/fips/self_test_data.inc
 providers/fips/self_test_kats.c
 providers/implementations/asymciphers/rsa_enc.c
 providers/implementations/ciphers/cipher_aes.c
-providers/implementations/ciphers/cipher_aes.h
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
-providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
 providers/implementations/ciphers/cipher_aes_ccm.c
-providers/implementations/ciphers/cipher_aes_ccm.h
 providers/implementations/ciphers/cipher_aes_ccm_hw.c
-providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_cts.c
-providers/implementations/ciphers/cipher_aes_cts.h
-providers/implementations/ciphers/cipher_aes_cts.inc
 providers/implementations/ciphers/cipher_aes_gcm.c
-providers/implementations/ciphers/cipher_aes_gcm.h
 providers/implementations/ciphers/cipher_aes_gcm_hw.c
-providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_hw.c
-providers/implementations/ciphers/cipher_aes_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_ocb.c
-providers/implementations/ciphers/cipher_aes_ocb.h
 providers/implementations/ciphers/cipher_aes_ocb_hw.c
 providers/implementations/ciphers/cipher_aes_wrp.c
 providers/implementations/ciphers/cipher_aes_xts.c
-providers/implementations/ciphers/cipher_aes_xts.h
 providers/implementations/ciphers/cipher_aes_xts_fips.c
 providers/implementations/ciphers/cipher_aes_xts_hw.c
 providers/implementations/ciphers/cipher_tdes.c
-providers/implementations/ciphers/cipher_tdes.h
 providers/implementations/ciphers/cipher_tdes_common.c
 providers/implementations/ciphers/cipher_tdes_hw.c
 providers/implementations/ciphers/ciphercommon.c
@@ -563,7 +361,6 @@ providers/implementations/ciphers/ciphercommon_ccm_hw.c
 providers/implementations/ciphers/ciphercommon_gcm.c
 providers/implementations/ciphers/ciphercommon_gcm_hw.c
 providers/implementations/ciphers/ciphercommon_hw.c
-providers/implementations/ciphers/ciphercommon_local.h
 providers/implementations/digests/digestcommon.c
 providers/implementations/digests/sha2_prov.c
 providers/implementations/digests/sha3_prov.c
@@ -571,20 +368,9 @@ providers/implementations/exchange/dh_exch.c
 providers/implementations/exchange/ecdh_exch.c
 providers/implementations/exchange/ecx_exch.c
 providers/implementations/exchange/kdf_exch.c
-providers/implementations/include/prov/ciphercommon.h
-providers/implementations/include/prov/ciphercommon_aead.h
-providers/implementations/include/prov/ciphercommon_ccm.h
-providers/implementations/include/prov/ciphercommon_gcm.h
-providers/implementations/include/prov/digestcommon.h
-providers/implementations/include/prov/implementations.h
-providers/implementations/include/prov/kdfexchange.h
-providers/implementations/include/prov/macsignature.h
-providers/implementations/include/prov/names.h
-providers/implementations/include/prov/seeding.h
 providers/implementations/kdfs/hkdf.c
 providers/implementations/kdfs/kbkdf.c
 providers/implementations/kdfs/pbkdf2.c
-providers/implementations/kdfs/pbkdf2.h
 providers/implementations/kdfs/pbkdf2_fips.c
 providers/implementations/kdfs/sshkdf.c
 providers/implementations/kdfs/sskdf.c
@@ -594,7 +380,6 @@ providers/implementations/kem/rsa_kem.c
 providers/implementations/keymgmt/dh_kmgmt.c
 providers/implementations/keymgmt/dsa_kmgmt.c
 providers/implementations/keymgmt/ec_kmgmt.c
-providers/implementations/keymgmt/ec_kmgmt_imexport.inc
 providers/implementations/keymgmt/ecx_kmgmt.c
 providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -608,7 +393,6 @@ providers/implementations/rands/drbg.c
 providers/implementations/rands/drbg_ctr.c
 providers/implementations/rands/drbg_hash.c
 providers/implementations/rands/drbg_hmac.c
-providers/implementations/rands/drbg_local.h
 providers/implementations/rands/test_rng.c
 providers/implementations/signature/dsa_sig.c
 providers/implementations/signature/ecdsa_sig.c
@@ -617,3 +401,4 @@ providers/implementations/signature/mac_legacy_sig.c
 providers/implementations/signature/rsa_sig.c
 ssl/record/tls_pad.c
 ssl/s3_cbc.c
+util/providers.num

From pauli at openssl.org  Sat May 29 06:09:36 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 29 May 2021 06:09:36 +0000
Subject: [openssl]  master update
Message-ID: <1622268576.693809.32406.nullmailer@dev.openssl.org>

The branch master has been updated
       via  83058e810b3abf6b04c20857323b9e487cbd0367 (commit)
      from  30691da1ba465f3cff5d865187fbf5c5244448eb (commit)


- Log -----------------------------------------------------------------
commit 83058e810b3abf6b04c20857323b9e487cbd0367
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue May 25 13:42:45 2021 -0400

    Make undef'd counts zero by default.
    
    Fixes #15409
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15467)

-----------------------------------------------------------------------

Summary of changes:
 util/mknum.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/mknum.pl b/util/mknum.pl
index f661a9122d..92435a8712 100644
--- a/util/mknum.pl
+++ b/util/mknum.pl
@@ -139,6 +139,7 @@ if ($checkexist) {
     if ($dropped) {
         print STDERR "${ordinals_file}: Dropped $dropped new symbols\n";
     }
+    $stats{unassigned} = 0 unless defined $stats{unassigned};
     $unassigned = $stats{unassigned} - $dropped;
     if ($unassigned) {
         my $symbol = $unassigned == 1 ? "symbol" : "symbols";

From no-reply at appveyor.com  Sat May 29 07:11:13 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 29 May 2021 07:11:13 +0000
Subject: Build failed: openssl master.42193
Message-ID: <20210529071113.1.EE0CA941A31EC7A4@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210529/f1e1a428/attachment.html>

From pauli at openssl.org  Sat May 29 07:18:39 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 29 May 2021 07:18:39 +0000
Subject: [openssl]  master update
Message-ID: <1622272719.951061.24653.nullmailer@dev.openssl.org>

The branch master has been updated
       via  5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c (commit)
       via  965fa9c0804dadb6f99dedbff9255a2ce6ddb640 (commit)
       via  0f8815aace625f869a42cfc5c254c08d5a668077 (commit)
       via  23e97567be012ff1b5082bf149810c72816c29bd (commit)
       via  508258caa0299481d07d2118da5fe1524de0b6fd (commit)
       via  e587bccdf9152716e8ff74d8208a064cabf9f3e8 (commit)
      from  83058e810b3abf6b04c20857323b9e487cbd0367 (commit)


- Log -----------------------------------------------------------------
commit 5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c
Author: Pauli <pauli at openssl.org>
Date:   Fri May 28 14:46:40 2021 +1000

    add zero strenght arguments to BN and RAND RNG calls
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15513)

commit 965fa9c0804dadb6f99dedbff9255a2ce6ddb640
Author: Pauli <pauli at openssl.org>
Date:   Fri May 28 14:46:17 2021 +1000

    prov: add zero strenght arguments to BN and RAND RNG calls
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15513)

commit 0f8815aace625f869a42cfc5c254c08d5a668077
Author: Pauli <pauli at openssl.org>
Date:   Fri May 28 14:45:57 2021 +1000

    ssl: add zero strenght arguments to BN and RAND RNG calls
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15513)

commit 23e97567be012ff1b5082bf149810c72816c29bd
Author: Pauli <pauli at openssl.org>
Date:   Fri May 28 14:45:43 2021 +1000

    test: add zero strenght arguments to BN and RAND RNG calls
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15513)

commit 508258caa0299481d07d2118da5fe1524de0b6fd
Author: Pauli <pauli at openssl.org>
Date:   Fri May 28 14:45:06 2021 +1000

    rand: add a strength argument to the BN and RAND RNG calls
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15513)

commit e587bccdf9152716e8ff74d8208a064cabf9f3e8
Author: Pauli <pauli at openssl.org>
Date:   Fri May 28 14:44:38 2021 +1000

    doc: document the strength arugments to the RNG functions
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15513)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/asn_mime.c                             |  2 +-
 crypto/asn1/p5_pbe.c                               |  2 +-
 crypto/asn1/p5_pbev2.c                             |  5 ++-
 crypto/bn/bn_blind.c                               |  2 +-
 crypto/bn/bn_gf2m.c                                |  4 +-
 crypto/bn/bn_prime.c                               |  7 ++--
 crypto/bn/bn_rand.c                                | 47 ++++++++++++----------
 crypto/bn/bn_rsa_fips186_4.c                       |  6 +--
 crypto/bn/bn_sqrt.c                                |  2 +-
 crypto/bn/bn_x931p.c                               |  9 +++--
 crypto/cmp/cmp_hdr.c                               |  2 +-
 crypto/cms/cms_enc.c                               |  2 +-
 crypto/cms/cms_ess.c                               |  3 +-
 crypto/cms/cms_pwri.c                              |  4 +-
 crypto/crmf/crmf_pbm.c                             |  2 +-
 crypto/dh/dh_key.c                                 |  2 +-
 crypto/dsa/dsa_ossl.c                              |  4 +-
 crypto/ec/ec2_smpl.c                               |  4 +-
 crypto/ec/ec_key.c                                 |  2 +-
 crypto/ec/ecdsa_ossl.c                             |  2 +-
 crypto/ec/ecp_s390x_nistp.c                        |  2 +-
 crypto/ec/ecp_smpl.c                               |  8 ++--
 crypto/ec/ecx_backend.c                            |  2 +-
 crypto/ec/ecx_meth.c                               |  8 ++--
 crypto/evp/evp_enc.c                               |  2 +-
 crypto/evp/p_seal.c                                |  2 +-
 crypto/ffc/ffc_key_generate.c                      |  2 +-
 crypto/ffc/ffc_params_generate.c                   |  4 +-
 crypto/pkcs12/p12_mutl.c                           |  2 +-
 crypto/pkcs7/pk7_doit.c                            |  2 +-
 crypto/rand/rand_lib.c                             | 14 ++++---
 crypto/rsa/rsa_oaep.c                              |  2 +-
 crypto/rsa/rsa_pk1.c                               |  6 +--
 crypto/rsa/rsa_pss.c                               |  2 +-
 crypto/sm2/sm2_crypt.c                             |  2 +-
 crypto/sm2/sm2_sign.c                              |  2 +-
 crypto/srp/srp_vfy.c                               |  4 +-
 doc/man3/BN_rand.pod                               | 36 ++++++++++-------
 doc/man3/RAND_bytes.pod                            | 10 +++--
 include/openssl/bn.h                               | 12 ++++--
 include/openssl/rand.h                             | 17 ++++++--
 .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c          |  2 +-
 .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c        |  2 +-
 providers/implementations/ciphers/cipher_des.c     |  2 +-
 .../implementations/ciphers/cipher_tdes_common.c   |  2 +-
 .../implementations/ciphers/cipher_tdes_wrap.c     |  2 +-
 .../implementations/ciphers/ciphercommon_gcm.c     |  4 +-
 providers/implementations/kem/rsa_kem.c            |  2 +-
 providers/implementations/keymgmt/ecx_kmgmt.c      | 10 ++---
 ssl/record/ssl3_record.c                           |  2 +-
 ssl/record/tls_pad.c                               |  2 +-
 ssl/s3_lib.c                                       |  4 +-
 ssl/ssl_lib.c                                      |  8 ++--
 ssl/ssl_sess.c                                     |  2 +-
 ssl/statem/statem_clnt.c                           |  8 ++--
 ssl/statem/statem_srvr.c                           |  6 +--
 ssl/tls_srp.c                                      |  4 +-
 test/cmp_client_test.c                             |  2 +-
 test/cmp_msg_test.c                                |  4 +-
 test/sslapitest.c                                  |  2 +-
 test/tls-provider.c                                |  4 +-
 61 files changed, 181 insertions(+), 147 deletions(-)

diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 8d7094d035..1c1f72f800 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -251,7 +251,7 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
     if ((flags & SMIME_DETACHED) && data) {
         /* We want multipart/signed */
         /* Generate a random boundary */
-        if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32) <= 0)
+        if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32, 0) <= 0)
             return 0;
         for (i = 0; i < 32; i++) {
             c = bound[i] & 0xf;
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index 61b8587ebd..9bc8aaa7a3 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -55,7 +55,7 @@ int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter,
     }
     if (salt)
         memcpy(sstr, salt, saltlen);
-    else if (RAND_bytes_ex(ctx, sstr, saltlen) <= 0)
+    else if (RAND_bytes_ex(ctx, sstr, saltlen, 0) <= 0)
         goto err;
 
     ASN1_STRING_set0(pbe->salt, sstr, saltlen);
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index c9d9d31cc2..d16fb8cfe3 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -69,7 +69,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter,
     if (EVP_CIPHER_iv_length(cipher)) {
         if (aiv)
             memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-        else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+        else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher),
+                               0) <= 0)
             goto err;
     }
 
@@ -187,7 +188,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
 
     if (salt)
         memcpy(osalt->data, salt, saltlen);
-    else if (RAND_bytes_ex(libctx, osalt->data, saltlen) <= 0)
+    else if (RAND_bytes_ex(libctx, osalt->data, saltlen, 0) <= 0)
         goto merr;
 
     if (iter <= 0)
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index eebf2aa95e..cee8bf329b 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -270,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
 
     do {
         int rv;
-        if (!BN_priv_rand_range_ex(ret->A, ret->mod, ctx))
+        if (!BN_priv_rand_range_ex(ret->A, ret->mod, 0, ctx))
             goto err;
         if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
             break;
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index 82aad3f599..304c2ea08d 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -742,7 +742,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
     /* generate blinding value */
     do {
         if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1,
-                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
+                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
             goto err;
     } while (BN_is_zero(b));
 
@@ -1051,7 +1051,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
             goto err;
         do {
             if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY,
-                                 ctx))
+                                 0, ctx))
                 goto err;
             if (!BN_GF2m_mod_arr(rho, rho, p))
                 goto err;
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 557f038105..64c7cd6a63 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -386,7 +386,7 @@ int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
     /* (Step 4) */
     for (i = 0; i < iterations; ++i) {
         /* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */
-        if (!BN_priv_rand_range_ex(b, w3, ctx)
+        if (!BN_priv_rand_range_ex(b, w3, 0, ctx)
                 || !BN_add_word(b, 2)) /* 1 < b < w-1 */
             goto err;
 
@@ -484,7 +484,8 @@ static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods,
 
  again:
     /* TODO: Not all primes are private */
-    if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, ctx))
+    if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, 0,
+                         ctx))
         return 0;
     if (safe && !BN_set_bit(rnd, 1))
         return 0;
@@ -550,7 +551,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
         maxdelta = BN_MASK2 - BN_get_word(add);
 
  again:
-    if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
+    if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, 0, ctx))
         goto err;
 
     /* we need ((rnd-rem) % add) == 0 */
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 79e44ab960..baac4ea7ed 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -21,7 +21,7 @@ typedef enum bnrand_flag_e {
 } BNRAND_FLAG;
 
 static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
-                  BN_CTX *ctx)
+                  unsigned int strength, BN_CTX *ctx)
 {
     unsigned char *buf = NULL;
     int b, ret = 0, bit, bytes, mask;
@@ -47,8 +47,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
     }
 
     /* make a random number and set the top and bottom bits */
-    b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes)
-                       : RAND_priv_bytes_ex(libctx, buf, bytes);
+    b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes, strength)
+                       : RAND_priv_bytes_ex(libctx, buf, bytes, strength);
     if (b <= 0)
         goto err;
 
@@ -60,7 +60,7 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
         unsigned char c;
 
         for (i = 0; i < bytes; i++) {
-            if (RAND_bytes_ex(libctx, &c, 1) <= 0)
+            if (RAND_bytes_ex(libctx, &c, 1, strength) <= 0)
                 goto err;
             if (c >= 128 && i > 0)
                 buf[i] = buf[i - 1];
@@ -99,37 +99,39 @@ toosmall:
     return 0;
 }
 
-int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
+int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+               unsigned int strength, BN_CTX *ctx)
 {
-    return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
+    return bnrand(NORMAL, rnd, bits, top, bottom, strength, ctx);
 }
 #ifndef FIPS_MODULE
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
+    return bnrand(NORMAL, rnd, bits, top, bottom, 0, NULL);
 }
 
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(TESTING, rnd, bits, top, bottom, NULL);
+    return bnrand(TESTING, rnd, bits, top, bottom, 0, NULL);
 }
 #endif
 
-int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
+int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+                    unsigned int strength, BN_CTX *ctx)
 {
-    return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
+    return bnrand(PRIVATE, rnd, bits, top, bottom, strength, ctx);
 }
 
 #ifndef FIPS_MODULE
 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
+    return bnrand(PRIVATE, rnd, bits, top, bottom, 0, NULL);
 }
 #endif
 
 /* random number r:  0 <= r < range */
 static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
-                        BN_CTX *ctx)
+                        unsigned int strength, BN_CTX *ctx)
 {
     int n;
     int count = 100;
@@ -152,7 +154,7 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
          */
         do {
             if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY,
-                        ctx))
+                        strength, ctx))
                 return 0;
 
             /*
@@ -179,7 +181,8 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
     } else {
         do {
             /* range = 11..._2  or  range = 101..._2 */
-            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
+            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0,
+                        ctx))
                 return 0;
 
             if (!--count) {
@@ -194,27 +197,29 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
     return 1;
 }
 
-int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
+int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+                     BN_CTX *ctx)
 {
-    return bnrand_range(NORMAL, r, range, ctx);
+    return bnrand_range(NORMAL, r, range, strength, ctx);
 }
 
 #ifndef FIPS_MODULE
 int BN_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bnrand_range(NORMAL, r, range, NULL);
+    return bnrand_range(NORMAL, r, range, 0, NULL);
 }
 #endif
 
-int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
+int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+                          BN_CTX *ctx)
 {
-    return bnrand_range(PRIVATE, r, range, ctx);
+    return bnrand_range(PRIVATE, r, range, strength, ctx);
 }
 
 #ifndef FIPS_MODULE
 int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bnrand_range(PRIVATE, r, range, NULL);
+    return bnrand_range(PRIVATE, r, range, 0, NULL);
 }
 
 # ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -282,7 +287,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
         goto err;
     }
     for (done = 0; done < num_k_bytes;) {
-        if (!RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes)))
+        if (!RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0))
             goto err;
 
         if (!EVP_DigestInit_ex(mdctx, md, NULL)
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index dc83865e4b..04fbabcb23 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -178,14 +178,14 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
     if (Xp1 == NULL) {
         /* Set the top and bottom bits to make it odd and the correct size */
         if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
-                             ctx))
+                             0, ctx))
             goto err;
     }
     /* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */
     if (Xp2 == NULL) {
         /* Set the top and bottom bits to make it odd and the correct size */
         if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
-                             ctx))
+                             0, ctx))
             goto err;
     }
 
@@ -306,7 +306,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
              * (Step 3) Choose Random X such that
              *    sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1.
              */
-            if (!BN_priv_rand_range_ex(X, range, ctx) || !BN_add(X, X, base))
+            if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base))
                 goto end;
         }
         /* (Step 4) Y = X + ((R - X) mod 2r1r2) */
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 9fc7776db6..b663ae5ec5 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -182,7 +182,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
             if (!BN_set_word(y, i))
                 goto end;
         } else {
-            if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, ctx))
+            if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, 0, ctx))
                 goto end;
             if (BN_ucmp(y, p) >= 0) {
                 if (!(p->neg ? BN_add : BN_sub) (y, y, p))
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index c7ce437b16..20d35cf7af 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -175,7 +175,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
      * - 1. By setting the top two bits we ensure that the lower bound is
      * exceeded.
      */
-    if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx))
+    if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0,
+                         ctx))
         return 0;
 
     BN_CTX_start(ctx);
@@ -184,7 +185,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
         goto err;
 
     for (i = 0; i < 1000; i++) {
-        if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
+        if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0,
                              ctx))
             goto err;
 
@@ -230,9 +231,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
     if (Xp1 == NULL || Xp2 == NULL)
         goto error;
 
-    if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
+    if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx))
         goto error;
-    if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
+    if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx))
         goto error;
     if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
         goto error;
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index eca5578e44..86be2546d5 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -142,7 +142,7 @@ static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len)
     unsigned char *bytes = OPENSSL_malloc(len);
     int res = 0;
 
-    if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len) <= 0)
+    if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len, 0) <= 0)
         ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM);
     else
         res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len);
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 3bec60bcf0..09dbb21275 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -83,7 +83,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
         /* Generate a random IV if we need one */
         ivlen = EVP_CIPHER_CTX_iv_length(ctx);
         if (ivlen > 0) {
-            if (RAND_bytes_ex(libctx, iv, ivlen) <= 0)
+            if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
                 goto err;
             piv = iv;
         }
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index d029b75b69..6c43dd102a 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -128,7 +128,8 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     else {
         if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
             goto merr;
-        if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32) <= 0)
+        if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32,
+                          0) <= 0)
             goto err;
     }
 
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index a278280563..d521f8cc47 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -94,7 +94,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 
     if (ivlen > 0) {
-        if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen) <= 0)
+        if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0)
             goto err;
         if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
             ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
@@ -264,7 +264,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
         /* Add random padding to end */
         if (olen > inlen + 4
             && RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen,
-                             olen - 4 - inlen) <= 0)
+                             olen - 4 - inlen, 0) <= 0)
             return 0;
         /* Encrypt twice */
         if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index cf483dcb9a..21808d014b 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -55,7 +55,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
      */
     if ((salt = OPENSSL_malloc(slen)) == NULL)
         goto err;
-    if (RAND_bytes_ex(libctx, salt, (int)slen) <= 0) {
+    if (RAND_bytes_ex(libctx, salt, (int)slen, 0) <= 0) {
         ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM);
         goto err;
     }
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 33ac134c51..6b8cd550f2 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -318,7 +318,7 @@ static int generate_key(DH *dh)
                     goto err;
                 l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1;
                 if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE,
-                                     BN_RAND_BOTTOM_ANY, ctx))
+                                     BN_RAND_BOTTOM_ANY, 0, ctx))
                     goto err;
                 /*
                  * We handle just one known case where g is a quadratic non-residue:
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index c16d85c9e1..86d89f4c72 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -132,7 +132,7 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
     /* Generate a blinding value */
     do {
         if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1,
-                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
+                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
             goto err;
     } while (BN_is_zero(blind));
     BN_set_flags(blind, BN_FLG_CONSTTIME);
@@ -250,7 +250,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
             if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst,
                                        dlen, ctx))
                 goto err;
-        } else if (!BN_priv_rand_range_ex(k, dsa->params.q, ctx))
+        } else if (!BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx))
             goto err;
     } while (BN_is_zero(k));
 
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index d8c2a7888f..3a59544c8b 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -730,7 +730,7 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
     /* s blinding: make sure lambda (s->Z here) is not zero */
     do {
         if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1,
-                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) {
+                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) {
             ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
             return 0;
         }
@@ -745,7 +745,7 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
     /* r blinding: make sure lambda (r->Y here for storage) is not zero */
     do {
         if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1,
-                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) {
+                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) {
             ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
             return 0;
         }
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index ea2bad3e26..ba6b8df514 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -298,7 +298,7 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test)
     }
 
     do
-        if (!BN_priv_rand_range_ex(priv_key, order, ctx))
+        if (!BN_priv_rand_range_ex(priv_key, order, 0, ctx))
             goto err;
     while (BN_is_zero(priv_key)) ;
 
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index b2bf68a5ce..fe9b3cf593 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -135,7 +135,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
                     goto err;
                 }
             } else {
-                if (!BN_priv_rand_range_ex(k, order, ctx)) {
+                if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
                     ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
                     goto err;
                 }
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index 173fd72362..4a676c37ad 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -180,7 +180,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
          * internally implementing counter-measures for RNG weakness.
          */
          if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
-                                len) != 1) {
+                                len, 0) != 1) {
              ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
              goto ret;
          }
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index c54d6fb6c8..bde8cad346 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -1396,7 +1396,7 @@ int ossl_ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r,
         goto err;
 
     do {
-        if (!BN_priv_rand_range_ex(e, group->field, ctx))
+        if (!BN_priv_rand_range_ex(e, group->field, 0, ctx))
         goto err;
     } while (BN_is_zero(e));
 
@@ -1449,7 +1449,7 @@ int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
      */
     do {
         ERR_set_mark();
-        ret = BN_priv_rand_range_ex(lambda, group->field, ctx);
+        ret = BN_priv_rand_range_ex(lambda, group->field, 0, ctx);
         ERR_pop_to_mark();
         if (ret == 0) {
             ret = 1;
@@ -1519,13 +1519,13 @@ int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group,
 
     /* make sure lambda (r->Y here for storage) is not zero */
     do {
-        if (!BN_priv_rand_range_ex(r->Y, group->field, ctx))
+        if (!BN_priv_rand_range_ex(r->Y, group->field, 0, ctx))
             return 0;
     } while (BN_is_zero(r->Y));
 
     /* make sure lambda (s->Z here for storage) is not zero */
     do {
-        if (!BN_priv_rand_range_ex(s->Z, group->field, ctx))
+        if (!BN_priv_rand_range_ex(s->Z, group->field, 0, ctx))
             return 0;
     } while (BN_is_zero(s->Z));
 
diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c
index 3a1314626b..14278592cd 100644
--- a/crypto/ec/ecx_backend.c
+++ b/crypto/ec/ecx_backend.c
@@ -187,7 +187,7 @@ ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg,
         }
         if (op == KEY_OP_KEYGEN) {
             if (id != EVP_PKEY_NONE) {
-                if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id)) <= 0)
+                if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id), 0) <= 0)
                     goto err;
                 if (id == EVP_PKEY_X25519) {
                     privkey[0] &= 248;
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index c47bd9f9dd..9dd347d670 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -937,7 +937,7 @@ static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         goto err;
     }
 
-    if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN, 0) <= 0)
         goto err;
 
     privkey[0] &= 248;
@@ -980,7 +980,7 @@ static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         goto err;
     }
 
-    if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN, 0) <= 0)
         goto err;
 
     privkey[0] &= 252;
@@ -1029,7 +1029,7 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         goto err;
     }
 
-    if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0)
         goto err;
 
     md = EVP_MD_fetch(ctx->libctx, "SHA512", ctx->propquery);
@@ -1095,7 +1095,7 @@ static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         goto err;
     }
 
-    if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN, 0) <= 0)
         goto err;
 
     hashctx = EVP_MD_CTX_new();
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index dc22d507a4..356951014b 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1332,7 +1332,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
         OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx);
 
         kl = EVP_CIPHER_CTX_key_length(ctx);
-        if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl) <= 0)
+        if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0)
             return 0;
         return 1;
     }
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index c13041f027..bafafd6244 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -44,7 +44,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
         return 0;
 
     len = EVP_CIPHER_CTX_iv_length(ctx);
-    if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len) <= 0)
+    if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len, 0) <= 0)
         goto err;
 
     len = EVP_CIPHER_CTX_key_length(ctx);
diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c
index d8d2116ddc..61a4a7427d 100644
--- a/crypto/ffc/ffc_key_generate.c
+++ b/crypto/ffc/ffc_key_generate.c
@@ -45,7 +45,7 @@ int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
 
     do {
         /* Steps (3, 4 & 7) :  c + 1 = 1 + random[0..2^N - 1] */
-        if (!BN_priv_rand_range_ex(priv, two_powN, ctx)
+        if (!BN_priv_rand_range_ex(priv, two_powN, 0, ctx)
             || !BN_add_word(priv, 1))
             goto err;
         /* Step (6) : loop if c > M - 2 (i.e. c + 1 >= M) */
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 26ab9120c6..3c6f789c3e 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
 
         /* A.1.1.2 Step (5) : generate seed with size seed_len */
         if (generate_seed
-                && RAND_bytes_ex(libctx, seed, (int)seedlen) < 0)
+                && RAND_bytes_ex(libctx, seed, (int)seedlen, 0) < 0)
             goto err;
         /*
          * A.1.1.2 Step (6) AND
@@ -399,7 +399,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
         if (!BN_GENCB_call(cb, 0, m++))
             goto err;
 
-        if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize) <= 0)
+        if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize, 0) <= 0)
             goto err;
 
         memcpy(buf, seed, qsize);
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index f072436110..041711d7d4 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -260,7 +260,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
     p12->mac->salt->length = saltlen;
     if (!salt) {
         if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data,
-                          saltlen) <= 0)
+                          saltlen, 0) <= 0)
             return 0;
     } else
         memcpy(p12->mac->salt->data, salt, saltlen);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index c8e6c798b4..8d4e95a3b4 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -300,7 +300,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
         ivlen = EVP_CIPHER_iv_length(evp_cipher);
         xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
         if (ivlen > 0)
-            if (RAND_bytes_ex(libctx, iv, ivlen) <= 0)
+            if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
                 goto err;
 
         (void)ERR_set_mark();
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index bdf5f71f44..7ad05ea008 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -315,7 +315,8 @@ const RAND_METHOD *RAND_get_rand_method(void)
  * the default method, then just call RAND_bytes().  Otherwise make
  * sure we're instantiated and use the private DRBG.
  */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                       unsigned int strength)
 {
     EVP_RAND_CTX *rand;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -331,17 +332,18 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
 
     rand = RAND_get0_private(ctx);
     if (rand != NULL)
-        return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+        return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);
 
     return 0;
 }
 
 int RAND_priv_bytes(unsigned char *buf, int num)
 {
-    return RAND_priv_bytes_ex(NULL, buf, num);
+    return RAND_priv_bytes_ex(NULL, buf, num, 0);
 }
 
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                  unsigned int strength)
 {
     EVP_RAND_CTX *rand;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -357,14 +359,14 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
 
     rand = RAND_get0_public(ctx);
     if (rand != NULL)
-        return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+        return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);
 
     return 0;
 }
 
 int RAND_bytes(unsigned char *buf, int num)
 {
-    return RAND_bytes_ex(NULL, buf, num);
+    return RAND_bytes_ex(NULL, buf, num, 0);
 }
 
 typedef struct rand_global_st {
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 9c5d2e9e99..5068057fd1 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -103,7 +103,7 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
     db[emlen - flen - mdlen - 1] = 0x01;
     memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
     /* step 3d: generate random byte string */
-    if (RAND_bytes_ex(libctx, seed, mdlen) <= 0)
+    if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
         goto err;
 
     dbmask_len = emlen - mdlen;
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 01a84fba70..9094b1ac50 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -138,12 +138,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
     /* pad out with non-zero random data */
     j = tlen - 3 - flen;
 
-    if (RAND_bytes_ex(libctx, p, j) <= 0)
+    if (RAND_bytes_ex(libctx, p, j, 0) <= 0)
         return 0;
     for (i = 0; i < j; i++) {
         if (*p == '\0')
             do {
-                if (RAND_bytes_ex(libctx, p, 1) <= 0)
+                if (RAND_bytes_ex(libctx, p, 1, 0) <= 0)
                     return 0;
             } while (*p == '\0');
         p++;
@@ -315,7 +315,7 @@ int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *libctx,
      * to decrypt.
      */
     if (RAND_priv_bytes_ex(libctx, rand_premaster_secret,
-                           sizeof(rand_premaster_secret)) <= 0) {
+                           sizeof(rand_premaster_secret), 0) <= 0) {
         ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
         return -1;
     }
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index be1ea1f599..bca208340e 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -205,7 +205,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
             ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if (RAND_bytes_ex(rsa->libctx, salt, sLen) <= 0)
+        if (RAND_bytes_ex(rsa->libctx, salt, sLen, 0) <= 0)
             goto err;
     }
     maskedDBLen = emLen - hLen - 1;
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index 2b8b10e25d..f2771dbe73 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -187,7 +187,7 @@ int ossl_sm2_encrypt(const EC_KEY *key,
 
     memset(ciphertext_buf, 0, *ciphertext_len);
 
-    if (!BN_priv_rand_range_ex(k, order, ctx)) {
+    if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
         ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
         goto done;
     }
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index d9e16e1f98..907d6585ea 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -240,7 +240,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
     }
 
     for (;;) {
-        if (!BN_priv_rand_range_ex(k, order, ctx)) {
+        if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
             ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
             goto done;
         }
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 85e2c96e1a..e8beb60d27 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -645,7 +645,7 @@ char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt,
     }
 
     if (*salt == NULL) {
-        if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+        if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0)
             goto err;
 
         s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
@@ -728,7 +728,7 @@ int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt,
         goto err;
 
     if (*salt == NULL) {
-        if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+        if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0)
             goto err;
 
         salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod
index 1c50c692b9..06ee99d28e 100644
--- a/doc/man3/BN_rand.pod
+++ b/doc/man3/BN_rand.pod
@@ -11,16 +11,20 @@ BN_pseudo_rand_range
 
  #include <openssl/bn.h>
 
- int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+                unsigned int strength, BN_CTX *ctx);
  int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
 
- int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+                     unsigned int strength, BN_CTX *ctx);
  int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
 
- int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, unsigned int strength,
+                      BN_CTX *ctx);
  int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 
- int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, unsigned int strength,
+                           BN_CTX *ctx);
  int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
 
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
@@ -32,30 +36,32 @@ openssl_user_macros(7):
 
 =head1 DESCRIPTION
 
-BN_rand_ex() generate a cryptographically strong pseudo-random
-number of B<bits> in length and stores it in B<rnd> using the random number
-generator for the library context associated with B<ctx>. The parameter B<ctx>
+BN_rand_ex() generates a cryptographically strong pseudo-random
+number of I<bits> in length and security strength at least I<strength> bits
+using the random number generator for the library context associated with
+I<ctx>. The function stores the generated data in I<rnd>. The parameter I<ctx>
 may be NULL in which case the default library context is used.
-If B<bits> is less than zero, or too small to
-accommodate the requirements specified by the B<top> and B<bottom>
+If I<bits> is less than zero, or too small to
+accommodate the requirements specified by the I<top> and I<bottom>
 parameters, an error is returned.
-The B<top> parameters specifies
+The I<top> parameters specifies
 requirements on the most significant bit of the generated number.
 If it is B<BN_RAND_TOP_ANY>, there is no constraint.
 If it is B<BN_RAND_TOP_ONE>, the top bit must be one.
 If it is B<BN_RAND_TOP_TWO>, the two most significant bits of
 the number will be set to 1, so that the product of two such random
-numbers will always have 2*B<bits> length.
-If B<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
+numbers will always have 2*I<bits> length.
+If I<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
 is B<BN_RAND_BOTTOM_ANY> it can be odd or even.
-If B<bits> is 1 then B<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
+If I<bits> is 1 then I<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
 
 BN_rand() is the same as BN_rand_ex() except that the default library context
 is always used.
 
 BN_rand_range_ex() generates a cryptographically strong pseudo-random
-number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range> using the random number
-generator for the library context associated with B<ctx>. The parameter B<ctx>
+number I<rnd>, of security stength at least I<strength> bits,
+in the range 0 E<lt>= I<rnd> E<lt> I<range> using the random number
+generator for the library context associated with I<ctx>. The parameter I<ctx>
 may be NULL in which case the default library context is used.
 
 BN_rand_range() is the same as BN_rand_range_ex() except that the default
diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod
index aeec94dd8b..832790fb95 100644
--- a/doc/man3/RAND_bytes.pod
+++ b/doc/man3/RAND_bytes.pod
@@ -12,8 +12,10 @@ RAND_pseudo_bytes - generate random data
  int RAND_bytes(unsigned char *buf, int num);
  int RAND_priv_bytes(unsigned char *buf, int num);
 
- int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
- int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
+ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                   unsigned int strength);
+ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                        unsigned int strength);
 
 Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
@@ -34,7 +36,9 @@ affect the secrecy of these private values, as described in L<RAND(7)>
 and L<EVP_RAND(7)>.
 
 RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and
-RAND_priv_bytes() except that they both take an additional I<ctx> parameter.
+RAND_priv_bytes() except that they both take additional I<strength> and
+I<ctx> parameters. The bytes genreated will have a security strength of at
+least I<strength> bits.
 The DRBG used for the operation is the public or private DRBG associated with
 the specified I<ctx>. The parameter can be NULL, in which case
 the default library context is used (see L<OSSL_LIB_CTX(3)>.
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 2217ec0857..ecd7f01b9b 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -214,13 +214,17 @@ void BN_CTX_free(BN_CTX *c);
 void BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void BN_CTX_end(BN_CTX *ctx);
-int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+               unsigned int strength, BN_CTX *ctx);
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+                    unsigned int strength, BN_CTX *ctx);
 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
+int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+                     BN_CTX *ctx);
 int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
+int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range,
+                          unsigned int strength, BN_CTX *ctx);
 int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 100da328c3..304fd9fe1e 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -61,11 +61,20 @@ OSSL_DEPRECATEDIN_3_0 RAND_METHOD *RAND_OpenSSL(void);
 int RAND_bytes(unsigned char *buf, int num);
 int RAND_priv_bytes(unsigned char *buf, int num);
 
-/* Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
+/*
+ * Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX and
+ * a strength.
+ */
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                       unsigned int strength);
+
+/*
+ * Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and
+ * a strength.
+ */
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                  unsigned int strength);
 
-/* Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX */
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 OSSL_DEPRECATEDIN_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num);
 # endif
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index bd1c611b42..f70e98508a 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -143,7 +143,7 @@ static size_t tls1_multi_block_encrypt(void *vctx,
 #  endif
 
     /* ask for IVs in bulk */
-    if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4) <= 0)
+    if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
         return 0;
 
     mctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index 7001dfcd1c..14fbf63b03 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -147,7 +147,7 @@ static size_t tls1_multi_block_encrypt(void *vctx,
 #  endif
 
     /* ask for IVs in bulk */
-    if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4) <= 0)
+    if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
         return 0;
 
     mctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c
index 4563ea2edb..d03d65b668 100644
--- a/providers/implementations/ciphers/cipher_des.c
+++ b/providers/implementations/ciphers/cipher_des.c
@@ -122,7 +122,7 @@ static int des_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
     DES_cblock *deskey = ptr;
     size_t kl = ctx->keylen;
 
-    if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
+    if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl, 0) <= 0)
         return 0;
     DES_set_odd_parity(deskey);
     return 1;
diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c
index 88acc16049..346aec05a1 100644
--- a/providers/implementations/ciphers/cipher_tdes_common.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -120,7 +120,7 @@ static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
     DES_cblock *deskey = ptr;
     size_t kl = ctx->keylen;
 
-    if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
+    if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl, 0) <= 0)
         return 0;
     DES_set_odd_parity(deskey);
     if (kl >= 16)
diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index 4bfd17f515..f6a859539e 100644
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -97,7 +97,7 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
     memcpy(out + inl + ivlen, sha1tmp, icvlen);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     /* Generate random IV */
-    if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen) <= 0)
+    if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen, 0) <= 0)
         return 0;
     memcpy(out, ctx->iv, ivlen);
     /* Encrypt everything after IV in place */
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index b19e15b3b2..97a1af3191 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -371,7 +371,7 @@ static int gcm_iv_generate(PROV_GCM_CTX *ctx, int offset)
         return 0;
 
     /* Use DRBG to generate random iv */
-    if (RAND_bytes_ex(ctx->libctx, ctx->iv + offset, sz) <= 0)
+    if (RAND_bytes_ex(ctx->libctx, ctx->iv + offset, sz, 0) <= 0)
         return 0;
     ctx->iv_state = IV_STATE_BUFFERED;
     ctx->iv_gen_rand = 1;
@@ -485,7 +485,7 @@ static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv,
     if (len > 0)
         memcpy(ctx->iv, iv, len);
     if (ctx->enc
-        && RAND_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len) <= 0)
+        && RAND_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len, 0) <= 0)
             return 0;
     ctx->iv_gen = 1;
     ctx->iv_state = IV_STATE_BUFFERED;
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 1ccc57a8da..313ab133b3 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -229,7 +229,7 @@ static int rsasve_gen_rand_bytes(RSA *rsa_pub,
     ret = (z != NULL
            && (BN_copy(nminus3, RSA_get0_n(rsa_pub)) != NULL)
            && BN_sub_word(nminus3, 3)
-           && BN_priv_rand_range_ex(z, nminus3, bnctx)
+           && BN_priv_rand_range_ex(z, nminus3, 0, bnctx)
            && BN_add_word(z, 2)
            && (BN_bn2binpad(z, out, outlen) == outlen));
     BN_CTX_end(bnctx);
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 506f350173..9de954651b 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -577,7 +577,7 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx)
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    if (RAND_priv_bytes_ex(gctx->libctx, privkey, key->keylen) <= 0)
+    if (RAND_priv_bytes_ex(gctx->libctx, privkey, key->keylen, 0) <= 0)
         goto err;
     switch (gctx->type) {
     case ECX_KEY_TYPE_X25519:
@@ -836,7 +836,7 @@ static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx)
         goto err;
     }
 
-    if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN, 0) <= 0)
         goto err;
 
     privkey[0] &= 248;
@@ -882,7 +882,7 @@ static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx)
         goto err;
     }
 
-    if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN, 0) <= 0)
         goto err;
 
     privkey[0] &= 252;
@@ -934,7 +934,7 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx)
         goto err;
     }
 
-    if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED25519_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0)
         goto err;
 
     sha = EVP_MD_fetch(gctx->libctx, "SHA512", gctx->propq);
@@ -1004,7 +1004,7 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx)
     shake = EVP_MD_fetch(gctx->libctx, "SHAKE256", gctx->propq);
     if (shake == NULL)
         goto err;
-    if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED448_KEYLEN) <= 0)
+    if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED448_KEYLEN, 0) <= 0)
         goto err;
 
     hashctx = EVP_MD_CTX_new();
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index ec7d448d39..8788d49e4c 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -997,7 +997,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
                         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                         return 0;
                     } else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input,
-                                             ivlen) <= 0) {
+                                             ivlen, 0) <= 0) {
                         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                         return 0;
                     }
diff --git a/ssl/record/tls_pad.c b/ssl/record/tls_pad.c
index 8383ce8d1c..54ff9cdf36 100644
--- a/ssl/record/tls_pad.c
+++ b/ssl/record/tls_pad.c
@@ -253,7 +253,7 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
     }
 
     /* Create the random MAC we will emit if padding is bad */
-    if (!RAND_bytes_ex(libctx, randmac, mac_size))
+    if (!RAND_bytes_ex(libctx, randmac, mac_size, 0))
         return 0;
 
     if (!ossl_assert(mac != NULL && alloced != NULL))
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7839a4d318..348d02d8bd 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4552,9 +4552,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
         unsigned char *p = result;
 
         l2n(Time, p);
-        ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
+        ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0);
     } else {
-        ret = RAND_bytes_ex(s->ctx->libctx, result, len);
+        ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0);
     }
 
     if (ret > 0) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f35eaf07c5..af95f2e056 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3284,15 +3284,15 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
 
     /* Setup RFC5077 ticket keys */
     if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
-                       sizeof(ret->ext.tick_key_name)) <= 0)
+                       sizeof(ret->ext.tick_key_name), 0) <= 0)
         || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
-                               sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+                               sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
         || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
-                               sizeof(ret->ext.secure->tick_aes_key)) <= 0))
+                               sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
         ret->options |= SSL_OP_NO_TICKET;
 
     if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
-                           sizeof(ret->ext.cookie_hmac_key)) <= 0)
+                           sizeof(ret->ext.cookie_hmac_key), 0) <= 0)
         goto err;
 
 #ifndef OPENSSL_NO_SRP
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 88bdd14dc8..3409795628 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -264,7 +264,7 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id,
 {
     unsigned int retry = 0;
     do
-        if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len) <= 0)
+        if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
             return 0;
     while (SSL_has_matching_session_id(ssl, id, *id_len) &&
            (++retry < MAX_SESS_ID_ATTEMPTS)) ;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ad1d0e7e05..c10a1e46b2 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1191,7 +1191,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
             session_id = s->tmp_session_id;
             if (s->hello_retry_request == SSL_HRR_NONE
                     && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id,
-                                     sess_id_len) <= 0) {
+                                     sess_id_len, 0) <= 0) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
@@ -2853,7 +2853,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
     pms[0] = s->client_version >> 8;
     pms[1] = s->client_version & 0xff;
     /* TODO(size_t): Convert this function */
-    if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2)) <= 0) {
+    if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2), 0) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -3060,7 +3060,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
         /* Generate session key
          * TODO(size_t): Convert this function
          */
-        || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) {
+        || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     };
@@ -3185,7 +3185,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt)
         goto err;
     }
 
-    if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) {
+    if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 56d4b4591a..bf4a486a8d 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2738,7 +2738,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
                 return 0;
             }
             if (RAND_bytes_ex(s->ctx->libctx, s->pha_context,
-                                     s->pha_context_len) <= 0
+                                     s->pha_context_len, 0) <= 0
                     || !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
                                               s->pha_context_len)) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -3778,7 +3778,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
         }
 
         iv_len = EVP_CIPHER_iv_length(cipher);
-        if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0
+        if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0
                 || !EVP_EncryptInit_ex(ctx, cipher, NULL,
                                        tctx->ext.secure->tick_aes_key, iv)
                 || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
@@ -3905,7 +3905,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
             goto err;
         }
         if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c,
-                          sizeof(age_add_u)) <= 0) {
+                          sizeof(age_add_u), 0) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;
         }
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 430cd7dae8..0ce3290dc4 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -203,7 +203,7 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
         (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
         return SSL3_AL_FATAL;
 
-    if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b)) <= 0)
+    if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b), 0) <= 0)
         return SSL3_AL_FATAL;
     s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
     OPENSSL_cleanse(b, sizeof(b));
@@ -420,7 +420,7 @@ int ssl_srp_calc_a_param_intern(SSL *s)
 {
     unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
 
-    if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd)) <= 0)
+    if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd), 0) <= 0)
         return 0;
     s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
     OPENSSL_cleanse(rnd, sizeof(rnd));
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 3d9b37b3a2..d181a03d19 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -373,7 +373,7 @@ int setup_tests(void)
             || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))
             || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx))
             || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx))
-            || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
+            || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) {
         cleanup_tests();
         return 0;
     }
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index fd5337b208..a9a858c07a 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -149,7 +149,7 @@ static int test_cmp_create_ir_protection_set(void)
     fixture->bodytype = OSSL_CMP_PKIBODY_IR;
     fixture->err_code = -1;
     fixture->expected = 1;
-    if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret)))
+    if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret), 0))
             || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
             || !TEST_true(set1_newPkey(ctx, newkey))
             || !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret,
@@ -566,7 +566,7 @@ int setup_tests(void)
 
     if (!TEST_ptr(newkey = load_pkey_pem(newkey_f, libctx))
             || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))
-            || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
+            || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) {
         cleanup_tests();
         return 0;
     }
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 28e9852dbb..b687ab9e22 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1294,7 +1294,7 @@ static int test_ktls_sendfile(int tls_version, const char *cipher)
         || !TEST_true(BIO_get_ktls_send(serverssl->wbio)))
         goto end;
 
-    if (!TEST_true(RAND_bytes_ex(libctx, buf, SENDFILE_SZ)))
+    if (!TEST_true(RAND_bytes_ex(libctx, buf, SENDFILE_SZ, 0)))
         goto end;
 
     out = BIO_new_file(tmpfilename, "wb");
diff --git a/test/tls-provider.c b/test/tls-provider.c
index 20360d469e..f8eeaeb363 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -640,7 +640,7 @@ static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
         return NULL;
 
     if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
-        if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE) <= 0) {
+        if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE, 0) <= 0) {
             OPENSSL_free(key);
             return NULL;
         }
@@ -813,7 +813,7 @@ unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx)
     int i;
 
  retry:
-    if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id)))
+    if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id), 0))
         return 0;
     /*
      * Ensure group_id is within the IANA Reserved for private use range

From no-reply at appveyor.com  Sat May 29 08:33:13 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 29 May 2021 08:33:13 +0000
Subject: Build failed: openssl master.42194
Message-ID: <20210529083313.1.5FE0CD5ADEFAD537@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210529/d2485f43/attachment.html>

From levitte at openssl.org  Sat May 29 09:07:34 2021
From: levitte at openssl.org (Richard Levitte)
Date: Sat, 29 May 2021 09:07:34 +0000
Subject: [openssl]  master update
Message-ID: <1622279254.007378.15769.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f839361e3e45b5becce7c3267fa8e2f72654e75f (commit)
       via  57bd5fc728a9015ea1ed46487c19495042df2e48 (commit)
       via  32eebfa27f12581d0b03fe18e9222eba1447a896 (commit)
       via  e653b04bd29f35ee9703be8ee6691b4a640ee2b4 (commit)
      from  5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c (commit)


- Log -----------------------------------------------------------------
commit f839361e3e45b5becce7c3267fa8e2f72654e75f
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat May 29 11:06:44 2021 +0200

    make update-fips-checksums
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15514)

commit 57bd5fc728a9015ea1ed46487c19495042df2e48
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 28 07:54:04 2021 +0200

    Rearrange the check of providers/fips.so dependencies
    
    The mechanism had special cases to guess when something was generated
    from a .in file.  It's better, though, to use the knowledge in
    configdata.pm, especially when the generated file is in a different
    location than its source.
    
    Cleanups are added, and we change the use of sed to a use of perl
    when cleaning up paths with 'something/../' in them, since perl has
    more powerful tools for this sort of thing.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15514)

commit 32eebfa27f12581d0b03fe18e9222eba1447a896
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 28 07:52:37 2021 +0200

    Make providers/fips.module.sources.new depend on configdata.pm
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15514)

commit e653b04bd29f35ee9703be8ee6691b4a640ee2b4
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 28 07:51:05 2021 +0200

    configdata.pm: Allow extra arguments when --query is given.
    
    That allows operations like this:
    
        ./configdata.pm --query 'get_sources(@ARGV)' file1 file2 file3
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15514)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/unix-Makefile.tmpl |  44 +++----
 configdata.pm.in                  |   5 +-
 providers/fips-sources.checksums  | 267 ++++++++++++++++++++++++++++++++++----
 providers/fips.checksum           |   2 +-
 providers/fips.module.sources     | 216 +++++++++++++++++++++++++++++-
 5 files changed, 483 insertions(+), 51 deletions(-)

diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 7855018e3d..80f38dd1a2 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1188,13 +1188,7 @@ generate_doc_buildinfo:
           fi )
 
 generate_fips_sources: providers/fips.module.sources.new
-providers/fips.module.sources.new: \
-                $(SRCDIR)/Configure \
-                {- join(" \\\n" . ' ' x 16,
-                        fill_lines(" ", $COLUMNS - 16,
-                                   @{$config{build_file_templates}},
-                                   @{$config{build_infos}},
-                                   @{$config{conf_files}})) -}
+providers/fips.module.sources.new: configdata.pm
 	rm -rf sources-tmp
 	mkdir sources-tmp
 	( \
@@ -1203,38 +1197,44 @@ providers/fips.module.sources.new: \
 	  && $$srcdir/Configure --banner=Configured enable-fips -O0 \
 	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \
 	  && $(MAKE) -sj 4 \
-	  && find .. -name '*.d' | xargs cat > dep1 \
+	  && find . -name '*.d' | xargs cat > dep1 \
           && $(MAKE) distclean \
 	  && $$srcdir/Configure --banner=Configured enable-fips no-asm -O0 \
 	  && ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \
 	  && $(MAKE) -sj 4 \
-	  && find .. -name '*.d' | xargs cat > dep2 \
+	  && find . -name '*.d' | xargs cat > dep2 \
 	  && cat sources1 sources2 \
 	     | grep -v ' : \\$$' | grep -v util/providers.num \
-	     | sed -E -e 's:^ *([.][.]/)*$(SRCDIR)::' -e 's: \\::' \
+	     | sed -e 's/^ *//' -e 's/ *\\$$//' \
 	     | sort | uniq > sources \
-	  && cat dep1 dep2 | grep -v providers/common/include/prov/der_ >deps \
+	  && cat dep1 dep2 \
+	     | $(PERL) -p -e 's/\\\n//' \
+	     | sed -e 's/^.*: *//' -e 's/  */ /g' \
+	     | fgrep -f sources \
+	     | tr ' ' '\n' \
+	     | sort | uniq > deps.raw \
+	  && cat deps.raw \
+	     | xargs ./configdata.pm --query 'get_sources(@ARGV)' \
+	     | $(PERL) -p -e 's/\\\n//' \
+	     | sed -e 's/\./\\\./g' -e 's/ : */:/' -e 's/^/s:/' -e 's/$$/:/' \
+	     > deps.sed \
+	  && cat deps.raw | sed -f deps.sed > deps \
 	)
 	( \
-	  perl -p -e 's/\\\n//' sources-tmp/deps \
-	     | sed -e 's/^.*: *//' -e 's/  */ /g' \
-	     | fgrep -f sources-tmp/sources | tr ' ' '\n' \
-	     | sed -E -e '/^include/s:$$:.in:' -e 's:^ *([.][.]/)*$(SRCDIR)::' -e 's:^/::' ; \
-	  for x in `cat sources-tmp/sources`; do \
-	    if [ -f "$(SRCDIR)$$x" ]; then echo $$x | sed 's:^/::' ; fi ; \
-	  done ; \
+	  cat sources-tmp/sources sources-tmp/deps \
+	     | $(PERL) -p -e 's:^ *\Q../\E:: ;' \
+			  -e 's:^\Q$(SRCDIR)/\E:: if "$(SRCDIR)" ne "." ;' \
+			  -e 'my $$x; do { $$x = $$_; s:(^|/)((?!\Q../\E)[^/]*/)\Q..\E($$|/):$$1: } while ($$x ne $$_) ;' ; \
 	  cd $(SRCDIR); \
 	  for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \
 		   crypto/aes/asm/*.pl crypto/aes/asm/*.S \
 		   crypto/ec/asm/*.pl \
 		   crypto/modes/asm/*.pl \
 		   crypto/sha/asm/*.pl \
-		   crypto/x86_64cpuid.pl \
-	           providers/common/der/*.in; do \
+		   crypto/x86_64cpuid.pl; do \
 	    echo "$$x"; \
 	  done \
-	) | sed -e 's:/[^/]*/[^/]*/[.][.]/[.][.]/:/:g' -e 's:/[^/]*/[.][.]/:/:g' \
-	  | sort | uniq > providers/fips.module.sources.new
+	) | sort | uniq > providers/fips.module.sources.new
 	rm -rf sources-tmp
 
 # Set to -force to force a rebuild
diff --git a/configdata.pm.in b/configdata.pm.in
index 57ad440fa4..14da489cd3 100644
--- a/configdata.pm.in
+++ b/configdata.pm.in
@@ -178,7 +178,10 @@ _____
                'man'                    => \$man)
         or die "Errors in command line arguments\n";
 
-    if (scalar @ARGV > 0) {
+    # We allow extra arguments with --query.  That allows constructs like
+    # this:
+    # ./configdata.pm --query 'get_sources(@ARGV)' file1 file2 file3
+    if (!$query && scalar @ARGV > 0) {
         print STDERR <<"_____";
 Unrecognised arguments.
 For more information, do '$0 --help'
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index ac6bc5df84..ba65aa41fe 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -1,6 +1,7 @@
 0e22ea0cf34ef3871e30df0bc302dc29352d38001d1622ddb78a27a374b6aee8  crypto/aes/aes_cbc.c
 6028cd3c2e466625cc0b8b9b6a12278e5935aec3bff1eab006c6f13a1e248260  crypto/aes/aes_core.c
 3fac41ce96acb9189eac2d5571425c3ff33a34c884ae7e275e1fd3068b5fc662  crypto/aes/aes_ecb.c
+d42d44734e2bf91335835f15ea3cf449a5af7395bc7af46c8484b3f3d3785a50  crypto/aes/aes_local.h
 a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd  crypto/aes/aes_misc.c
 6979c133f76f4623e62e6e970deae70fa025e713a72b71aead5a048d49e47f6f  crypto/aes/asm/aes-586.pl
 92be9ff608331a432e95247a8f4fb9e46897d0cb76f2b6db809b61d44287964a  crypto/aes/asm/aes-armv4.pl
@@ -66,7 +67,7 @@ da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c  crypto/bn/asm/
 70efd46dc5f95312433dc6709ae33667897e6b132c57d7afff2dfd5adb836e86  crypto/bn/asm/x86_64-mont5.pl
 d95277a3d7635a1f6a2613ba954606ae3c4bb260d11c85612ae83a05a726d03c  crypto/bn/bn_add.c
 6baa367447c968066e25934b0d00d3525b78ba00f733a5597988e810941dff88  crypto/bn/bn_asm.c
-e263280dcd108a479b0ec60069ae7e74893135f6253bac4094279d2cf30557a8  crypto/bn/bn_blind.c
+47f42000e64873ff6bb54992c21e6a8a4fbd97157240fb228114857a83677ad6  crypto/bn/bn_blind.c
 7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6  crypto/bn/bn_const.c
 d66453ceb0a1be02a9cd2aef0ceec5943a2b9ec42e2fe66c13d03bb669389749  crypto/bn/bn_conv.c
 2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a  crypto/bn/bn_ctx.c
@@ -75,24 +76,27 @@ d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16  crypto/bn/bn_d
 760f43a2ad60979c4afaf2ccba779357c99061c82b230e4a201e611998f4e201  crypto/bn/bn_exp.c
 4a0295e30ac91bfbfdcd3f2d0cbd5eaf4f5a44b4bba3135b137a692394a2f897  crypto/bn/bn_exp2.c
 ad162484e30b1961f8326ee1cb2c71b77ea55e8383c609d7d3ee210c01a3fbd8  crypto/bn/bn_gcd.c
-36314758440ce2ce20e22ff9b75f4689728c1c99cd51399a441c751502218074  crypto/bn/bn_gf2m.c
+d3af5ba3065d11b3d1bfe0c66295def0f3dcf3d0b3ad28f0e13537586b520f92  crypto/bn/bn_gf2m.c
 a4087c6c57d38fa7db0c6f4e203a4c21af836cfb6cac10b4841ef3bbd724f67d  crypto/bn/bn_intern.c
 dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d  crypto/bn/bn_kron.c
 805da9886392dde1419c0a2e2cf202a10c21dcdca2d9b7a38ac3d47036dc0b36  crypto/bn/bn_lib.c
+8b16cd281f44b6fb3881af17b8bc6a45aada353c8b80792f683c6f638e549600  crypto/bn/bn_local.h
 07247dc2ccc55f3be525baed92fd20031bbaa80fd0bc56155e80ee0da3fc943d  crypto/bn/bn_mod.c
 80fb6afcf66958883d8ea06e63645c2b3eab0b8626a39fd7ea64d1c1768867c8  crypto/bn/bn_mont.c
 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60  crypto/bn/bn_mpi.c
 02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e  crypto/bn/bn_mul.c
 0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1  crypto/bn/bn_nist.c
-bae4d0beab1757bda50d5767ad53588e87ef28081611abeeaa1ac8302d4634c0  crypto/bn/bn_prime.c
-cb27f0d2cc9d2d5f82b40378517e26fe2d9a5092f50fd26cdf648ae954190f2b  crypto/bn/bn_rand.c
+aa0dacc06935efba30bd15929bdcde16b7e250aed790bed4d325c88989f6c1c1  crypto/bn/bn_prime.c
+c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3  crypto/bn/bn_prime.h
+2773750fccdd05a487c6251862b3a207e781657b373143b5c3d2962a2d089d4b  crypto/bn/bn_rand.c
 2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa  crypto/bn/bn_recp.c
-4e3d0ebda2d250887634ab491b398a71778431b3db4bc1eb329542f4bd0798cc  crypto/bn/bn_rsa_fips186_4.c
+aaa59a9c0f5fb77c9ae5e3e8da9e0ea161c87aa156dc7a2e72e7f7d8d45f553b  crypto/bn/bn_rsa_fips186_4.c
 9bbad44e0007a2a7f6caaa1a9c6a9d4e667afdac898b32598483ae336479cb72  crypto/bn/bn_shift.c
 da5479cd30898cf455f2844478f2bf3993a5bfb612937a437976d7987867ee6f  crypto/bn/bn_sqr.c
-8815f85240c3af08ef421f83569c70ba68cdc7ad2ea5e6ab8079b40cdc2e1357  crypto/bn/bn_sqrt.c
+12a0041ae6aaf87598eda773dc9336739f14278e5726d6fa0d73b753e0e0902c  crypto/bn/bn_sqrt.c
 0618c7368688ca73ffac5baecac36192c428c0fda4d1d473ef65ce64a0ffb75b  crypto/bn/bn_word.c
 ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05  crypto/bn/rsaz_exp.c
+affabb87861653b216e746d6c2fce5c2ac395b0ca570d439508e9f5e102ee340  crypto/bn/rsaz_exp.h
 40ee4cd52ce429cac718acc58d12434e9386c76a647ffad3bf9a1fce51cacc77  crypto/bn/rsaz_exp_x2.c
 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea  crypto/bsearch.c
 c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
@@ -106,9 +110,12 @@ b352903e60908dc7287051983e2068508715b4d9f3f46575540295010908bfa0  crypto/context
 a3d146afa1d66cc3bbfdc7c106f262b679bb5aecce54e8dee732ae9b3e3333db  crypto/ctype.c
 8e61d79299003917ac409d129d291f0a63e4ed417811a8b21169b2b918355335  crypto/der_writer.c
 b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1  crypto/des/des_enc.c
+4971cdc016ee262d81e31f96c1617a33a63c0d90139e440c2ff32a368ee07bbd  crypto/des/des_local.h
 eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81  crypto/des/ecb3_enc.c
 cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69  crypto/des/fcrypt_b.c
+499513b3ad386fe694c4e04b3c8a9fd4c4e18fc44bb6c4f94d6bf2d9362a3a5a  crypto/des/ncbc_enc.c
 5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1  crypto/des/set_key.c
+8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d  crypto/des/spr.h
 25a73e1a14ffb43b39c6829aa51a22a43322fc5d9ec0fa47996ab85323fb074c  crypto/dh/dh_backend.c
 62f6652a60a8e20fc10a67cdcfd0de1c18f2ba7ad7ab4b2fb1c11b059755704c  crypto/dh/dh_check.c
 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120  crypto/dh/dh_gen.c
@@ -116,12 +123,14 @@ ffe31cb7c0cd887d051867dfc37cce18a406c78c446f2a186d1f20247a5c914d  crypto/dh/dh_g
 26890c406b38a2a57ac1c5ccb139a9e29a9dcbf04d829975b0f8498c01685b6f  crypto/dh/dh_kdf.c
 959aef279023358d5bd4661f132ad809c7f62e4f7bea3d1f25006ff15e75e92b  crypto/dh/dh_key.c
 60c95e4ee43229d900317727df644347f41a065dd95e899d52696080bd6a988f  crypto/dh/dh_lib.c
+5f0e7b65b3ca9e13f8b874ea74e78d285cc7382d2956e52833c20f09284eb426  crypto/dh/dh_local.h
 27d0ea795bb7f571ba37b7460eee63608b9089a95337491c0980b91135563e15  crypto/dsa/dsa_backend.c
 b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7  crypto/dsa/dsa_check.c
 ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58  crypto/dsa/dsa_gen.c
 48e489ffbd49633a879554c895f57083b48cd8704b21cd6af8ed1e2417ba57ca  crypto/dsa/dsa_key.c
 c6b05c784a18e7b9f2d8dfcca8e93eb445b02c9e9eaa64087e00fb44f233962e  crypto/dsa/dsa_lib.c
-f79b00636aeb1dbfa67f0d6fab3835b576f59957f476467cbfb8ead2469f6514  crypto/dsa/dsa_ossl.c
+57de14ab077f573f9f1a44bd1aac25bdf06f8da802b3c1e8040e3256ecbec58c  crypto/dsa/dsa_local.h
+e2ec84d1e1be2a063232c5b20c844d327e3325914bf9bf992cb13945d7ebd155  crypto/dsa/dsa_ossl.c
 b57b648524bc7dd98f8e2737f4e87b5578c7921df59b1df4a03a34e23e977e8a  crypto/dsa/dsa_sign.c
 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1  crypto/dsa/dsa_vrf.c
 e9cd4e14e8952e66919ea41e727713db80f3f58b4812328cd8b688dff5c9d905  crypto/ec/asm/ecp_nistp521-ppc64.pl
@@ -135,43 +144,54 @@ cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368  crypto/ec/asm/
 ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732  crypto/ec/asm/x25519-x86_64.pl
 a33b6a29af8d9fcde009c17d0c2172a1212b111d7ad57def9ef23ab9c462072d  crypto/ec/curve25519.c
 9a95ec8366154bb20aeb24f4767a8cbb9953ca0380708eb2f39caca6078cd59e  crypto/ec/curve448/arch_32/f_impl32.c
+063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1  crypto/ec/curve448/arch_64/arch_intrinsics.h
+43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4  crypto/ec/curve448/arch_64/f_impl.h
 1689097ae10e4982a8cbe50c2f6eddb03c83436f331f0b67edb98d6b58adc962  crypto/ec/curve448/arch_64/f_impl64.c
 eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51  crypto/ec/curve448/curve448.c
+3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780  crypto/ec/curve448/curve448_local.h
 178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306  crypto/ec/curve448/curve448_tables.c
+c21cda9f8a98cc70cab9031073e76baee9b2c1ec736c45d7e36ef3a7d6c15ab9  crypto/ec/curve448/curve448utils.h
+4a45e7828831fbe9f282f933cda54b12cd393ec9bffe5c0ace8e4d1c4d5d6358  crypto/ec/curve448/ed448.h
 a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f  crypto/ec/curve448/eddsa.c
 b20892e0c2d947cc7541fb7e5d082acbbaca8d6d36b1e11e73816268a62366d1  crypto/ec/curve448/f_generic.c
+f6447921a0031fa5beddedd298e82096fb3fdb189b712fab328b61f6beae0c23  crypto/ec/curve448/field.h
+2ad8331e893b5db33198e27603891587686c0dfdab29706dc52a7097c5d6f219  crypto/ec/curve448/point_448.h
 7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93  crypto/ec/curve448/scalar.c
+3052a044afae2e91b677542fc8b34b3ec9d033e0c6562b0d43098cfb34ab3c9d  crypto/ec/curve448/word.h
 ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d  crypto/ec/ec2_oct.c
-7579a156234dfa44e02d08e121f42035229364f9e40f38b11333edbae2282762  crypto/ec/ec2_smpl.c
+9cd90a1795e13fc3f20ec73960bb56d6a1ed2681ae1c6a61db8275a7d8224c0b  crypto/ec/ec2_smpl.c
 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd  crypto/ec/ec_asn1.c
 4ec7fe2efa0e55316ac4bb8507c7a37360339070c406c2623c38c5a541ac65d6  crypto/ec/ec_backend.c
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
-5485a66d4251bc2f044e4d91f6a6b5068957c3b685237bf96a4b45e9c737420c  crypto/ec/ec_key.c
+5467943f0075c0cb5c27030e83f49e4dad1ec7fbf7d620baf684bcee466c2cf8  crypto/ec/ec_key.c
 7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68  crypto/ec/ec_kmeth.c
 90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908  crypto/ec/ec_lib.c
+2d7af485efcfd7b40abb56ab2ff34289504e28d9673655b8b8745bff19426bca  crypto/ec/ec_local.h
 58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0  crypto/ec/ec_mult.c
 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166  crypto/ec/ec_oct.c
 4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73  crypto/ec/ecdh_kdf.c
 b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866  crypto/ec/ecdh_ossl.c
-49bf1a4dd3d53a5c0e4e05d71be0f6fcbeb5d013c70084ad8111e2d46b7e0f58  crypto/ec/ecdsa_ossl.c
+dde9ad10e36a587da7e66ae11a943a3d7e10daa67902d630ac02b8d28e58c7b6  crypto/ec/ecdsa_ossl.c
 b6baa42b16e8df69a12e0ab101033100cddc808ec2682ba1574373e6ec86ae93  crypto/ec/ecdsa_sign.c
 f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35  crypto/ec/ecdsa_vrf.c
 c07f9f7cfb27ce2735cad06f16d3e5f270b79ac31a0f9b6e44945f2c040f6258  crypto/ec/ecp_mont.c
 f679269eec6f67ab7f859eca39cad7cc5ff2ba70e2f884eed9eadc9057c01272  crypto/ec/ecp_nist.c
 03f7a0e38ce53a90b388b5c3e6d33629ed650b9ad6f5f722e8993e045ef31e27  crypto/ec/ecp_nistz256.c
 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a  crypto/ec/ecp_oct.c
-fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84  crypto/ec/ecp_smpl.c
+a11ca7f7ebc6f400b7e5463086ef57cdb63df311830e7ff87049aaa97f4afd72  crypto/ec/ecp_smpl.c
 4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d  crypto/ec/ecx_backend.c
+5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3  crypto/ec/ecx_backend.h
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 41014dc59651443d3b6f739573b478a9a613b2d6269b81ef5cfc338e9fee94af  crypto/evp/asymcipher.c
 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b  crypto/evp/dh_support.c
 768924252efe3b19a1f1bd56261ac49fce08b30ba9f6b1710e97a37cdaa67742  crypto/evp/digest.c
 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b  crypto/evp/ec_support.c
-76a5d55109aff98a84dd4fce08877df3921424941705e87246e11fb6b8137bdc  crypto/evp/evp_enc.c
+fb46a1fbe84b4e93da161a2b2f2b44190900e764b0cd06dc540aef3f9452f0ef  crypto/evp/evp_enc.c
 1c6a5add46f82e4b2a0cce63c4abe7e82aedfdd9873214a3b6a71ca0d4cc8010  crypto/evp/evp_fetch.c
 61b1c3cfec1cf80a610fa6e6e2a075940826f05c3705dd3dd2c0320f8f635a64  crypto/evp/evp_lib.c
+573e06510878da6bc015ab22fb6dc3e7598419b2a497ed8ba82df4a816c53564  crypto/evp/evp_local.h
 23199e292db90651d676fb1864fe1158f48837375740731317e63ea86a1805ce  crypto/evp/evp_rand.c
 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c  crypto/evp/evp_utils.c
 e07aca9748ad7d2672e910a09dba4d4c075a3afc96f5237574cca2c928b94344  crypto/evp/exchange.c
@@ -191,14 +211,16 @@ b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4  crypto/evp/pme
 b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac  crypto/ex_data.c
 00ca3b72cd56308aabb2826b6a400c675526afa7efca052d39c74b2ac6d137d8  crypto/ffc/ffc_backend.c
 ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d  crypto/ffc/ffc_dh.c
-8390c3015b5bb7f65a5cde533390788e7e61e381823c58c2e7caf8e50ca63a3b  crypto/ffc/ffc_key_generate.c
+82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888  crypto/ffc/ffc_key_generate.c
 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b  crypto/ffc/ffc_key_validate.c
 67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346  crypto/ffc/ffc_params.c
-4c614d354252e2cfdfa2fcb7d2abba0456fcdee3e5ffdcf4d7cec1d6c8c9d1d8  crypto/ffc/ffc_params_generate.c
+4621c46e373f293ce681f20bde5ec075f0f43fa6e17214e2a92b5821f20f8964  crypto/ffc/ffc_params_generate.c
 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159  crypto/ffc/ffc_params_validate.c
 31b822540566ab2a51b50dae884f4b3d5ef1403c7c50fce4e1cc76b2885726a5  crypto/hmac/hmac.c
+0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f  crypto/hmac/hmac_local.h
 f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751  crypto/initthread.c
 c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0  crypto/lhash/lhash.c
+2a3ab2dd023df8bcd507e3ebfa5495e9ab51a109f6f568aff813011a0feab5f2  crypto/lhash/lhash_local.h
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d  crypto/modes/asm/aes-gcm-armv8_64.pl
 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0  crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -231,23 +253,27 @@ d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3  crypto/property/defn_cache.c
 e7ee9ae467238875a413c44552af3937942b4e61a8aa3af6bee81a456d9daad1  crypto/property/property.c
+d2ea0144cf661fe3369b2f1cae22409e2155313eaeed8eb8497aa2ab7a88e1ac  crypto/property/property_local.h
 6e7f3a8d15edb506dead2bba7c1ec6d1dbbe0c28846cce799c9273996b6cbfd5  crypto/property/property_parse.c
 9d5fad386cfb0b6ace3005c7def05edff3017436a4e7dc367a16c53acbbf0ff6  crypto/property/property_string.c
 751716fab7b474789b1cd3b99c7ac0b8fd4d9c80545f2213a34951ee00535160  crypto/provider_core.c
+77068908daa856823e606702f938e033fb9d8941ee960fa47fba8985af18a514  crypto/provider_local.h
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
-14341361b4308fe1528b11a9f88edff037b10b51e9e7aa29b70b43a4e3be3d59  crypto/rand/rand_lib.c
+b1042c400e6ade54cf539a055d01fdfa92a8bfb58e5ecc5a6cbcd26ad6fa2f27  crypto/rand/rand_lib.c
+d86ad8b6885b557f60d7c1710b2d13ecc987fae26c38d487fd3cdd3a5a59c293  crypto/rand/rand_local.h
 f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde  crypto/rand/rand_meth.c
 a6841319cb6e9970a3c3f8adb619086310e4b56d1f52448ef2e2caaeface4146  crypto/rsa/rsa_backend.c
 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e  crypto/rsa/rsa_chk.c
 e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce  crypto/rsa/rsa_crpt.c
 5be5237213217d4a6bbd33b02abfbab4879bc7aa0a02a10dd1a3fbf7605915e9  crypto/rsa/rsa_gen.c
 ad396e62d26b756bc75b0b641b5ed9be7c66f1f3ead824848f840aa0ae30046d  crypto/rsa/rsa_lib.c
+a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b  crypto/rsa/rsa_local.h
 cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00  crypto/rsa/rsa_mp_names.c
 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5  crypto/rsa/rsa_none.c
-b27d572bde071d09ca58b31bab6a2635552d4464d44aa99cbc73b56fdc3f4399  crypto/rsa/rsa_oaep.c
+c128bbcc9428b78eb3915f667b2663b767df9ca0b9d155ec55cc9d7e3acea984  crypto/rsa/rsa_oaep.c
 2ddaefe005e83081c5f7f1bdd4eb060d89e00bcb192be97e0d8bbd2806313c6e  crypto/rsa/rsa_ossl.c
-6182b0ee592e71bd91109d83807b448665053bf144b2e4a4f6eac45e55762979  crypto/rsa/rsa_pk1.c
-0c2e3fea08af73404d348293aa62652bc93feade424f3516e06e86ba64518236  crypto/rsa/rsa_pss.c
+8fd62fe16ebbacd00e36774e7e14dded5c7ec2bffe10be9d0e41b13c5ccaf390  crypto/rsa/rsa_pk1.c
+f0263344f68de7a50d9f249c11bacee58746b7b49b6b8be0e390d891f74520d4  crypto/rsa/rsa_pss.c
 bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170  crypto/rsa/rsa_schemes.c
 de9161eecc7e99baa834d6f6e2baf96e291dd3da3586ddda396da77fcc3a94de  crypto/rsa/rsa_sign.c
 e8eb16af2cbfaf23731b96073750562938f168989d1460b7f522628d87e8e8a0  crypto/rsa/rsa_sp800_56b_check.c
@@ -301,6 +327,7 @@ f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699  crypto/sha/asm
 4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b  crypto/sha/sha256.c
 01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07  crypto/sha/sha3.c
 65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96  crypto/sha/sha512.c
+6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea  crypto/sha/sha_local.h
 86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7  crypto/sparse_array.c
 32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df  crypto/stack/stack.c
 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8  crypto/threads_lib.c
@@ -308,22 +335,182 @@ a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c  crypto/threads
 5f5737f17902bf5b2ad0ebe22fec2831e4dbb61df1632d27c6360dccf330335b  crypto/threads_pthread.c
 60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a  crypto/threads_win.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
+26aaa5cc181b4cfb9d1930b8a2def0aa5f772fc49b5890b747df9dbbf7a7b958  e_os.h
+3290f3899383a80a0a9e9358cdd551d22229454ec8902e4a3a353b69497a6ef4  include/crypto/aes_platform.h
+0282be3a62884ecb54c3beba9b9c47a2d5689a34ace50dbd4a2ecf7755b93d06  include/crypto/asn1.h
+8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee  include/crypto/asn1_dsa.h
+8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d  include/crypto/bn.h
+1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df  include/crypto/bn_conf.h.in
+7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6  include/crypto/bn_dh.h
+e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504  include/crypto/cryptlib.h
+5ee1ea30382bef9869f29b6610665ca304f3b9cf3653746a2d02c64b1a24f103  include/crypto/ctype.h
+3036fb7a2e1f32e3e53e2bd1cf24acbf18705d75f9ce9de6d2945a6e7c3fb4e0  include/crypto/des_platform.h
+c7bef6ee3e29950650275470be540d182e1c6b9ccb30b45d97b3ad2911d14fca  include/crypto/dh.h
+c6d99cc3f9ce38c44220576835e18fbce854769c06bb4a8eaa47167e67e7b244  include/crypto/dsa.h
+103c6aa07939d6d62a878d074d5593b0268ece7bb5ff9236d0df455f9abec3a4  include/crypto/ec.h
+33a436599b6ac6b30fce96f312054a2453b582c5a897b6d66cfcf0d83955c3fd  include/crypto/ecx.h
+536a257b11ba71814675f71cfa955a562c66fe8fe3368c0318c644b182e029f9  include/crypto/evp.h
+bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6  include/crypto/lhash.h
+41b5fe04624e4b6ba2b12caddbf2d1ff1728b0826073eda68e709e8a90189ced  include/crypto/md32_common.h
+d680560931ced45a5d215b3fc43d1cbaf2f3316f51bc24800182962ca34ca61f  include/crypto/modes.h
+763ec96091c828c16278873eb32665bfc70624dbd3809cb8043d19dc16e84d22  include/crypto/rand.h
+a79916de6fe7e06d15be4e10e9f3b2cce33236d3c99ee88dff74d47119dba8ba  include/crypto/rand_pool.h
+ff3313bfb4c6d5a41c2d229ca3f3b096c28cde9863904e6cf69468ce83d18807  include/crypto/rsa.h
+32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401  include/crypto/security_bits.h
+0f743762f646656b5480648c05632575fe8acc7506460c63e0fcdf42cf20c08a  include/crypto/sha.h
+af37cd4120756cbe24a206a3fa98de11c4da8464aae541ecd2b6de2f402a0094  include/crypto/sm2.h
+7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad  include/crypto/sparse_array.h
+5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37  include/crypto/types.h
+fc41057613482f5698e5fedca482512999e1e8d7b20d35e285e5ad14d72c8ace  include/crypto/x509.h
+a1778b610a244f49317a09e1e6c78b5fb68bc6d003ffdea0f6eefe5733ee5b5f  include/internal/bio.h
+92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131  include/internal/constant_time.h
+1a8e8ab7245d82fdb14c5f4a654634616e0b07b4137f60a7e3e3aef15a6247f7  include/internal/core.h
+f6ad40990f40445f5e098956ee42141eb098649aaf99b54922990f8bb747054e  include/internal/cryptlib.h
+9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63  include/internal/deprecated.h
+8a2371f964cbb7fc3916583d2a4cee5c56f98595dfa30bd60c71637811a6d9da  include/internal/der.h
+fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b  include/internal/dso.h
+f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7  include/internal/dsoerr.h
+70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef  include/internal/endian.h
+4a012af32c3cb5e2163d706ce9cc37b09d854cb96dbf90cf9cd4de085fb5912f  include/internal/ffc.h
+100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99  include/internal/namemap.h
+b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d  include/internal/nelem.h
+5df7377027b7c0640417441dea147eb0d95a0bd6b7a1a7e7f2a49cf4107faf87  include/internal/numbers.h
+ea1bec4f1fff37aef8d4a62745bb451baa3e3ad20ba1bc68920a24f5cbb2f0a7  include/internal/packet.h
+dd7ddecf30bef3002313e6b776ce34d660931e783b2f6edacf64c7c6e729e688  include/internal/param_build_set.h
+794504486afe80618bab452c5caa3837ccc4dc771c4934837f1a420d81d87547  include/internal/passphrase.h
+6d08ed9c307c5d85dce8baf7ee3fc358bfc53b9026760884b2d7e4a051c5a2bd  include/internal/property.h
+727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635  include/internal/propertyerr.h
+f214a3d1ebe1109b739f0846e26ba2cd644759e8546a218b202886450018d34e  include/internal/provider.h
+5af9a40c44def13576fe2c0eb082fb73c3565c5e00f902d51b1ed1593d481ccb  include/internal/refcount.h
+47e315163f1d2fb0ddc4e6c450deafd338bcbee66753a715c54ff2dd0cfacb11  include/internal/sha3.h
+494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1  include/internal/sizes.h
+79cd03ebe2ba199178350ceed0aed54b6714d68a16c381631fec819ef25079fa  include/internal/symhacks.h
+640cc6a2aae208073a7f495c08b4c5006a69e8ac1c2d9aaaafd56b0e74d5f859  include/internal/thread_once.h
+415b725d7f949a6191ab7bb30b48931bafc01c7aa93607e529fabbc853a4ddc5  include/internal/tlsgroups.h
+b24938409313384024524cbde837690d83119bcb70fb289b38cb7efa8e082852  include/internal/tsan_assist.h
+2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73  include/openssl/aes.h
+444e0754b9e9e8f272f43eb8356eac687dacb4eb615c3c27504542a5e251b75d  include/openssl/asn1.h.in
+d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429  include/openssl/asn1err.h
+f9f6b49f94e33171cb086774e307500f4a6d13a35af858b8da8fbed85815a045  include/openssl/asn1t.h.in
+cf4be859dba94326ba7d9e305fd7e7275bd11e534118c7b140a3a1c8dac01b76  include/openssl/async.h
+8ed44307406db3a25abebe94b792175f99ceb04ede8fdc5c84446c9622729a0a  include/openssl/asyncerr.h
+d23e74122090a71268818a8162bb0642d292b931eed2188f4f3a5c9083227a01  include/openssl/bio.h.in
+0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0  include/openssl/bioerr.h
+7d1f9880976a926ba6e0cad08e8de6f326aae48d8350b499aa79127f63d4d108  include/openssl/bn.h
+ea344bb0b690d4e47c99e83f6692b970c9b54a4520296bb2d3ddbcbdf0d51653  include/openssl/bnerr.h
+83b4510a377fcdaa2fff7ee09a37faebd7ea8e86885bc3704273c6144f0bdbb2  include/openssl/buffer.h
+9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac  include/openssl/buffererr.h
+8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5  include/openssl/cmac.h
+1eae6c12c4298d236b1ccefe3ebc28093fd8157214be16f8d34234b376002800  include/openssl/comp.h
+2c7c73adb2fa1da9d453d3776ce83f74e7fc354e268a92cb973abddfe14b7db5  include/openssl/comperr.h
+13a2107bcc030aa78356505dc4b0a18e3b567e7ac882a1dd381d7a038f30c1fa  include/openssl/conf.h.in
+f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3  include/openssl/conferr.h
+02a1baff7b71a298419c6c5dcb43eaa9cc13e9beeb88c03fb14854b4e84e8862  include/openssl/configuration.h.in
+84cd7cd3842c7e70d601acdb6a4a41de3c9fcce552add92425ab33a239d23c97  include/openssl/core.h
+575312a453e48b61f3d4cd710b558631d6678318cd532bf362ba005dd23f12cd  include/openssl/core_dispatch.h
+b1384b0017273d98f4aee8a61a059f5b929f6790ab3538cb332eaa660b8172f8  include/openssl/core_names.h
+d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49  include/openssl/crypto.h.in
+06e9f521a6e98e104cdf37260ce967d928e25d424e0013f1feb3ff4da18eaec0  include/openssl/cryptoerr.h
+bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6  include/openssl/cryptoerr_legacy.h
+24f276f5e1292fededcc70b02c002cf5ea3e747d403582f30d2e085e65a9813e  include/openssl/ct.h.in
+b0f19457b19e0341d13c33863695723272ec6534c708914b4ec75891589565fc  include/openssl/cterr.h
+fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d  include/openssl/des.h
+3a57eceec58ab781d79cb0458c2251a233f45ba0ef8f414d148c55ac2dff1bc8  include/openssl/dh.h
+836130f5a32bbdce51b97b34758ed1b03a9d06065c187418eaf323dca6adfc6d  include/openssl/dherr.h
+92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6  include/openssl/dsa.h
+335eb40a33cd1e95e7783bda2d031ec2bcf02cff8aa804ba3484d1354452b7ea  include/openssl/dsaerr.h
+e067fc6ddda9827d7c4f0675acd0cad2dc427d7d3559749cff3086fcaa34d959  include/openssl/dtls1.h
+3485a648e62685ec595954e2228be83bea1be4895a309fe64f49db1436a3f11e  include/openssl/e_os2.h
+bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9  include/openssl/ebcdic.h
+8e301f2f8cfacda5d7de4f53e5592b523454cb93ba3c8029b628a6abf0ddb833  include/openssl/ec.h
+2a6cd2da2740c589bafaf7bb8533d890cefef98d6a6548e4aef90ac3bbd608d2  include/openssl/ecerr.h
+f2ba09838c280c874db66c5e3b040a684518ad94b671b2e8e6eab11860fe0c47  include/openssl/encoder.h
+69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc  include/openssl/encodererr.h
+f4a13ac910add061f69dfcd33fa71ad192db82ae7fc4238952cf6f50047cfdf0  include/openssl/engine.h
+fb510978001ebea15eee4c4c6cbeebb126a66e11117e6f6d9b9fb4be5057b92c  include/openssl/engineerr.h
+bfc224df9ef6ea16d0112dd8b1b1d9a09b8484a5a26f3f0c85041d7d5e83cf3b  include/openssl/err.h.in
+a5a713a64f2d7926232a7339926ddc0215f19828b568796aba662f3b54f483a6  include/openssl/evp.h
+5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a  include/openssl/evperr.h
+5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820  include/openssl/fips_names.h
+b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783  include/openssl/fipskey.h.in
+47a088c98ad536ea99f2c6a9333e372507cb61b9bdffb930c586ed52f8f261eb  include/openssl/hmac.h
+0658a7b34390faae0d2a8dbd1fa07453c91f54847d9cd5d705760be72e18b37f  include/openssl/http.h
+5a8fc8d457adc81a2db6ba070185fc61217f07cb6bd737efa52c09ac55448b71  include/openssl/kdf.h
+c6db6926e90c9efd530a7bdb018be8c62f2c2b3c2f7b90228e9f73b8437dd785  include/openssl/lhash.h.in
+fd5c049ac6c3498750fa8f8dcbf88b2a31c02fa62dfe43a33d7b490fb86f61c8  include/openssl/macros.h
+4ec92db58402e93d967bf7f69616e7d9b169aa337bfeb266b5f748ca6c9fb639  include/openssl/md4.h
+6e73e6ead21c841f2af694a4363680afb58b20fc51dd457964c2040b4d8b8816  include/openssl/md5.h
+bb1f2272e984100231add6a62a9a01126eecb447a2293b103b4a7f6bcd714789  include/openssl/mdc2.h
+9184207c562fd1fa7bd3a4f1fadcb984130561279818f0cdfcf3e9c55be8a7d1  include/openssl/modes.h
+7c71200e35f4cc1b4011a4bc14e521e4dc037b9b2d640a74bc30ef334b813de3  include/openssl/obj_mac.h
+157797b450215f973eb10be96a04e58048ab9c131ad29427e80d0e37e230ed98  include/openssl/objects.h
+d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad  include/openssl/objectserr.h
+b668680d98db6a6c8aebc747b7602cf52179614c684144d38c34c47c9131af40  include/openssl/ocsp.h.in
+d77660e0b2d89c4a2359a81c4a04066719420eb4295d8acf679501cd13bf0b1d  include/openssl/ocsperr.h
+fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970  include/openssl/opensslconf.h
+1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0  include/openssl/opensslv.h.in
+767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20  include/openssl/param_build.h
+30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984  include/openssl/params.h
+c05703cea3bd3a447f600dafca7c7fac1d4f4202750ad366aa070ff2b8025828  include/openssl/pem.h
+fb453de1abc5ec8410586593921a66757441ecbfc4273349ddc6257c503a2000  include/openssl/pemerr.h
+749149c1958284291da5bf144eeeca0d3d8618f3eb2395b75e91ef84e569a543  include/openssl/pkcs7.h.in
+8394828da6fd7a794777320c955d27069bfef694356c25c62b7a9eb47cd55832  include/openssl/pkcs7err.h
+90fb37a1a564b989afca658dae8c78b0ba72ac1f4d1ffc0c52eb93e74e144603  include/openssl/proverr.h
+183c205ca22a1fa1f8754db71703098d8457a18888d94a55282c4e426605246c  include/openssl/provider.h
+ac7a447167a91b371aea83f208495c7ae1e607a1e7272da165df7b199a35f5ac  include/openssl/rand.h
+e3545298f0cdf598a3419416ce20acd0119c0e88557a13d52c5b1a0117ee643e  include/openssl/randerr.h
+44246a82a6515c932a6ba834fbab8ee2a82b91db977367e8de07a8f529d2f045  include/openssl/ripemd.h
+c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323  include/openssl/rsa.h
+91f6399380f0aef958b00a9c21f017c7f366472b858663a4a0f6efd075a7a95f  include/openssl/rsaerr.h
+6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2  include/openssl/safestack.h.in
+8578f881906486eb4d5c8f1631a469d3fc6b350e1ff8dc103db40391234ceb47  include/openssl/self_test.h
+d8da6697ce0f23b40c9a557940f030008bf1a53eff2739974f7bdb6b12b93b44  include/openssl/sha.h
+1d0b2696819d7eda4210fcf6f16f30540f536c5433b4ef48e68fb54e95d03d1b  include/openssl/srtp.h
+a59992f46c7b98e3c9738c7f00648d8e3b84b4a19e09cf87709042c0b9798108  include/openssl/ssl.h.in
+9c6d59db5867965f0fc281836f55c4cfb300e43b81c0a1d10ae57184b82e00ba  include/openssl/ssl2.h
+a7593d089430355601f02df740f407ea26e25a643815cb3ded336f9ee3ab6e44  include/openssl/ssl3.h
+28586b305c6b96889daedaf0e7ddb946c42089a0fdb57ee4e5e9b2382629473a  include/openssl/sslerr.h
+cd7bbe3d9bdaea20969cf9a388570ade19201f48f44b4bb860499d49590f9bfb  include/openssl/sslerr_legacy.h
+c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70  include/openssl/stack.h
+22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6  include/openssl/symhacks.h
+b220280d27e4f30ea9605902b316d20953d1d4931c3d199321b9f46d9366d60d  include/openssl/tls1.h
+a8d5264c7e410d8b74d7f36cd3572c7a08dd4bab93d3c388517a745560a1d316  include/openssl/trace.h
+ffd0b00e9fdb307c6f4369fa52005033ff4746cf49dd82bb9dfae1a83532e6e0  include/openssl/types.h
+e2dc5cba3370613db267bea7229949596aec4b925ddb3047c7fb3b679adebc17  include/openssl/ui.h.in
+558433ae747ebf3d9a71d583b7a7ee8c5476f3bef38d97a1f88bdcace4c2f311  include/openssl/uierr.h
+eba1f6ff9d98e843cde6fa92997b5722ec4b7dcb5318db5689874ebd7d9ec51a  include/openssl/x509.h.in
+7aea205aa1cc5472f7ec5e02c23435a4520af3883eff43ce2341a88abb5dcd4c  include/openssl/x509_vfy.h.in
+9e6409eddfa13a469c1da6c5b562825381da2eb4da3c08546aa1182a4ec54726  include/openssl/x509err.h
+31a4ef4e9468ec4af5fa55eb1209ee3af53ef1f4a3b85b01dab879fc63028e8b  include/openssl/x509v3.h.in
+f78e901b2260416773c6d7933de8771a03bbb2cc3073809f3c1715d4276789ff  include/openssl/x509v3err.h
 c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13  providers/common/bio_prov.c
 9cf5f2b733755c0476141ccda0729e8c5e15fa7445d5168939b70867eac4482b  providers/common/capabilities.c
+18ce379903b078446945da9116026da8639b4b0d81d357f86f9674a2a5cb94ef  providers/common/der/der_digests.h.in
 f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8  providers/common/der/der_digests_gen.c.in
+c0a020765feb7ededc7e6f20b2b140dca09f347cc72404a5c7971df82b2f9ad0  providers/common/der/der_dsa.h.in
 424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e  providers/common/der/der_dsa_gen.c.in
 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae  providers/common/der/der_dsa_key.c
 2529d253b3e45c33249461fdedb2c32b3c16a7a305fe4920f2a79e7b3f16ed3f  providers/common/der/der_dsa_sig.c
+6024645ac9e165685b0a44a20feb342355eb06c07b7c7954508a125348570aea  providers/common/der/der_ec.h.in
 a81d36446eb8afa5c2318e24b86b52647059b4721ee52309b741e4ee78af29dd  providers/common/der/der_ec_gen.c.in
 b8f2f94daeaf20c636c90e386284c246cfded0c8275411fa02fe68b534520b95  providers/common/der/der_ec_key.c
 9104cd39dddd6e1a6e8f267656482131f4d0765e96fdced1f7344817a1c8ed7e  providers/common/der/der_ec_sig.c
+5b6b7d8d12011c48195b7db8f65bc4bc4a48fb753763a3ce5006dc227b5139d7  providers/common/der/der_ecx.h.in
 03a5620654438c58a8f971398e68922a3f33a519e2c92edb141d13ef4cbc4651  providers/common/der/der_ecx_gen.c.in
 f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1  providers/common/der/der_ecx_key.c
+ce605f32413b09d33ce5795de9498a08183895c3347f33344f9ae5d31c29ccac  providers/common/der/der_rsa.h.in
 5b3b0ae8da0fad1f7ba8b5fba2206210884728bf69a8aa00644036eb51953467  providers/common/der/der_rsa_gen.c.in
 3ba47f32b30f5540a34b3a8df7a4fd966aab9abcbb2b643af75a83a9ccda1df0  providers/common/der/der_rsa_key.c
 7e8d579986f53eaf1875d677e5cf4adfd4ccf79db0275368f6cac580ab6007ca  providers/common/der/der_rsa_sig.c
+6c1fa3f229c6f049c3ac152c4c265f3eb056d94221b82df95a15400649690e93  providers/common/der/der_wrap.h.in
 0b18bc007f296e16f6210956f5b6ab612b77d8a95170f12ae32764125901db6d  providers/common/der/der_wrap_gen.c.in
 d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9  providers/common/digest_to_nid.c
+440c8ce0a4ca9f63157202bbfa26e12fec25847215fbae3416274124604ada6e  providers/common/include/prov/bio.h
+76087f04f4de6414c240f88807659fb2a04af914108f0c5f2515a4cb5482f655  providers/common/include/prov/proverr.h
+6cbc8930e4658b5b03fc52b230db1332ffd9a18e97121e14dd9078066aacb0b4  providers/common/include/prov/provider_ctx.h
+08b35879ae018aec67e21b725ae6bcb061e267f1aadafa869690374807e51a87  providers/common/include/prov/provider_util.h
+e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc  providers/common/include/prov/providercommon.h
+73d0e15963759fcb7c5c434bb214b50bc32f6066e90ac07fb53dad11c2fd1939  providers/common/include/prov/securitycheck.h
 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143  providers/common/provider_ctx.c
 08eb591a084afaa48802734fa0a77a37c94b6caeee1cb5f810ed02cbd03afaff  providers/common/provider_err.c
 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3  providers/common/provider_seeding.c
@@ -333,34 +520,49 @@ ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e  providers/comm
 abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101  providers/fips/fips_entry.c
 0097ee47ca140cd4bafe7f12ce43263c08e3461e0005dcec4b2feed5b538d0c8  providers/fips/fipsprov.c
 68093d08a3b0e82df3bf31387dcf7f76cb4a287f86d9c0bdd6943c2b1f459784  providers/fips/self_test.c
+4f10af8dd196a78b01494d6a02255b62c570133673549f1800e2fa323dd27170  providers/fips/self_test.h
+652bcbdd15619591466ad1f04240e7a3827f7241aa06410a363ef6cb7d97fea6  providers/fips/self_test_data.inc
 fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0  providers/fips/self_test_kats.c
 08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8  providers/implementations/asymciphers/rsa_enc.c
 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a  providers/implementations/ciphers/cipher_aes.c
+9cdde931c725abe78b304e47029034dee2abf08cc36d4055a4d0212e38631788  providers/implementations/ciphers/cipher_aes.h
 5b7d6a1d0df42c082c3731a3d2a0fe2d0034874e0fbb2f4916efb72da4fe6b66  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
-10f5bee481daad40609b04743de5ea364f4a2d25bba6d901213294dd966ae786  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
-b9026b88005f2719f1836877b2baddadec97cb1d8e20eeaf012abffb6dfc004e  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+f449c722118408e564746cd2d2d7df4c37f2c2b262e4e52012e4c70f01d10fd9  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
+907dc12512a041a6611c47fb8997c2876d7854be1f0104853fcaa083b21a0223  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+2ab6abdf4339eeeac08740ae9773d962c138b452a6379fc907a9738499112fd4  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
 6d6bf36329af3b77f457898294be05fea3940a61cdaf0ed60cfb8d091a94186e  providers/implementations/ciphers/cipher_aes_ccm.c
+13d82a9325b9cf989e632d08fffb960ceaa509efdee0c29d447c151463db2f64  providers/implementations/ciphers/cipher_aes_ccm.h
 6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7  providers/implementations/ciphers/cipher_aes_ccm_hw.c
+302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55  providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
 e63b682f97b424167e4feb28e0103ad3c2859c57056284de2999236d07663eed  providers/implementations/ciphers/cipher_aes_cts.c
+2e72401dbc4f64f0e263660bc7b5192dc5e0e8cc955661aca6a7e3e3359c97cf  providers/implementations/ciphers/cipher_aes_cts.h
+2ec666b6b7fdaa7ffb0f083a3358904c8c3159699540d270c7ddb46a8d96647b  providers/implementations/ciphers/cipher_aes_cts.inc
 e540092e34896a0f75622365a8d97473dfc7c3036ef6ef6f8ce343922ac03f56  providers/implementations/ciphers/cipher_aes_gcm.c
+582dcf5782f2766cb1369fd652985466df2bb8d41bb9791c263fc289df52b726  providers/implementations/ciphers/cipher_aes_gcm.h
 0fa7dad1d2d972aa74f32ff56ea0399dd60b39a7854f4c861201873bfd128749  providers/implementations/ciphers/cipher_aes_gcm_hw.c
+8ed4a100e4756c31c56147b4b0fab76a4c6e5292aa2f079045f37b5502fd41b9  providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
 2882acc9191d15cd93522093e3e1a91135d4fcfcbb6c77980cf92369e5d1acb9  providers/implementations/ciphers/cipher_aes_hw.c
+89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68  providers/implementations/ciphers/cipher_aes_hw_aesni.inc
 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573  providers/implementations/ciphers/cipher_aes_ocb.c
+1e9c92098be7cc1c8765a4384d6d3b29a51717993c28f6502594cc62e0ba33dc  providers/implementations/ciphers/cipher_aes_ocb.h
 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70  providers/implementations/ciphers/cipher_aes_ocb_hw.c
 d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2  providers/implementations/ciphers/cipher_aes_wrp.c
 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931  providers/implementations/ciphers/cipher_aes_xts.c
+51faef25d9275061868bdcd7e60d2885353123fb4941b6b9feacfcbc63003ef9  providers/implementations/ciphers/cipher_aes_xts.h
 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da  providers/implementations/ciphers/cipher_aes_xts_fips.c
 2248598561af2fc8593c101023fc629447967171d1dfc1d6bd74ca8affdf6c44  providers/implementations/ciphers/cipher_aes_xts_hw.c
 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5  providers/implementations/ciphers/cipher_tdes.c
-7b7172e7e5d646e07c1ac07036716c67d9a821de7c0dfd41f8243610215a61c4  providers/implementations/ciphers/cipher_tdes_common.c
+240075072fa0e1e47a256b0b3aa8e13e067b2e7f972d20d717d3c65e990405cf  providers/implementations/ciphers/cipher_tdes.h
+9e07260067083c76d26eb0dd8a8bb4a8dac678812644ff88951a0661be70d9fd  providers/implementations/ciphers/cipher_tdes_common.c
 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25  providers/implementations/ciphers/cipher_tdes_hw.c
-db110866cede3d97d352fb94f13832bef7349f2c7c1d271bc87e640fc36beed0  providers/implementations/ciphers/ciphercommon.c
+3d3e3a9dd7085d389248f07da57a9c3d42934b77fe2eb67ff8553ec633a1acaa  providers/implementations/ciphers/ciphercommon.c
 697e9f2254574cc93f0737456d0f3a275946296466a179bb5d0fea607c7a92fa  providers/implementations/ciphers/ciphercommon_block.c
 4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2  providers/implementations/ciphers/ciphercommon_ccm.c
 8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e  providers/implementations/ciphers/ciphercommon_ccm_hw.c
-1a6377698528eb24943c7616b55e43305a98569497279df8c6e6e411ed009424  providers/implementations/ciphers/ciphercommon_gcm.c
+3b98e493f2ca61bdb3a6f36593cb6e2fbba8314a5c95382438520ac610f4ef82  providers/implementations/ciphers/ciphercommon_gcm.c
 bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/implementations/ciphers/ciphercommon_gcm_hw.c
 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693  providers/implementations/ciphers/ciphercommon_hw.c
+c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666  providers/implementations/ciphers/ciphercommon_local.h
 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057  providers/implementations/digests/sha2_prov.c
 de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/implementations/digests/sha3_prov.c
@@ -368,19 +570,31 @@ de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173  providers/impl
 427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6  providers/implementations/exchange/ecdh_exch.c
 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969  providers/implementations/exchange/ecx_exch.c
 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513  providers/implementations/exchange/kdf_exch.c
+45bed8c4d9f6b9d46d0ea870384424db36b403ff65259c3e12c6d0d631087a89  providers/implementations/include/prov/ciphercommon.h
+6dc876a1a785420e84210f085be6e4c7aca407ffb5433dbca4cd3f1c11bb7f06  providers/implementations/include/prov/ciphercommon_aead.h
+6748aed583c016ad57d443f8087c40e8da2f3598143e7d7832c982664e28c833  providers/implementations/include/prov/ciphercommon_ccm.h
+1738aa29c74e61d6aab6909c02f6e2857bf7b5183be532f2a7e999d6557fb1d2  providers/implementations/include/prov/ciphercommon_gcm.h
+79a5ed6e4a97431233c56eede9d9c9eec27598fff53590c627ea40bd5b871fd5  providers/implementations/include/prov/digestcommon.h
+82aedb7fe5ec73696420f5bcf579412ca17ccf559bbd1af17dca39bff06500e3  providers/implementations/include/prov/implementations.h
+5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8  providers/implementations/include/prov/kdfexchange.h
+c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af  providers/implementations/include/prov/macsignature.h
+cc30d303dd0ebc1a3828c3fe231a9dd6472dcec01415941b6cbd210d32862193  providers/implementations/include/prov/names.h
+2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda  providers/implementations/include/prov/seeding.h
 9b9e7937be361de8e3c3fa9a2ef17edde8a0a4391bf55c72ff9785c1e4ee7dfc  providers/implementations/kdfs/hkdf.c
 115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a  providers/implementations/kdfs/kbkdf.c
 f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125  providers/implementations/kdfs/pbkdf2.c
+c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c  providers/implementations/kdfs/pbkdf2.h
 abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/implementations/kdfs/pbkdf2_fips.c
 6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1  providers/implementations/kdfs/sshkdf.c
 eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528  providers/implementations/kdfs/sskdf.c
 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a  providers/implementations/kdfs/tls1_prf.c
 0eba0d205b1da2c298b1002abbedde0ee2c27d80d85044c478604be5b5c4222e  providers/implementations/kdfs/x942kdf.c
-93cedf843388205691c18640713a2d8290f67b921d3aa6181f0072525313bcd0  providers/implementations/kem/rsa_kem.c
+f419a9f6b17cfba1543a3690326188ac8335db66807c58de211a3d69e18f7d4d  providers/implementations/kem/rsa_kem.c
 6b60edb1ff512cb20d5727aa765efaaba54a151b9cefb819092da347e0d3d3f6  providers/implementations/keymgmt/dh_kmgmt.c
 6224f55f19d7f2794326357799cd61182a0b3ca6a9b29ced720ecb463d7469b3  providers/implementations/keymgmt/dsa_kmgmt.c
 20d650c547a138d86593bd56bcc91aa59bd89e869cef2fc91f40c6184f2f690b  providers/implementations/keymgmt/ec_kmgmt.c
-a13ed39c1a96a8d504fb508e2edbc375d4548dfe868cd76453f4353cfd62461d  providers/implementations/keymgmt/ecx_kmgmt.c
+258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251  providers/implementations/keymgmt/ec_kmgmt_imexport.inc
+6a2f74c8d844642ddf11ec3714b352ed4410371e9a4d1d0e684e7384229d4eb0  providers/implementations/keymgmt/ecx_kmgmt.c
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 25f88308f924571ccd0ba6253573556c87f59c6e69f46a63e27ea2d6128f3467  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 adb3672738af90c3f5829c77abe95af2862b13a7cb1679aac4edc9c704cbdef7  providers/implementations/keymgmt/rsa_kmgmt.c
@@ -393,11 +607,12 @@ bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c  providers/impl
 3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed  providers/implementations/rands/drbg_ctr.c
 c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a  providers/implementations/rands/drbg_hash.c
 531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3  providers/implementations/rands/drbg_hmac.c
+29ae5c4e280734514b35870c773e685b60f4c95ed06612c529fc50ea1891f8bc  providers/implementations/rands/drbg_local.h
 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16  providers/implementations/rands/test_rng.c
 3a9dfbf5dcb9e1955f12f71f1ca086dded771b262d6d61bab2874f48260f702a  providers/implementations/signature/dsa_sig.c
 0ff792c30ba26f2d8f4d1c14b999f7183dcd928537f950a23573f0b65359b2f4  providers/implementations/signature/ecdsa_sig.c
 8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e  providers/implementations/signature/eddsa_sig.c
 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy_sig.c
 40322e8782474a35f02fa350b43439a56124e680a1d24556b2a66310ed2e9e2e  providers/implementations/signature/rsa_sig.c
-53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
+10412a9d260c0fd2c24a0ecd1c793818c42491d5497ecb401c8d54ee1f442b5e  ssl/record/tls_pad.c
 b20895bc97561c908d246406af079d45339f1087f196ff356aba1f1089ad33ce  ssl/s3_cbc.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index ce96b8ec1c..1bb7c093ce 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-97e6404ae271c9511c863c6bb01c274cffbc5a3e0a7f09035381168ade82fadf  providers/fips-sources.checksums
+738c802e9349e0b56e791f3a71b003f75571f2c1460faeb0088d0cac26128c96  providers/fips-sources.checksums
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 78febf7714..142c5cc50d 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -1,6 +1,7 @@
 crypto/aes/aes_cbc.c
 crypto/aes/aes_core.c
 crypto/aes/aes_ecb.c
+crypto/aes/aes_local.h
 crypto/aes/aes_misc.c
 crypto/aes/asm/aes-586.pl
 crypto/aes/asm/aes-armv4.pl
@@ -79,12 +80,14 @@ crypto/bn/bn_gf2m.c
 crypto/bn/bn_intern.c
 crypto/bn/bn_kron.c
 crypto/bn/bn_lib.c
+crypto/bn/bn_local.h
 crypto/bn/bn_mod.c
 crypto/bn/bn_mont.c
 crypto/bn/bn_mpi.c
 crypto/bn/bn_mul.c
 crypto/bn/bn_nist.c
 crypto/bn/bn_prime.c
+crypto/bn/bn_prime.h
 crypto/bn/bn_rand.c
 crypto/bn/bn_recp.c
 crypto/bn/bn_rsa_fips186_4.c
@@ -93,6 +96,7 @@ crypto/bn/bn_sqr.c
 crypto/bn/bn_sqrt.c
 crypto/bn/bn_word.c
 crypto/bn/rsaz_exp.c
+crypto/bn/rsaz_exp.h
 crypto/bn/rsaz_exp_x2.c
 crypto/bsearch.c
 crypto/buffer/buffer.c
@@ -106,9 +110,12 @@ crypto/cryptlib.c
 crypto/ctype.c
 crypto/der_writer.c
 crypto/des/des_enc.c
+crypto/des/des_local.h
 crypto/des/ecb3_enc.c
 crypto/des/fcrypt_b.c
+crypto/des/ncbc_enc.c
 crypto/des/set_key.c
+crypto/des/spr.h
 crypto/dh/dh_backend.c
 crypto/dh/dh_check.c
 crypto/dh/dh_gen.c
@@ -116,11 +123,13 @@ crypto/dh/dh_group_params.c
 crypto/dh/dh_kdf.c
 crypto/dh/dh_key.c
 crypto/dh/dh_lib.c
+crypto/dh/dh_local.h
 crypto/dsa/dsa_backend.c
 crypto/dsa/dsa_check.c
 crypto/dsa/dsa_gen.c
 crypto/dsa/dsa_key.c
 crypto/dsa/dsa_lib.c
+crypto/dsa/dsa_local.h
 crypto/dsa/dsa_ossl.c
 crypto/dsa/dsa_sign.c
 crypto/dsa/dsa_vrf.c
@@ -135,12 +144,20 @@ crypto/ec/asm/x25519-ppc64.pl
 crypto/ec/asm/x25519-x86_64.pl
 crypto/ec/curve25519.c
 crypto/ec/curve448/arch_32/f_impl32.c
+crypto/ec/curve448/arch_64/arch_intrinsics.h
+crypto/ec/curve448/arch_64/f_impl.h
 crypto/ec/curve448/arch_64/f_impl64.c
 crypto/ec/curve448/curve448.c
+crypto/ec/curve448/curve448_local.h
 crypto/ec/curve448/curve448_tables.c
+crypto/ec/curve448/curve448utils.h
+crypto/ec/curve448/ed448.h
 crypto/ec/curve448/eddsa.c
 crypto/ec/curve448/f_generic.c
+crypto/ec/curve448/field.h
+crypto/ec/curve448/point_448.h
 crypto/ec/curve448/scalar.c
+crypto/ec/curve448/word.h
 crypto/ec/ec2_oct.c
 crypto/ec/ec2_smpl.c
 crypto/ec/ec_asn1.c
@@ -151,6 +168,7 @@ crypto/ec/ec_cvt.c
 crypto/ec/ec_key.c
 crypto/ec/ec_kmeth.c
 crypto/ec/ec_lib.c
+crypto/ec/ec_local.h
 crypto/ec/ec_mult.c
 crypto/ec/ec_oct.c
 crypto/ec/ecdh_kdf.c
@@ -164,6 +182,7 @@ crypto/ec/ecp_nistz256.c
 crypto/ec/ecp_oct.c
 crypto/ec/ecp_smpl.c
 crypto/ec/ecx_backend.c
+crypto/ec/ecx_backend.h
 crypto/ec/ecx_key.c
 crypto/evp/asymcipher.c
 crypto/evp/dh_support.c
@@ -172,6 +191,7 @@ crypto/evp/ec_support.c
 crypto/evp/evp_enc.c
 crypto/evp/evp_fetch.c
 crypto/evp/evp_lib.c
+crypto/evp/evp_local.h
 crypto/evp/evp_rand.c
 crypto/evp/evp_utils.c
 crypto/evp/exchange.c
@@ -197,8 +217,10 @@ crypto/ffc/ffc_params.c
 crypto/ffc/ffc_params_generate.c
 crypto/ffc/ffc_params_validate.c
 crypto/hmac/hmac.c
+crypto/hmac/hmac_local.h
 crypto/initthread.c
 crypto/lhash/lhash.c
+crypto/lhash/lhash_local.h
 crypto/mem_clr.c
 crypto/modes/asm/aes-gcm-armv8_64.pl
 crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -231,17 +253,21 @@ crypto/params_from_text.c
 crypto/passphrase.c
 crypto/property/defn_cache.c
 crypto/property/property.c
+crypto/property/property_local.h
 crypto/property/property_parse.c
 crypto/property/property_string.c
 crypto/provider_core.c
+crypto/provider_local.h
 crypto/provider_predefined.c
 crypto/rand/rand_lib.c
+crypto/rand/rand_local.h
 crypto/rand/rand_meth.c
 crypto/rsa/rsa_backend.c
 crypto/rsa/rsa_chk.c
 crypto/rsa/rsa_crpt.c
 crypto/rsa/rsa_gen.c
 crypto/rsa/rsa_lib.c
+crypto/rsa/rsa_local.h
 crypto/rsa/rsa_mp_names.c
 crypto/rsa/rsa_none.c
 crypto/rsa/rsa_oaep.c
@@ -301,6 +327,7 @@ crypto/sha/sha1dgst.c
 crypto/sha/sha256.c
 crypto/sha/sha3.c
 crypto/sha/sha512.c
+crypto/sha/sha_local.h
 crypto/sparse_array.c
 crypto/stack/stack.c
 crypto/threads_lib.c
@@ -308,22 +335,182 @@ crypto/threads_none.c
 crypto/threads_pthread.c
 crypto/threads_win.c
 crypto/x86_64cpuid.pl
+e_os.h
+include/crypto/aes_platform.h
+include/crypto/asn1.h
+include/crypto/asn1_dsa.h
+include/crypto/bn.h
+include/crypto/bn_conf.h.in
+include/crypto/bn_dh.h
+include/crypto/cryptlib.h
+include/crypto/ctype.h
+include/crypto/des_platform.h
+include/crypto/dh.h
+include/crypto/dsa.h
+include/crypto/ec.h
+include/crypto/ecx.h
+include/crypto/evp.h
+include/crypto/lhash.h
+include/crypto/md32_common.h
+include/crypto/modes.h
+include/crypto/rand.h
+include/crypto/rand_pool.h
+include/crypto/rsa.h
+include/crypto/security_bits.h
+include/crypto/sha.h
+include/crypto/sm2.h
+include/crypto/sparse_array.h
+include/crypto/types.h
+include/crypto/x509.h
+include/internal/bio.h
+include/internal/constant_time.h
+include/internal/core.h
+include/internal/cryptlib.h
+include/internal/deprecated.h
+include/internal/der.h
+include/internal/dso.h
+include/internal/dsoerr.h
+include/internal/endian.h
+include/internal/ffc.h
+include/internal/namemap.h
+include/internal/nelem.h
+include/internal/numbers.h
+include/internal/packet.h
+include/internal/param_build_set.h
+include/internal/passphrase.h
+include/internal/property.h
+include/internal/propertyerr.h
+include/internal/provider.h
+include/internal/refcount.h
+include/internal/sha3.h
+include/internal/sizes.h
+include/internal/symhacks.h
+include/internal/thread_once.h
+include/internal/tlsgroups.h
+include/internal/tsan_assist.h
+include/openssl/aes.h
+include/openssl/asn1.h.in
+include/openssl/asn1err.h
+include/openssl/asn1t.h.in
+include/openssl/async.h
+include/openssl/asyncerr.h
+include/openssl/bio.h.in
+include/openssl/bioerr.h
+include/openssl/bn.h
+include/openssl/bnerr.h
+include/openssl/buffer.h
+include/openssl/buffererr.h
+include/openssl/cmac.h
+include/openssl/comp.h
+include/openssl/comperr.h
+include/openssl/conf.h.in
+include/openssl/conferr.h
+include/openssl/configuration.h.in
+include/openssl/core.h
+include/openssl/core_dispatch.h
+include/openssl/core_names.h
+include/openssl/crypto.h.in
+include/openssl/cryptoerr.h
+include/openssl/cryptoerr_legacy.h
+include/openssl/ct.h.in
+include/openssl/cterr.h
+include/openssl/des.h
+include/openssl/dh.h
+include/openssl/dherr.h
+include/openssl/dsa.h
+include/openssl/dsaerr.h
+include/openssl/dtls1.h
+include/openssl/e_os2.h
+include/openssl/ebcdic.h
+include/openssl/ec.h
+include/openssl/ecerr.h
+include/openssl/encoder.h
+include/openssl/encodererr.h
+include/openssl/engine.h
+include/openssl/engineerr.h
+include/openssl/err.h.in
+include/openssl/evp.h
+include/openssl/evperr.h
+include/openssl/fips_names.h
+include/openssl/fipskey.h.in
+include/openssl/hmac.h
+include/openssl/http.h
+include/openssl/kdf.h
+include/openssl/lhash.h.in
+include/openssl/macros.h
+include/openssl/md4.h
+include/openssl/md5.h
+include/openssl/mdc2.h
+include/openssl/modes.h
+include/openssl/obj_mac.h
+include/openssl/objects.h
+include/openssl/objectserr.h
+include/openssl/ocsp.h.in
+include/openssl/ocsperr.h
+include/openssl/opensslconf.h
+include/openssl/opensslv.h.in
+include/openssl/param_build.h
+include/openssl/params.h
+include/openssl/pem.h
+include/openssl/pemerr.h
+include/openssl/pkcs7.h.in
+include/openssl/pkcs7err.h
+include/openssl/proverr.h
+include/openssl/provider.h
+include/openssl/rand.h
+include/openssl/randerr.h
+include/openssl/ripemd.h
+include/openssl/rsa.h
+include/openssl/rsaerr.h
+include/openssl/safestack.h.in
+include/openssl/self_test.h
+include/openssl/sha.h
+include/openssl/srtp.h
+include/openssl/ssl.h.in
+include/openssl/ssl2.h
+include/openssl/ssl3.h
+include/openssl/sslerr.h
+include/openssl/sslerr_legacy.h
+include/openssl/stack.h
+include/openssl/symhacks.h
+include/openssl/tls1.h
+include/openssl/trace.h
+include/openssl/types.h
+include/openssl/ui.h.in
+include/openssl/uierr.h
+include/openssl/x509.h.in
+include/openssl/x509_vfy.h.in
+include/openssl/x509err.h
+include/openssl/x509v3.h.in
+include/openssl/x509v3err.h
 providers/common/bio_prov.c
 providers/common/capabilities.c
+providers/common/der/der_digests.h.in
 providers/common/der/der_digests_gen.c.in
+providers/common/der/der_dsa.h.in
 providers/common/der/der_dsa_gen.c.in
 providers/common/der/der_dsa_key.c
 providers/common/der/der_dsa_sig.c
+providers/common/der/der_ec.h.in
 providers/common/der/der_ec_gen.c.in
 providers/common/der/der_ec_key.c
 providers/common/der/der_ec_sig.c
+providers/common/der/der_ecx.h.in
 providers/common/der/der_ecx_gen.c.in
 providers/common/der/der_ecx_key.c
+providers/common/der/der_rsa.h.in
 providers/common/der/der_rsa_gen.c.in
 providers/common/der/der_rsa_key.c
 providers/common/der/der_rsa_sig.c
+providers/common/der/der_wrap.h.in
 providers/common/der/der_wrap_gen.c.in
 providers/common/digest_to_nid.c
+providers/common/include/prov/bio.h
+providers/common/include/prov/proverr.h
+providers/common/include/prov/provider_ctx.h
+providers/common/include/prov/provider_util.h
+providers/common/include/prov/providercommon.h
+providers/common/include/prov/securitycheck.h
 providers/common/provider_ctx.c
 providers/common/provider_err.c
 providers/common/provider_seeding.c
@@ -333,25 +520,39 @@ providers/common/securitycheck_fips.c
 providers/fips/fips_entry.c
 providers/fips/fipsprov.c
 providers/fips/self_test.c
+providers/fips/self_test.h
+providers/fips/self_test_data.inc
 providers/fips/self_test_kats.c
 providers/implementations/asymciphers/rsa_enc.c
 providers/implementations/ciphers/cipher_aes.c
+providers/implementations/ciphers/cipher_aes.h
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
 providers/implementations/ciphers/cipher_aes_ccm.c
+providers/implementations/ciphers/cipher_aes_ccm.h
 providers/implementations/ciphers/cipher_aes_ccm_hw.c
+providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_cts.c
+providers/implementations/ciphers/cipher_aes_cts.h
+providers/implementations/ciphers/cipher_aes_cts.inc
 providers/implementations/ciphers/cipher_aes_gcm.c
+providers/implementations/ciphers/cipher_aes_gcm.h
 providers/implementations/ciphers/cipher_aes_gcm_hw.c
+providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_hw.c
+providers/implementations/ciphers/cipher_aes_hw_aesni.inc
 providers/implementations/ciphers/cipher_aes_ocb.c
+providers/implementations/ciphers/cipher_aes_ocb.h
 providers/implementations/ciphers/cipher_aes_ocb_hw.c
 providers/implementations/ciphers/cipher_aes_wrp.c
 providers/implementations/ciphers/cipher_aes_xts.c
+providers/implementations/ciphers/cipher_aes_xts.h
 providers/implementations/ciphers/cipher_aes_xts_fips.c
 providers/implementations/ciphers/cipher_aes_xts_hw.c
 providers/implementations/ciphers/cipher_tdes.c
+providers/implementations/ciphers/cipher_tdes.h
 providers/implementations/ciphers/cipher_tdes_common.c
 providers/implementations/ciphers/cipher_tdes_hw.c
 providers/implementations/ciphers/ciphercommon.c
@@ -361,6 +562,7 @@ providers/implementations/ciphers/ciphercommon_ccm_hw.c
 providers/implementations/ciphers/ciphercommon_gcm.c
 providers/implementations/ciphers/ciphercommon_gcm_hw.c
 providers/implementations/ciphers/ciphercommon_hw.c
+providers/implementations/ciphers/ciphercommon_local.h
 providers/implementations/digests/digestcommon.c
 providers/implementations/digests/sha2_prov.c
 providers/implementations/digests/sha3_prov.c
@@ -368,9 +570,20 @@ providers/implementations/exchange/dh_exch.c
 providers/implementations/exchange/ecdh_exch.c
 providers/implementations/exchange/ecx_exch.c
 providers/implementations/exchange/kdf_exch.c
+providers/implementations/include/prov/ciphercommon.h
+providers/implementations/include/prov/ciphercommon_aead.h
+providers/implementations/include/prov/ciphercommon_ccm.h
+providers/implementations/include/prov/ciphercommon_gcm.h
+providers/implementations/include/prov/digestcommon.h
+providers/implementations/include/prov/implementations.h
+providers/implementations/include/prov/kdfexchange.h
+providers/implementations/include/prov/macsignature.h
+providers/implementations/include/prov/names.h
+providers/implementations/include/prov/seeding.h
 providers/implementations/kdfs/hkdf.c
 providers/implementations/kdfs/kbkdf.c
 providers/implementations/kdfs/pbkdf2.c
+providers/implementations/kdfs/pbkdf2.h
 providers/implementations/kdfs/pbkdf2_fips.c
 providers/implementations/kdfs/sshkdf.c
 providers/implementations/kdfs/sskdf.c
@@ -380,6 +593,7 @@ providers/implementations/kem/rsa_kem.c
 providers/implementations/keymgmt/dh_kmgmt.c
 providers/implementations/keymgmt/dsa_kmgmt.c
 providers/implementations/keymgmt/ec_kmgmt.c
+providers/implementations/keymgmt/ec_kmgmt_imexport.inc
 providers/implementations/keymgmt/ecx_kmgmt.c
 providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -393,6 +607,7 @@ providers/implementations/rands/drbg.c
 providers/implementations/rands/drbg_ctr.c
 providers/implementations/rands/drbg_hash.c
 providers/implementations/rands/drbg_hmac.c
+providers/implementations/rands/drbg_local.h
 providers/implementations/rands/test_rng.c
 providers/implementations/signature/dsa_sig.c
 providers/implementations/signature/ecdsa_sig.c
@@ -401,4 +616,3 @@ providers/implementations/signature/mac_legacy_sig.c
 providers/implementations/signature/rsa_sig.c
 ssl/record/tls_pad.c
 ssl/s3_cbc.c
-util/providers.num

From no-reply at appveyor.com  Sat May 29 09:55:11 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 29 May 2021 09:55:11 +0000
Subject: Build failed: openssl master.42195
Message-ID: <20210529095511.1.21D9985AE77C5569@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210529/19fafdc9/attachment.html>

From pauli at openssl.org  Sat May 29 10:46:42 2021
From: pauli at openssl.org (Dr. Paul Dale)
Date: Sat, 29 May 2021 10:46:42 +0000
Subject: [openssl]  master update
Message-ID: <1622285202.297438.14631.nullmailer@dev.openssl.org>

The branch master has been updated
       via  43dbe3b72de0ba4ebd20e9e6a2c526ef747326ab (commit)
      from  f839361e3e45b5becce7c3267fa8e2f72654e75f (commit)


- Log -----------------------------------------------------------------
commit 43dbe3b72de0ba4ebd20e9e6a2c526ef747326ab
Author: Pauli <pauli at openssl.org>
Date:   Fri May 28 10:25:55 2021 +1000

    fips: set the library context and handle later
    
    They need to be set once the provider will definitely be loading.  If they
    are set earlier, a double free results on a failure.
    
    Fixes #15452
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15492)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips/fipsprov.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 580eea574f..4155b64197 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -663,8 +663,6 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
         OSSL_LIB_CTX_free(libctx);
         goto err;
     }
-    ossl_prov_ctx_set0_libctx(*provctx, libctx);
-    ossl_prov_ctx_set0_handle(*provctx, handle);
 
     if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX,
                                       &fips_prov_ossl_ctx_method)) == NULL)
@@ -707,6 +705,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
         goto err;
     }
 
+    ossl_prov_ctx_set0_libctx(*provctx, libctx);
+    ossl_prov_ctx_set0_handle(*provctx, handle);
+
     *out = fips_dispatch_table;
     return 1;
  err:

From no-reply at appveyor.com  Sat May 29 11:18:12 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 29 May 2021 11:18:12 +0000
Subject: Build failed: openssl master.42196
Message-ID: <20210529111812.1.D8C6BC25F9CC4DB5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210529/39cb3d1c/attachment.html>

From no-reply at appveyor.com  Sat May 29 12:39:30 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 29 May 2021 12:39:30 +0000
Subject: Build failed: openssl master.42197
Message-ID: <20210529123930.1.5659C57A6D89EF73@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210529/e7e4fd2b/attachment.html>

From no-reply at appveyor.com  Sat May 29 14:01:18 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 29 May 2021 14:01:18 +0000
Subject: Build failed: openssl master.42198
Message-ID: <20210529140118.1.7EF70398396A3446@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210529/6bd70e15/attachment.html>

From beldmit at gmail.com  Sat May 29 15:06:31 2021
From: beldmit at gmail.com (beldmit at gmail.com)
Date: Sat, 29 May 2021 15:06:31 +0000
Subject: [openssl]  OpenSSL_1_1_1-stable update
Message-ID: <1622300791.224950.29503.nullmailer@dev.openssl.org>

The branch OpenSSL_1_1_1-stable has been updated
       via  3ee328ab9eff0bf0c86d07b24555a81f403d2ecb (commit)
      from  9008dc9e38bc35541957eacebafac35912d20821 (commit)


- Log -----------------------------------------------------------------
commit 3ee328ab9eff0bf0c86d07b24555a81f403d2ecb
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri May 28 14:12:12 2021 +0200

    Put init_ec_point_formats() inside #ifndef OPENSSL_NO_EC
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/15518)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/extensions.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 19e91b6f4e..0f39275baa 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -18,6 +18,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent);
 static int init_server_name(SSL *s, unsigned int context);
 static int final_server_name(SSL *s, unsigned int context, int sent);
 #ifndef OPENSSL_NO_EC
+static int init_ec_point_formats(SSL *s, unsigned int context);
 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
 #endif
 static int init_session_ticket(SSL *s, unsigned int context);
@@ -42,7 +43,6 @@ static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
 #ifndef OPENSSL_NO_SRP
 static int init_srp(SSL *s, unsigned int context);
 #endif
-static int init_ec_point_formats(SSL *s, unsigned int context);
 static int init_etm(SSL *s, unsigned int context);
 static int init_ems(SSL *s, unsigned int context);
 static int final_ems(SSL *s, unsigned int context, int sent);
@@ -1028,6 +1028,15 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
 }
 
 #ifndef OPENSSL_NO_EC
+static int init_ec_point_formats(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->ext.peer_ecpointformats);
+    s->ext.peer_ecpointformats = NULL;
+    s->ext.peer_ecpointformats_len = 0;
+
+    return 1;
+}
+
 static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
 {
     unsigned long alg_k, alg_a;
@@ -1166,15 +1175,6 @@ static int init_srp(SSL *s, unsigned int context)
 }
 #endif
 
-static int init_ec_point_formats(SSL *s, unsigned int context)
-{
-    OPENSSL_free(s->ext.peer_ecpointformats);
-    s->ext.peer_ecpointformats = NULL;
-    s->ext.peer_ecpointformats_len = 0;
-
-    return 1;
-}
-
 static int init_etm(SSL *s, unsigned int context)
 {
     s->ext.use_etm = 0;

From no-reply at appveyor.com  Sat May 29 16:13:06 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Sat, 29 May 2021 16:13:06 +0000
Subject: Build completed: openssl OpenSSL_1_1_1-stable.42199
Message-ID: <20210529161306.1.A346C51EAB58A373@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210529/9c4d16c9/attachment.html>

From scan-admin at coverity.com  Sun May 30 07:49:09 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 30 May 2021 07:49:09 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for openssl/openssl
Message-ID: <60b34374e014b_4f87a2abe6a3c799c159e0@prd-scan-dashboard-0.mail>


    Your request for analysis of openssl/openssl has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D-KUl_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHI8EdCd9KnNM7J2RzQH-2F17IOFhze5hBUKW782Y64ok5CyE4K7V42hiVgf-2BHisJ-2BI-2BlQzlSahCQNGvKqEAE08989TjGtuGwmL5nssZn7ghYdTzUk14Klu2PxM3sUz7aqYifwfuyN2al8B7IqA6o8-2FRQqrbIVGYocq1yxWhGDLEHcw3tbLXrYC2-2BT-2Fe6OdAUTBY-3D

    Build ID: 389117

    Analysis Summary:
       New defects found: 1
       Defects eliminated: 3

    If you have difficulty understanding any defects, email us at scan-admin at coverity.com,
    or post your question to StackOverflow
    at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3D4tqR_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHI8EdCd9KnNM7J2RzQH-2F17IOFhze5hBUKW782Y64ok5K3zVdt1Ihdr-2BFhExZowwazyR0zPNFkoFBnb8Vz-2BZSb-2F8KWMu0Wek1eQVsShMyiVZvhJtBExhQfxG4xe7L2I55ztcxj6r0n9c0NnrPJevJGg1FUIu-2BV1oK7LXfVa-2FbZqcRCXySCjFHvjT7nBaaT0j6k-3D

From scan-admin at coverity.com  Sun May 30 07:52:21 2021
From: scan-admin at coverity.com (scan-admin at coverity.com)
Date: Sun, 30 May 2021 07:52:21 +0000 (UTC)
Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2
Message-ID: <60b34435111e6_4fafc2abe6a3c799c1591b@prd-scan-dashboard-0.mail>


    Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
    The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3Dt2gh_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHXu8TC4LD-2FXNGjsHpLe6SjDtJvFZWh8zGqw31f-2Br-2FXVZ3M6EZj8YA5sDYHeSEhLbOV9DJwQ1-2B1iWBOlMtNGhgLv8hAo8TtXOK-2BjsctFoGQNSmlq4BZ6aEeC9E3M3lHiArVZh2OwyCxbAtof-2Fa6PfilcwS5DfKRN1nkejZCxGoO-2FfGia3paKgegRYM1hhk-2FmKE-3D

    Build ID: 389118

    Analysis Summary:
       New defects found: 0
       Defects eliminated: 0


From shane.lontis at oracle.com  Sun May 30 22:49:51 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 22:49:51 +0000
Subject: [openssl]  master update
Message-ID: <1622414991.146443.30394.nullmailer@dev.openssl.org>

The branch master has been updated
       via  f505161e62d558b3f8442b264ccbf8112ebd58ef (commit)
      from  43dbe3b72de0ba4ebd20e9e6a2c526ef747326ab (commit)


- Log -----------------------------------------------------------------
commit f505161e62d558b3f8442b264ccbf8112ebd58ef
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Fri May 28 11:42:41 2021 +1000

    Fix PKCS7_verify to not have an error stack if it succeeds.
    
    Revert a change in behavior to BIO_write(). If a NULL BIO
    is passed, no error is raised and the return value is 0. There are
    many places where the return code from the write was not checked,
    resulting in an error stack with no error status being returned.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15493)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bio_lib.c       |  11 +++--
 doc/man3/BIO_read.pod      |  26 ++++++------
 test/build.info            |   6 ++-
 test/pkcs7_test.c          | 103 +++++++++++++++++++++++++++++++++++++++++++++
 test/recipes/80-test_cms.t |   4 +-
 5 files changed, 132 insertions(+), 18 deletions(-)
 create mode 100644 test/pkcs7_test.c

diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 91db2290c4..80b81db5c4 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -334,10 +334,13 @@ static int bio_write_intern(BIO *b, const void *data, size_t dlen,
 {
     int ret;
 
-    if (b == NULL) {
-        ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
-        return -1;
-    }
+    /*
+     * b == NULL is not an error but just means that zero bytes are written.
+     * Do not raise an error here.
+     */
+    if (b == NULL)
+        return 0;
+
     if (b->method == NULL || b->method->bwrite == NULL) {
         ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD);
         return -2;
diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod
index 6a02a86b6c..d9201ef3b7 100644
--- a/doc/man3/BIO_read.pod
+++ b/doc/man3/BIO_read.pod
@@ -21,19 +21,19 @@ BIO_gets, BIO_get_line, BIO_puts
 
 =head1 DESCRIPTION
 
-BIO_read_ex() attempts to read B<dlen> bytes from BIO B<b> and places the data
-in B<data>. If any bytes were successfully read then the number of bytes read is
-stored in B<*readbytes>.
+BIO_read_ex() attempts to read I<dlen> bytes from BIO I<b> and places the data
+in I<data>. If any bytes were successfully read then the number of bytes read is
+stored in I<*readbytes>.
 
-BIO_write_ex() attempts to write B<dlen> bytes from B<data> to BIO B<b>. If
-successful then the number of bytes written is stored in B<*written>.
+BIO_write_ex() attempts to write I<dlen> bytes from I<data> to BIO I<b>. If
+successful then the number of bytes written is stored in I<*written>.
 
-BIO_read() attempts to read B<len> bytes from BIO B<b> and places
-the data in B<buf>.
+BIO_read() attempts to read I<len> bytes from BIO I<b> and places
+the data in I<buf>.
 
 BIO_gets() performs the BIOs "gets" operation and places the data
-in B<buf>. Usually this operation will attempt to read a line of data
-from the BIO of maximum length B<size-1>. There are exceptions to this,
+in I<buf>. Usually this operation will attempt to read a line of data
+from the BIO of maximum length I<size-1>. There are exceptions to this,
 however; for example, BIO_gets() on a digest BIO will calculate and
 return the digest and other BIOs may not support BIO_gets() at all.
 The returned string is always NUL-terminated and the '\n' is preserved
@@ -42,22 +42,24 @@ On binary input there may be NUL characters within the string;
 in this case the return value (if nonnegative) may give an incorrect length.
 
 BIO_get_line() attempts to read from BIO <b> a line of data up to the next '\n'
-or the maximum length B<size-1> is reached and places the data in B<buf>.
+or the maximum length I<size-1> is reached and places the data in I<buf>.
 The returned string is always NUL-terminated and the '\n' is preserved
 if present in the input data.
 On binary input there may be NUL characters within the string;
 in this case the return value (if nonnegative) gives the actual length read.
 For implementing this, unfortunately the data needs to be read byte-by-byte.
 
-BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
+BIO_write() attempts to write I<len> bytes from I<buf> to BIO I<b>.
 
-BIO_puts() attempts to write a NUL-terminated string B<buf> to BIO B<b>.
+BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>.
 
 =head1 RETURN VALUES
 
 BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or
 written, and 0 otherwise.
 
+BIO_write() and BIO_write_ex() return 0 if the BIO I<b> is NULL.
+
 BIO_gets() returns -2 if the "gets" operation is not implemented by the BIO
 or -1 on other errors.
 Otherwise it typically returns the amount of data read,
diff --git a/test/build.info b/test/build.info
index f91f7a49f5..b2e8e8507a 100644
--- a/test/build.info
+++ b/test/build.info
@@ -56,7 +56,7 @@ IF[{- !$disabled{tests} -}]
           sysdefaulttest errtest ssl_ctx_test gosttest \
           context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
           keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
-          bio_readbuffer_test user_property_test
+          bio_readbuffer_test user_property_test pkcs7_test
 
   IF[{- !$disabled{'deprecated-3.0'} -}]
     PROGRAMS{noinst}=enginetest
@@ -255,6 +255,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[pkcs12_format_test]=../include ../apps/include
   DEPEND[pkcs12_format_test]=../libcrypto libtestutil.a
 
+  SOURCE[pkcs7_test]=pkcs7_test.c
+  INCLUDE[pkcs7_test]=../include ../apps/include
+  DEPEND[pkcs7_test]=../libcrypto libtestutil.a
+
   SOURCE[stack_test]=stack_test.c
   INCLUDE[stack_test]=../include ../apps/include
   DEPEND[stack_test]=../libcrypto libtestutil.a
diff --git a/test/pkcs7_test.c b/test/pkcs7_test.c
new file mode 100644
index 0000000000..c30bf0eabc
--- /dev/null
+++ b/test/pkcs7_test.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include "internal/nelem.h"
+#include "testutil.h"
+
+#ifndef OPENSSL_NO_EC
+static const unsigned char cert_der[] = {
+    0x30, 0x82, 0x01, 0x51, 0x30, 0x81, 0xf7, 0xa0, 0x03, 0x02, 0x01, 0x02,
+    0x02, 0x02, 0x03, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
+    0x3d, 0x04, 0x03, 0x02, 0x30, 0x27, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x63, 0x72, 0x79, 0x70, 0x74, 0x6f,
+    0x67, 0x72, 0x61, 0x70, 0x68, 0x79, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17,
+    0x0d, 0x31, 0x37, 0x30, 0x31, 0x30, 0x31, 0x31, 0x32, 0x30, 0x31, 0x30,
+    0x30, 0x5a, 0x17, 0x0d, 0x33, 0x38, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38,
+    0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x27, 0x31, 0x0b, 0x30, 0x09, 0x06,
+    0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x18, 0x30, 0x16,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x63, 0x72, 0x79, 0x70, 0x74,
+    0x6f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x79, 0x20, 0x43, 0x41, 0x30, 0x59,
+    0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,
+    0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
+    0x04, 0x18, 0xff, 0xcf, 0xbb, 0xf9, 0x39, 0xb8, 0xf5, 0xdd, 0xc3, 0xee,
+    0xc0, 0x40, 0x8b, 0x06, 0x75, 0x06, 0xab, 0x4f, 0xcd, 0xd8, 0x2c, 0x52,
+    0x24, 0x4e, 0x1f, 0xe0, 0x10, 0x46, 0x67, 0xb5, 0x5f, 0x15, 0xb9, 0x62,
+    0xbd, 0x3b, 0xcf, 0x0c, 0x6f, 0xbe, 0x1a, 0xf7, 0xb4, 0xa1, 0x0f, 0xb4,
+    0xb9, 0xcb, 0x6e, 0x86, 0xb3, 0x50, 0xf9, 0x6c, 0x51, 0xbf, 0xc1, 0x82,
+    0xd7, 0xbe, 0xc5, 0xf9, 0x05, 0xa3, 0x13, 0x30, 0x11, 0x30, 0x0f, 0x06,
+    0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
+    0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
+    0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xd1, 0x12,
+    0xef, 0x8d, 0x97, 0x5a, 0x6e, 0xb8, 0xb6, 0x41, 0xa7, 0xcf, 0xc0, 0xe7,
+    0xa4, 0x6e, 0xae, 0xda, 0x51, 0xe4, 0x64, 0x54, 0x2b, 0xde, 0x86, 0x95,
+    0xbc, 0xf7, 0x1e, 0x9a, 0xf9, 0x5b, 0x02, 0x21, 0x00, 0xd1, 0x61, 0x86,
+    0xce, 0x66, 0x31, 0xe4, 0x2f, 0x54, 0xbd, 0xf5, 0xc8, 0x2b, 0xb3, 0x44,
+    0xce, 0x24, 0xf8, 0xa5, 0x0b, 0x72, 0x11, 0x21, 0x34, 0xb9, 0x15, 0x4a,
+    0x5f, 0x0e, 0x27, 0x32, 0xa9
+};
+
+static int pkcs7_verify_test(void)
+{
+    int ret = 0;
+    size_t i;
+    BIO *msg_bio = NULL, *x509_bio = NULL, *bio = NULL;
+    X509 *cert = NULL;
+    X509_STORE *store = NULL;
+    PKCS7 *p7 = NULL;
+    const char *sig[] = {
+        "MIME-Version: 1.0\nContent-Type: multipart/signed; protocol=\"application/x-pkcs7-signature\"; micalg=\"sha-256\"; boundary=\"----9B5319FF2E4428B17CD26B69294E7F31\"\n\n",
+        "This is an S/MIME signed message\n\n------9B5319FF2E4428B17CD26B69294E7F31\n",
+        "Content-Type: text/plain\r\n\r\nhello world\n------9B5319FF2E4428B17CD26B69294E7F31\n",
+        "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n",
+        "Content-Transfer-Encoding: base64\nContent-Disposition: attachment; filename=\"smime.p7s\"\n\n",
+        "MIIDEgYJKoZIhvcNAQcCoIIDAzCCAv8CAQExDzANBglghkgBZQMEAgEFADALBgkq\nhkiG9w0BBwGgggFVMIIBUTCB96ADAgECAgIDCTAKBggqhkjOPQQDAjAnMQswCQYD\nVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5IENBMB4XDTE3MDEwMTEyMDEw\nMFoXDTM4MTIzMTA4MzAwMFowJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0\nb2dyYXBoeSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBj/z7v5Obj13cPu\nwECLBnUGq0/N2CxSJE4f4BBGZ7VfFblivTvPDG++Gve0oQ+0uctuhrNQ+WxRv8GC\n",
+        "177F+QWjEzARMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANES\n742XWm64tkGnz8DnpG6u2lHkZFQr3oaVvPcemvlbAiEA0WGGzmYx5C9UvfXIK7NE\nziT4pQtyESE0uRVKXw4nMqkxggGBMIIBfQIBATAtMCcxCzAJBgNVBAYTAlVTMRgw\nFgYDVQQDDA9jcnlwdG9ncmFwaHkgQ0ECAgMJMA0GCWCGSAFlAwQCAQUAoIHkMBgG\nCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDUyMDE4\nNTA0OVowLwYJKoZIhvcNAQkEMSIEIOdwMRgQrqcnmMYvag+BVvErcc6bwUXI94Ds\n",
+        "QkiyIU9pMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQB\nFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG\nSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEcw\nRQIhANYMJku1fW9T1MIEcAyREArz9kXCY4tWck5Pt0xzrYhaAiBDSP6e43zj4YtI\nuvQW+Lzv+dNF8EPuhgoPNe17RuUSLw==\n\n------9B5319FF2E4428B17CD26B69294E7F31--\n\n"
+    };
+    const char *signed_data = "Content-Type: text/plain\r\n\r\nhello world";
+
+    if (!TEST_ptr(bio = BIO_new(BIO_s_mem())))
+        goto end;
+    for  (i = 0; i < OSSL_NELEM(sig); ++i)
+        BIO_puts(bio, sig[i]);
+
+    ret = TEST_ptr(msg_bio = BIO_new_mem_buf(signed_data, strlen(signed_data)))
+          && TEST_ptr(x509_bio = BIO_new_mem_buf(cert_der, sizeof(cert_der)))
+          && TEST_ptr(cert = d2i_X509_bio(x509_bio, NULL))
+          && TEST_int_eq(ERR_peek_error(), 0)
+          && TEST_ptr(store = X509_STORE_new())
+          && TEST_true(X509_STORE_add_cert(store, cert))
+          && TEST_ptr(p7 = SMIME_read_PKCS7(bio, NULL))
+          && TEST_int_eq(ERR_peek_error(), 0)
+          && TEST_true(PKCS7_verify(p7, NULL, store, msg_bio, NULL, PKCS7_TEXT))
+          && TEST_int_eq(ERR_peek_error(), 0);
+end:
+    X509_STORE_free(store);
+    X509_free(cert);
+    PKCS7_free(p7);
+    BIO_free(msg_bio);
+    BIO_free(x509_bio);
+    BIO_free(bio);
+    return ret;
+}
+#endif /* OPENSSL_NO_EC */
+
+int setup_tests(void)
+{
+#ifndef OPENSSL_NO_EC
+    ADD_TEST(pkcs7_verify_test);
+#endif /* OPENSSL_NO_EC */
+    return 1;
+}
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 193c738a5d..1264726047 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -50,7 +50,9 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
 
 $no_rc2 = 1 if disabled("legacy");
 
-plan tests => 11;
+plan tests => 12;
+
+ok(run(test(["pkcs7_test"])), "test pkcs7");
 
 unless ($no_fips) {
     @config = ( "-config", srctop_file("test", "fips-and-base.cnf") );

From shane.lontis at oracle.com  Sun May 30 23:09:25 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 23:09:25 +0000
Subject: [openssl]  master update
Message-ID: <1622416165.214647.32582.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3068a183ae3a6eba858aa23b2a4d9f7d2ba8a4c1 (commit)
      from  f505161e62d558b3f8442b264ccbf8112ebd58ef (commit)


- Log -----------------------------------------------------------------
commit 3068a183ae3a6eba858aa23b2a4d9f7d2ba8a4c1
Author: Jon Spillett <jon.spillett at oracle.com>
Date:   Thu Apr 29 11:08:10 2021 +1000

    Fixes #14103 & #14102. Update AES demos with error handling and EVP fetch
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15081)

-----------------------------------------------------------------------

Summary of changes:
 demos/README.txt               |   6 +-
 demos/{evp => cipher}/Makefile |   0
 demos/cipher/aesccm.c          | 238 +++++++++++++++++++++++++++++++++++++++++
 demos/cipher/aesgcm.c          | 228 +++++++++++++++++++++++++++++++++++++++
 demos/evp/aesccm.c             | 125 ----------------------
 demos/evp/aesgcm.c             | 121 ---------------------
 6 files changed, 470 insertions(+), 248 deletions(-)
 rename demos/{evp => cipher}/Makefile (100%)
 create mode 100644 demos/cipher/aesccm.c
 create mode 100644 demos/cipher/aesgcm.c
 delete mode 100644 demos/evp/aesccm.c
 delete mode 100644 demos/evp/aesgcm.c

diff --git a/demos/README.txt b/demos/README.txt
index 27093aba30..383d0e5b80 100644
--- a/demos/README.txt
+++ b/demos/README.txt
@@ -3,11 +3,13 @@ OpenSSL Demonstration Applications
 This folder contains source code that demonstrates the proper use of the OpenSSL
 library API.
 
-bio:                   Demonstration of a simple TLS client and server.
+bio:                   Demonstration of a simple TLS client and server
 
 certs:                 Demonstration of creating certs, using OCSP
 
-ciphers:
+cipher:
+aesgcm.c               Demonstration of symmetric cipher GCM mode encrypt/decrypt
+aesccm.c               Demonstration of symmetric cipher CCM mode encrypt/decrypt
 
 cms:
 
diff --git a/demos/evp/Makefile b/demos/cipher/Makefile
similarity index 100%
rename from demos/evp/Makefile
rename to demos/cipher/Makefile
diff --git a/demos/cipher/aesccm.c b/demos/cipher/aesccm.c
new file mode 100644
index 0000000000..5a2d428150
--- /dev/null
+++ b/demos/cipher/aesccm.c
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Simple AES CCM authenticated encryption with additional data (AEAD)
+ * demonstration program.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+
+/* AES-CCM test data obtained from NIST public test vectors */
+
+/* AES key */
+static const unsigned char ccm_key[] = {
+    0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
+    0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
+};
+
+/* Unique nonce to be used for this message */
+static const unsigned char ccm_nonce[] = {
+    0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
+};
+
+/*
+ * Example of Additional Authenticated Data (AAD), i.e. unencrypted data
+ * which can be authenticated using the generated Tag value.
+ */
+static const unsigned char ccm_adata[] = {
+    0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
+    0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
+    0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
+};
+
+/* Example plaintext to encrypt */
+static const unsigned char ccm_pt[] = {
+    0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
+    0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
+};
+
+/* Expected ciphertext value */
+static const unsigned char ccm_ct[] = {
+    0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
+    0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
+};
+
+/* Expected AEAD Tag value */
+static const unsigned char ccm_tag[] = {
+    0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
+    0x14, 0xdb, 0x50, 0x6d
+};
+
+/*
+ * A library context and property query can be used to select & filter
+ * algorithm implementations. If they are NULL then the default library
+ * context and properties are used.
+ */
+OSSL_LIB_CTX *libctx = NULL;
+const char *propq = NULL;
+
+
+int aes_ccm_encrypt(void)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER *cipher = NULL;
+    int outlen, tmplen;
+    size_t ccm_nonce_len = sizeof(ccm_nonce);
+    size_t ccm_tag_len = sizeof(ccm_tag);
+    unsigned char outbuf[1024];
+    unsigned char outtag[16];
+    OSSL_PARAM params[3] = {
+        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
+    };
+
+    printf("AES CCM Encrypt:\n");
+    printf("Plaintext:\n");
+    BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt));
+
+    /* Create a context for the encrypt operation */
+    if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
+        goto err;
+
+    /* Fetch the cipher implementation */
+    if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL)
+        goto err;
+
+    /* Set nonce length if default 96 bits is not appropriate */
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
+                                            &ccm_nonce_len);
+    /* Set tag length */
+    params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                  NULL, ccm_tag_len);
+
+    /*
+     * Initialise encrypt operation with the cipher & mode,
+     * nonce length and tag length parameters.
+     */
+    if (!EVP_EncryptInit_ex2(ctx, cipher, NULL, NULL, params))
+        goto err;
+
+    /* Initialise key and nonce */
+    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce))
+        goto err;
+
+    /* Set plaintext length: only needed if AAD is used */
+    if (!EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt)))
+        goto err;
+
+    /* Zero or one call to specify any AAD */
+    if (!EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata)))
+        goto err;
+
+    /* Encrypt plaintext: can only be called once */
+    if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt)))
+        goto err;
+
+    /* Output encrypted block */
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, outbuf, outlen);
+
+    /* Finalise: note get no output for CCM */
+    if (!EVP_EncryptFinal_ex(ctx, NULL, &tmplen))
+        goto err;
+
+    /* Get tag */
+    params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                  outtag, ccm_tag_len);
+    params[1] = OSSL_PARAM_construct_end();
+
+    if (!EVP_CIPHER_CTX_get_params(ctx, params))
+        goto err;
+
+    /* Output tag */
+    printf("Tag:\n");
+    BIO_dump_fp(stdout, outtag, ccm_tag_len);
+
+    ret = 1;
+err:
+    if (!ret)
+        ERR_print_errors_fp(stderr);
+
+    EVP_CIPHER_free(cipher);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return ret;
+}
+
+int aes_ccm_decrypt(void)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER *cipher = NULL;
+    int outlen, rv;
+    unsigned char outbuf[1024];
+    size_t ccm_nonce_len = sizeof(ccm_nonce);
+    OSSL_PARAM params[3] = {
+        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
+    };
+
+    printf("AES CCM Decrypt:\n");
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct));
+
+    if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
+        goto err;
+
+    /* Fetch the cipher implementation */
+    if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL)
+        goto err;
+
+    /* Set nonce length if default 96 bits is not appropriate */
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
+                                            &ccm_nonce_len);
+    /* Set tag length */
+    params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                  (unsigned char *)ccm_tag,
+                                                  sizeof(ccm_tag));
+    /*
+     * Initialise decrypt operation with the cipher & mode,
+     * nonce length and expected tag parameters.
+     */
+    if (!EVP_DecryptInit_ex2(ctx, cipher, NULL, NULL, params))
+        goto err;
+
+    /* Specify key and IV */
+    if (!EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce))
+        goto err;
+
+    /* Set ciphertext length: only needed if we have AAD */
+    if (!EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct)))
+        goto err;
+
+    /* Zero or one call to specify any AAD */
+    if (!EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata)))
+        goto err;
+
+    /* Decrypt plaintext, verify tag: can only be called once */
+    rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct));
+
+    /* Output decrypted block: if tag verify failed we get nothing */
+    if (rv > 0) {
+        printf("Tag verify successful!\nPlaintext:\n");
+        BIO_dump_fp(stdout, outbuf, outlen);
+    } else {
+        printf("Tag verify failed!\nPlaintext not available\n");
+        goto err;
+    }
+    ret = 1;
+err:
+    if (!ret)
+        ERR_print_errors_fp(stderr);
+
+    EVP_CIPHER_free(cipher);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return ret;
+}
+
+int main(int argc, char **argv)
+{
+    if (!aes_ccm_encrypt())
+        return 1;
+
+    if (!aes_ccm_decrypt())
+        return 1;
+
+    return 0;
+}
diff --git a/demos/cipher/aesgcm.c b/demos/cipher/aesgcm.c
new file mode 100644
index 0000000000..aaf4000d57
--- /dev/null
+++ b/demos/cipher/aesgcm.c
@@ -0,0 +1,228 @@
+/*
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Simple AES GCM authenticated encryption with additional data (AEAD)
+ * demonstration program.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+
+/* AES-GCM test data obtained from NIST public test vectors */
+
+/* AES key */
+static const unsigned char gcm_key[] = {
+    0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
+    0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
+    0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
+};
+
+/* Unique initialisation vector */
+static const unsigned char gcm_iv[] = {
+    0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
+};
+
+/* Example plaintext to encrypt */
+static const unsigned char gcm_pt[] = {
+    0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
+    0xcc, 0x2b, 0xf2, 0xa5
+};
+
+/*
+ * Example of Additional Authenticated Data (AAD), i.e. unencrypted data
+ * which can be authenticated using the generated Tag value.
+ */
+static const unsigned char gcm_aad[] = {
+    0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
+    0x7f, 0xec, 0x78, 0xde
+};
+
+/* Expected ciphertext value */
+static const unsigned char gcm_ct[] = {
+    0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
+    0xb9, 0xf2, 0x17, 0x36
+};
+
+/* Expected AEAD Tag value */
+static const unsigned char gcm_tag[] = {
+    0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
+    0x98, 0xf7, 0x7e, 0x0c
+};
+
+/*
+ * A library context and property query can be used to select & filter
+ * algorithm implementations. If they are NULL then the default library
+ * context and properties are used.
+ */
+OSSL_LIB_CTX *libctx = NULL;
+const char *propq = NULL;
+
+int aes_gcm_encrypt(void)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER *cipher = NULL;
+    int outlen, tmplen;
+    size_t gcm_ivlen = sizeof(gcm_iv);
+    unsigned char outbuf[1024];
+    unsigned char outtag[16];
+    OSSL_PARAM params[2] = {
+        OSSL_PARAM_END, OSSL_PARAM_END
+    };
+
+    printf("AES GCM Encrypt:\n");
+    printf("Plaintext:\n");
+    BIO_dump_fp(stdout, gcm_pt, sizeof(gcm_pt));
+
+    /* Create a context for the encrypt operation */
+    if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
+        goto err;
+
+    /* Fetch the cipher implementation */
+    if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq)) == NULL)
+        goto err;
+
+    /* Set IV length if default 96 bits is not appropriate */
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
+                                            &gcm_ivlen);
+
+    /*
+     * Initialise an encrypt operation with the cipher/mode, key, IV and
+     * IV length parameter.
+     * For demonstration purposes the IV is being set here. In a compliant
+     * application the IV would be generated internally so the iv passed in
+     * would be NULL. 
+     */
+    if (!EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
+        goto err;
+
+    /* Zero or more calls to specify any AAD */
+    if (!EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)))
+        goto err;
+
+    /* Encrypt plaintext */
+    if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt)))
+        goto err;
+
+    /* Output encrypted block */
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, outbuf, outlen);
+
+    /* Finalise: note get no output for GCM */
+    if (!EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))
+        goto err;
+
+    /* Get tag */
+    params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                  outtag, 16);
+
+    if (!EVP_CIPHER_CTX_get_params(ctx, params))
+        goto err;
+
+    /* Output tag */
+    printf("Tag:\n");
+    BIO_dump_fp(stdout, outtag, 16);
+
+    ret = 1;
+err:
+    if (!ret)
+        ERR_print_errors_fp(stderr);
+
+    EVP_CIPHER_free(cipher);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return ret;
+}
+
+int aes_gcm_decrypt(void)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER *cipher = NULL;
+    int outlen, rv;
+    size_t gcm_ivlen = sizeof(gcm_iv);
+    unsigned char outbuf[1024];
+    OSSL_PARAM params[2] = {
+        OSSL_PARAM_END, OSSL_PARAM_END
+    };
+
+    printf("AES GCM Decrypt:\n");
+    printf("Ciphertext:\n");
+    BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct));
+
+    if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
+        goto err;
+
+    /* Fetch the cipher implementation */
+    if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq)) == NULL)
+        goto err;
+
+    /* Set IV length if default 96 bits is not appropriate */
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
+                                            &gcm_ivlen);
+
+    /*
+     * Initialise an encrypt operation with the cipher/mode, key, IV and
+     * IV length parameter.
+     */
+    if (!EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
+        goto err;
+
+    /* Zero or more calls to specify any AAD */
+    if (!EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)))
+        goto err;
+
+    /* Decrypt plaintext */
+    if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, gcm_ct, sizeof(gcm_ct)))
+        goto err;
+
+    /* Output decrypted block */
+    printf("Plaintext:\n");
+    BIO_dump_fp(stdout, outbuf, outlen);
+
+    /* Set expected tag value. */
+    params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                  (void*)gcm_tag, sizeof(gcm_tag));
+
+    if (!EVP_CIPHER_CTX_set_params(ctx, params))
+        goto err;
+
+    /* Finalise: note get no output for GCM */
+    rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);
+    /*
+     * Print out return value. If this is not successful authentication
+     * failed and plaintext is not trustworthy.
+     */
+    printf("Tag Verify %s\n", rv > 0 ? "Successful!" : "Failed!");
+
+    ret = 1;
+err:
+    if (!ret)
+        ERR_print_errors_fp(stderr);
+
+    EVP_CIPHER_free(cipher);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return ret;
+}
+
+int main(int argc, char **argv)
+{
+    if (!aes_gcm_encrypt())
+        return 1;
+
+    if (!aes_gcm_decrypt())
+        return 1;
+
+    return 0;
+}
diff --git a/demos/evp/aesccm.c b/demos/evp/aesccm.c
deleted file mode 100644
index d17b674db5..0000000000
--- a/demos/evp/aesccm.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Simple AES CCM test program, uses the same NIST data used for the FIPS
- * self test but uses the application level EVP APIs.
- */
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
-/* AES-CCM test data from NIST public test vectors */
-
-static const unsigned char ccm_key[] = {
-    0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
-    0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
-};
-
-static const unsigned char ccm_nonce[] = {
-    0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
-};
-
-static const unsigned char ccm_adata[] = {
-    0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
-    0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
-    0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
-};
-
-static const unsigned char ccm_pt[] = {
-    0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
-    0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
-};
-
-static const unsigned char ccm_ct[] = {
-    0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
-    0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
-};
-
-static const unsigned char ccm_tag[] = {
-    0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
-    0x14, 0xdb, 0x50, 0x6d
-};
-
-void aes_ccm_encrypt(void)
-{
-    EVP_CIPHER_CTX *ctx;
-    int outlen, tmplen;
-    unsigned char outbuf[1024];
-    printf("AES CCM Encrypt:\n");
-    printf("Plaintext:\n");
-    BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt));
-    ctx = EVP_CIPHER_CTX_new();
-    /* Set cipher type and mode */
-    EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
-    /* Set nonce length if default 96 bits is not appropriate */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
-                        NULL);
-    /* Set tag length */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL);
-    /* Initialise key and IV */
-    EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
-    /* Set plaintext length: only needed if AAD is used */
-    EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt));
-    /* Zero or one call to specify any AAD */
-    EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
-    /* Encrypt plaintext: can only be called once */
-    EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt));
-    /* Output encrypted block */
-    printf("Ciphertext:\n");
-    BIO_dump_fp(stdout, outbuf, outlen);
-    /* Finalise: note get no output for CCM */
-    EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
-    /* Get tag */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
-    /* Output tag */
-    printf("Tag:\n");
-    BIO_dump_fp(stdout, outbuf, 16);
-    EVP_CIPHER_CTX_free(ctx);
-}
-
-void aes_ccm_decrypt(void)
-{
-    EVP_CIPHER_CTX *ctx;
-    int outlen, tmplen, rv;
-    unsigned char outbuf[1024];
-    printf("AES CCM Decrypt:\n");
-    printf("Ciphertext:\n");
-    BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct));
-    ctx = EVP_CIPHER_CTX_new();
-    /* Select cipher */
-    EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
-    /* Set nonce length, omit for 96 bits */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
-                        NULL);
-    /* Set expected tag value */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                        sizeof(ccm_tag), (void *)ccm_tag);
-    /* Specify key and IV */
-    EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
-    /* Set ciphertext length: only needed if we have AAD */
-    EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct));
-    /* Zero or one call to specify any AAD */
-    EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata));
-    /* Decrypt plaintext, verify tag: can only be called once */
-    rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct));
-    /* Output decrypted block: if tag verify failed we get nothing */
-    if (rv > 0) {
-        printf("Plaintext:\n");
-        BIO_dump_fp(stdout, outbuf, outlen);
-    } else
-        printf("Plaintext not available: tag verify failed.\n");
-    EVP_CIPHER_CTX_free(ctx);
-}
-
-int main(int argc, char **argv)
-{
-    aes_ccm_encrypt();
-    aes_ccm_decrypt();
-}
diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c
deleted file mode 100644
index c902e15bff..0000000000
--- a/demos/evp/aesgcm.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * Simple AES GCM test program, uses the same NIST data used for the FIPS
- * self test but uses the application level EVP APIs.
- */
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
-/* AES-GCM test data from NIST public test vectors */
-
-static const unsigned char gcm_key[] = {
-    0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
-    0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
-    0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
-};
-
-static const unsigned char gcm_iv[] = {
-    0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
-};
-
-static const unsigned char gcm_pt[] = {
-    0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
-    0xcc, 0x2b, 0xf2, 0xa5
-};
-
-static const unsigned char gcm_aad[] = {
-    0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
-    0x7f, 0xec, 0x78, 0xde
-};
-
-static const unsigned char gcm_ct[] = {
-    0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
-    0xb9, 0xf2, 0x17, 0x36
-};
-
-static const unsigned char gcm_tag[] = {
-    0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
-    0x98, 0xf7, 0x7e, 0x0c
-};
-
-void aes_gcm_encrypt(void)
-{
-    EVP_CIPHER_CTX *ctx;
-    int outlen, tmplen;
-    unsigned char outbuf[1024];
-    printf("AES GCM Encrypt:\n");
-    printf("Plaintext:\n");
-    BIO_dump_fp(stdout, gcm_pt, sizeof(gcm_pt));
-    ctx = EVP_CIPHER_CTX_new();
-    /* Set cipher type and mode */
-    EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
-    /* Set IV length if default 96 bits is not appropriate */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
-    /* Initialise key and IV */
-    EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
-    /* Zero or more calls to specify any AAD */
-    EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
-    /* Encrypt plaintext */
-    EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt));
-    /* Output encrypted block */
-    printf("Ciphertext:\n");
-    BIO_dump_fp(stdout, outbuf, outlen);
-    /* Finalise: note get no output for GCM */
-    EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
-    /* Get tag */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
-    /* Output tag */
-    printf("Tag:\n");
-    BIO_dump_fp(stdout, outbuf, 16);
-    EVP_CIPHER_CTX_free(ctx);
-}
-
-void aes_gcm_decrypt(void)
-{
-    EVP_CIPHER_CTX *ctx;
-    int outlen, tmplen, rv;
-    unsigned char outbuf[1024];
-    printf("AES GCM Decrypt:\n");
-    printf("Ciphertext:\n");
-    BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct));
-    ctx = EVP_CIPHER_CTX_new();
-    /* Select cipher */
-    EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
-    /* Set IV length, omit for 96 bits */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
-    /* Specify key and IV */
-    EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
-    /* Zero or more calls to specify any AAD */
-    EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
-    /* Decrypt plaintext */
-    EVP_DecryptUpdate(ctx, outbuf, &outlen, gcm_ct, sizeof(gcm_ct));
-    /* Output decrypted block */
-    printf("Plaintext:\n");
-    BIO_dump_fp(stdout, outbuf, outlen);
-    /* Set expected tag value. */
-    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag),
-                        (void *)gcm_tag);
-    /* Finalise: note get no output for GCM */
-    rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);
-    /*
-     * Print out return value. If this is not successful authentication
-     * failed and plaintext is not trustworthy.
-     */
-    printf("Tag Verify %s\n", rv > 0 ? "Successful!" : "Failed!");
-    EVP_CIPHER_CTX_free(ctx);
-}
-
-int main(int argc, char **argv)
-{
-    aes_gcm_encrypt();
-    aes_gcm_decrypt();
-}

From shane.lontis at oracle.com  Sun May 30 23:16:56 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 23:16:56 +0000
Subject: [openssl]  master update
Message-ID: <1622416617.002674.5376.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3811e0019aa8340b413e65fcf81d4b726f437c93 (commit)
      from  3068a183ae3a6eba858aa23b2a4d9f7d2ba8a4c1 (commit)


- Log -----------------------------------------------------------------
commit 3811e0019aa8340b413e65fcf81d4b726f437c93
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 21 11:55:33 2021 +0100

    Special case SM2 when decoding
    
    SM2 abuses the EC oid by reusing it - but an EC key is different to an SM2
    key. Therefore we have to special case SM2 during decoding. If we encounter
    the EC OID then we have to try both algorithms.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15522)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/decoder_pkey.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index fb8f0d219b..0bb068ae68 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -294,6 +294,12 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
     STACK_OF(EVP_KEYMGMT) *keymgmts = NULL;
     STACK_OF(OPENSSL_CSTRING) *names = NULL;
     int ok = 0;
+    int isecoid = 0;
+
+    if (keytype != NULL
+            && (strcmp(keytype, "id-ecPublicKey") == 0
+                || strcmp(keytype, "1.2.840.10045.2.1") == 0))
+        isecoid = 1;
 
     if ((process_data = OPENSSL_zalloc(sizeof(*process_data))) == NULL
         || (propquery != NULL
@@ -317,8 +323,13 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
         /*
          * If the key type is given by the caller, we only use the matching
          * KEYMGMTs, otherwise we use them all.
+         * We have to special case SM2 here because of its abuse of the EC OID.
+         * The EC OID can be used to identify an EC key or an SM2 key - so if
+         * we have seen that OID we try both key types
          */
-        if (keytype == NULL || EVP_KEYMGMT_is_a(keymgmt, keytype)) {
+        if (keytype == NULL
+                || EVP_KEYMGMT_is_a(keymgmt, keytype)
+                || (isecoid && EVP_KEYMGMT_is_a(keymgmt, "SM2"))) {
             if (!EVP_KEYMGMT_names_do_all(keymgmt, collect_name, names)) {
                 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR);
                 goto err;

From shane.lontis at oracle.com  Sun May 30 23:20:19 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 23:20:19 +0000
Subject: [openssl]  master update
Message-ID: <1622416819.594932.7499.nullmailer@dev.openssl.org>

The branch master has been updated
       via  0a4e660a273d6d33cfc1608ed48d6e560ae970ed (commit)
      from  3811e0019aa8340b413e65fcf81d4b726f437c93 (commit)


- Log -----------------------------------------------------------------
commit 0a4e660a273d6d33cfc1608ed48d6e560ae970ed
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 25 14:39:29 2021 +0100

    Update check_sig_alg_match() to work with provided keys
    
    Use EVP_PKEY_is_a() to check whether an EVP_PKEY is compatible with the
    given signature.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15528)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/v3_purp.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index ede556d8ef..bcec4194fa 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -366,16 +366,15 @@ static int setup_crldp(X509 *x)
 /* Check that issuer public key algorithm matches subject signature algorithm */
 static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject)
 {
-    int signer_nid, subj_sig_nid;
+    int subj_sig_nid;
 
     if (issuer_key == NULL)
         return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
-    signer_nid = EVP_PKEY_base_id(issuer_key);
     if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm),
                             NULL, &subj_sig_nid) == 0)
          return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
-    if (signer_nid == EVP_PKEY_type(subj_sig_nid)
-        || (signer_nid == NID_rsaEncryption && subj_sig_nid == NID_rsassaPss))
+    if (EVP_PKEY_is_a(issuer_key, OBJ_nid2sn(subj_sig_nid))
+        || (EVP_PKEY_is_a(issuer_key, "RSA") && subj_sig_nid == NID_rsassaPss))
         return X509_V_OK;
     return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
 }

From shane.lontis at oracle.com  Sun May 30 23:27:26 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 23:27:26 +0000
Subject: [openssl]  master update
Message-ID: <1622417246.282481.12476.nullmailer@dev.openssl.org>

The branch master has been updated
       via  3bcc933ec4032a4b9eb0450adc07341678fe9e28 (commit)
      from  0a4e660a273d6d33cfc1608ed48d6e560ae970ed (commit)


- Log -----------------------------------------------------------------
commit 3bcc933ec4032a4b9eb0450adc07341678fe9e28
Author: Matt Caswell <matt at openssl.org>
Date:   Mon May 24 11:40:34 2021 +0100

    Teach EVP_PKEYs to say whether they were decoded from explicit params
    
    Currently we explicitly downgrade an EVP_PKEY to an EC_KEY and ask
    the EC_KEY directly whether it was decoded from explicit parameters or not.
    Instead we teach EVP_PKEYs to respond to a new parameter for this purpose.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15526)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/ctrl_params_translate.c           | 39 ++++++++++++++++++++++++++++
 crypto/x509/x509_vfy.c                       | 11 ++++----
 doc/man7/EVP_PKEY-EC.pod                     |  5 ++++
 include/openssl/core_names.h                 | 29 +++++++++++----------
 providers/implementations/keymgmt/ec_kmgmt.c | 12 +++++++++
 5 files changed, 77 insertions(+), 19 deletions(-)

diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 216305b952..7e550f81a1 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1680,6 +1680,40 @@ static int get_dh_dsa_payload_g(enum state state,
     return get_payload_bn(state, translation, ctx, bn);
 }
 
+static int get_payload_int(enum state state,
+                           const struct translation_st *translation,
+                           struct translation_ctx_st *ctx,
+                           const int val)
+{
+    if (ctx->params->data_type != OSSL_PARAM_INTEGER)
+        return 0;
+    ctx->p1 = val;
+    ctx->p2 = NULL;
+
+    return default_fixup_args(state, translation, ctx);
+}
+
+static int get_ec_decoded_from_explicit_params(enum state state,
+                                               const struct translation_st *translation,
+                                               struct translation_ctx_st *ctx)
+{
+    int val = 0;
+    EVP_PKEY *pkey = ctx->p2;
+
+    switch (EVP_PKEY_base_id(pkey)) {
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        val = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
+        break;
+#endif
+    default:
+        ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE);
+        return 0;
+    }
+
+    return get_payload_int(state, translation, ctx, val);
+}
+
 static int get_rsa_payload_n(enum state state,
                              const struct translation_st *translation,
                              struct translation_ctx_st *ctx)
@@ -2320,6 +2354,11 @@ static const struct translation_st evp_pkey_translations[] = {
     { GET, -1, -1, -1, 0, NULL, NULL,
       OSSL_PKEY_PARAM_RSA_COEFFICIENT9, OSSL_PARAM_UNSIGNED_INTEGER,
       get_rsa_payload_c9 },
+
+    /* EC */
+    { GET, -1, -1, -1, 0, NULL, NULL,
+      OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, OSSL_PARAM_INTEGER,
+      get_ec_decoded_from_explicit_params },
 };
 
 static const struct translation_st *
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ddb3378eee..edf3c51095 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -23,6 +23,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
+#include <openssl/core_names.h>
 #include "internal/dane.h"
 #include "crypto/x509.h"
 #include "x509_local.h"
@@ -3399,7 +3400,6 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
  */
 static int check_curve(X509 *cert)
 {
-#ifndef OPENSSL_NO_EC
     EVP_PKEY *pkey = X509_get0_pubkey(cert);
 
     /* Unsupported or malformed key */
@@ -3407,12 +3407,13 @@ static int check_curve(X509 *cert)
         return -1;
 
     if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
-        int ret;
+        int ret, val;
 
-        ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
-        return ret < 0 ? ret : !ret;
+        ret = EVP_PKEY_get_int_param(pkey,
+                                     OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
+                                     &val);
+        return ret < 0 ? ret : !val;
     }
-#endif
 
     return 1;
 }
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
index 6dfc1f16ae..82892492e3 100644
--- a/doc/man7/EVP_PKEY-EC.pod
+++ b/doc/man7/EVP_PKEY-EC.pod
@@ -68,6 +68,11 @@ I<order> - 1.
 I<cofactor> is an optional value.
 I<order> multiplied by the I<cofactor> gives the number of points on the curve.
 
+=item  "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
+
+Gets a flag indicating wether the key or parameters were decoded from explicit
+curve parameters. Set to 1 if so or 0 if a named curve was used. 
+
 =item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
 
 Enable Cofactor DH (ECC CDH) if this value is 1, otherwise it uses normal EC DH
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 003c5c6bb0..e4601a51ab 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -309,20 +309,21 @@ extern "C" {
 #define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
 
 /* Elliptic Curve Explicit Domain Parameters */
-#define OSSL_PKEY_PARAM_EC_FIELD_TYPE     "field-type"
-#define OSSL_PKEY_PARAM_EC_P              "p"
-#define OSSL_PKEY_PARAM_EC_A              "a"
-#define OSSL_PKEY_PARAM_EC_B              "b"
-#define OSSL_PKEY_PARAM_EC_GENERATOR      "generator"
-#define OSSL_PKEY_PARAM_EC_ORDER          "order"
-#define OSSL_PKEY_PARAM_EC_COFACTOR       "cofactor"
-#define OSSL_PKEY_PARAM_EC_SEED           "seed"
-#define OSSL_PKEY_PARAM_EC_CHAR2_M        "m"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE     "basis-type"
-#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1    "k1"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2    "k2"
-#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3    "k3"
+#define OSSL_PKEY_PARAM_EC_FIELD_TYPE                   "field-type"
+#define OSSL_PKEY_PARAM_EC_P                            "p"
+#define OSSL_PKEY_PARAM_EC_A                            "a"
+#define OSSL_PKEY_PARAM_EC_B                            "b"
+#define OSSL_PKEY_PARAM_EC_GENERATOR                    "generator"
+#define OSSL_PKEY_PARAM_EC_ORDER                        "order"
+#define OSSL_PKEY_PARAM_EC_COFACTOR                     "cofactor"
+#define OSSL_PKEY_PARAM_EC_SEED                         "seed"
+#define OSSL_PKEY_PARAM_EC_CHAR2_M                      "m"
+#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE                   "basis-type"
+#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS               "tp"
+#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1                  "k1"
+#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2                  "k2"
+#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3                  "k3"
+#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit"
 
 /* Elliptic Curve Key Parameters */
 #define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index e901275ce2..6cd9aa3d38 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -679,6 +679,16 @@ int common_get_params(void *key, OSSL_PARAM params[], int sm2)
             goto err;
     }
 
+    if ((p = OSSL_PARAM_locate(params,
+                               OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS))
+            != NULL) {
+        int explicitparams = EC_KEY_decoded_from_explicit_params(eck);
+
+        if (explicitparams < 0
+             || !OSSL_PARAM_set_int(p, explicitparams))
+            goto err;
+    }
+
     if (!sm2) {
         if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
                 && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD))
@@ -749,6 +759,7 @@ static const OSSL_PARAM ec_known_gettable_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL),
     EC_IMEXPORTABLE_DOM_PARAMETERS,
     EC2M_GETTABLE_DOM_PARAMS
     EC_IMEXPORTABLE_PUBLIC_KEY,
@@ -828,6 +839,7 @@ static const OSSL_PARAM sm2_known_gettable_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL),
     EC_IMEXPORTABLE_DOM_PARAMETERS,
     EC_IMEXPORTABLE_PUBLIC_KEY,
     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0),

From shane.lontis at oracle.com  Sun May 30 23:38:21 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 23:38:21 +0000
Subject: [openssl]  master update
Message-ID: <1622417901.203638.7528.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e43dc9b2438892f2adb7375ce9147e84b791ab97 (commit)
      from  3bcc933ec4032a4b9eb0450adc07341678fe9e28 (commit)


- Log -----------------------------------------------------------------
commit e43dc9b2438892f2adb7375ce9147e84b791ab97
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri May 28 18:09:51 2021 +0200

    Add the usual autowarn perl snippet in providers/common/der/*.in
    
    We have this in all other .in files, so these should have that as well.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15524)

-----------------------------------------------------------------------

Summary of changes:
 providers/common/der/der_digests.h.in     | 2 ++
 providers/common/der/der_digests_gen.c.in | 2 ++
 providers/common/der/der_dsa.h.in         | 2 ++
 providers/common/der/der_dsa_gen.c.in     | 2 ++
 providers/common/der/der_ec.h.in          | 2 ++
 providers/common/der/der_ec_gen.c.in      | 2 ++
 providers/common/der/der_ecx.h.in         | 2 ++
 providers/common/der/der_ecx_gen.c.in     | 2 ++
 providers/common/der/der_rsa.h.in         | 2 ++
 providers/common/der/der_rsa_gen.c.in     | 2 ++
 providers/common/der/der_sm2.h.in         | 2 ++
 providers/common/der/der_sm2_gen.c.in     | 2 ++
 providers/common/der/der_wrap.h.in        | 2 ++
 providers/common/der/der_wrap_gen.c.in    | 2 ++
 14 files changed, 28 insertions(+)

diff --git a/providers/common/der/der_digests.h.in b/providers/common/der/der_digests.h.in
index 91fbe1f72c..9ebd898965 100644
--- a/providers/common/der/der_digests.h.in
+++ b/providers/common/der/der_digests.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_digests_gen.c.in b/providers/common/der/der_digests_gen.c.in
index 433c107420..7d0fb8f12c 100644
--- a/providers/common/der/der_digests_gen.c.in
+++ b/providers/common/der/der_digests_gen.c.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_dsa.h.in b/providers/common/der/der_dsa.h.in
index e24c9845a9..0d478f69d7 100644
--- a/providers/common/der/der_dsa.h.in
+++ b/providers/common/der/der_dsa.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_dsa_gen.c.in b/providers/common/der/der_dsa_gen.c.in
index 33ea5fa90b..341404e88a 100644
--- a/providers/common/der/der_dsa_gen.c.in
+++ b/providers/common/der/der_dsa_gen.c.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in
index ced08c4cfa..ebc9bb0310 100644
--- a/providers/common/der/der_ec.h.in
+++ b/providers/common/der/der_ec.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_ec_gen.c.in b/providers/common/der/der_ec_gen.c.in
index 40acf9a31c..04b85a9b4d 100644
--- a/providers/common/der/der_ec_gen.c.in
+++ b/providers/common/der/der_ec_gen.c.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_ecx.h.in b/providers/common/der/der_ecx.h.in
index ae2310c829..7f2d0a7fc2 100644
--- a/providers/common/der/der_ecx.h.in
+++ b/providers/common/der/der_ecx.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_ecx_gen.c.in b/providers/common/der/der_ecx_gen.c.in
index a0ed9dd0b2..318acc1d20 100644
--- a/providers/common/der/der_ecx_gen.c.in
+++ b/providers/common/der/der_ecx_gen.c.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_rsa.h.in
index 9341bfcf31..97e5377358 100644
--- a/providers/common/der/der_rsa.h.in
+++ b/providers/common/der/der_rsa.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_rsa_gen.c.in b/providers/common/der/der_rsa_gen.c.in
index 0d1ca0b10b..c639aadb62 100644
--- a/providers/common/der/der_rsa_gen.c.in
+++ b/providers/common/der/der_rsa_gen.c.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_sm2.h.in b/providers/common/der/der_sm2.h.in
index fe21095e59..f4f2bd72ee 100644
--- a/providers/common/der/der_sm2.h.in
+++ b/providers/common/der/der_sm2.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_sm2_gen.c.in b/providers/common/der/der_sm2_gen.c.in
index fc3c4461df..5fdaeefe87 100644
--- a/providers/common/der/der_sm2_gen.c.in
+++ b/providers/common/der/der_sm2_gen.c.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_wrap.h.in b/providers/common/der/der_wrap.h.in
index 5348fc4697..a80109335a 100644
--- a/providers/common/der/der_wrap.h.in
+++ b/providers/common/der/der_wrap.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
diff --git a/providers/common/der/der_wrap_gen.c.in b/providers/common/der/der_wrap_gen.c.in
index b74c334b53..353dee39da 100644
--- a/providers/common/der/der_wrap_gen.c.in
+++ b/providers/common/der/der_wrap_gen.c.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use

From shane.lontis at oracle.com  Sun May 30 23:44:23 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 23:44:23 +0000
Subject: [openssl]  master update
Message-ID: <1622418263.515174.12508.nullmailer@dev.openssl.org>

The branch master has been updated
       via  99be8ed331d884e77f658bb404b67a42405703e6 (commit)
      from  e43dc9b2438892f2adb7375ce9147e84b791ab97 (commit)


- Log -----------------------------------------------------------------
commit 99be8ed331d884e77f658bb404b67a42405703e6
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 21 16:45:58 2021 +0100

    Fix cert creation in the store
    
    When we create a cert in the store, make sure we do so with the libctx
    and propq associated.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15523)

-----------------------------------------------------------------------

Summary of changes:
 crypto/store/store_result.c | 31 +++++++++++++++----------------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 82ec046763..7c48d182a8 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -442,8 +442,6 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
 {
     if (data->object_type == OSSL_OBJECT_UNKNOWN
         || data->object_type == OSSL_OBJECT_CERT) {
-        X509 *cert;
-
         /*
          * In most cases, we can try to interpret the serialized
          * data as a trusted cert (X509 + X509_AUX) and fall back
@@ -454,31 +452,32 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
          * or not (0).
          */
         int ignore_trusted = 1;
+        X509 *cert = X509_new_ex(libctx, propq);
+
+        if (cert == NULL)
+            return 0;
 
         /* If we have a data type, it should be a PEM name */
         if (data->data_type != NULL
             && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0))
             ignore_trusted = 0;
 
-        cert = d2i_X509_AUX(NULL, (const unsigned char **)&data->octet_data,
-                            data->octet_data_size);
-        if (cert == NULL && ignore_trusted)
-            cert = d2i_X509(NULL, (const unsigned char **)&data->octet_data,
-                            data->octet_data_size);
-
-        if (cert != NULL)
-            /* We determined the object type */
-            data->object_type = OSSL_OBJECT_CERT;
-
-        if (cert != NULL && !ossl_x509_set0_libctx(cert, libctx, propq)) {
+        if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data,
+                         data->octet_data_size) == NULL
+            && (!ignore_trusted
+                || d2i_X509(&cert, (const unsigned char **)&data->octet_data,
+                            data->octet_data_size) == NULL)) {
             X509_free(cert);
             cert = NULL;
         }
 
-        if (cert != NULL)
+        if (cert != NULL) {
+            /* We determined the object type */
+            data->object_type = OSSL_OBJECT_CERT;
             *v = OSSL_STORE_INFO_new_CERT(cert);
-        if (*v == NULL)
-            X509_free(cert);
+            if (*v == NULL)
+                X509_free(cert);
+        }
     }
 
     return 1;

From shane.lontis at oracle.com  Sun May 30 23:53:35 2021
From: shane.lontis at oracle.com (shane.lontis at oracle.com)
Date: Sun, 30 May 2021 23:53:35 +0000
Subject: [openssl]  master update
Message-ID: <1622418815.137496.16590.nullmailer@dev.openssl.org>

The branch master has been updated
       via  691e2efa62e5d4c46b725ddb54481a0970f7347b (commit)
      from  99be8ed331d884e77f658bb404b67a42405703e6 (commit)


- Log -----------------------------------------------------------------
commit 691e2efa62e5d4c46b725ddb54481a0970f7347b
Author: Jan Lana <lana.jan at gmail.com>
Date:   Thu May 27 23:27:58 2021 +0200

    Update solaris64-sparcv9-cc build target cflags
    
    Fixes #15507
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15509)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/10-main.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 117598eb06..a07624e96b 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -373,7 +373,7 @@ my %targets = (
     },
     "solaris64-sparcv9-cc" => {
         inherit_from     => [ "solaris-sparcv7-cc" ],
-        cflags           => add_before("-xarch=v9"),
+        cflags           => add_before("-m64 -xarch=sparc"),
         bn_ops           => "BN_LLONG RC4_CHAR",
         asm_arch         => 'sparcv9',
         perlasm_scheme   => 'void',

From no-reply at appveyor.com  Mon May 31 00:12:31 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 00:12:31 +0000
Subject: Build failed: openssl master.42200
Message-ID: <20210531001231.1.C8A233F952D1F3F8@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/a3b10db0/attachment.html>

From no-reply at appveyor.com  Mon May 31 01:35:23 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 01:35:23 +0000
Subject: Build failed: openssl master.42201
Message-ID: <20210531013523.1.D5D797C98D7A63FA@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/32e84a26/attachment.html>

From no-reply at appveyor.com  Mon May 31 02:57:36 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 02:57:36 +0000
Subject: Build failed: openssl master.42202
Message-ID: <20210531025736.1.328E73C64782C1D6@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/5a5a81f0/attachment.html>

From no-reply at appveyor.com  Mon May 31 04:19:11 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 04:19:11 +0000
Subject: Build failed: openssl master.42203
Message-ID: <20210531041911.1.5BFF45883E1D9BA5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/439c4efc/attachment.html>

From levitte at openssl.org  Mon May 31 04:23:33 2021
From: levitte at openssl.org (Richard Levitte)
Date: Mon, 31 May 2021 04:23:33 +0000
Subject: [openssl]  master update
Message-ID: <1622435013.636839.27008.nullmailer@dev.openssl.org>

The branch master has been updated
       via  e378be2a29f8bc5e679e63d5f5e9766d2f4dfc4b (commit)
      from  691e2efa62e5d4c46b725ddb54481a0970f7347b (commit)


- Log -----------------------------------------------------------------
commit e378be2a29f8bc5e679e63d5f5e9766d2f4dfc4b
Author: Richard Levitte <levitte at openssl.org>
Date:   Sat May 29 11:15:40 2021 +0200

    Add .asn1 dependencies for files generated from providers/common/der/*.in
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15533)

-----------------------------------------------------------------------

Summary of changes:
 providers/common/der/build.info | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/providers/common/der/build.info b/providers/common/der/build.info
index 35c6787e98..87ac2eb11c 100644
--- a/providers/common/der/build.info
+++ b/providers/common/der/build.info
@@ -3,11 +3,11 @@ $DER_DIGESTS_H=../include/prov/der_digests.h
 $DER_DIGESTS_GEN=der_digests_gen.c
 
 GENERATE[$DER_DIGESTS_GEN]=der_digests_gen.c.in
-DEPEND[$DER_DIGESTS_GEN]=oids_to_c.pm
+DEPEND[$DER_DIGESTS_GEN]=oids_to_c.pm NIST.asn1 DIGESTS.asn1
 
 DEPEND[${DER_DIGESTS_GEN/.c/.o}]=$DER_DIGESTS_H
 GENERATE[$DER_DIGESTS_H]=der_digests.h.in
-DEPEND[$DER_DIGESTS_H]=oids_to_c.pm
+DEPEND[$DER_DIGESTS_H]=oids_to_c.pm NIST.asn1 DIGESTS.asn1
 
 #----- RSA
 $DER_RSA_H=../include/prov/der_rsa.h
@@ -17,12 +17,12 @@ $DER_RSA_COMMON=$DER_RSA_GEN der_rsa_key.c
 $DER_RSA_FIPSABLE=der_rsa_sig.c
 
 GENERATE[$DER_RSA_GEN]=der_rsa_gen.c.in
-DEPEND[$DER_RSA_GEN]=oids_to_c.pm
+DEPEND[$DER_RSA_GEN]=oids_to_c.pm NIST.asn1 RSA.asn1
 
 DEPEND[${DER_RSA_AUX/.c/.o}]=$DER_RSA_H $DER_DIGESTS_H
 DEPEND[${DER_RSA_GEN/.c/.o}]=$DER_RSA_H
 GENERATE[$DER_RSA_H]=der_rsa.h.in
-DEPEND[$DER_RSA_H]=oids_to_c.pm
+DEPEND[$DER_RSA_H]=oids_to_c.pm NIST.asn1 RSA.asn1
 
 #----- DSA
 IF[{- !$disabled{dsa} -}]
@@ -31,12 +31,12 @@ IF[{- !$disabled{dsa} -}]
   $DER_DSA_AUX=der_dsa_key.c der_dsa_sig.c
 
   GENERATE[$DER_DSA_GEN]=der_dsa_gen.c.in
-  DEPEND[$DER_DSA_GEN]=oids_to_c.pm
+  DEPEND[$DER_DSA_GEN]=oids_to_c.pm DSA.asn1
 
   DEPEND[${DER_DSA_AUX/.c/.o}]=$DER_DSA_H $DER_DIGESTS_H
   DEPEND[${DER_DSA_GEN/.c/.o}]=$DER_DSA_H
   GENERATE[$DER_DSA_H]=der_dsa.h.in
-  DEPEND[$DER_DSA_H]=oids_to_c.pm
+  DEPEND[$DER_DSA_H]=oids_to_c.pm DSA.asn1
 ENDIF
 
 #----- EC
@@ -46,12 +46,12 @@ IF[{- !$disabled{ec} -}]
   $DER_EC_AUX=der_ec_key.c der_ec_sig.c
 
   GENERATE[$DER_EC_GEN]=der_ec_gen.c.in
-  DEPEND[$DER_EC_GEN]=oids_to_c.pm
+  DEPEND[$DER_EC_GEN]=oids_to_c.pm EC.asn1
 
   DEPEND[${DER_EC_AUX/.c/.o}]=$DER_EC_H $DER_DIGESTS_H
   DEPEND[${DER_EC_GEN/.c/.o}]=$DER_EC_H
   GENERATE[$DER_EC_H]=der_ec.h.in
-  DEPEND[$DER_EC_H]=oids_to_c.pm
+  DEPEND[$DER_EC_H]=oids_to_c.pm EC.asn1
 ENDIF
 
 #----- ECX
@@ -61,12 +61,12 @@ IF[{- !$disabled{ec} -}]
   $DER_ECX_AUX=der_ecx_key.c
 
   GENERATE[$DER_ECX_GEN]=der_ecx_gen.c.in
-  DEPEND[$DER_ECX_GEN]=oids_to_c.pm
+  DEPEND[$DER_ECX_GEN]=oids_to_c.pm ECX.asn1
 
   DEPEND[${DER_ECX_AUX/.c/.o}]=$DER_ECX_H
   DEPEND[${DER_ECX_GEN/.c/.o}]=$DER_ECX_H
   GENERATE[$DER_ECX_H]=der_ecx.h.in
-  DEPEND[$DER_ECX_H]=oids_to_c.pm
+  DEPEND[$DER_ECX_H]=oids_to_c.pm ECX.asn1
 ENDIF
 
 #----- KEY WRAP
@@ -74,11 +74,11 @@ $DER_WRAP_H=../include/prov/der_wrap.h
 $DER_WRAP_GEN=der_wrap_gen.c
 
 GENERATE[$DER_WRAP_GEN]=der_wrap_gen.c.in
-DEPEND[$DER_WRAP_GEN]=oids_to_c.pm
+DEPEND[$DER_WRAP_GEN]=oids_to_c.pm wrap.asn1
 
 DEPEND[${DER_WRAP_GEN/.c/.o}]=$DER_WRAP_H
 GENERATE[$DER_WRAP_H]=der_wrap.h.in
-DEPEND[$DER_WRAP_H]=oids_to_c.pm
+DEPEND[$DER_WRAP_H]=oids_to_c.pm wrap.asn1
 
 #----- SM2
 IF[{- !$disabled{sm2} -}]
@@ -87,12 +87,12 @@ IF[{- !$disabled{sm2} -}]
   $DER_SM2_AUX=der_sm2_key.c der_sm2_sig.c
 
   GENERATE[$DER_SM2_GEN]=der_sm2_gen.c.in
-  DEPEND[$DER_SM2_GEN]=oids_to_c.pm
+  DEPEND[$DER_SM2_GEN]=oids_to_c.pm SM2.asn1
 
   DEPEND[${DER_SM2_AUX/.c/.o}]=$DER_SM2_H $DER_EC_H
   DEPEND[${DER_SM2_GEN/.c/.o}]=$DER_SM2_H
   GENERATE[$DER_SM2_H]=der_sm2.h.in
-  DEPEND[$DER_SM2_H]=oids_to_c.pm
+  DEPEND[$DER_SM2_H]=oids_to_c.pm SM2.asn1
 ENDIF
 
 #----- Conclusion

From no-reply at appveyor.com  Mon May 31 05:43:21 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 05:43:21 +0000
Subject: Build failed: openssl master.42204
Message-ID: <20210531054321.1.FC4190DBD7A60165@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/80f19f12/attachment.html>

From no-reply at appveyor.com  Mon May 31 07:07:36 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 07:07:36 +0000
Subject: Build failed: openssl master.42205
Message-ID: <20210531070736.1.4ABDD968302C0FB5@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/bbd5e0bc/attachment.html>

From no-reply at appveyor.com  Mon May 31 08:37:11 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 08:37:11 +0000
Subject: Build failed: openssl master.42206
Message-ID: <20210531083711.1.287ECB7DCD898355@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/bc42e304/attachment.html>

From no-reply at appveyor.com  Mon May 31 10:03:25 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 10:03:25 +0000
Subject: Build failed: openssl master.42207
Message-ID: <20210531100325.1.62AC7C5003FD1B41@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/2c56ac8c/attachment.html>

From no-reply at appveyor.com  Mon May 31 11:31:17 2021
From: no-reply at appveyor.com (AppVeyor)
Date: Mon, 31 May 2021 11:31:17 +0000
Subject: Build failed: openssl master.42208
Message-ID: <20210531113117.1.ABBCFE1004A691DF@appveyor.com>

An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20210531/178f8c1e/attachment.html>